An Intrusion Detection System for Suburban Ad-hoc Networks

Due to the nature of the wireless media, ad-hoc wireless networks are vulnerable to various attacks. There are security protocols that prevent unauthorized nodes from accessing the network through authentication. Secrecy of information is provided through encryption. However these protocols cannot detect if any member of the network degrades the network performance due to misbehavior. Therefore an intrusion detection system (IDS) is required that monitors what is going on in the network, detects misbehavior or anomalies based on the monitored information and notifies other nodes in the network to take necessary steps such as to avoid or punish the misbehaving nodes. In this paper we propose an IDS, referred to as the SAHN-IDS, suitable for multi-hop ad-hoc wireless networks like a SAHN (suburban ad-hoc network). SAHN-IDS detects misbehavior based on nodes getting an unfair share of the transmission channel. It also detects anomalies in packet forwarding, such as intermediate nodes dropping or delaying packets. Unlike most IDSs for detecting anomalies in packet forwarding, SAHN-IDS does rely on overhearing packet transmissions of neighboring nodes, since that is ineffective in networks where nodes use different transmission power, different frequency channels and directional antennas for different neighbors. Moreover, unlike most IDSs, most of the thresholds in SAHN-IDS are set dynamically. We show the effectiveness of SAHN-IDS through simulations.