Application of Forensic Analysis for Intrusion Detection against DDoS Attacks in Mobile Ad Hoc Networks

摘要

This paper addresses a specific approach to resolving the problem of intrusion detection against distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANET). Generally, the main function of an intrusion detection system (IDS) is to inspect the network for malicious activities, policy violations and security loopholes integrity, and to generate the appropriate reports. Network forensics concerns examining a network for anomalous traffic and identifying intrusions. It is particularly useful in decreasing of the likelihood of reoccurrence of the same intrusion activities. In the first part of the paper, we provide a comprehensive-overview of recent advances in network forensics in MANET environment. In the second part of the paper, we propose a model of IDS that uses network forensics to detect DDoS attack in MANET. The forensic analysis relies on inspecting simultaneous malicious activities of a group of attackers (zombies). Since DDoS attack traffic can appear rather alike to legitimate traffic in the sense of bit rate and packet size, the applied method should minimize the risk of misinterpreting legitimate traffic as attack traffic (false positives). Further, since DDoS zombies are actually mobile nodes, which can follow different mobile patterns and have different speeds, particular attention has been focused to individual and group mobility models. Finally, we present a performance analysis of the proposed model that comprises the node number, node speed, attack duration and the influence of applied mobility patterns. The study has been carried out by the network simulator ns-2 and its associated tools for mobility scenario generation, network animation and trace files analysis.