GloMoSim: a library for parallel simulation of large-scale wireless networks
PADS '98 Proceedings of the twelfth workshop on Parallel and distributed simulation
Mitigating routing misbehavior in mobile ad hoc networks
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Intrusion detection in wireless ad-hoc networks
MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Evaluation of Tamper-Resistant Software Deviating from Structured Programming Rules
ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Mobility helps security in ad hoc networks
Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies
ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A peer-to-peer zone-based two-level link state routing for mobile ad hoc networks
IEEE Journal on Selected Areas in Communications
CEDAR: a core-extraction distributed ad hoc routing algorithm
IEEE Journal on Selected Areas in Communications
Alert aggregation in mobile ad hoc networks
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Mobility-based anomaly detection in cellular mobile networks
Proceedings of the 3rd ACM workshop on Wireless security
Efficient state estimation and Byzantine behavior identification in tactical MANETs
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Wireless Personal Communications: An International Journal
Algorithms for a distributed IDS in MANETs
Journal of Computer and System Sciences
Hi-index | 0.00 |
In Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs), IDS agents using local detection engines alone may lead to undesirable performance due to the dynamic feature of MANETs. In this paper, we present a nonoverlapping Zone-based Intrusion Detection System (ZBIDS) for MANETs. Focusing on the protection of MANET routing protocols, we propose the collaboration mechanism of ZBIDS agents and an aggregation algorithm used by ZBIDS gateway nodes. The aggregation algorithm mainly utilizes the probability distribution of the $Source$ attribute in order to make the final decisions to generate alarms. We demonstrate that, by integrating the security related information from a wider area, the aggregation algorithm can reduce the false alarm ratio and improve the detection ratio. Also, the gateway nodes in ZBIDS can provide more diagnostic information by presenting a global view of attacks. We also present an alert data model conformed to Intrusion Detection Message Exchange Format (IDMEF) to facilitate the interoperability of IDS agents. Based on the routing disruption attack aimed at the Dynamic Source Routing protocol (DSR), we study the performance of ZBIDS at different mobility levels. Simulation results show that our system can achieve lower false positive ratio and higher detection ratio, compared to systems with local detection only.