Application-Layer Intrusion Detection in MANETs

Security has become important to mobile ad hoc networks (MANETs) due mainly to their use for many mission- and life-critical applications. However, the broadcast nature of inter-node communications and node mobility in MANETs make it very challenging to secure MANETs. Moreover, their constantly-changing topology causes network node density and neighbor relationships to change dynamically. This paper presents an intrusion detection system (IDS) for MANETs at the application layer. The IDS utilizes (1) both anomaly and misuse detection schemes to identify attacks in MANETs and (2) mobile agents (MAs) to augment each node's intrusion-detection capability. In particular, each node is equipped with a local IDS, and MAs will be dispatched periodically or on-demand to augment each node's IDS. We present the design of this IDS and the overall network structure, as well as the methods for authenticating and dispatching MAs. We also evaluate the trade-offs between different design parameters of MAs.