On the optimality of cooperative intrusion detection for resource constrained wireless networks

The problem of cooperative intrusion detection in battery-powered wireless mesh and sensor networks is challenging, primarily because of the limited resources available to participating nodes. Although the problem has received some attention from the research community, little is known about the tradeoffs among different objectives, such as high network performance, low power consumption, low delay in information collection and high security effectiveness. This article proposes, to the best of our knowledge for the first time, cooperative intrusion detection functions that take into account multiple objectives simultaneously. We formulate the problem of identifying the type of intrusion detection function each node runs, as a multi-objective optimization problem, and propose solutions based on genetic algorithms. Through extensive simulations we demonstrate that our solutions are scalable to large networks, and are characterized by a small variance in the normalized fitness value of individual/single objectives and by a small attack detection/reporting delay. In a real implementation/evaluation we demonstrate that our cooperative intrusion detection system achieves a higher detection rate (93%) than state of art solutions.

[1]  Dongwoo Kim,et al.  Lifetime-enhancing selection of monitoring nodes for intrusion detection in mobile ad hoc networks , 2006 .

[2]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[3]  Ajay Gupta,et al.  Anomaly intrusion detection in wireless sensor networks , 2006, J. High Speed Networks.

[4]  Saswati Sarkar,et al.  A framework for misuse detection in ad hoc Networks-part I , 2006, IEEE Journal on Selected Areas in Communications.

[5]  S. Hussain,et al.  Genetic Algorithm for Energy Efficient Clusters in Wireless Sensor Networks , 2007, Fourth International Conference on Information Technology (ITNG'07).

[6]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[7]  Guohong Cao,et al.  Distributed Monitoring and Aggregation in Wireless Sensor Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[8]  John A. Clark,et al.  A grammatical evolution approach to intrusion detection on mobile ad hoc networks , 2009, WiSec '09.

[9]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[10]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[11]  Leon Reznik,et al.  Intelligent protocols based on sensor signal change detection , 2005, 2005 Systems Communications (ICW'05, ICHSN'05, ICMCS'05, SENET'05).

[12]  Jingsha He,et al.  A Distributed Intrusion Detection Scheme for Wireless Sensor Networks , 2008, 2008 The 28th International Conference on Distributed Computing Systems Workshops.

[13]  Jamal N. Al-Karaki,et al.  Data aggregation and routing in Wireless Sensor Networks: Optimal and heuristic algorithms , 2009, Comput. Networks.

[14]  Babak Sadeghiyan,et al.  A data correlation method for anomaly detection systems using regression relations , 2009, 2009 First International Conference on Future Information Networks.

[15]  Wei Zhou,et al.  DistressNet: a wireless ad hoc and sensor network architecture for situation management in disaster response , 2010, IEEE Communications Magazine.

[16]  Neil Immerman,et al.  Leader election algorithms for wireless ad hoc networks , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[17]  John A. Clark,et al.  Power-Aware Intrusion Detection in Mobile Ad Hoc Networks , 2009, ADHOCNETS.

[18]  Peter W. Shor,et al.  A New Proof of Cayley's Formula for Counting Labeled Trees , 1995, J. Comb. Theory, Ser. A.

[19]  Levente Buttyán,et al.  PANEL: Position-based Aggregator Node Election in Wireless Sensor Networks , 2007, 2007 IEEE Internatonal Conference on Mobile Adhoc and Sensor Systems.

[20]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[21]  Christopher Leckie,et al.  Unsupervised Anomaly Detection in Network Intrusion Detection Using Clusters , 2005, ACSC.

[22]  Shiyong Zhang,et al.  A Novel Intrusion Detection Method for Mobile Ad Hoc Networks , 2005, EGC.

[23]  Sajal K. Das,et al.  WCA: A Weighted Clustering Algorithm for Mobile Ad Hoc Networks , 2002, Cluster Computing.

[24]  Rong Zheng,et al.  On Quality of Monitoring for Multichannel Wireless Infrastructure Networks , 2010, IEEE Transactions on Mobile Computing.

[25]  Basem Shihada,et al.  Energy Efficient Monitoring for Intrusion Detection in Battery-Powered Wireless Mesh Networks , 2011, ADHOC-NOW.

[26]  Udo W. Pooch,et al.  Alert aggregation in mobile ad hoc networks , 2003, WiSe '03.

[27]  M. Nivedita,et al.  Hybrid Agents for Power-Aware Intrusion Detection in Highly Mobile Ad Hoc Networks , 2006, 2006 International Conference on Systems and Networks Communications (ICSNC'06).

[28]  Saurabh Bagchi,et al.  Optimal monitoring in multi-channel multi-radio wireless mesh networks , 2009, MobiHoc '09.

[29]  David Hutchison,et al.  OpenLIDS: a lightweight intrusion detection system for wireless mesh networks , 2009, MobiCom '09.

[30]  Felix C. Freiling,et al.  Cooperative Intrusion Detection in Wireless Sensor Networks , 2009, EWSN.

[31]  Radu Stoleru,et al.  Towards Optimal Monitoring in Cooperative IDS for Resource Constrained Wireless Networks , 2011, 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN).

[32]  David Beasley,et al.  An overview of genetic algorithms: Part 1 , 1993 .

[33]  Wei Cai,et al.  Data aggregation scheme using neural networks in wireless sensor networks , 2010, 2010 2nd International Conference on Future Computer and Communication.