Distributed and control theoretic approach to intrusion detection

Authors:
Rahul Khanna;Huaping Liu
Affiliations:
Intel Corporation, Hillsboro, OR;Oregon State University, Corvallis, OR
Venue:
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Year:
2007

Citing 7
Cited 1

Learning in the presence of concept drift and hidden contexts

Machine Learning
Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks

HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
Intrusion Detection via Static Analysis

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Systematic data selection to mine concept-drifting data streams

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
System approach to intrusion detection using hidden Markov model

Proceedings of the 2006 international conference on Wireless communications and mobile computing
Investigating hidden Markov models capabilities in anomaly detection

Proceedings of the 43rd annual Southeast regional conference - Volume 1
Using hidden markov models to evaluate the risks of intrusions

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Reduced complexity intrusion detection in sensor networks using genetic algorithm

ICC'09 Proceedings of the 2009 IEEE international conference on Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Ad hoc wireless networks are more vulnerable to malicious attacks than traditional wired networks due to the silent nature of these attacks and the inability of the conventional intrusion detection systems (IDS) to detect them. These attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to a normal behavior. In this paper we discuss a control-theoretic Hidden Markov Model (HMM) strategy for intrusion detection using distributed observations across multiple nodes. This model consists of a distributed HMM engine that executes in a randomly selected monitor node and functions as a part of the feedback control engine. This drives the defensive response based on hysteresis to reduce the frequency of false positives, thereby avoiding inappropriate ad hoc responses.