A specification-based intrusion detection engine for infrastructure-less networks

The proliferation of mobile computing devices has enabled the utilization of infrastructure-less networking as commercial solutions. However, the distributed and cooperative nature of routing in such networks makes them vulnerable to a variety of attacks. This paper proposes a host-based monitoring mechanism, called SIDE that safeguards the operation of the AODV routing protocol. SIDE encompasses two complementary functionalities: (i) a specification-based detection engine for the AODV routing protocol, and (ii) a remote attestation procedure that ensures the integrity of a running SIDE instance. The proposed mechanism operates on a trusted computing platform that provides hardware-based root of trust and cryptographic acceleration, used by the remote attestation procedure, as well as protection against runtime attacks. A key advantage of the proposed mechanism is its ability to effectively detect both known and unknown attacks, in real time. Performance analysis shows that attacks are resolved with high detection accuracy, even under conditions of high network volatility. Moreover, SIDE induces the least amount of control packet overhead in comparison with a number of other proposed IDS schemes.