Observation Techniques for Detecting Malicious Behavior in Ad-hoc Networks

A mobile ad-hoc network (MANET) is a collection of wireless, self-organizing nodes, each capable of routing network traffic and having the ability to be mobile. A MANET has no central authority nor fixed network infrastructure, and the dynamic nature and openness of MANETs lead to potential vulnerabilities. Since there is no guarantee of connection to the wired Internet, accepted security practices involving third party authentication servers becomes an unrealistic expectation. Even with authentication, there is the potential for abuse.

Our research has focused on being the "eyes and ears" for trust evaluation. We have developed an extensive simulation to investigate the viability of detecting malicious and faulty node behavior in MANETs. We first show detection capability at the network layer and introduce two techniques for reacting to malicious behavior. We then demonstrate detection using information from multiple layers of the OSI stack. Finally, we tie everything together by combining the detection techniques with a field communications scenario.