USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection

Marianne Azer; Sherif El-Kassas; Magdy El-Soudani

doi:10.5220/0002097700630068

USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection

Marianne Azer, Sherif El-Kassas, Magdy El-Soudani

2006

Abstract

Ad hoc networks have lots of applications; however, a vital problem concerning their security aspects must be solved in order to realize these applications. Hence, there is a strong need for intrusion detection as a frontline security research area for ad hoc networks security. Among intrusion detection techniques, anomaly detection is advantageous since it does not need to store and regularly update profiles of known attacks. In addition the intrusion detection is not limited to the stored attack profiles, which allows the detection of new attacks. Therefore, anomaly detection is more suitable for the dynamic and limited resources nature of ad hoc networks. For appropriately constructed network models, attack graphs have shown their utility in organizing combinations of network attacks. In this paper, we suggest the use of attack graphs in ad hoc networks. As an example, we give an attack graph that we have created for the wormhole attack. For anomaly prediction, correlation, and detection in ad hoc networks, we suggest the use of two methods that rely basically on attack graphs. The first method is based on the attack graph adjacency matrix and helps in the prediction of a single or multiple step attack and in the categorization of intrusion alarms’ relevance. The second method uses the attack graph distances for correlating intrusion events and building attack scenarios. Our approach is more appropriate to ad hoc networks’ collaborative and dynamic nature, especially at the application level.

Download

Paper Citation

in Harvard Style

Azer M., El-Kassas S. and El-Soudani M. (2006). USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 63-68. DOI: 10.5220/0002097700630068

in Bibtex Style

@conference{secrypt06,
author={Marianne Azer and Sherif El-Kassas and Magdy El-Soudani},
title={USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={63-68},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002097700630068},
isbn={978-972-8865-63-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - USING ATTACK GRAPHS IN AD HOC NETWORKS - For Intrusion Prediction Correlation and Detection
SN - 978-972-8865-63-4
AU - Azer M.
AU - El-Kassas S.
AU - El-Soudani M.
PY - 2006
SP - 63
EP - 68
DO - 10.5220/0002097700630068