4,766 research outputs found
Recommended from our members
Towards an effective intrusion response engine combined with intrusion detection in ad hoc networks
In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks
Recommended from our members
Protection of an intrusion detection engine with watermarking in ad hoc networks
Mobile ad hoc networks have received great attention in recent years, mainly due to the evolution of wireless networking and mobile computing hardware. Nevertheless, many inherent vulnerabilities exist in mobile ad hoc networks and their applications that affect the security of wireless transactions. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient we need a second line of defense, Intrusion Detection. In this pa-per we present an intrusion detection engine based on neural networks and a protection method based on watermarking techniques. In particular, we exploit information visualization and machine learning techniques in order to achieve intrusion detection and we authenticate the maps produced by the application of the intelligent techniques using a novel combined watermarking embedding method. The performance of the proposed model is evaluated under different traffic conditions, mobility patterns and visualization metrics
A Novel Cooperative Intrusion Detection System for Mobile Ad Hoc Networks
Mobile ad hoc networks (MANETs) have experienced rapid growth in their use for various military, medical, and commercial scenarios. This is due to their dynamic nature that enables the deployment of such networks, in any target environment, without the need for a pre-existing infrastructure. On the other hand, the unique characteristics of MANETs, such as the lack of central networking points, limited wireless range, and constrained resources, have made the quest for securing such networks a challenging task. A large number of studies have focused on intrusion detection systems (IDSs) as a solid line of defense against various attacks targeting the vulnerable nature of MANETs. Since cooperation between nodes is mandatory to detect complex attacks in real time, various solutions have been proposed to provide cooperative IDSs (CIDSs) in efforts to improve detection efficiency. However, all of these solutions suffer from high rates of false alarms, and they violate the constrained-bandwidth nature of MANETs. To overcome these two problems, this research presented a novel CIDS utilizing the concept of social communities and the Dempster-Shafer theory (DST) of evidence. The concept of social communities was intended to establish reliable cooperative detection reporting while consuming minimal bandwidth. On the other hand, DST targeted decreasing false accusations through honoring partial/lack of evidence obtained solely from reliable sources. Experimental evaluation of the proposed CIDS resulted in consistently high detection rates, low false alarms rates, and low bandwidth consumption. The results of this research demonstrated the viability of applying the social communities concept combined with DST in achieving high detection accuracy and minimized bandwidth consumption throughout the detection process
AI Solutions for MDS: Artificial Intelligence Techniques for Misuse Detection and Localisation in Telecommunication Environments
This report considers the application of Articial Intelligence (AI) techniques to
the problem of misuse detection and misuse localisation within telecommunications
environments. A broad survey of techniques is provided, that covers inter alia
rule based systems, model-based systems, case based reasoning, pattern matching,
clustering and feature extraction, articial neural networks, genetic algorithms, arti
cial immune systems, agent based systems, data mining and a variety of hybrid
approaches. The report then considers the central issue of event correlation, that
is at the heart of many misuse detection and localisation systems. The notion of
being able to infer misuse by the correlation of individual temporally distributed
events within a multiple data stream environment is explored, and a range of techniques,
covering model based approaches, `programmed' AI and machine learning
paradigms. It is found that, in general, correlation is best achieved via rule based approaches,
but that these suffer from a number of drawbacks, such as the difculty of
developing and maintaining an appropriate knowledge base, and the lack of ability
to generalise from known misuses to new unseen misuses. Two distinct approaches
are evident. One attempts to encode knowledge of known misuses, typically within
rules, and use this to screen events. This approach cannot generally detect misuses
for which it has not been programmed, i.e. it is prone to issuing false negatives.
