DocumentCode
2529930
Title
Countering False Accusations and Collusion in the Detection of In-Band Wormholes
Author
Sterne, Daniel ; Lawler, G. ; Gopaul, Richard ; Rivera, Brian ; Marcus, Kelvin ; Kruus, Peter
Author_Institution
SPARTA Inc., Lake Forest
fYear
2007
fDate
10-14 Dec. 2007
Firstpage
243
Lastpage
256
Abstract
Cooperative intrusion detection techniques for MANETs utilize ordinary computing hosts as network intrusion sensors. If compromised, these hosts may inject bogus data into the intrusion detection system to hide their activities or falsely accuse well-behaved nodes. Approaches to Byzantine fault tolerance involving voting are potentially applicable, but must address the fact that only nodes in particular topological locations at particular times are qualified to vote on whether an attack occurred. We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in OLSR networks. We propose an opportunistic voting algorithm and present test results from a 48-node testbed in which colluding attackers generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.
Keywords
ad hoc networks; computer networks; mobile radio; security of data; Byzantine fault tolerance; MANET; cooperative intrusion detection techniques; countering false accusations; inband wormholes detection; intrusion detection system; network intrusion sensors; network topology; opportunistic voting algorithm; Computer networks; Delay; Detectors; Intrusion detection; Laboratories; Mobile ad hoc networks; Network topology; Telecommunication traffic; Testing; Voting;
fLanguage
English
Publisher
ieee
Conference_Titel
Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual
Conference_Location
Miami Beach, FL
ISSN
1063-9527
Print_ISBN
978-0-7695-3060-4
Type
conf
DOI
10.1109/ACSAC.2007.41
Filename
4412993
Link To Document