路由協定是無線節點於行動隨意網路(MANET)中傳輸封包仰賴的機制。MANET具有能快速設置、動態拓樸的節點及缺少如無線AP、轉接器等基礎設施等特性，這些特性讓MANET能應用於特定的場景如軍事用途、搜救或緊急行動。基於路由協定，節點互相提供連結資訊並能共同建立完整傳輸路徑。但傳輸安全是MANET中的一項問題，起因於MANET的特性如公開的媒介、缺少安全防線、非中心化的設置及路由協定中缺乏安全考慮的設計都讓MANET比有線網路更難於管理和抵禦利用這些弱點形成的攻擊。
竄改路由訊息即是一項對於MANET的攻擊，他可能造成封包流量改向以及其他延伸影響。 在這篇論文中，我們提出一入侵偵測模型建立於一廣為使用的路由協定AODV。在我們模型是利用前兩轉送節點的概念建立基於規格式的入侵偵測，即利用前一節點的訊息來確認收到訊息的完整性，如此一來所有原來易遭受竄改的訊息欄位在傳輸過程中可以確保完整性。 整合於AODV之規格式入侵偵測模型是一輕量化的設計且能直接應用的分散式偵測模型，我們在GloMoSim的模擬實驗中證明此方法在網路及安全效能都能有理想的表現。

A Routing protocol is an essential element that MANET relies on to transmit packets. MANET has characteristics of fast deployment, dynamic topology and is without infrastructure elements such as wireless AP, router and switcher which make it a suitable environment for certain application. The application include such as military use, rescue search or emergency. With a routing protocol, each mobile node provided connection information to others and cooperates to form the complete transmission. Security issues are one problem of MANET that need to be solved. It is caused by the fundamental characteristic of open medium, lack of defense line, decentralized placement and the fact that routing protocols are designed without security concerns. The special nature of MANET also makes it difficult to manage compared wired network and is vulnerable for malicious attack.
Tampering with routing message is such an attack of MANET that may cause traffic redirection and other related affect. In the thesis, we proposed an intrusion detection model built on the AODV routing protocol, which is the most popular routing protocol of MANET. Our model, Specification-based Intrusion Detection Model (SIDM) is design with the concept of Previous Two Forwarder (PTF), which utilizes the previous hop routing message to assure the integrity of incoming routing message, as a result, all vulnerable message fields that could be tampered from routing message attacks are protected during transmission. SIDM is a lightweight and directly applicable distributed intrusion detection model that can be integrated with AODV. We prove the model execute well in network and security performance with GloMoSim network simulator.

[1] Y. Hao, et al., "Security in mobile ad hoc networks: challenges and solutions," Wireless Communications, IEEE, vol. 11, pp. 38-47, 2004.
[2] M. Hollick, et al., "On the effect of node misbehavior in ad hoc networks," in Communications, 2004 IEEE International Conference on, 2004, pp. 3759-3763 Vol.6.
[3] S. Marti, et al., "Mitigating routing misbehavior in mobile ad hoc networks," presented at the Proceedings of the 6th annual international conference on Mobile computing and networking, Boston, Massachusetts, United States, 2000.
[4] D. Hongmei, et al., "Routing security in wireless ad hoc networks," Communications Magazine, IEEE, vol. 40, pp. 70-75, 2002.
[5] H. Yih-Chun and A. Perrig, "A survey of secure wireless ad hoc routing," Security & Privacy, IEEE, vol. 2, pp. 28-39, 2004.
[6] C. Perkins, et al., "RFC3561: Ad hoc on-demand distance vector (AODV) routing," Internet RFCs, 2003.
[7] P. Ning and K. Sun, "How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols," in Information Assurance Workshop, 2003. IEEE Systems, Man and Cybernetics Society, 2003, pp. 60-67.
[8] W. Weichao, et al., "On vulnerability and protection of ad hoc on-demand distance vector protocol," in Telecommunications, 2003. ICT 2003. 10th International Conference on, 2003, pp. 375-382 vol.1.
[9] Y.-a. Huang and W. Lee, "Attack Analysis and Detection for Ad Hoc Routing Protocols," in Recent Advances in Intrusion Detection. vol. 3224, E. Jonsson, et al., Eds., ed: Springer Berlin / Heidelberg, 2004, pp. 125-145.
[10] B. Kannhavong, et al., "A survey of routing attacks in mobile ad hoc networks," Wireless Communications, IEEE, vol. 14, pp. 85-91, 2007.
[11] S. D. Xu, et al., "Secure AODV routing protocol using one-time signature," Mobile Ad-Hoc and Sensor Networks, Proceedings, vol. 3794, pp. 288-297, 2005.
[12] C. R. Zhang, et al., "Secure AODV routing protocol using SL multi-signcryption," Chinese Journal of Electronics, vol. 16, pp. 311-314, Apr 2007.
