Detecting and Responding to Malicious Misbehavior in MANETs
2023-06-25 14:41:36When node C accepts packet 1, it is forced to generate a TWOACK packet containing the reverse path from node A to node C and return that TWOACK packet to node A. Node A to Node C succeeded. Otherwise, if a TWOACK packet is not received within a predetermined period of time, Node A reports both malicious Nodes B and C. The same process is applied to each of three consecutive nodes along the remaining routes.
Intrusion detection system (IDS) is a device or software application that monitors networks or systems about malicious activity or policy violation. Malicious activity or violation is usually reported to the administrator or collected centrally using security information and event management (SIEM) systems. The SIEM system combines outputs from multiple sources and uses alert filtering techniques to distinguish between malicious activity and false alarms. Types of IDS range from a single computer to a large network. The most common classifications are Network Intrusion Detection System (NIDS) and Host Based Intrusion Detection System (HIDS). The system that monitors important operating system files is an example of HIDS and the system to analyze incoming network traffic is an example of NIDS.
Intrusion Prevention System (IPS) monitors network packets for potentially harmful network traffic. However, the intrusion detection system responds to potentially malicious traffic by logging traffic and issuing an alarm notification, and the intrusion prevention system can detect that by rejecting potentially harmful packets We respond to such traffic. Host Intrusion Detection System (HIDS) runs on all computers or devices on the network and provides direct access to the Internet and corporate intranet. HIDS is better than NIDS because it may be able to detect malicious network packets from within the organization or malicious traffic that NIDS failed to detect. HIDS can also identify malicious traffic originating from the host itself, such as when a host infects malware and attempts to propagate to other systems.