Ad hoc networks operate over open environments and are hence vulnerable to a large body of threats. To tackle this issue, we propose a distributed, signature-based anomaly detector that evaluates the trustworthiness of others so as to secure such a distributed detection. Contrary to existing detectors that passively observe packets, our detector analyses logs so as to identify patterns of misuse and proactively collaborate with others to gather additional evidences. As a result, no change is requested in the implementation of the node. The main challenge stems from difficulty involved in stating the occurrence of an attack based on second-hands evidences that may come from colluding attacker (s). To tackle this issue, we propose an entropy-based trust system that evaluates the trustworthiness of the nodes that provide the evidences. We further introduce a novel indicator which measures the level of confidence in the detection. Preliminary evaluations of the trust system along with the confidence measure have been conducted.
展开▼
