-Himali Jani-Cong Cheng-Shuang Wu

A Vehicular Ad Hoc Networks Intrusion Detection System Based on

BUSNet

What is VANETs?

Vehicular Ad hoc NETworks (VANETs) , is a special case of Mobile Ad hoc NETworks (MANETs).

Cars as routers or nodes. 100-300 meters range. As cars fall out of the signal range

and drop out of the network

Security Challenges in VANETs

Security challenges: -Mobility-Dynamic topology-Open wireless medium-No use of secure routing protocols because of insider attack

Properties of this method includes: IDS architecture is hierarchical and Detection algorithm can study normal behavior of network through a neural network so works intelligently

Intrusion Defense

First line of defense: intrusion prevention techniques, such as authentication and encryption

Second line of defense: Intrusion Detection,

Which determines whether unauthorized users are attempting to access, have already accessed, or have compromised the network.

Related work

Two types IDS: monitoring based and clustering based Monitoring: watchdog to detect misbehaving nodes

and pathrater to help avoid these nodes THE CONFIDANT: cooperation of nodes fairness in

dynamic ad-hoc network CORE:only positive reports passed unlike confidant Clustering: head monitoring agent and detection

agent Choosing cluster heads based on connectivity,

proximity, resistance to compromise accessibility, processing and storage power

UAV_MBN: UAV and MBN ZBIDS: Zone based intrusion detection system

BUSNet

A virtual mobile backbone infrastructure constructed using public buses.

Virtual infrastructure: Does not require the setup of any physical infrastructure.

can be deployed rapidly into any metropolitan environment with regular public bus service.

Mobile : the main nodes that form the BUSNet backbone are moving buses.

Backbone infrastructure : used to provide a reliable data bus for vehicles to interact with each other over a metropolitan coverage if needed.

BUSNet

IDS based on BUSNet

Three layers: 1. VANETs 2. Buses 3. Access points: road side communication infrastructure ID technique in two categories : 1. Misuse detection: Can find known attacks effectively by

signature comparing 2. Anomaly detection : Effective in finding out unknown

attacks by looking for anomaly means any deviation from normal behavior. But gives more false alarm

Anomaly detection main parts: Feature selection, model of normal behavior and comparison (Explain all of them)

Feature selection : features from routing control messages and data packets. Bus collects the data and transfers to access points

Hierarchical Architecture of BUSNet

Experiments

Experiments

During the simulation

time, Attacks happened 4

times as follows:1. 20-40

2. 80-1003. 140-1804. 260-280

Neural network training and detection results

Detection error: AODV vs. DSDV vs. DSR

Thank You