XIDR: A Dynamic Framework Utilizing Cross-Layer Intrusion Detection for Effective Response Deployment

Svecs, Igors; Sarkar, Tanmoy; Basu, Samik; Wong, Johnny

doi:10.1109/compsacw.2010.57

Cited by 11 publications

(8 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A false positive occurs when an IDS identifies a well-behaved node as an intruder; the literature also refers to this as a false alarm; specificity is the complement of false positive rate (1 − F P R). A false negative occurs when an IDS identifies a malicious or selfish node as wellbehaved; the literature also refers to this as a failure to report [22,23,24]. On the other hand, a detection (a true positive) occurs when an IDS correctly identifies a malicious or selfish node [12,18,19,20,21,25,26]; true positive rate is synonymous with sensitivity and recall.…”

Section: Intrusion Detection Performance Metricsmentioning

confidence: 99%

“…Svecs et al [22] present an IDS called Cross-layer Intrusion Detection and Response (XIDR). XIDR combines both detection techniques (anomaly and signature based) and collection approaches (behavior and traffic based) and use both local and global intrusion responses.…”

Section: Combined Designsmentioning

confidence: 99%

“…IDS researchers traditionally use three metrics to measure performance: false positive rate (FPR), false negative rate (FNR), and detection rate (DR) [11,18,19,20,21,22,23]. A false positive occurs when an IDS identifies a well-behaved node as an intruder; the literature also refers to this as a false alarm; specificity is the complement of false positive rate (1 − F P R).…”

Section: Intrusion Detection Performance Metricsmentioning

confidence: 99%

“…Signature based approaches [18,22,23,24,26,33,40,41,58,59,60,61,62,63,64] scan for entries in the attack dictionary (known bad profiles). Semi-supervised anomaly based approaches scan for deviations from expected performance (known good profiles).…”

Section: Pattern Matching Analysis Techniquesmentioning

confidence: 99%

“…The authors focus on shellcode attacks. [71] anomaly data mining IABA [21] anomaly traffic data mining Jones Technique [24] anomaly behavior pattern matching Snort [96] combined traffic OSSEC [64] signature behavior yes pattern matching Signature Apriori [23] signature traffic combined Ying Technique [43] combined behavior combined CSM [40] signature behavior yes pattern matching BMSL [97] specification combined pattern matching SAD [98] specification traffic pattern matching DPEM [28] specification behavior pattern matching ADEPTS [27] combined yes IDAM&IRS [67] combined yes XIDR [22] combined combined yes pattern matching AHA/AAIRS [68] combined yes…”

Section: Anomaly Based Designsmentioning

confidence: 99%

See 4 more Smart Citations

A survey of intrusion detection in wireless network applications

Mitchell

Chen

2014

Computer Communications

179

View full text Add to dashboard Cite

Information systems are becoming more integrated into our lives. As this integration deepens, the importance of securing these systems increases. Because of lower installation and maintenance costs, many of these systems are largely networked by wireless means. In order to identify gaps and propose research directions in wireless network intrusion detection research, we survey the literature of this area. Our approach is to classify existing contemporary wireless intrusion detection system (IDS) techniques based on target wireless network, detection technique, collection process, trust model and analysis technique. We summarize pros and cons of the same or different types of concerns and considerations for wireless intrusion detection with respect to specific attributes of target wireless networks including wireless local area networks (WLANs), wireless personal area networks (WPANs), wireless sensor networks (WSNs), ad hoc networks, mobile telephony, wireless mesh networks (WMNs) and cyber physical systems (CPSs). Next, we summarize the most and least studied wireless IDS techniques in the literature, identify research gaps, and analyze the rationale for the degree of their treatment. Finally, we identify worthy but little explored topics and provide suggestions for ways to conduct research.

show abstract

Section: Intrusion Detection Performance Metricsmentioning

confidence: 99%

Section: Combined Designsmentioning

confidence: 99%

Section: Intrusion Detection Performance Metricsmentioning

confidence: 99%

Section: Pattern Matching Analysis Techniquesmentioning

confidence: 99%

Section: Anomaly Based Designsmentioning

confidence: 99%

See 3 more Smart Citations

A survey of intrusion detection in wireless network applications

Mitchell

Chen

2014

Computer Communications

179

View full text Add to dashboard Cite

show abstract

Rashnu: a Wi‐Fi intrusion response scheme

Moosavirad

Kabiri

Mahini

2014

Security Comm Networks

View full text Add to dashboard Cite

This paper aims at improving one of the most important vulnerabilities of IEEE 802.11x wireless networks that is sending the management packets on unencrypted channels. Adversaries exploit this weakness for executing attacks such as man‐in‐the‐middle and evil twin. The reported work proposes a novel wireless intrusion response scheme called Rashnu to deal with these attacks. Rashnu is a third party wireless intrusion response scheme and is capable of rescuing the victim(s), that is, access point's clients. The proposed response approach is simulated in Omnet++ environment to appraise its effectiveness. Simulation results show that Rashnu can respond to these attacks with more than 65% success rate. Changing the access point selection strategy in the agent layer of the victim's wireless network interface card, 35% attacker's success rate is reduced to 8%. Eventually, improving Rashnu by tuning the response rate factor can modify this value by only 2.7%. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Security Issues in Mobile Ad Hoc Network

Islam

Shaikh

2013

Signals and Communication Technology

View full text Add to dashboard Cite

XIDR: A Dynamic Framework Utilizing Cross-Layer Intrusion Detection for Effective Response Deployment

Cited by 11 publications

References 13 publications

A survey of intrusion detection in wireless network applications

A survey of intrusion detection in wireless network applications

Rashnu: a Wi‐Fi intrusion response scheme

Security Issues in Mobile Ad Hoc Network

Contact Info

Product

Resources

About