A Specification-Based Intrusion Detection Model for OLSR

The unique characteristics of mobile ad hoc networks, such as shared wireless channels, dynamic topologies and a reliance on cooperative behavior, makes routing protocols employed by these networks more vulnerable to attacks than routing protocols employed within traditional wired networks. We propose a specification-based intrusion-detection model for ad hoc routing protocols in which network nodes are monitored for operations that violate their intended behavior. In particular, we apply the model to detect attacks on the OLSR (Optimized Link State Routing) protocol. We analyze the protocol specification of OLSR, which describes the valid routing behavior of a network node, and develop constraints on the operation of a network node running OLSR. We design a detection mechanism based on finite state automata for checking whether a network node violates the constraints. The detection mechanism can be used by cooperative distributed intrusion detectors to detect attacks on OLSR. To validate the research, we investigate vulnerabilities of OLSR and prove that the developed constraints can detect various attacks that exploit these vulnerabilities. In addition, simulation experiments conducted in GlomoSim demonstrate significant success with the proposed intrusion detection model.