Using Mobile Agents for
Intrusion Detection in
Wireless Ad Hoc Networks
Abdulrahman Hijazi
Nidal Nasser
Queen’s University
Kingston, Canada
University of Guelph
Guelph, Canada
Agenda
 Introduction
 Wireless Ad Hoc Networks (WAHNs)
 Mobile Agents (MA)
 Intrusion Detection Systems (IDS)
 Security Challenges and Vulnerabilities in
WAHNs
 Mobile Agents Suitability for WAHNs
Agenda (Cont’d)
 Comparison Study between Existing MobileAgent-Based IDSs for WAHNs
 Local Intrusion Detection System (LIDS)
 ID Architecture based on a Static Stationary Database
 Distributed Intrusion Detection Using Mobile Agents
 Concluding Remarks
Wireless Ad Hoc Networks
 Wireless ad hoc networks are
 autonomous nodes that
 communicate with each other in a decentralized
manner
 through multi-hop radio network.
 Wireless nodes form a dynamic network
topology and communicate with each other
directly without wireless access point.
Wireless Ad Hoc Networks
 Examples:
 Conferences and
classrooms
 Tactical battlefield
(communication
between planes, tanks,
etc.)
 Sensor networks to
detect environmental
changes
 Wireless parking lot
sensor networks
NIST Advanced Network Technologies Division: http://w3.antd.nist.gov
Wireless Ad Hoc Networks (Cont.)
 Host and router:
 Each node functions as both a host and a router, and
the control of the network is distributed among the
nodes.
 Two common types:
 MANETs: autonomous collection of mobile users that
communicate over relatively bandwidth constrained
wireless links
 WSNs consist of a number of sensors spread across
a geographical area. Each sensor has wireless
communication capability and some level of
intelligence
MANETs vs. WSNs
 Similarities
 Ad-hoc network topology
 Power is an expensive resource
 Communication over wireless medium
MANETs vs. WSNs
 Differences
 Purpose:
 WSNs  information gathering
 MANETs  distributed computing
 Number of users:
 WSNs  one user
 MANETs  many users
 Number of nodes: WSNs >> MANETs
 Mobility:
 WSNs  mostly static
 MANETs  mostly moving
Mobile agents
 Mobile Agents are:





Autonomous software entities that can
halt themselves
ship themselves to another host
continue execution
decide where to go and what to do along the way
Intrusion Detection Systems IDS
 Intrusion detection systems (IDS) are:
 guard systems that
 automatically detect malicious activities within a host
or a network, and then
 report that for subsequent response
 Two types:
 Host based
 Network based
Intrusion Detection Systems IDS
 Detection Techniques:
 Anomaly: attempts to detect activities that differ
from the normal expected system behavior
 Signature: uses pre-known attack scenarios (or
signatures) and compare them with incoming traffic
 Hybrid
Security in Wireless Ad Hoc Networks
 Motivation:
 Increasing popularity and applications of the
wireless ad hoc networks
 Early research assumed a friendly and
cooperative environment.
Fix before it is too late!
Security in Wireless Ad Hoc Networks
 Wireless vs. Wireline Networks:
 Existing security solutions for wired networks
do NOT directly apply to the MANET domain
due to the key architectural differences
Security Challenges and Vulnerabilities
in Wireless Ad Hoc Networks
 Challenges and vulnerabilities:
 Lack of infrastructure
 Absence of certification or authorization authority
 Lack of centralized monitoring or management unit
 Shared wireless medium
 Accessibility to both legitimate users and malicious
attackers
 Cooperative nature between the nodes
Security Challenges and Vulnerabilities
in Wireless Ad Hoc Networks
 Challenges and vulnerabilities:
 Easy physical accessibility
 Dynamic network topology
 Lack of a clear line of defense
 Difficult to detect Byzantine attack from normal “out
of sync” behavior
 Operational constraints
 Battery
 Range
 Bandwidth
 CPU and memory
Mobile Agents Suitability for WAHNs
 Main mobile agents’ features :





Reducing network load
Conserving bandwidth
Improving load balancing in the network
Reducing the total tasks completion time
Overcome network latency
Mobile Agents Suitability for WAHNs
 Main mobile agents’ features (Cont’d):





Advance mobile computing
Enabling dynamic deployment
Having robust and fault-tolerant behavior
Working on a heterogeneous network
Light-weight
Mobile Agents Suitability for WAHNs
 One problem:
 Potential Security Vulnerability!
Comparison Study between
Existing
Mobile-Agent-Based IDSs
for WAHNs
1) Local Intrusion Detection System
(LIDS)
 The innovation of this design is the use of SNMP’s data located at
MIBs as audit sources and the use of mobile agents to process
these data at the source node to reduce communication overheads
2) Intrusion Detection Architecture
based on a Static Stationary Database
 This design also allows for the use of anomaly, signature, or hybrid
detection methods. However, the use of stationary database limits
the allowed mobility duration of the nodes. This might not be
acceptable at all times in the case of MANETs
3) Distributed Intrusion Detection Using
Mobile Agents
 This design works only using the anomaly-based detection method.
It uses the hierarchical model to assign agents limited different
functionality to achieve better network performance through lightweight distributed agents. This, in turns, increases fault tolerance
and scalability of the whole system.
Comparison between the three designs against
common design and performance parameters
Conclusion Remarks
 The study shows an immense potential fittingness of
mobile agents to be used in IDS for WAHNs. Many of the
features offered by mobile agents are just exact
requirements of the ideal WAHNs IDS.
 Two possible disadvantages of mobile agents are their
architectural inherited security vulnerabilities and the
extra weight they may add.
 In spite of the novel ideas presented in the existing three
mobile-agent based IDSs for WAHNs papers, there still
are other features of mobile agents that have not been
fully utilized. An improved deployment of mobile agents
may add extra flexibility, efficiency, and robustness to the
overall IDS design.
Thank you …