A Specification-based Intrusion Detection Model for OLSR

In this paper, we in introduce a specification based intrusion detection model for detecting attacks on routing protocols in MANETs. Intrusion detection is a viable approach to enhancing the security of existing computers and networks. Briefly, an intrusion detection system monitors activity in a system or network in order to identify ongoing attacks. Intrusion detection techniques can be classified into anomaly detection, signature-based detection, and specification-based detection. In anomaly detection, activities that deviate from the normal behavior profiles, usually statistical, are flagged as attacks. Signature-based detection matches current activity of a system against a set of attack signatures. Specification-based detection identifies system operations that are different from the correct behavior model. Our specification-based approach analyzes the protocol specification of an ad hoc routing protocol to establish a finite-state-automata (FSA) model that captures the correct behavior of nodes supporting the protocol. Then, we extract constraints on the behavior of nodes from the FSA model. Thus, our approach reduces the intrusion detection problem to monitoring the individual nodes for violation of the constraints. Such monitoring can be performed in a decentralized fashion by cooperative distributed detectors, which allows for scalability. In addition, since the constraints are developed based on the correct behavior, our approach can detect both known and unknown attacks.We choose OLSR (Optimized Link State Routing) [10] as the routing protocol for the current investigation. Keywords— Access control, AODV, storage node, Optimized Link State Routing,Topology Control, hop,finitestate-automata,MANET,OLSR.