Distributed Intrusion Detection for Mobile Ad Hoc Networks

Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on finish state machine (FSM).A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the finite state machine (FSM) by the way of manually abstracting the correct behaviours of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node’s behaviour by the FSM, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness.