This document discusses intrusion detection in mobile ad hoc networks (MANETs). It describes some key challenges in MANETs including security, routing, quality of service and power consumption. It then focuses on security issues and approaches for protecting MANETs, including reactive and proactive approaches. It classifies different types of security attacks and discusses using intrusion detection systems (IDS) to detect malicious activity in MANETs. Finally, it explains some existing IDS approaches for MANETs like Watchdog, TWOACK and EAACK and highlights some of their weaknesses before describing the EAACK scheme in more detail.

1. INTRUSION
DETECTION IN
MANET
-Pooja Kundu

2. MANET
 Mobile ad hoc
network
 Is used to exchange
information.
 Each node is willing
to forward data to
other nodes.
 Does not rely on fixed
infrastructure.
 No central authority.

3. Why MANET?
 Advantages: low-cost, flexibility
 Ease & Speed of deployment
 Decreased dependence on infrastructure
 Applications:
 Military environments
 soldiers, tanks, planes
 Civilian environments
 vehicle networks
 conferences / stadiums
 outside activities
 Emergency operations
 search-and-rescue / policing and fire fighting

4. Problems In MANET
 Routing
 Security and Reliability
 Quality of Service
 Internetworking
 Power Consumption

5. Security
 A major issue in Mobile ad-hoc network is
“SECURITY”.
 Two approaches in protecting mobile ad-
hoc networks
 Reactive approach: Seeks to detect security threats and
react accordingly.
 Proactive approach: Attempts to prevent an attacker
from launching attacks through various cryptographic
techniques

6. Classification of Security
Attacks

7. IDS-MANET
 IDS: Intrusion detection System which is used to
detect and report the malicious activity in ad hoc
networks.
 Ex: Detecting critical nodes using IDS
 Intrusion Detection System (IDS) can collect and
analyze audit data for the entire network.
 Critical node is a node whose failure or
malicious behavior disconnects or significantly
degrades the performance of the network.

8. Contd..
 Packets may be dropped due to network
congestion or because a malicious node is
not faithfully executing a routing algorithm.
 Researchers have proposed a number of
collaborative IDS systems.
 Some of the schemes are neighbor-
monitoring, trust-building, and cluster-
based voting schemes which are used to
detect and report the malicious activity in
ad hoc networks.

9. Existing Approaches
 Watchdog
 TWOACK
 Adaptive Acknowledgment (AACK)

10. 1.Watchdog
 Listen to next hop’s transmission.
 If the node fails, it increases its failure
counter.
 The node is reported as misbehaving if
failure counter increases a threshold.

11. 2.TWOACK

12. CONTD…
 Solves the receiver collision and limited
transmission power problems posed by
Watchdog.
 But added a significant amount of
unwanted network overhead.
 Due to the limited battery power nature of
MANETs, such redundant transmission
process can easily degrade the life span of
the entire network

13. 3.AACK

14. Contd…
 greatly reduces the network overhead
 Fail to detect malicious nodes with the
presence of false misbehaviour report and
forged acknowledgment packets.

15. EAACK

16. Contd…
 Designed to tackle three of the six
weaknesses of Watchdog scheme-
 false misbehaviour,
 limited transmission power,
 and receiver collision.
 digital signature scheme is adopted during
the packet transmission process.

17. Problem-1

18. Problem-2

19. Problem-3

20. EAACK- Scheme Description
 Introduction of digital signature.
 3 Major parts- ACK,S-ACK, MRA.

21. Contd…
 ACK is basically an end-to-end
acknowledgment scheme.
 S-ACK scheme is an improved version of
the TWOACK scheme - three consecutive
nodes work in a group.
 The MRA scheme detects misbehaving
nodes with the presence of false
misbehavior report.
 EAACK requires all acknowledgment
packets to be digitally signed

22. System Control Flow

23. THANK U