A Generic Review on Effective Intrusion Detection in Ad hoc Networks

Ad hoc network is specifically designed for the establishment of a network anywhere and anytime, which does not have any fixed infrastructure in order to support the mobility of the users in the network. The network is established without using any access points or base stations for communication implemented in multi hop schemes. Hence we call an Ad hoc network as a collection of nodes which are mobile in nature with a dynamic network infrastructure and forms a temporary network. Because of dynamic topological changes, these networks are vulnerable at the physical link, and they can easily be manipulated. An intruder can easily attack the Ad hoc network by loading the network resources which are available, such as wireless links and energy (battery) levels of other users, and then starts disturbing all the users. This paper provides a comparative survey on the various existing intrusion detection systems for Ad hoc networks based on the various approaches applied in the intrusion detection systems for providing security to the Ad hoc network

The Feasibility of Using Behavioural Profiling Technique for Mitigating Insider Threats: Review

Insider threat has become a serious issue to the many organizations. Various companies are increasingly deploying many information technologies to prevent unauthorized access to getting inside their system. Biometrics approaches have some techniques that contribute towards controlling the point of entry. However, these methods mainly are not able to continuously validate the users reliability. In contrast behavioral profiling is one of the biometrics technologies but it focusing on the activities of the users during using the system and comparing that with a previous history. This paper presents a comprehensive analysis, literature review and limitations on behavioral profiling approach and to what extent that can be used for mitigating insider misuse

Behaviour based anomaly detection system for smartphones using machine learning algorithm

In this research, we propose a novel, platform independent behaviour-based anomaly detection system for smartphones. The fundamental premise of this system is that every smartphone user has unique usage patterns. By modelling these patterns into a profile we can uniquely identify users. To evaluate this hypothesis, we conducted an experiment in which a data collection application was developed to accumulate real-life dataset consisting of application usage statistics, various system metrics and contextual information from smartphones. Descriptive statistical analysis was performed on our dataset to identify patterns of dissimilarity in smartphone usage of the participants of our experiment. Following this analysis, a Machine Learning algorithm was applied on the dataset to create a baseline usage profile for each participant. These profiles were compared to monitor deviations from baseline in a series of tests that we conducted, to determine the profiling accuracy. In the first test, seven day smartphone usage data consisting of eight features and an observation interval of one hour was used and an accuracy range of 73.41% to 100% was achieved. In this test, 8 out 10 user profiles were more than 95% accurate. The second test, utilised the entire dataset and achieved average accuracy of 44.50% to 95.48%. Not only these results are very promising in differentiating participants based on their usage, the implications of this research are far reaching as our system can also be extended to provide transparent, continuous user authentication on smartphones or work as a risk scoring engine for other Intrusion Detection System

Detecting malfunction in wireless sensor networks

The objective of this thesis is to detect malfunctioning sensors in wireless sensor networks. The ability to detect abnormality is critical to the security of any sensor network. However, the ability to detect a faulty wireless sensor is not trivial. Controlled repeatable experiments are difficult in wireless channels. A Redhat Linux. 7.0 Wireless Emulation Dynamic Switch software was used to solve this problem. Six nodes were configured with a node acting as a base station. The nodes were all part of a cell. This means that every node could communicate with all other nodes. A client-server program simulated the background traffic. Another program simulated a faulty node. A node was isolated as the faulty node while all other nodes were good. The experiment ran for several hours and the data was captured with tcpdump. The data was analyzed to conclusions based on a statistical comparison of good node versus bad node. The statistical delay on the good node was an average of 0.69 ms while the standard deviation was 0.49. This was much better than the delay on the bad node that was 0.225192 s with a standard deviation of 0.89. This huge difference in the delay indicated that the faulty node was detected statistically. A threshold value of I ms was chosen. The good node was within this value about 98% of the time. The bad node on the other hand was far out of this range and was definitely detected. The channel utilization data provided the same conclusion

Behaviour profiling on mobile devices

Over the last decade, the mobile device has become a ubiquitous tool within everyday life. Unfortunately, whilst the popularity of mobile devices has increased, a corresponding increase can also be identified in the threats being targeted towards these devices. Security countermeasures such as AV and firewalls are being deployed, however, the increasing sophistication of the attacks requires additional measures to be taken. This paper proposes a novel behaviour-based profiling technique that is able to build upon the weaknesses of current systems by developing a comprehensive multilevel approach to profiling. In support of this model, a series of experiments have been designed to look at profiling calling, device usage and Bluetooth network scanning. Using neural networks, experimental results for the aforementioned activities\u27 are able to achieve an EER (Equal Error Rate) of: 13.5%, 35.1% and 35.7%