Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Effective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 2 - Volume 2
Stateful Intrusion Detection for High-Speed Networks
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Proceedings of the 2004 ACM workshop on Rapid malcode
Operational experiences with high-volume network intrusion detection
Proceedings of the 11th ACM conference on Computer and communications security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A General Cooperative Intrusion Detection Architecture for MANETs
IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
Understanding the network-level behavior of spammers
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
The BSD packet filter: a new architecture for user-level packet capture
USENIX'93 Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings
Deploying Rural Community Wireless Mesh Networks
IEEE Internet Computing
Malware in IEEE 802.11 wireless networks
PAM'08 Proceedings of the 9th international conference on Passive and active network measurement
A fast worm scan detection tool for VPN congestion avoidance
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
WIND: workload-aware INtrusion detection
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Reconciling community resource requirements in U-Nets
Proceedings of the 1st ACM workshop on User-provided networking: challenges and opportunities
MeshUp: reliably evolving a living lab
Proceedings of the fifth ACM international workshop on Wireless network testbeds, experimental evaluation and characterization
Energy efficient monitoring for intrusion detection in battery-powered wireless mesh networks
ADHOC-NOW'11 Proceedings of the 10th international conference on Ad-hoc, mobile, and wireless networks
Resilience strategies for networked malware detection and remediation
NSS'12 Proceedings of the 6th international conference on Network and System Security
DogoIDS: a mobile and active intrusion detection system for IEEE 802.11s wireless mesh networks
Proceedings of the 2nd ACM workshop on Hot topics on wireless network security and privacy
Betweenness estimation in OLSR-based multi-hop networks for distributed filtering
Journal of Computer and System Sciences
Hi-index | 0.00 |
Wireless mesh networks are being used to provide Internet access in a cost efficient manner. Typically, consumer-level wireless access points with modified software are used to route traffic to potentially multiple back-haul points. Malware infected computers generate malicious traffic, which uses valuable network resources and puts other systems at risk. Intrusion detection systems can be used to detect such activity. Cost constraints and the decentralised nature of WMNs make performing intrusion detection on mesh devices desirable. However, these devices are typically resource constrained. This paper describes the results of examining their ability to perform intrusion detection. Our experimental study shows that commonly-used deep packet inspection approaches are unreliable on such hardware. We implement a set of lightweight anomaly detection mechanisms as part of an intrusion detection system, called OpenLIDS. We show that even with the limited hardware resources of a mesh device, it can detect current malware behaviour in an efficient way.