CHALLENGES IN MOBILE AD HOC NETWORKS

ABSTRACT:

small

In the near future, a pervasive computing

Assistants (PDAs), mobile phones, and

environment can be expected based on the

laptops enhance the information processing

recent

in

and accessing capabilities with mobility. To

computing and communication technologies.

cater the needs of such devices, modern

Next generation of mobile communication

technologies should adopt new model of

will include both popular infrastructured

pervasive

wireless

architectures, standards, devices, services,

progresses

and

networks

advances

and

novel

devices

like

computing

Personal

Digital

including

new

infrastructureless mobile ad-hoc networks

tools and protocols.

(MANETs). A MANET is a collection of

Mobile computing is the one of the most

wireless nodes that can dynamically form a

important technology supporting pervasive

network to exchange information without

computing. Advances in both hardware and

using

network

software techniques have enabled the spread

infrastructure. Wireless ad-hoc networks are

of mobile hosts and wireless networking to

increasingly being used in the battlefield,

masses. Generally, there are two modes in

emergency search, rescue missions. The

which

special features of MANET bring great

communicate:

any

pre-existing

opportunities

together

challenges.

This

report

fixed

with

severe

describes

the

concept, features, status and fundamental

problems of ad hoc networking. Special
attention is paid on network layer routing
strategy and intrusion detection in MANETs.

1. INTRODUCTION

based

upon

information

resources

provided by the connections of various

communication networks for users. New
Dept. I.T, AITS

mobile

nodes

can

1. Infrastructured: In this mode, all the

communication among the mobile nodes
goes through a base station. A Base
station is also known as access point.
These base stations are connected to the
fixed infrastructure or wired networks.
2. Infrastructureless:

Our future living environments are likely to

be

wireless

This

mode

of

communication is known as a mobile ad

hoc network(MANET). A MANET is
collection of wireless nodes that can
dynamically form a network to exchange

information without using any pre-

hop but which maintain a stable route

existing fixed network infrastructure.

between them. This may be the result

This is a very important part of

of several nodes staying within

communication technology that supports

communication range of each other in

truly pervasive computing, because in

a single area or possibly moving as a

many contexts information exchange

group. The traffic is similar to

between mobile units cannot rely on any

standard network traffic.

3. Dynamic Traffic: This occurs when

fixed network infrastructure, but on

rapid

configuration

connections

of

on-the-fly.

nodes are dynamic and moving

wireless

around. Routes must be reconstructed.

A typical

This results in a poor connectivity and

example of this mode of communication

network activity in short bursts.

is people sitting in the conference room

and

exchanging

data

among

them

without any fixed infrastructure.

2. RELATED BACKGROUND
2.1 MANET Concept

2.2 MANET Features

MANET has the following features:
1

which may function as both a host and a

wireless nodes that can dynamically be set

router. In other words, besides the basic

up anywhere and anytime without using any

processing ability as a host, the mobile

pre-existing network infrastructure. It is an

nodes

autonomous system in which mobile hosts

endpoints

randomly. In MANET, nodes act both as

infrastructured wireless network, including:

1. Peer-to-Peer:

can

functions as

connected by wireless links are free to move

networks are quite different from those in an

In MANET,

each mobile host is autonomous node,

A mobile ad hoc network is a collection of

host and routers. The traffic types in ad hoc

Autonomous terminal:

also

perform

switching

a router. So usually
and

switches

are

indistinguishable in MANET.
2

Distributed operation: Since there is

no background network for the central
control of the network operations, the

Communication

control and management of the network

between two nodes, which are within

is distributed among the terminals. The

one hop.
2. Remote-to-Remote: Communication

nodes involved in a MANET should

between two nodes beyond a single

Dept. I.T, AITS

collaborate amongst themselves and

2

each node acts as a relay as needed, to

implement functions e.g. security and

routing.

Fluctuating link capacity: The nature

of high bit-error rates of wireless
connection might be more profound in a

Multi-hop routing: Basic types of ad

MANET. One end-to-end path can be

hoc routing algorithms can be single-hop

shared by several sessions. The channel

and multi-hop. Single-hop MANET is

over which the terminals communicate is

simpler than multihop in terms of

subject to noise, fading, and interference,

structure and implementation, with the

and has less bandwidth than a wired

cost

of

lesser

functionality

and

network. In some scenarios, the path

delivering

data

between any pair of users can traverse

packets from a source to its destination

multiple wireless links and the link

out of the direct wireless transmission

themselves can be heterogeneous. One

range, the packets should be forwarded

effect of the relatively low to moderate

via one or more intermediate nodes.

capacities is that congestion is typically

Dynamic network topology: Since the

the norm rather than the exception i.e.

