Intrusion detection for secure communications in data networks

Abstract

Guaranteeing secure and reliable communications in wireless and wired networks is very important in recent and future networks. In this thesis, we propose effective defense schemes to protect wireless adhoc network and wired networks from illegal intrusions. Wireless mobile adhoc networks (MANETs) have many applications to the environments where creating fixed infrastructure is prohibitive. However, as the medium is easily monitored, the topology of the network is dynamic, the networking protocols rely on distributed cooperation of the nodes, and the nodes have constrained capabilities, MANETs are particularly vulnerable to intrusions, especially to sinkhole intrusion. The sinkhole intrusion redirects all routes in the networks to a sinkhole node to do malicious behaviors. In this thesis, we propose an efficient method for sinkhole intrusion detections in MANETs using Dynamic Source Routing (DSR) protocol. The proposed method uses the route record of transmitted route request messages for detection, and removes the identified attack node from the network. Through the computer simulations, we show that the proposed method has better performance than other sinkhole detection methods in terms of detection rate, detection time, and energy consumption. Another issue dealt with in the thesis is a scheme to defend against service denial attacks in large scale networks. Distributed Denial of Service (DDoS) attack causes very serious problems to availability or stability of the Internet. A very large number of compromised agent hosts which are distributed widely on the Internet generate enormous volume of traffic to a target system to prohibit providing services. As they spoof the source IP address of their packets, it is very difficult to trace them. All systems connected to the Internet can be a victim although they are well-equipped in security. In this thesis, an effective defense scheme is proposed. Unlike other methods, source IP spoofing feature is adopte...