Alert aggregation in mobile ad hoc networks

Authors:
Bo Sun;Kui Wu;Udo W. Pooch
Affiliations:
Texas A&M University, College Station, TX;University of Victoria, BC, Canada;Texas A&M University, College Station, TX
Venue:
WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Year:
2003

Citing 17
Cited 9

GloMoSim: a library for parallel simulation of large-scale wireless networks

PADS '98 Proceedings of the twelfth workshop on Parallel and distributed simulation
Mitigating routing misbehavior in mobile ad hoc networks

MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
Intrusion detection in wireless ad-hoc networks

MobiCom '00 Proceedings of the 6th annual international conference on Mobile computing and networking
DSR: the dynamic source routing protocol for multihop wireless ad hoc networks

Ad hoc networking
Probabilistic Alert Correlation

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts

RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Evaluation of Tamper-Resistant Software Deviating from Structured Programming Rules

ACISP '01 Proceedings of the 6th Australasian Conference on Information Security and Privacy
Mobility helps security in ad hoc networks

Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing
Alert Correlation in a Cooperative Intrusion Detection Framework

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Cross-Feature Analysis for Detecting Ad-Hoc Routing Anomalies

ICDCS '03 Proceedings of the 23rd International Conference on Distributed Computing Systems
Managing Alerts in a Multi-Intrusion Detection Environment

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Alert aggregation in mobile ad hoc networks

WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Analyzing intensive intrusion alerts via correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A peer-to-peer zone-based two-level link state routing for mobile ad hoc networks

IEEE Journal on Selected Areas in Communications
CEDAR: a core-extraction distributed ad hoc routing algorithm

IEEE Journal on Selected Areas in Communications

Alert aggregation in mobile ad hoc networks

WiSe '03 Proceedings of the 2nd ACM workshop on Wireless security
Mobility-based anomaly detection in cellular mobile networks

Proceedings of the 3rd ACM workshop on Wireless security
FORK: A novel two-pronged strategy for an agent-based intrusion detection scheme in ad-hoc networks

Computer Communications
Modeling and analysis of intrusion detection integrated with batch rekeying for dynamic group communication systems in mobile ad hoc networks

Wireless Networks
Efficient state estimation and Byzantine behavior identification in tactical MANETs

MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc networks

Performance Evaluation
A survey on IDS alerts processing techniques

ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems

Wireless Personal Communications: An International Journal
Algorithms for a distributed IDS in MANETs

Journal of Computer and System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

In Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs), IDS agents using local detection engines alone may lead to undesirable performance due to the dynamic feature of MANETs. In this paper, we present a nonoverlapping Zone-based Intrusion Detection System (ZBIDS) for MANETs. Focusing on the protection of MANET routing protocols, we propose the collaboration mechanism of ZBIDS agents and an aggregation algorithm used by ZBIDS gateway nodes. The aggregation algorithm mainly utilizes the probability distribution of the $Source$ attribute in order to make the final decisions to generate alarms. We demonstrate that, by integrating the security related information from a wider area, the aggregation algorithm can reduce the false alarm ratio and improve the detection ratio. Also, the gateway nodes in ZBIDS can provide more diagnostic information by presenting a global view of attacks. We also present an alert data model conformed to Intrusion Detection Message Exchange Format (IDMEF) to facilitate the interoperability of IDS agents. Based on the routing disruption attack aimed at the Dynamic Source Routing protocol (DSR), we study the performance of ZBIDS at different mobility levels. Simulation results show that our system can achieve lower false positive ratio and higher detection ratio, compared to systems with local detection only.