Ricardo Staciarini Puttini

A fully distributed IDS for MANET

In This work we propose a new distributed intrusion detection system (IDS) designed for mobile ad hoc network (MANET) environments. The complete distribution of the intrusion detection process is the salient feature of our proposition: distribution is not restricted to data collection but also applied to execution of the detection algorithm and alert correlation. Each node in the MANET runs a local IDS (LIDS) that cooperates with others LIDS. A mobile agent framework is used to preserve the autonomy of each LIDS while providing a flexible technique for exploring the natural redundancies in MANET to compensate for the dynamic state of wireless links between high mobility nodes. The proposed solution has been validated by actual implementation, which is described in the paper. Three attacks are presented as illustrative examples of the IDS mechanisms. Attack detection is formally described by specification of data collection, attack signatures associated with such data and alerts generation and correlation. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.

A Bayesian Classification Model for Real‐Time Intrusion Detection

Intrusion‐detection systems (IDS) have been used as part of the security of information and communication technologies infrastructure because it is difficult to ensure that information systems are free from security flaws. In this paper we present a new design of an anomaly IDS. Design and development of the IDS are considered in our 3 main stages: normal behavior construction, anomaly detection and model update. A parametrical mixture model is used for behavior modeling from reference data. The associated Bayesian classification leads to the detection algorithm. A continuous model parameter re‐estimation is discussed as a possible heuristic for model update. Real‐time requirements are presented. Detection and update algorithms for the special case of Gaussian parametrical model are designed and evaluated with respect to their real‐time features in a PC‐like platform without any special hardware requirements. Experiments validating the model are presented as well.

A modular architecture for distributed IDS in MANET

In this paper we propose a distributed and modular architecture for an intrusion detection system (IDS) dedicated to a mobile ad hoc network (MANET) environment. The main feature of our proposition relies on the use, on each node of the MANET, of a local IDS (LIDS) cooperating with other LIDSes through the use of mobile agents. The modular design is needed as a response to the extensibility requirements related to the complex contexts of MANET. The proposed solution has been validated by a proof-of-concept prototype, which is described in the paper. Two different types of attacks are presented and have been implemented, at the network level and at the application level. The detection of such attacks are formally described by specification of data collection, attack signatures associated with such data and alerts generation, emphasizing the relation of each of these detection steps with the modules in the designed architecture. The use of the management information base (MIB) as a primary data source for the detection process is discussed and modules for MIB data extraction and processing are specified and implemented in the prototype. Experiments exhibit fairly good results, the attacks being collaboratively detected in real-time.

On the anomaly intrusion-detection in mobile ad hoc network environments

Manet security has a lot of open issues. Due to its characteristics, this kind of network needs preventive and corrective protection. In this paper, we focus on corrective protection proposing an anomaly IDS model for Manet. The design and development of the IDS are considered in our 3 main stages: normal behavior construction, anomaly detection and model update. A parametrical mixture model is used for behavior modeling from reference data. The associated Bayesian classification leads to the detection algorithm. MIB variables are used to provide IDS needed information. Experiments of DoS and scanner attacks validating the model are presented as well.

A Secure Autoconfiguration Protocol for MANET Nodes

In this paper we propose a secure autoconfiguration model for Manet. Our design is based in a distributed and self-organization certification service, which provides node identification and authentication for the autoconfiguration protocol. We have defined some modifications in the Dynamic Configuration and Distribution Protocol (DCDP) in order to extend the protocol functionalities to include security-aware node identification and authentication services. The overall security is also enforced with intrusion detection techniques.

On survivability of IEEE 802.11 WLAN

In this paper, we address the problem of enhancing the survivability of IEEE 802.11 wireless local area networks focusing on tolerating access point-AP failures. We develop a simple fault detection approach, based on response timeout, which promises to be more cost-effective to identify failures due to lack of energy to an AP or problems with the wired link to an AP. In particular, we focus on the problem of overcoming these APs failures working with reconfiguration of the remaining APs by changing parameters such as power level and frequency channels. Our approach consists of two main phases: design and fault response. In design phase, we deal with quantifying, placement and setting up of APs according to both area coverage and performance criteria. In fault response phase we consider the reconfiguration of active APs in order to deal with AP fault in the service area. Finally, describe one of the major characteristics of the proposed system, which is a simple implementation in concordance with established IEEE 802.11 standards and related management systems

Certification and Authentication Services for Securing MANET Routing Protocols

In this paper, we describe a new authentication service for securing mobile ad hoc network (MANET) routing protocols . A MANET authentication extension (MAE) is appended to each routing protocol message . Our design includes a self-organized certification service , adapted from [6] with the following improvements : appropriated initialization , correcting vulnerabilities in the original design ; local certificate management ; and support to multiple Certification Authorities . Our design is policy-configurable in the sense that certification and authentication services may be adjusted according to specific security requirements. We discuss the use of MAE and certification service for securing DSR, AODV, OLSR and TBRPF MANET routing protocols. We have implemented the MAE securing OLSR and we evaluate computational and network requirements for this case.

Analysis of a time-lens based optical frame synchronizer and retimer for 10G Ethernet aiming at a Tb/s optical router/Switch design

This paper analyzes experimentally and by numerical simulations an optical frame retimer and synchronizer unit for 10 Gbit/s Ethernet input frames. The unit is envisaged to be applied in the design of an optically transparent router for Optical Time Division Multiplexed (OTDM) links, aggregating traffic from several 10 Gbit/s Ethernet (10 GE) links. The scheme is based on time-lenses implemented through a combination of a sinusoidally driven optical phase modulation and linear dispersion. Our analysis extracts the operation range of the scheme used for synchronization and retiming in the context of 10 Gbit/s Ethernet, considering the frequency offset to the local clock within the specified standard tolerance (i.e. ± 1 MHz for 10 Gbit/s Ethernet) and the Ethernet frame size (i.e. up to 1526 bytes). We also provide preliminary design insights to increase the operation range.

Fault tolerance in IEEE 802.11 WLANs

in this paper, we address the problem of enhancing the fault tolerance of IEEE 802.11 wireless local area networks focusing on tolerating access point - AP failures. We develop a fault detection approach, which promises to be more effective to identify AP failures. In particular, we focus on the problem of overcoming APs failures working with reconfiguration of the remaining APs by changing parameters such as power level and frequency channels. Our approach consists of two main phases: Design and Fault Response. In Design phase, we deal with quantifying, placement and setting up of APs according to both area coverage and performance criteria. In Fault Response phase we consider the reconfiguration of active APs in order to deal with AP fault in the service area. Finally, we describe one of the major characteristics of the proposed architecture, which is a simple implementation in concordance with established IEEE 802.11 standards and related management systems.

Preventive and Corrective Protection for Mobile Ad Hoc Network Routing Protocols

In this paper we describe vulnerabilities and possible protections for mobile ad hoc networks (MANET) routing protocols. Vulnerability and adversary models are built to describe impersonation, fabrication and modification attacks. A security model is proposed, considering both preventive and corrective protection. The basic preventive protection consists of a certificate-based authentication mechanism, which is designed as a MANET authentication extension (MAE) that provides authentication for all routing protocol messages. Corrective protection consists of an intrusion detection and response service (IDS). Certification service and IDS are both provided in a distributed and self-organized manner. Intrusion response is mainly defined in terms of interaction between certification service and IDS. The proposed vulnerability analysis and security design are detailed and validated using the Optimized Link State Routing (OLSR) Protocol.