Cluster-based Intrusion Detection (CBID) architecture for mobile ad hoc networks

摘要

The ad hoc networks are vulnerable to attacks due to distributed nature and lack of infrastructure. Intrusionuddetection systems (IDS) provide audit and monitoring capabilities that offer the local security to a node andudhelp to perceive the specific trust level of other nodes. The clustering protocols can be taken as an additionaludadvantage in these processing constrained networks to collaboratively detect intrusions with less powerudusage and minimal overhead. Existing clustering protocols are not suitable for intrusion detection purposes,udbecause they are linked with the routes. The route establishment and route renewal affects the clusters and asuda consequence, the processing and traffic overhead increases due to instability of clusters. The ad hocudnetworks are battery and power constraint, and therefore a trusted monitoring node should be available touddetect and respond against intrusions in time. This can be achieved only if the clusters are stable for a longudperiod of time. If the clusters are regularly changed due to routes, the intrusion detection will not prove to beudeffective. Therefore, a generalized clustering algorithm has been proposed that can run on top of any routingudprotocol and can monitor the intrusions constantly irrespective of the routes. The proposed simplifiedudclustering scheme has been used to detect intrusions, resulting in high detection rates and low processingudand memory overhead irrespective of the routes, connections, traffic types and mobility of nodes in theudnetwork. Clustering is also useful to detect intrusions collaboratively since an individual node can neitheruddetect the malicious node alone nor it can take action against that node on its own.