In this paper, we consider a cost-based extension of intrusion detection capability (C ID ). An objective metric motivated by information theory is presented and based on this formulation; a package for computing the intrusion detection capability of intrusion detection system (IDS), given certain input parameters is developed using Java. In order to determine the expected cost at each IDS operating point, the decision tree method of analysis is employed, and plots of expected cost and intrusion detection capability against false positive rate were generated. The point of intersection between the maximum intrusion detection capability and the expected cost is selected as the optimal operating point. Considering an IDS in the context of its intrinsic ability to detect intrusions at the least expected cost, findings revealed that the optimal operating point is the most suitable for the given IDS. The cost-based extension is used to select optimal operating point, calculate expected cost, and compare two actual intrusion detectors. The proposed cost-based extension of intrusion detection capability will be very useful to information technology (IT), telecommunication firms, and financial institutions, for making proper decisions in evaluating the suitability of an IDS for a specific operational environment.
Mobile Adhoc Networks (MANET) are susceptible to jamming attacks which can inhibit data transmissions. There has been considerable work done in the detection of external jamming attacks. However, detection of insider jamming attack in MANET has not received enough attention. The presence of an insider node that has constantly monitored the network and is privy to the network secrets can acquire sufficient information to cause irreparable damage. In this paper we propose a framework for a novel reputation-based coalition game between multiple players in a MANET to prevent internal attacks caused by an erstwhile legitimate node. A grand coalition is formed which will make a strategic security defense decision by depending on the stored transmission rate and reputation for each individual node in the coalition. Our results show that the simulation of the reputation-based coalition game would help improve the network's defense strategy while also reducing false positives that results from the incorrect classification of unfortunate legitimate nodes as insider jammers.
Security in mobile ad hoc networks (MANETs) is challenging due to the ability of adversaries to gather necessary intelligence to launch insider jamming attacks. The solutions to prevent external attacks on MANET are not applicable for defense against insider jamming attacks. There is a need for a formal framework to characterize the information required by adversaries to launch insider jamming attacks. In this paper, we propose a novel reputation-based coalition game in MANETs to detect and mitigate insider jamming attacks. Since there is no centralized controller in MANETs, the nodes rely heavily on availability of transmission rates and a reputation for each individual node in the coalition to detect the presence of internal jamming node. The nodes will form a stable grand coalition in order to make a strategic security defense decision, maintain the grand coalition based on node reputation, and exclude any malicious node based on reputation value. Simulation results show that our approach provides a framework to quantify information needed by adversaries to launch insider attacks. The proposed approach will improve MANET’s defense against insider attacks, while also reducing incorrect classification of legitimate nodes as jammers.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.