Intrusion Detection System Resiliency to Byzantine Attacks: The Case Study of Wormholes in OLSR
J.S. Baras, S. Radosavac, G. Theodorakopoulos, D. Sterne, P. Budulas and R. Gopaul
Proceedings of the 2007 Military Communication Conference, pp. 1-7, Orlando, FL, October 29-31, 2007.
In this paper we extend the work presented in  by quantifying the effects of in-band wormhole attacks on Intrusion Detection Systems. More specifically, we propose a mathematical framework for obtaining performance bounds of Byzantine attackers and the Intrusion Detection System (IDS) in terms of detection delay. We formulate the problem of distributed collaborative defense against coordinated attacks in MANET as a dynamic game problem. In our formulation we have on the one hand a group of attackers that observe what is going on in the network and coordinate their attack in an adaptive manner. On the other side, we have a group of defending nodes (the IDS nodes) that collaboratively observe the network and coordinate their actions against the attackers. Using extensions of the game theoretic framework of  we provide a mathematical framework for efficient identification of the worst attacks and damages that the attackers can achieve, as well as the best response of the defenders. This approach leads to quantifying resiliency of the routing-attack IDS with respect to Byzantine attacks.