USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection

Marianne Azer, Sherif El-Kassas, Magdy El-Soudani

Abstract

Ad hoc networks have lots of applications; however, a vital problem concerning their security aspects must be solved in order to realize these applications. Hence, there is a strong need for intrusion detection as a frontline security research area for ad hoc networks security. Among intrusion detection techniques, anomaly detection is advantageous since it does not need to store and regularly update profiles of known attacks. In addition the intrusion detection is not limited to the stored attack profiles, which allows the detection of new attacks. Therefore, anomaly detection is more suitable for the dynamic and limited resources nature of ad hoc networks. For appropriately constructed network models, attack graphs have shown their utility in organizing combinations of network attacks. In this paper, we suggest the use of attack graphs in ad hoc networks. As an example, we give an attack graph that we have created for the wormhole attack. For anomaly prediction, correlation, and detection in ad hoc networks, we suggest the use of two methods that rely basically on attack graphs. The first method is based on the attack graph adjacency matrix and helps in the prediction of a single or multiple step attack and in the categorization of intrusion alarms’ relevance. The second method uses the attack graph distances for correlating intrusion events and building attack scenarios. Our approach is more appropriate to ad hoc networks’ collaborative and dynamic nature, especially at the application level.

References

  1. Zhang, Y., Lee, W., and Huang, Y. 2003. Intrusion Detection Techniques for Mobile Wireless Networks, ACM WINET.
  2. Yi, P., et al.2005. Distributed Intrusion Detection for Mobile Ad hoc Networks, Proceedings of the 2005 Symposium on Applications and the Internet Workshops (SAINT-W'05), 94-97.
  3. Cormen, T., et al. 2001. Introduction to Algorithms, Second Edition. MIT Press and McGraw-Hill, Section 22.1: Representations of graphs, 527-531.
  4. Dantu, R., Loper, K., Kolan, P., 2004. Risk Management using Behavior based Attack Graphs, International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 1.
  5. Sheyner, O., and Wing, J.,2003. Tools for Generating and Analyzing Attack Graphs, FMCO 2003, 344-372.
  6. Sheyner, O., Haines, J., Jha, S., Lippmann, R., and Wing, J., 2002, Automated Generation and Analysis of Attack Graphs, IEEE Symposium on Security and Privacy 2002, 273-284.
  7. Swiler, L., Phillips, C., and Gaylor, T., 1998. A Graph-Based Network-Vulnerability Analysis System, tech. report, Sandia National Labs.
  8. . Karlof, C., and Wagner, D., 2003. Secure Routing in Sensor Networks: Attacks and Countermeasures, at the 1st IEEE International Workshop on Sensor Network Protocols and Applications.
  9. Hu, Y., Perrig, A., and Johnson, D., 2003. Packet leashes: a defense against wormhole attacks in wireless networks, in Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM), 1976-1986.
  10. Hu, L., and Evans, D., 2004. Using Directional Antennas to Prevent Wormhole attacks, in Network and Distributed Systems Security Symposium.
  11. Khalil, I., Bagchi, S., and Shroff, N., 2005. LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks, DSN 2005, 612-621.
  12. Chakrabarti, et al., 2004. Fully Automatic Cross-Associations, in Proceedings of the 10th ACM International Conference on Knowledge Discovery & Data Mining, Seattle, Washington, August 2004.
  13. Noel, S., Jajodia, S., 2005. Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices, acsac, 21st Annual Computer Security Applications Conference (ACSAC'05), 160-169.
  14. Noel, S., Robertson, E., and Jajodia, S., 2004. Correlating Intrusion Events and Building Attack Scenarios through Attack Graph Distances," acsac, 20th Annual Computer Security Applications Conference (ACSAC'04), 350-359.
Download


Paper Citation


in Harvard Style

Azer M., El-Kassas S. and El-Soudani M. (2006). USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 63-68. DOI: 10.5220/0002097700630068


in Bibtex Style

@conference{secrypt06,
author={Marianne Azer and Sherif El-Kassas and Magdy El-Soudani},
title={USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={63-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002097700630068},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection
SN - 978-972-8865-63-4
AU - Azer M.
AU - El-Kassas S.
AU - El-Soudani M.
PY - 2006
SP - 63
EP - 68
DO - 10.5220/0002097700630068