• DocumentCode
    2529930
  • Title

    Countering False Accusations and Collusion in the Detection of In-Band Wormholes

  • Author

    Sterne, Daniel ; Lawler, G. ; Gopaul, Richard ; Rivera, Brian ; Marcus, Kelvin ; Kruus, Peter

  • Author_Institution
    SPARTA Inc., Lake Forest
  • fYear
    2007
  • fDate
    10-14 Dec. 2007
  • Firstpage
    243
  • Lastpage
    256
  • Abstract
    Cooperative intrusion detection techniques for MANETs utilize ordinary computing hosts as network intrusion sensors. If compromised, these hosts may inject bogus data into the intrusion detection system to hide their activities or falsely accuse well-behaved nodes. Approaches to Byzantine fault tolerance involving voting are potentially applicable, but must address the fact that only nodes in particular topological locations at particular times are qualified to vote on whether an attack occurred. We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in OLSR networks. We propose an opportunistic voting algorithm and present test results from a 48-node testbed in which colluding attackers generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.
  • Keywords
    ad hoc networks; computer networks; mobile radio; security of data; Byzantine fault tolerance; MANET; cooperative intrusion detection techniques; countering false accusations; inband wormholes detection; intrusion detection system; network intrusion sensors; network topology; opportunistic voting algorithm; Computer networks; Delay; Detectors; Intrusion detection; Laboratories; Mobile ad hoc networks; Network topology; Telecommunication traffic; Testing; Voting;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual
  • Conference_Location
    Miami Beach, FL
  • ISSN
    1063-9527
  • Print_ISBN
    978-0-7695-3060-4
  • Type

    conf

  • DOI
    10.1109/ACSAC.2007.41
  • Filename
    4412993