A Decentralized Bayesian Attack Detection Algorithm for Network Security

Decentralized detection has been an active area of research since the late 1970s. Its earlier application area has been distributed radar systems, and more recently it has found applications in sensor networks and intrusion detection. The most popular decentralized detection network structure is the parallel configuration, where a number of sensors are directly connected to a fusion center. The sensors receive measurements related to an event and then send summaries of their observations to the fusion center. Previous work has focused on separate optimization of the quantization rules at the sensors and the fusion rule at the fusion center or on asymptotic results when the number of sensors is very large and the observations are conditionally independent and identically distributed given each hypothesis.

[1]  T. Başar,et al.  An Intrusion Detection Game with Limited Observations , 2005 .

[2]  J. Tsitsiklis Decentralized Detection' , 1993 .

[3]  H. Vincent Poor,et al.  An Introduction to Signal Detection and Estimation , 1994, Springer Texts in Electrical Engineering.

[4]  H. Vincent Poor,et al.  An introduction to signal detection and estimation (2nd ed.) , 1994 .

[5]  Antonio Alfredo Ferreira Loureiro,et al.  Decentralized intrusion detection in wireless sensor networks , 2005, Q2SWinet '05.

[6]  Ling Huang,et al.  Communication-Efficient Online Detection of Network-Wide Anomalies , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[7]  T. Başar,et al.  Asymptotically optimal quantization for detection in power constrained decentralized sensor networks , 2006, 2006 American Control Conference.

[8]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[9]  Venugopal V. Veeravalli,et al.  Asymptotic results for decentralized detection in power constrained wireless sensor networks , 2004, IEEE Journal on Selected Areas in Communications.

[10]  John N. Tsitsiklis,et al.  Extremal properties of likelihood-ratio quantizers , 1993, IEEE Trans. Commun..

[11]  Jie Wu,et al.  A Survey on Intrusion Detection in Mobile Ad Hoc Networks , 2007 .

[12]  John N. Tsitsiklis,et al.  Decentralized detection by a large number of sensors , 1988, Math. Control. Signals Syst..

[13]  Ling Huang,et al.  In-Network PCA and Anomaly Detection , 2006, NIPS.

[14]  K. Khalil On the Complexity of Decentralized Decision Making and Detection Problems , 2022 .

[15]  Anita K. Jones,et al.  Computer System Intrusion Detection: A Survey , 2000 .

[16]  T. Basar,et al.  A game theoretic analysis of intrusion detection in access control systems , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[17]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[18]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[19]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[20]  Pramod K. Varshney,et al.  Distributed Bayesian signal detection , 1989, IEEE Trans. Inf. Theory.