The other attempts to `learn' the features of event patterns that constitute normal
behaviour, and, by observing patterns that do not match expected behaviour, detect
when a misuse has occurred. This approach is prone to issuing false positives,
i.e. inferring misuse from innocent patterns of behaviour that the system was not
trained to recognise. Contemporary approaches are seen to favour hybridisation,
often combining detection or localisation mechanisms for both abnormal and normal
behaviour, the former to capture known cases of misuse, the latter to capture
unknown cases. In some systems, these mechanisms even work together to update
each other to increase detection rates and lower false positive rates. It is concluded
that hybridisation offers the most promising future direction, but that a rule or state
based component is likely to remain, being the most natural approach to the correlation
of complex events. The challenge, then, is to mitigate the weaknesses of
canonical programmed systems such that learning, generalisation and adaptation
are more readily facilitated
A Cluster-Based Distributed Hierarchical IDS for MANETs
Many attempts were made to secure wireless ad hoc
networks, but due to special ad-hoc nature, which is lack of a
fixed infrastructure and central management, finding an
optimal and comprehensive security solution is still a
research challenge
Two-tier Intrusion Detection System for Mobile Ad Hoc Networks
Nowadays, a commonly used wireless network (i.e. Wi-Fi) operates with the aid of a fixed
infrastructure (i.e. an access point) to facilitate communication between nodes when they
roam from one location to another. The need for such a fixed supporting infrastructure
limits the adaptability of the wireless network, especially in situations where the
deployment of such an infrastructure is impractical. In addition, Wi-Fi limits nodes'
communication as it only provides facility for mobile nodes to send and receive
information, but not reroute the information across the network. Recent advancements in
computer network introduced a new wireless network, known as a Mobile Ad Hoc
Network (MANET), to overcome these limitations.
MANET has a set of unique characteristics that make it different from other kind of
wireless networks. Often referred as a peer to peer network, such a network does not have
any fixed topology, thus nodes are free to roam anywhere, and could join or leave the
network anytime they desire. Its ability to be setup without the need of any infrastructure is
very useful, especially in geographically constrained environments such as in a military
battlefield or a disaster relief operation. In addition, through its multi hop routing facility,
each node could function as a router, thus communication between nodes could be made
available without the need of a supporting fixed router or an access point. However, these
handy facilities come with big challenges, especially in dealing with the security issues.
This research aims to address MANET security issues by proposing a novel intrusion
detection system that could be used to complement existing prevention mechanisms that
have been proposed to secure such a network.
A comprehensive analysis of attacks and the existing security measures proved that there is
a need for an Intrusion Detection System (IDS) to protect MANETs against security threats.
The analysis also suggested that the existing IDS proposed for MANET are not immune
against a colluding blackmail attack due to the nature of such a network that comprises
autonomous and anonymous nodes. The IDS architecture as proposed in this study utilises
trust relationships between nodes to overcome this nodes' anonymity issue. Through a
friendship mechanism, the problems of false accusations and false alarms caused by
blackmail attackers in global detection and response mechanisms could be eliminated.
The applicability of the friendship concept as well as other proposed mechanisms to solve
MANET IDS related issues have been validated through a set of simulation experiments.
Several MANET settings, which differ from each other based on the network's density
level, the number of initial trusted friends owned by each node, and the duration of the
simulation times, have been used to study the effects of such factors towards the overall
performance of the proposed IDS framework. The results obtained from the experiments
proved that the proposed concepts are capable to at least minimise i f not fully eliminate the
problem currently faced in MANET IDS
Minimization of DDoS false alarm rate in Network Security; Refining fusion through correlation
Intrusion Detection Systems are designed to monitor a network environment and generate alerts whenever abnormal activities are detected. However, the number of these alerts can be very large making their evaluation a difficult task for a security analyst. Alert management techniques reduce alert volume significantly and potentially improve detection performance of an Intrusion Detection System. This thesis work presents a framework to improve the effectiveness and efficiency of an Intrusion Detection System by significantly reducing the false positive alerts and increasing the ability to spot an actual intrusion for Distributed Denial of Service attacks. Proposed sensor fusion technique addresses the issues relating the optimality of decision-making through correlation in multiple sensors framework. The fusion process is based on combining belief through Dempster Shafer rule of combination along with associating belief with each type of alert and combining them by using Subjective Logic based on Jøsang theory. Moreover, the reliability factor for any Intrusion Detection System is also addressed accordingly in order to minimize the chance of false diagnose of the final network state. A considerable number of simulations are conducted in order to determine the optimal performance of the proposed prototype
A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT
Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In~this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and~aid the research community to advance it by identifying significant research directions
- …