System Health and Intrusion Monitoring Using a Hierarchy of Constraints

Ko, Calvin; Brutch, Paul; Rowe, Jeff; Tsafnat, Guy; Levitt, Karl N.

doi:10.1007/3-540-45474-8_12

Cited by 30 publications

(18 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then it monitors the execution of the program or protocol whit respect to the defined constraints. If a behavior is deviated with these constraints, it is reported as an attack (Ko et al, 2001). …”

Section: Classification Of Intrusion Detection Systemmentioning

confidence: 99%

A Comprehensive Survey on Anomaly-Based Intrusion Detection in MANET

Kheyri¹,

Karami

2012

CIS

View full text Add to dashboard Cite

In recent years, mobile ad hoc networks (MANET) have become an interesting research area. This type of networks have a salient characteristics compare with wired networks which are more vulnerable. Nowadays, for the network security, defend in depth strategies are used. One of them is intrusion detection system (IDS). Many intrusion detection techniques developed for weird networks however, because the nature of MANET we cannot apply them directly in MANET. According to detection techniques, IDSs can be classified into three categories as follows: Misuse-based detection, Anomaly-based detection, and Specification-based detection.In this paper, we are going to evaluate anomaly-based intrusion detection techniques proposed for MANET. For this, we present a comprehensive survey about anomaly based intrusion detection techniques. Afterward we evaluate their performance, advantages, and disadvantages. As a result constantly, we will understand MANET's security problems based on which we can suggest solutions for future research.

show abstract

Section: Classification Of Intrusion Detection Systemmentioning

confidence: 99%

A Comprehensive Survey on Anomaly-Based Intrusion Detection in MANET

Kheyri¹,

Karami

2012

CIS

View full text Add to dashboard Cite

show abstract

“…The SHIM intrusion detection system [11] is one of the first specification-based IDS. It compares a specification of the behavior of an application program to the specification.…”

Section: Related Workmentioning

confidence: 99%

Intrusion Management Using Configurable Architecture Models

Heimbigner¹,

Wolf²

2002

View full text Add to dashboard Cite

Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number.

show abstract

“…But, techniques geared towards wireline networks do not suffice in an ad hoc network due to mobility, the ease of listening to wireless transmissions, lack of fixed infrastructure, etc. [11]. For example, several detection strategies in wireline networks are based on the presence of a small number of static gateways that route and therefore monitor all traffic.…”

Section: Introductionmentioning

confidence: 99%

A Statistical Framework for Intrusion Detection in Ad Hoc Networks

Subhadrabandhu

Sarkar

Anjum³

2006

Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications

View full text Add to dashboard Cite

We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically fail to detect attacks and also generate false positives. Combining theories of hypothesis testing and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. But, we show that the selection of the optimal set of nodes for executing the IDS is an NPhard problem. We describe a polynomial complexity, distributed selection algorithm, "Maximum Unsatisfied Neighbors in Extended Neighborhood" (MUNEN) that attains the best possible approximation ratio. The aggregation rules and MUNEN can be executed by mobile nodes with limited processing power. The overall framework provides a good balance between complexity and performance for attaining robust intrusion detection in ad hoc networks. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. Abstract-We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically fail to detect attacks and also generate false positives. Combining theories of hypothesis testing and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. But, we show that the selection of the optimal set of nodes for executing the IDS is an NP-hard problem. We describe a polynomial complexity, distributed selection algorithm, "Maximum Unsatisfied Neighbors in Extended Neighborhood" (MUNEN) that attains the best possible approximation ratio. The aggregation rules and MUNEN can be executed by mobile nodes with limited processing power. The overall framework provides a good balance between complexity and performance for attaining robust intrusion detection in ad hoc networks.

show abstract

System Health and Intrusion Monitoring Using a Hierarchy of Constraints

Cited by 30 publications

References 5 publications

A Comprehensive Survey on Anomaly-Based Intrusion Detection in MANET

A Comprehensive Survey on Anomaly-Based Intrusion Detection in MANET

Intrusion Management Using Configurable Architecture Models

A Statistical Framework for Intrusion Detection in Ad Hoc Networks

Contact Info

Product

Resources

About