nodes are mobile, the network topology

aggregate application demand will likely

may change rapidly and unpredictably

approach or exceed network capacity

and

frequently.

applicability.

the

When

connectivity

among

the

terminals may vary with time. MANET

should

adapt

to

the

traffic

Energy-constrained operation: Some

and

or all of the nodes in a MANET may

propagation conditions as well as the

rely on batteries or other means for their

mobility patterns of the mobile network

energy. Such devices need optimized

nodes. The mobile nodes in the network

algorithms

and

mechanisms

that

dynamically establish routing among

implement

the

computing

and

themselves as they move about, forming

communicating functions.

their own network on the fly. Moreover,

Limited physical security: MANETs

a user in the MANET may not only

are generally more prone to physical

operate within the ad hoc network, but

security threats than are fixed cable

may require access to a public fixed

networks. The increased possibility of

network.

eavesdropping, spoofing and denial-of-

Dept. I.T, AITS

service attacks should be carefully

there are many open problems for research

considered.

and significant contributions.

2.3. MANET Status

Ad hoc network is not a new concept. It was
first

deployed

in

military

in

1970s.

Commercial interest in such networks has

grown recently due to the advancement in

3. Challenges In MANETs
The special features of MANET bring this
technology great opportunity together with
severe challenges. These include:

the wireless communication. A new working

3.1 Routing in MANETs

group for MANET has been formed within

The main function of the network layer is

the Internet Engineering Task Force (IETF)

routing packets from the source machine to

to investigate and develop standards for

the

Internet routing support for mobile, wireless

algorithm is that part of the network layer

IP autonomous segments and develop a

software responsible for deciding which

framework for running IP based protocols in

output line as incoming packet should be

ad hoc networks.

transmitted on. The algorithms that choose

The recent IEEE standard 802.11 has

the routes and the data structures that they

increased the research interest in the field.

use are a major area of network layer design.

Many

What

international

conferences

and

destination

makes

machine.

routing

The

routing

algorithm

workshops have been held by e.g. IEEE and

challenging task in the ad hoc network

ACM. For instance, MobiHoc (The ACM

when

Symposium on Mobile Ad Hoc Networking

available for the wired network?

& Computing) has been one of the most

important

conferences

of

ACM

SIGMOBILE (Special Interest Group on

Mobility of Systems, Users, Data and
Computing). Research in the area of ad hoc
networking is receiving more attention from
academia, industry, and government. Since
these networks pose many complex issues,

Dept. I.T, AITS

there

are

lots

of

algorithms

The reason is the changing topology of the

ad hoc networks. All the rules of wired
network i.e. fixed topologies, fixed and
known

neighbors

are

automatically

becoming out of scope. With an ad hoc

network, the topology may be changing all
the time; so valid routes can change
spontaneously without any warning.

demand-based operation is unacceptable.

If bandwidth and energy resources
permit, proactive operation is desirable
The following are the desirable properties
of MANET routing protocol:
1

Without

some

form

of

network-level or link layer security, a

central point like wired network, each

MANET routing protocol is vulnerable

and every node in the MANET performs

to many forms of attack. It may be

routing.

relatively simple to snoop network

not

traffic, manipulate packet headers and

incorporated in the routing protocol, the

redirect routing messages, within a

TTL value could be used to prevent

wireless network without appropriate

packet from roaming in the network for

security provisions.

Loop

freedom:

Though,

if

Sleep period operation: As a result of

this property is desirable for efficient use

energy conservation, or some other need

of

to be inactive, nodes of a MANET may

resources

and

better

overall

performance.

stop transmitting and/or receiving for

Demand-based operation: Instead of

arbitrary time periods.

assuming a uniform traffic distribution

protocol should be able to accommodate

within the network and maintaining

such

routing information between all nodes at

adverse consequences.

all times, routing algorithm should adapt

Security:

Distributed operation: Since there is no

arbitrarily long periods of time. But, still

in these contexts.

sleep

periods

Unidirectional

link

A routing

without

overly

support:

Bi-

to the traffic pattern on a demand or

directional links are typically assumed in

need basis. It should be done in such a

the design of routing algorithms, and

way so that it could utilize mobile nodes

many

energy and network bandwidth more

functioning properly over unidirectional

efficiently at the cost of increased route

links. But, unidirectional links can and

discovery delay.

do occur in wireless networks.

Proactive operation:

algorithms

are

incapable

of

This is the

opposite of demand-based operation. It

certain contexts, the additional latency
Dept. I.T, AITS

Example: Ad hoc On-demand Distance

nodes reply to route requests, they reply

Vector Routing

with the latest information only.

