DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET

  • Chinyang Henry Tseng
  • Shiau-Huey Wang
  • Calvin Ko
  • Karl Levitt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4219)


A Mobile Ad Hoc Network (MANET) is a distributed communication platform for mobile wireless nodes. Because of the lack of a centralized monitoring point, intrusion detection systems (IDS) for MANET are usually developed using a distributed architecture where detectors are deployed at each node to cooperatively detect attacks. However, most of these distributed IDS simply assume that each detector exchanges complete information with their peers instead of establishing an efficient message exchanging protocol among detectors. We propose a Distributed Evidence-driven Message Exchanging intrusion detection Model (DEMEM) for MANET that allows the distributed detector to cooperatively detect routing attacks with minimal communication overhead. The framework allows detectors to exchange evidences only when necessary. Under a few practical assumptions, we implement DEMEM to detect routing attacks the Optimal Link State Routing (OLSR) protocol. The example scenarios and performance metrics in the experiment demonstrate that DEMEM can detect routing attacks with low message overhead and delay, no false negatives, and very low false positives under various mobility conditions with message lost. Our ongoing works include implementing DEMEM in AODV, DSR and TBRPF, and a reputation-based cooperative intrusion response model.


DEMEM IDS MANET OLSR AODV DSR TBRPF TESLA evidence attack method constraint MPR MPR selector Hello message TC message forwarder ID message ID Manager ID-Evidence ID-Forward ID-Request 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sanzgiri, K., Dahill, B., Levine, B.N., Shields, C., Belding-Royer, E.: A Secure Routing Protocol for Ad Hoc Networks. In: Proceedings of IEEE ICNP (2002)Google Scholar
  2. 2.
    Zapata, M., Asokan, N.: Securing Ad hoc Routing Protocols (2002)Google Scholar
  3. 3.
    Yi, S., Naldurg, P., Kravets, R.: Security-aware routing protocol for wireless ad hoc networks. In: Proceedings of ACM MobiHoc (October 2001)Google Scholar
  4. 4.
    Ilgun, K., Kemmerer, R., Porras, P.: State Transition Analysis: A Rule-based Intrusion Detection Approach. IEEE Transactions of Software Engineering 2(13), 181–199 (1995)CrossRefGoogle Scholar
  5. 5.
    Lindqvist, U., Porras, P.: Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST). In: Proceedings of the 1999 Symposium on Security and Privacy (May 1999)Google Scholar
  6. 6.
    Huang, Y.-a., Lee, W.: A Cooperative Intrusion Detection System for Ad Hoc Networks. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)Google Scholar
  7. 7.
    Sterne, D., et al.: A General Cooperative Intrusion Detection Architecture for MANETs. In: Proceedings of the 3rd IEEE International Information Assurance Workshop (2005)Google Scholar
  8. 8.
    Anjum, F., Talpade, R.R.: LiPad: Lightweight Packet Drop Detection for Ad Hoc Networks. In: Proceedings of the 2004 IEEE 60th Vehicular Technology Conference, Los Angeles (September 2004)Google Scholar
  9. 9.
    Rebahi, Y., Mujica, V., Simons, C., Sisalem, D.: SAFE: Securing pAcket Forwarding in ad hoc nEtworks. In: 5th Workshop on Applications and Services in Wireless Networks, Paris, France (June/July, 2005)Google Scholar
  10. 10.
    Zhang, Y., Lee, W.: Intrusion Detection in Wireless Ad Hoc Networks. In: Proceedings of The Sixth International Conference on Mobile Computing and Networking (MobiCom 2000), Boston, MA (August 2000)Google Scholar
  11. 11.
    Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., Levitt, K.: A Specification-Based Intrusion Detection System For AODV. In: Proceedings of the ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003) (October 2003)Google Scholar
  12. 12.
    Papadimitratos, P., Haas, Z.J.: Secure Link State Routing for Mobile Ad Hoc Networks. In: Proceedings of the IEEE Workshop on Security and Assurance in Ad Hoc Networks, Orlando, Florida (2003)Google Scholar
  13. 13.
    Adjih, C., Clausen, T., Jacquet, P., Laouiti, A., Mühlethaler, P., Raffo, D.: Securing the OLSR Protocol. In: Med-Hoc-Net 2003, Mahdia, Tunisia (June 25-27, 2003)Google Scholar
  14. 14.
    Tseng, C.H., Song, T., Balasubramanyam, P., Ko, C., Levitt, K.N.: A Specification-Based Intrusion Detection Model for OLSR. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 330–350. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Prasant, M., Srikanth, K.: Ad Hoc Networks: Technologies and ProtocolsGoogle Scholar
  16. 16.
    Clausen, T., Jacquet, P.: Optimized Link State Routing Protocol. Formal Concept Analysis 3626Google Scholar
  17. 17.
    Johnson, D., Maltz, D.: Dynamic Source Routing in Ad Hoc Wireless Networks. Mobile Computing (1996)Google Scholar
  18. 18.
    Perkins, C.E., Belding-Royer, E.M., Das, S.: Ad Hoc On Demand Distance Vector (AODV) Routing. In: IETF RFC 3561Google Scholar
  19. 19.
    Sanzgiri, K., Dahill, B., LaFlamme, D., Levine, B.N., Shields, C., Belding-Royer, E.: A Secure Routing Protocol for Ad Hoc Networks. Journal of Selected Areas of Communications (JSAC) Special Issue on Ad hoc Networks (March 2005)Google Scholar
  20. 20.
    Nuevo, J.: A Comprehensible GloMoSim Tutorial (March 2004)Google Scholar
  21. 21.
    Huang, Y.-a., Lee, W.: Attack Analysis and Detection for Ad Hoc Routing Protocols. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 125–145. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Perrig, R., Canetti, D., Tygar, Song, D.: The TESLA broadcast authentication protocol. Cryptobytes (RSA Laboratories, Summer/Fall 2002) 5(2), 2–13 (2002)Google Scholar
  23. 23.
    Wang, S.-H., Tseng, C., Ko, C., Levitt, K.: A General Automatic Response Model for MANET. In: Proceeding of First IEEE International Workshop on Next Generation Wireless Networks 2005 (IEEE WoNGeN 2005) (2005)Google Scholar
  24. 24.
    Ogier, R., Templin, F., Lewis, M.: Topology Broadcast based on Reverse-Path Forwarding. In: IETF RFC. 3684Google Scholar
  25. 25.
    Hu, Y.C., Perrig, A., Johnson, D.B.: Packet Leashes: A Defense against Wormhole Attacks in Wireless Ad Hoc Networks. In: Proceedings of INFOCOM 2003 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Chinyang Henry Tseng
    • 1
  • Shiau-Huey Wang
    • 1
  • Calvin Ko
    • 2
  • Karl Levitt
    • 1
  1. 1.Computer Security LaboratoryUniversity of CaliforniaDavis
  2. 2.Sparta Inc.SunnyvaleUSA

Personalised recommendations