We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically stop functioning due to operational failure or compromise by intruders. Combining theories of stochastic coverage processes and approximation algorithms, we develop a framework to counter failure of detection modules, while minimizing the resource consumption. We show that the selection of the optimal set of nodes for executing the detection modules is an NP-hard problem. We present a distributed polynomial complexity selection algorithm that attains the best possible approximation ratio. We next consider a simple heuristic selection strategy that allows for seamless operation in time varying topologies. We obtain analytical expressions to quantify the tradeoffs between the resource consumption and detection rates attained by these algorithms. Using analysis and simulation, we identify the appropriate algorithms for different failure rates, resource limitation, and required detection rates.
[1]
Vijay V. Vazirani,et al.
Approximation Algorithms
,
2001,
Springer Berlin Heidelberg.
[2]
Saswati Sarkar,et al.
A framework for misuse detection in ad hoc Networks-part I
,
2006,
IEEE Journal on Selected Areas in Communications.
[3]
Thomas Henry Ptacek,et al.
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
,
1998
.
[4]
Christian Poellabauer,et al.
Energy-aware traffic shaping for wireless real-time applications
,
2004,
Proceedings. RTAS 2004. 10th IEEE Real-Time and Embedded Technology and Applications Symposium, 2004..