Quantifying resiliency and detection latency of intrusion detection structures

Authors:
Maria Striki;Kyriakos Manousakis;Darrell Kindred;Dan Sterne;Geoff Lawler;Natalie Ivanic;George Tran
Affiliations:
Telcordia Technologies, Applied Research;Telcordia Technologies, Applied Research;Cobham Analytic Solutions;Cobham Analytic Solutions;Cobham Analytic Solutions;Army Research Lab;Army Research Lab
Venue:
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Year:
2009

Citing 11
Cited 1

Mitigating routing misbehavior in mobile ad hoc networks

MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Effective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 2 - Volume 2
A General Cooperative Intrusion Detection Architecture for MANETs

IWIA '05 Proceedings of the Third IEEE International Workshop on Information Assurance
TAG: a Tiny AGgregation service for Ad-Hoc sensor networks

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Fast and flexible tool for the generation, maintenance and evaluation of hierarchical structures in diverse networks

REALMAN '06 Proceedings of the 2nd international workshop on Multi-hop ad hoc networks: from theory to reality
Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks

Information Fusion
Security against probe-response attacks in collaborative intrusion detection

Proceedings of the 2007 workshop on Large scale attack defense
Creating and maintaining a good intrusion detection hierarchy in dynamic ad hoc networks

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
MONOPATI: a multi-objective network optimization and analysis tool applied to hierarchical network structures

MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
Key agreement in ad hoc networks

Computer Communications
ANMP: ad hoc network management protocol

IEEE Journal on Selected Areas in Communications

A survey of intrusion detection techniques for cyber-physical systems

ACM Computing Surveys (CSUR)

Quantified Score

Hi-index	0.00

Visualization

Abstract

A network intrusion detection (ID) system detects malicious behavior by analyzing network traffic. Malicious behavior may target the disruption of communications, infrastructure services, and applications. A number of ID techniques proposed for dynamic wireless networks (e.g., sensor, ad-hoc and mobile ad-hoc networks) are based on the creation of an overlay hierarchy or other structure to organize the collection and processing of ID data. The particular structure chosen may significantly impact the ID system's performance with respect to network overhead, responsiveness, scalability, detection latency, resiliency to failures, and other factors. In this paper, we propose the formal definition and quantification of resiliency and detection latency. Specifically, we introduce analytical expressions that map ID structures to the metric space of real numbers. We define this mapping for a) various types of tree structures that have been proposed previously for dynamic wireless systems and b) a hypercube structure that presents promising resiliency characteristics. This analysis reveals important tradeoffs among the various ID structures under consideration.