Ad hoc On-demand Distance Vector

(AODV) Routing:

When a node forwards a route request

packet to its neighbors, it also records in

AODV is the routing algorithm specially

its tables the node from which the first

designed for ad hoc networks. It is the

copy

distant relative of the Bellman-Ford

information is used to construct the

distance vector algorithm but adapted to

reverse path for the route reply packet.

work in a mobile environment. It takes

AODV uses only symmetric links

into account the limited bandwidth and

because the route reply packet follows

low battery life of the mobile nodes

the reverse path of route request packet.

found in the ad hoc environment. It

As the route reply packet traverses back

provides loop-free routes. Another very

to the source (Figure 3), the nodes along

important characteristic is that it is an

the path enter the forward route into

on-demand

their tables.

algorithm,

that

is,

it

determines a route to some destination

only when somebody wants to send a
packet to that destination.

of

the

request

came.

This

If the source moves, then it can reinitiate

route discovery to the destination. If one
of the intermediate nodes move, then the

To find a path to the destination, the

moved nodes neighbor realizes the link

source broadcasts a route request packet.

failure

The neighbors in turn broadcast the

notification to its upstream neighbors

packet to their neighbors till it reaches

and so on till it reaches the source upon

an intermediate node that has a recent

which the source can reinitiate route

route information about the destination

discovery if needed.

and

sends

link

failure

or till it reaches the destination (Figure

2). A node discards a route request
packet that it has already seen. The route
request packet uses sequence numbers to
ensure that the routes are loop free and
to make sure that if the intermediate
Dept. I.T, AITS

3.2 Intrusion detection

Intrusion

detection

has

become

very

important within the realm of network

security especially in the case wireless ad
hoc networks. Intrusion detection is defined
as the method to identify any set of actions
that attempt to compromise the integrity,
Figure 2. Propagation of Route Request
Packet (RREQ)

confidentiality or availability of a resource.

It is the techniques that attempt to detect
intrusion into a computer or network by
observing the actions, security logs, or audit
data.
Following are some primary assumptions
that has to be made when working on
intrusion detection:
1

User

and

program

activities

are

observable, that is the information

Figure 3. Path taken by the Route Reply
Packet (RREP)

regarding the usage of a system by a

user or program must be recordable
and analyzable.
2

Normal and intrusive behavior must

have distinct characteristics.

In order to detect an intrusion attack, one

needs to make use of a model of intrusion.
That is, we need to know what an Intrusion
Detection System (IDS) should look out for.
There are two types of models employed in
current IDS:
1

Anomaly Detection: The first model

bases its detection upon the profile of a

Dept. I.T, AITS

users normal behavior. It analyzes the

when attacker tries to exploit a bug in

users current session and compares

such code. NIDS are host independent

them to the profile representing the

but can also be a software package

users normal behavior. It raises alarm

installed on dedicated workstation.

if significant deviation is found during

Side effect of NIDS is that its active

the comparison of audit data and users

scanning can slow down the network

profile. This type of detection system

considerable.

is well suited to detect known or

2

Host-based IDS (HIDS): A Host-

previously not encountered attacks.

based IDS is concerned with what is

Misuse Detection:

It bases its

happening on each individual host.

detection upon comparison of users

They are able to detect actions such as

session or commands with the rule

repeated failed access attempts or

base of techniques used by the

changes to critical system files. It

attackers previously. This model looks

normally operates by accessing log

for known attacks in the users

files or monitoring real-time system

behavior. A typical misuse detection

usage.

system takes in audit data for analysis

Why the existing IDS cannot be used in

and compares the data to large

the ad hoc network?

database of known attack signatures.

The vast difference between the two

Most of the IDS take either a network-

networks makes it very difficult to apply

based or hostbased approach based on

intrusion detection techniques developed for

the source of audit data.

a fixed wired network to an ad hoc wireless

Network-based IDS (NIDS): An IDS

network. The most important difference is

is network based when it looks for

perhaps that the ad hoc network does not

these patterns in network traffic. It

have a fixed infrastructure and todays

listens on the network and capture and

network-based IDSs, which rely on real-time

examine individual packet flowing

traffic analysis, can no longer function well

through a network. They are able to

in this new environment. Therefore, at any

look at the payload within a packet, to

one time, the only available audit trace will

see which particular host application is

be limited to communication activities

being accessed, and to raise alerts

taking place within the radio range, and the

Dept. I.T, AITS

intrusion detection algorithms must be made

the previous state, and resume the

to work on this partial and localized

operations before the crash.

information.

5. Apart from detecting and responding

Further, there may not be a clear separation

between normalcy and anomaly in wireless
ad hoc network. A node that sends out false
routing information could be the one that
has been compromised, or merely the one
that is temporarily out of sync due to
physical

movement.

