Daniel Sterne
SPARTA
USA

Richard Gopaul
U.S. Army Research Laboratory
USA

Geoffrey Lawler
SPARTA
USA

Peter Kruus
SPARTA
USA

Detecting certain attacks on MANETS requires cooperative detection techniques that rely on ordinary, computing hosts serving as intrusion sensors. A fundamental problem is that if these nodes are compromised, they may inject bogus data into the intrusion detection system to conceal the presence of attackers or falsely accuse well-behaved nodes. Byzantine fault tolerance approaches that involve voting are potentially applicable, but must address the fact that only nodes in particular topological locations at a particular time 1) can observe the symptoms of a particular attack and 2) are therefore eligible to vote on whether an attack occurred.
We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in an OLSR network. We propose an opportunistic voting algorithm and present test results from a 48-node MANET emulation testbed in which pairs of colluding attacker nodes generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.

Keywords: wormhole, MANET, Intrusion Detection, Byzantine

Read Paper (in PDF)