Intrustion Detection for Defense at the MAC and Routing Layers of Wireless Networks
Doctoral Dissertation, Date: April 2007, Advisor: John S. Baras
The pervasiveness of wireless devices and the architectural organization of wireless networks in distributed communities, where no notion of trust can be assumed, are the main reasons for the growing interest in the issue of compliance to protocol rules. Nevertheless, the random nature of protocol operation together with the inherent diffculty of monitoring in the open and highly volatile wireless medium poses significant challenges. In this thesis, the problem of detection of node misbehavior at the MAC layer and impact of such behavior on two different routing protocols in the Network Layer is considered. Starting from a model where the behavior of a node is observable, we cast the problem within a min-max robust detection framework, with the objective to provide a detection rule of optimum performance for the worst case attack in the MAC layer. With this framework we capture the uncertainty of attacks launched by intelligent adaptive attackers and concentrate on the class of attacks that are most significant in terms of incurred performance losses. Furthermore, we show that our ideas can be extended to the case where observations are hindered by interference due to concurrent transmissions and derive performance bounds of both the attacker and detection system in such scenarios. We extend the proposed framework to model collaborative attacks and quantify the impact of such attacks on optimal detection systems by mathematical analysis and simulation. Finally, by using the principle of cross-entropy minimization, we present a general proce- dure for constructing an optimal attack scenario in the MAC layer under a general set of constraints that can be adapted based on specific requirements of an Intrusion Detection System (IDS).