Agent-Based Immunological Intrusion Detection System for Mobile Ad-Hoc Networks Aleksander Byrski 1 and Marco Carvalho 2 1 AGH University of Science and Technology, Krak´ow, Poland olekb@agh.edu.pl 2 Institute for Human and Machine Cognition, Pensacola, U.S.A. mcarvalho@ihmc.us Abstract. Mobile Ad-hoc Networks are known to bring very special challenges to intrusion detection systems, mostly because of their dy- namic nature and communication characteristics. In the last few years, several research efforts have proposed the use of immune-inspired sys- tems for intrusion detection in MANETs. In most cases, however, only low-level pattern construction and matching have been considered, of- ten customized to specific routing strategies or protocols. In this paper we present a more general, agent-based approach to the problem. Our approach proposes the use of artificial immune systems for anomaly de- tection in a way that is independent of specific routing protocols and services. After introducing the problem and the proposed system, we describe our proof-of-concept implementation and our preliminary ex- perimental results over NS-2 simulations. 1 Introduction Anomaly and Intrusion Detection Systems (IDS) have long been proposed in support of security strategies for computer networks. Most commonly applied in the context of enterprise networks, conventional IDS generally relies on a number of detection elements (sensors) and some (often centralized) components that correlate information among sensors to identify anomalies. Such components are responsible for learning how to identify and differentiate normal (self) patterns, from abnormal (non-self) traffic or system patterns. Mobile Ad-hoc Networks (MANETs) are characterized by their lack of a fixed support infrastructure and their transient nature. Together, these char- acteristics lead to a very challenging environment for IDS implementation. Fre- quent changes in topology and communication patterns in MANETs require the use of specialized protocols and strategies for routing, transport and security. In particular, the use of autonomous agents performing the duties of a sin- gle security detector and being able to communicate with neighboring agents to share information and inferences is well suited for IDS implementation in MANETs. Biologically-inspired approaches for anomaly detection systems have proven to be very interesting, often yielding very effective results [1] for some applications. M. Bubak et al. (Eds.): ICCS 2008, Part III, LNCS 5103, pp. 584–593, 2008. c  Springer-Verlag Berlin Heidelberg 2008