ID

may

find

it

increasing difficult to distinguish false

alarms from real intrusion.

to intrusions, an IDS should also

monitor itself and detect if it has
been compromised by an attacker.
6. An IDS should have a proper
response. In other words, an IDS
should not only detect but also
respond

to

preferably

detected

intrusions,

without

human

intervention.
7. Accuracy of the IDS is another major

The following are the desirable features of

factor in MANETs. Fewer false

Intrusion Detection System for MANET:

positives and false negatives are

1. The IDS should not introduce a new

weakness in the MANET. That is,

desired.
8. It should interoperate with other

the IDS itself should not make a

intrusion

node any weaker than it already is.

collaboratively detect intrusions.

2. An IDS should run continuously and

remain transparent to the system and
users.

systems

to

Example: A Distributed IDS

Distributed IDS:
In their pioneering work on intrusion

3. The IDS should use as little system

resources as possible to detect and
prevent intrusions. IDSs that require
excessive

detection

communication

among

nodes or run complex algorithms are

not desirable.
4. It must be fault-tolerant in the sense
that it must be able to recover from

detection in MANETs, Zhang and Lee

describe a distributed and cooperative
intrusion detection model where every node
in the network participates in intrusion
detection and response [3]. In this model, an
IDS agent runs at each mobile node, and
performs local data collection and local
detection, whereas cooperative detection and

system crashes, hopefully recover to

Dept. I.T, AITS

global intrusion response can be triggered

nodes, such as the IDS agents in the network

when a node reports an anomaly. It

electing

considers abnormal updated to routing

communication module provides a high-

tables.

confidence communication channel among

The internals of an IDS agent are structured

a remedial

action. A secure

IDS agents.

into six pieces, as shown in Figure. Each

This

node

cooperative intrusion detection architecture

does

local

independently,

and

intrusion

detection

neighboring

IDS

presents

distributed

and

nodes

based on statistical anomaly detection

collaboratively work on a larger scale.

techniques. This article was among the first

Individual IDS agents placed on each and

that had such a detailed distributed design.

every node run independently and monitor

local activities (including user, systems, and
communication activities within the radio
range), detect intrusions from local traces,
and initiate responses. Neighboring IDS
agents cooperatively participate in global
intrusion detection actions when an anomaly
is detected in local data or if there is
inconclusive evidence. The data collection
module gathers local audit traces and

Figure 4. An intrusion detection

system for MANETS

activity logs that are used by the local

4. CONCLUSION

detection engine to detect local anomaly.

This

Detection methods that need broader data

information of MANETs, which includes

sets or require collaborations among local

concepts, features and status. Thereafter, it

IDS agents use the cooperative detection

covers the two main challenges of MANETs

engine. Both the local and global response

i.e. Routing and Intrusion detection in detail.

modules provide intrusion response actions.

Various issues concerning different aspects

The local response module triggers actions

of ad hoc wireless networks are discussed.

local to this mobile node (e.g., an IDS agent

MANET is one of the most important and

alerting the local user), while the global one

essential technologies in current times.

coordinates
Dept. I.T, AITS

actions

among

report

describes

the

background

neighboring
10

MANETs can be exploited in a wide area of

applications,

from

military,

emergency

1. C.E-Perkins, E.M. Royer, "Ad Hoc on

Demand

Distance

Vector

(AODV)

rescue, law enforcement, commercial, to

Routing" August 1998 IETF Draft, 24

local and personal contexts. It has already

pages

gained critical mass among researchers in

2. C.E. Perkins and P. Bhagwat, "Highly

academia as well as in industry. Moreover,

Dynamic

there is also a flurry of activity in the

Distance-Vector Routing (DSDV) for

standards bodies in this area. Many routing

Mobile Computers", Comp. Comm.

protocols designed for ad hoc networks have

Rev., Oct. 1994, pp.234-244.

been proposed as Internet Draft and RFC of

Destination

Sequenced

3. Y. Zhang and W. Lee, Intrusion

IETF. However, MANET as a technology

Detection

can only become successful and popular if

Networks, 6th Intl. Conf. Mobile

the challenges related to routing and

Comp. And Net., Aug. 2000, pp. 27583.

intrusion detection, as described in this

4. A. Mishra, K. Nadkarni, and A. Patcha,

report, are adequately addressed.

in

Wireless

Ad

Hoc

Intrusion Detection in Wireless Ad Hoc

Networks, Wireless Communications,
IEEE, vol. 11, Feb 2004, pp. 48- 60.
5. S. Corson, J. Macker, "Mobile Ad hoc

Networking (MANET): Routing Protocol

Performance Issues and Evaluation
Considerations", RFC2501,

5. REFERENCES

Dept. I.T, AITS

11