[13] K. Sanzgiri, et al., "A secure routing protocol for ad hoc networks," in Network Protocols, 2002. Proceedings. 10th IEEE International Conference on, 2002, pp. 78-87.
[14] M. G. Zapata and N. Asokan, "Securing ad hoc routing protocols," presented at the Proceedings of the 1st ACM workshop on Wireless security, Atlanta, GA, USA, 2002.
[15] D. Cerri and A. Ghioni, "Securing AODV: The A-SAODV secure routing prototype," Ieee Communications Magazine, vol. 46, pp. 120-125, Feb 2008.
[16] H. Yi-an, et al., "Cross-feature analysis for detecting ad-hoc routing anomalies," in Distributed Computing Systems, 2003. Proceedings. 23rd International Conference on, 2003, pp. 478-487.
[17] C. H. Tseng, et al., "DRETA: distributed routing evidence tracing and authentication intrusion detection model for MANET," presented at the Proceedings of the 2nd ACM symposium on Information, computer and communications security, Singapore, 2007.
[18] H. Nakayama, et al., "A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks," Ieee Transactions on Vehicular Technology, vol. 58, pp. 2471-2481, Jun 2009.
[19] C.-Y. Tseng, et al., "A specification-based intrusion detection system for AODV," presented at the Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, Fairfax, Virginia, 2003.
[20] Y. Zhang, et al., "Intrusion Detection Techniques for Mobile Wireless Networks," Wireless Networks, vol. 9, pp. 545-556, 2003.
[21] C. Ko, et al., "Execution monitoring of security-critical programs in distributed systems: a Specification-based approach," presented at the Proceedings of the 1997 IEEE Symposium on Security and Privacy, 1997.
[22] Y. A. Huang and W. Lee, "Attack analysis and detection for ad hoc routing protocols," Recent Advances in Intrusion Detection, Proceedings, vol. 3224, pp. 125-145, 2004.
[23] K. Sanzgiri, et al., "Authenticated routing for ad hoc networks," Selected Areas in Communications, IEEE Journal on, vol. 23, pp. 598-610, 2005.
[24] Y.-C. Hu, et al., "Ariadne: a secure on-demand routing protocol for ad hoc networks," Wirel. Netw., vol. 11, pp. 21-38, 2005.
[25] Z. Lidong and Z. J. Haas, "Securing ad hoc networks," Network, IEEE, vol. 13, pp. 24-30, 1999.
[26] A. Khalili, et al., "Toward secure key distribution in truly ad-hoc networks," in Applications and the Internet Workshops, 2003. Proceedings. 2003 Symposium on, 2003, pp. 342-346.
[27] J. Biswas and S. K. Nandy, "Efficient Key Management and Distribution for MANET," in Communications, 2006. ICC '06. IEEE International Conference on, 2006, pp. 2256-2261.
[28] R. Puttini, et al., "A Modular Architecture for Distributed IDS in MANET," in Computational Science and Its Applications — ICCSA 2003. vol. 2669, V. Kumar, et al., Eds., ed: Springer Berlin / Heidelberg, 2003, pp. 984-984.
[29] D. Subhadrabandhu, et al., "A framework for misuse detection in ad hoc networks- part II," Selected Areas in Communications, IEEE Journal on, vol. 24, pp. 290-304, 2006.
[30] D. Subhadrabandhu, et al., "A framework for misuse detection in ad hoc Networks-part I," Selected Areas in Communications, IEEE Journal on, vol. 24, pp. 274-289, 2006.
[31] Y. Zhang and W. Lee, "Intrusion detection in wireless ad-hoc networks," presented at the Proceedings of the 6th annual international conference on Mobile computing and networking, Boston, Massachusetts, United States, 2000.
[32] Y.-a. Huang and W. Lee, "A cooperative intrusion detection system for ad hoc networks," presented at the Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, Fairfax, Virginia, 2003.
[33] B. Sun, et al., "Routing anomaly detection in mobile ad hoc networks," in Computer Communications and Networks, 2003. ICCCN 2003. Proceedings. The 12th International Conference on, 2003, pp. 25-31.
[34] C. H. Tseng, et al., "A specification-based intrusion detection model for OLSR," Recent Advances in Intrusion Detection, vol. 3858, pp. 330-350, 2006.
[35] C. Tseng, et al., "DEMEM: Distributed Evidence-Driven Message Exchange Intrusion Detection Model for MANET," in Recent Advances in Intrusion Detection. vol. 4219, D. Zamboni and C. Kruegel, Eds., ed: Springer Berlin / Heidelberg, 2006, pp. 249-271.
[36] Global Mobile Information System Simulator (GloMoSim) http://pcl.cs.ucla.edu/projects/glomosim/
[37] http://moment.cs.ucsb.edu/AODV/
[38] P. Johansson, et al., "Scenario-based performance analysis of routing protocols for mobile ad-hoc networks," presented at the Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking, Seattle, Washington, United States, 1999.