Plenary Lecture
Application of Forensic Analysis for Intrusion Detection against DDoS Attacks in Mobile Ad Hoc Networks
Associate Professor Valentina V. Timcenko
University of Belgrade
Mihailo Pupin Institute
Serbia
E-mail: valentina.timcenko@institutepupin.com
Abstract: This paper addresses a specific approach to resolving the problem of intrusion detection against distributed denial of service (DDoS) attacks in mobile ad hoc networks (MANET). Generally, the main function of an intrusion detection system (IDS) is to inspect the network for malicious activities, policy violations and security loopholes integrity, and to generate the appropriate reports. Network forensics concerns examining a network for anomalous traffic and identifying intrusions. It is particularly useful in decreasing of the likelihood of reoccurrence of the same intrusion activities.
In the first part of the paper, we provide a comprehensive overview of recent advances in network forensics in MANET environment. In the second part of the paper, we propose a model of IDS that uses network forensics to detect DDoS attack in MANET. The forensic analysis relies on inspecting simultaneous malicious activities of a group of attackers (zombies). Since DDoS attack traffic can appear rather alike to legitimate traffic in the sense of bit rate and packet size, the applied method should minimize the risk of misinterpreting legitimate traffic as attack traffic (false positives). Further, since DDoS zombies are actually mobile nodes, which can follow different mobile patterns and have different speeds, particular attention has been focused to individual and group mobility models.
Finally, we present a performance analysis of the proposed model that comprises the node number, node speed, attack duration and the influence of applied mobility patterns. The study has been carried out by the network simulator ns-2 and its associated tools for mobility scenario generation, network animation and trace files analysis.
Brief Biography of the Speaker:
Valentina V. Timcenko received her B.Sc. (2004), M.Sc. (2010) and is currently in the process of gaining PhD degrees in Electrical Engineering from the University of Belgrade, Serbia. She joined Mihailo Pupin Institute in Belgrade in 2004, where she is currently research associate in the area of telecommunication networks. She has participated in several research projects and studies concerning NGN design and network management systems. As author or coauthor, she published more than 30 papers in national and international journals, books and conferences. Her basic scientific and professional commitment includes research, design and implementation of solutions for telecommunications and transport networks, especially in area of mobile ad hoc networks, simulation and proper software design related to operating systems Windows and Linux. She is also involved in projects related to operating systems, data protection, disc and filesystem optimization and connecting UNIX with different Operating Systems. She posses the following Cisco certificates: CCNA, and BSCI (642-901).