Modelling misbehaviour in ad hoc networks: a game theoretic approach for intrusion detection
International Journal of Security and Networks
Strategic games on defense trees
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
| Hi-index | 0.00 |
This thesis studies efficient intrusion detection techniques for wireless ad hoc networks. With resource constraints and dynamic network topologies in mind, a novel hybrid anomaly intrusion detection approach is proposed, based on two data mining techniques: association-rule mining and cross-feature mining. Features of interests are investigated, and two compact feature sets are suggested (cross-layer and statistical feature sets), aiming at short-term and long-term profiling, respectively. A prototype system that implements the proposed approach is developed, and its performance is validated through experiments conducted on ns2 simulator platform. Intrusion detection may be delivered to wireless ad hoc networks via individual nodes. It is a common assumption that each intrusion detection system is an always-on system. From a system usage perspective, always-on is not an efficient option because mobile nodes are often resource-constrained. To improve monitoring efficiency, three game theoretic models, noncooperative non-zero-sum game, static Bayesian game and dynamic Bayesian game, are proposed to analyze the interactions between attacking and defending nodes. The Nash equilibria of these games are studied to provide insights into the best defending strategies in terms of risk and monitoring costs. Furthermore, a new Bayesian hybrid detection framework is proposed, and represents an alternative to our first proposed hybrid detection system, in order to provide energy efficient monitoring and robustness to detection errors (false positives and false negatives).