Efficacy of misuse detection in adhoc networks

Subhadrabandhu, D.; Sarkar, Sajal; Anjum, Farooq

doi:10.1109/sahcn.2004.1381907

Cited by 19 publications

(6 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Refer to figure 1 for an example detection procedure. Now, all packets, except those that are directly transmitted from an intruder to its target (which usually constitutes a small fraction of the total number of packets [22] Due to the coverage redundancy several insiders may analyze a packet, and they may decide differently whether the packet is bad. The different decisions must be combined to determine whether the packet is indeed bad.…”

Section: Algorithms For Robust Intrusion Detectionmentioning

confidence: 99%

A Statistical Framework for Intrusion Detection in Ad Hoc Networks

Subhadrabandhu

Sarkar

Anjum³

2006

Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications

Self Cite

View full text Add to dashboard Cite

We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically fail to detect attacks and also generate false positives. Combining theories of hypothesis testing and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. But, we show that the selection of the optimal set of nodes for executing the IDS is an NPhard problem. We describe a polynomial complexity, distributed selection algorithm, "Maximum Unsatisfied Neighbors in Extended Neighborhood" (MUNEN) that attains the best possible approximation ratio. The aggregation rules and MUNEN can be executed by mobile nodes with limited processing power. The overall framework provides a good balance between complexity and performance for attaining robust intrusion detection in ad hoc networks. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. Abstract-We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically fail to detect attacks and also generate false positives. Combining theories of hypothesis testing and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. But, we show that the selection of the optimal set of nodes for executing the IDS is an NP-hard problem. We describe a polynomial complexity, distributed selection algorithm, "Maximum Unsatisfied Neighbors in Extended Neighborhood" (MUNEN) that attains the best possible approximation ratio. The aggregation rules and MUNEN can be executed by mobile nodes with limited processing power. The overall framework provides a good balance between complexity and performance for attaining robust intrusion detection in ad hoc networks.

show abstract

Section: Algorithms For Robust Intrusion Detectionmentioning

confidence: 99%

A Statistical Framework for Intrusion Detection in Ad Hoc Networks

Subhadrabandhu

Sarkar

Anjum³

2006

Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this case, every packet transmitted by an insider would be analyzed at least once and every insider detects whether a packet is bad without any error. Only the packets transmitted directly from an intruder to its target may not be analyzed, but the percentage of such packets is small [9]. This suggests that when insiders may decide erroneously, the IDS active insiders must be selected so that every insider is a neighbor of at least k IDS active insiders where k > 1.…”

Section: Algorithms For Robust Intrusion Detectionmentioning

confidence: 99%

“…Therefore, a prerequisite for deploying misuse detection in ad hoc networks is to determine which nodes should execute the sniffing and analysis software modules which we refer to as the intrusion detection software (IDS) modules. Previous works have considered this problem assuming that the insider nodes that analyze the traffic detect malicious packets without any failure [8], [9], [10]. But some insiders periodically stop functioning because of operational failure and low residual energy and would not detect attacks during those intervals.…”

Section: Introductionmentioning

confidence: 99%

RIDA: Robust Intrusion Detection in Ad Hoc Networks

Subhadrabandhu

Sarkar

Anjum³

2005

NETWORKING 2005. Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile A

View full text Add to dashboard Cite

Abstract. We focus on detecting intrusions in wireless ad hoc networks using the misuse detection technique. We allow for detection modules that periodically fail to detect attacks and also generate false positives. Combining theories of hypothesis testing and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. But, we show that the selection of the optimal set of nodes for executing the IDS is an NP-hard problem. We present a polynomial complexity selection algorithm that attains a guaranteeable approximation bound. We also modify this algorithm to allow for seamless operation in time varying topologies, and evaluate the efficacy of the approximation algorithm and its modifications using simulation. We identify a selection algorithm that attains a good balance between performance and complexity for attaining robust intrusion detection in ad hoc networks.

show abstract

“…In this way, many researchers have been tried to propose appropriate solutions to make such environments more reliable than ever before. From the security viewpoint, a subset of mentioned solutions have been tried to prevent the considered environment from some categories of external attacks [1][2][3], while some others tried to detect possible threats and proposed some solutions to resist against [4][5][6]. If roughly speaking, it is possible to claim that the level of proposed secure protocols can be emphasizing on cryptographic protocols or as a higher level they can use other cryptographic functions as a building block to make the considered protocol.…”

Section: Introductionmentioning

confidence: 99%