MSc (Res)
Enhancing Bio-inspired Intrusion Response in Ad-hoc Networks
Maryamosadat Kazemitabar A.
August 2013
ABSTRACT
Practical applications of Ad-hoc networks are developing everyday and safeguarding their security is becoming more important. Because of their specific qualities, ad-hoc networks require an anomaly detection system that adapts to its changing behaviour quickly. Bio-inspired algorithms provide dynamic, adaptive, real-time methods of intrusion detection and particularly in initiating a response. A key component of bio-inspired response methods is the use of feedback from the network to better adapt their response to the specific attack and the type of network at hand.
However, calculating an appropriate length of time at which to provide feedback is crucial - premature feedback or delayed feedback from the network can have adverse effects on the attack mitigation process. The antigen-degeneracy response selection algorithm [Sch11] is one of the few bio-inspired algorithms for selecting the appropriate response for misbehavior that considers network performance and adapts to the network. The main drawback of this algorithm is that it has no measure of the amount of time to wait before it can take performance measurements (feedback) from the network. In this thesis, we attempt to develop an understanding of the length of time required before feedback is provided in a range of types of ad-hoc network that have been subject of an attack, in order that future development of bio-inspired intrusion detection algorithms can be enhanced.
Aiming toward an adaptive timer, we discuss that ad-hoc networks can be divided into Wireless Sensor Network (WSN), Wireless Personal Area Network (WPAN) and Spontaneously Networked Users (SNU). We use ns2 to simulate these three different types of ad-hoc networks, each of which is analysed for changes in its throughput after an attack is responded to, in order to calculate the corresponding feedback time. The feedback time in this case is the time it takes for the network to stabilise. Feedback time is not only essential to bio-inspired intrusion response methods, but can also be used in network applications where a stable network reading is required, e.g. security monitoring and motion tracking.
Interestingly, we found that the network feedback time does not vary greatly between the different types of networks, but it was calculated to be less than half of what Schaust and Szczerbicka used in their algorithm.