Responsive Intrusion Detection for Tactical Adhoc Networks (RITA)

Details

Brief description

In this project the participants Forschungsgesellschaft für Angewandte Naturwissenschaften (FGAN) / Forschungsinstitut für Kommunikation, Informationsverarbeitung und Ergonomie (FKIE), Fraunhofer-Institut für Graphische Datenverarbeitung (IGD) (Abteilung Sicherheitstechnologie), Universität Bonn (Institut für Informatik 4) and Fachhochschule Köln (Labor für Kommunikationstechnik und Datensicherheit) improve an Intrusion Detection System (IDS) for tactical Mobile Ad hoc Networks (MANETs) developed in the MITE project.

MANETs are self-configuring wireless networks without fixed infrastructure. Especially in military scenarios, a fixed, functioning infrastructure can not be assumed, since hostile units are likely to destroy existing communication infrastructure. Therefore, in such scenarios the use of MANETs is of special interest. The transmission of sensible data (e.g. GPS-information of soldiers), high probability of enemy units and severe consequences of exploited security leaks (in the worst case human losses) lead to a high demand for security in tactical MANETs.

Therefore, the goal of this project is to improve an existing Intrusion Detection System to secure tactical MANETs. This IDS is able to detect attacks known from wired networks (e.g. SYN-Flooding) as well as attacks especially targeted at MANETs (e.g. Black Hole Attacks). Despite the IDS showing a very good detection rate, it is still possible to improve it. For example, new detection techniques should be added. Furthermore, the IDS itself may be the target of attacks. Thus, appropriate steps to secure the IDS must be found. Finally, just detecting an attack is not enough. After the detection of an attack there has to be an adequate reaction. Thus, the project has the following main goals:

  • evaluate and improve performance of the IDS
  • detect attacks against IDS itself and develop countermeasures against these attacks
  • find and evaluate different reactions to detected attacks