Securing the 802.11 MAC in MANETs: A specification-based intrusion detection engine

Specification-based detection engines share the advantages of signature-based and anomaly-based detection, since they can detect unknown attacks, without the side effects of high rates of false positives. However, such solutions for MANETs have seen limited use. This paper introduces a specification-based detection engine that is built upon the functionality and limitations of the 802.11 MAC protocol, expanding the detection range of such engines in MANETs. The proposed detection engine is deployed at each node and performs detection using a set of specifications, which describe the correct operation of the MAC protocol operating at the host node. The proposed engine introduces a number of significant advantages since it can effectively detect both known and unknown attacks in real time and with minimum overhead. Moreover, it is resilient to the dynamic topologies that are common in MANETs and its deployment requires no protocol modifications.