Advertisement

A Robust SNMP Based Infrastructure for Intrusion Detection and Response in Tactical MANETs

  • Marko Jahnke
  • Jens Tölle
  • Sascha Lettgen
  • Michael Bussmann
  • Uwe Weddige
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4064)

Abstract

Intrusion Detection Systems (IDS) for adhoc networks need secure, reliable, flexible, and lightweight infrastructures for exchanging available sensor data and security event messages. Cooperation is a major concept of Mobile Adhoc Networks (MANETs). Cooperation of intrusion detection components may also help to protect these networks. The approaches and component infrastructures have to consider bandwidth restrictions and highly dynamic network behaviour. Unfortunately, existing infrastructures and communication protocols have some drawbacks for these kinds of environments.

This paper describes a robust SNMPv3 (Simple Network Management Protocol) based implementation of an IDS infrastructure that connects the components of a generic MANET IDS architecture. This implementation is focused on the requirements of a military tactical scenario. For instance, the adherence of the bandwidth constraints has been shown in a traffic simulation, including all relevant protocols and other properties of a specific tactical MANET scenario and its nodes.

Keywords

Sensor Data Intrusion Detection Adhoc Network Intrusion Detection System Optimize Link State Route 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ACP02]
    Albers, P., Camp, O., Percher, J.-M., Jouga, B., Mé, L., Puttini, R.: Security in Adhoc Networks: a General Intrusion Detection Architecture Enhancing Trust Based Approaches. In: Proc. of the First International Workshop on Wireless Information Systems (WIS 2002) (April 2002)Google Scholar
  2. [BW02]
    Blumenthal, U., Wijnen, B.: RFC 3414: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) (December 2002), http://www.ietf.org/rfc/rfc3414.txt
  3. [CFS88]
    Case, J., Fedor, M., Schoffstall, M., Davin, J.: RFC 1067: Simple Network Management Protocol (August 1988), http://www.ietf.org/rfc/rfc1067.txt
  4. [CJ03]
    Clausen, T., Jacquet, P.: RFC 3626: Optimized Link State Routing Protocol (OLSR) (October 2003), http://www.ietf.org/rfc/rfc3626.txt
  5. [CS95]
    Crosbie, M., Spafford, E.: Active Defense of a computer system using autonomous agents. Technical report, The COAST Group, Department of Computer Science, Purdue University, West Lafayette, IN (Feburary 1995)Google Scholar
  6. [DCF05]
    Debar, H., Curry, D., Feinstein, B.: Intrusion Detection Message Exchange Format - Data Model and Extensible Markup Language (XML) Document Type Definition. IETF Internet Draft draft-ietf-idwg-idmef-xml-14.txt (January 2005)Google Scholar
  7. [FMW02]
    Feinstein, B., Matthews, G., White, J.: The Intrusion Detection Exchange Protocol. IETF Internet Draft draft-ietf-idwg-beep-idxp-07.txt (October 2002)Google Scholar
  8. [HGP99]
    Hong, X., Gerla, M., Pei, G.: A Group Mobility Model for Ad hoc Wireless Networks. In: Proc. of ACM/IEEE MSWiM 1999 (August 1999)Google Scholar
  9. [HL03]
    Huang, Y., Lee, W.: A Cooperative Intrusion Detection System for Adhoc Networks. In: Proc. of the ACM Workshop on Security of Adhoc and Sensor Networks (2003)Google Scholar
  10. [Jah02]
    Jahnke, M.: An Open and Secure Infrastructure for Distributed Intrusion Detection Sensors. In: Proc. of the Regional Conference on Military Communication and Information Systems (RCMCIS 2002), Zegrze, Poland (October 2002)Google Scholar
  11. [JTB04]
    Jahnke, M., Tölle, J., Bussmann, M., Henkel, S.: Cooperative Intrusion Detection in Dynamic Coalition Environments. In: Proc. of the NATO/RTO Symposium on Adaptive Defence in Unclassified Networks (IST-041), Toulouse, France (April 2004)Google Scholar
  12. [KA98]
    Kent, S., Atkinson, R.: RFC 2401: Security Architecture for the Internet Protocol (November 1998), http://www.ietf.org/rfc/rfc2401.txt
  13. [Kar03]
    Kargl, F.: Sicherheit in mobilen Adhoc-Netzwerken. Ph.D. thesis, Ulm University, Germany (2003)Google Scholar
  14. [KSW05]
    Kargl, F., Schlott, S., Weber, P.: Sensors for Detection of Misbehaving Nodes in MANETs. PIK 01/2005 (Janurary 2005)Google Scholar
  15. [LSL03]
    Lim, Y., Schmoyer, T., Levine, J., Owen, H.: Wireless Intrusion Detection and Response. In: Proc. of the 2003 IEEE Workshop on Information Assurance, West Point, NY, USA (June 2003)Google Scholar
  16. [NAT04]
    NATO Standardization Agreement (STANAG) No. 4591 (April 2004)Google Scholar
  17. [NS2]
    Network Simulator 2, http://www.isi.edu/nsnam/ns/
  18. [PPM04]
    Puttini, R., Percher, J.-M., Mé, L., de Sousa, R.: A Fully Distributed IDS for MANET. In: Proc. of the 9th IEEE Symposium on Computers and Communications (ISCC 2004) (June 2004)Google Scholar
  19. [Ros01]
    Rose, M.: RFC 3080: The Blocks Extensible Exchange Protocol Core (March 2001), http://www.ietf.org/rfc/rfc3080.txt
  20. [SBC05]
    Sterne, D., Balasubramanyam, P., Carman, D., Wilson, B., Talpade, R., Ko, C., Balupari, R., Tseng, C.-Y., Bowen, T., Levitt, K., Rowe, J.: A General Cooperative Intrusion Detection Architecture for MANETs. In: Proc. of the 2005 IEEE International Workshop on Information Assurance, Maryland University (March 2005)Google Scholar
  21. [SNM06]
    Net-SNMP package homepage (accessed, January 2006), http://www.net-snmp.org
  22. [SZ00]
    Spafford, E., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34, 547–570 (2000)CrossRefGoogle Scholar
  23. [YZV]
    Yan, Zhang, P., Virtanen, T.: Trust Evaluation Based Security Solution in Adhoc Networks. Nokia Research Center, Helsinki, FinlandGoogle Scholar
  24. [ZL00]
    Zhang, Y., Lee, W.: Intrusion Detection in Wireless Adhoc Networks. In: Proc. of the 6th Annual International Conference on Mobile Computing and Networking (MOBICOM) (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Marko Jahnke
    • 1
  • Jens Tölle
    • 1
  • Sascha Lettgen
    • 1
  • Michael Bussmann
    • 1
  • Uwe Weddige
    • 1
  1. 1.Research Institute for Communication, Information Processing and Ergonomics (FKIE)Research Establishment for Applied Science (FGAN)WachtbergGermany

Personalised recommendations