Adrian Lauf, William H. Robinson
Citation
Adrian Lauf, William H. Robinson. "Distributed Intrusion Detection System for Resource-Constrained Devices in Ad Hoc Networks". Elsevier Journal of Ad Hoc Newtorks, 2008.
Abstract
This paper describes the design and implementation of a hybrid two-stage intrusion
detection system (IDS) for use with mobile ad-hoc networks. This system, called HybrIDS,
classifies network interactions by mapping each behavior from its target operational scenario to a
discrete label. The hybrid nature of our IDS is captured in the cooperative nature of two
detection strategies. Our first detection strategy employs peak analysis and probability density
functions to isolate deviance at the level of a single node. It can perform this analysis with zero
prior knowledge of its operating environment; it requires no calibration data. In contrast, the
secondary method relies on a cross-correlative component, which requires careful tuning of a
detection threshold. Its primary advantage lies in its ability to detect multiple threats
simultaneously. The first stage provides tuning and calibration information for the second stage.
Our approach distributes the IDS among all connected network nodes, allowing each node to
identify potential threats individually. The combined result can detect deviant nodes in a scalable
manner, in the presence of a density of deviant nodes approaching 22%. Computational
requirements are reduced to adapt optimally to embedded devices on an ad-hoc network.
Electronic downloads
- HybrIDS.pdf · application/pdf · 602 kbytes
| Citation formats |
- HTML
Adrian Lauf, William H. Robinson. <a href="http://www.truststc.org/pubs/379.html" >Distributed Intrusion Detection System for Resource-Constrained Devices in Ad Hoc Networks</a>, <i>Elsevier Journal of Ad Hoc Newtorks</i>, 2008.
- Plain text
Adrian Lauf, William H. Robinson. "Distributed Intrusion Detection System for Resource-Constrained Devices in Ad Hoc Networks". <i>Elsevier Journal of Ad Hoc Newtorks</i>, 2008.
- BibTeX
@article{LaufRobinson08_DistributedIntrusionDetectionSystemForResourceConstrained, author = {Adrian Lauf and William H. Robinson}, title = {Distributed Intrusion Detection System for Resource-Constrained Devices in Ad Hoc Networks}, journal = {Elsevier Journal of Ad Hoc Newtorks}, year = {2008}, abstract = {This paper describes the design and implementation of a hybrid two-stage intrusion detection system (IDS) for use with mobile ad-hoc networks. This system, called HybrIDS, classifies network interactions by mapping each behavior from its target operational scenario to a discrete label. The hybrid nature of our IDS is captured in the cooperative nature of two detection strategies. Our first detection strategy employs peak analysis and probability density functions to isolate deviance at the level of a single node. It can perform this analysis with zero prior knowledge of its operating environment; it requires no calibration data. In contrast, the secondary method relies on a cross-correlative component, which requires careful tuning of a detection threshold. Its primary advantage lies in its ability to detect multiple threats simultaneously. The first stage provides tuning and calibration information for the second stage. Our approach distributes the IDS among all connected network nodes, allowing each node to identify potential threats individually. The combined result can detect deviant nodes in a scalable manner, in the presence of a density of deviant nodes approaching 22%. Computational requirements are reduced to adapt optimally to embedded devices on an ad-hoc network. }, URL = {http://www.truststc.org/pubs/379.html} }
Posted by Adrian Lauf, Ph.D. on 23 Apr 2008.
Groups: trust
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org.
Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.