Intrusion Detection in Cellular Mobile Networks

Security concerns have attracted a great deal of attentions for both service providers and end users in cellular mobile networks. As a second line of defense, Intrusion Detection Systems (IDSs) are indispensable for highly secure wireless networks. In this chapter, we first give a brief introduction to wired IDSs and wireless IDSs. Then we address the main challenges in designing IDSs for cellular mobile networks, including the topics of feature selection, detection techniques, and adaptability of IDSs. An anomaly-based IDS exploiting mobile users ’ location history is introduced to provide insights into the intricacy of building a concrete IDS for cellular mobile networks.

[1]  Nong Ye,et al.  First‐order versus high‐order stochastic models for computer intrusion detection , 2002 .

[2]  Qi He,et al.  The quest for personal control over mobile location privacy , 2004, IEEE Communications Magazine.

[3]  E. V. Krishnamurthy,et al.  Fast Iterative Division of p-adic Numbers , 1983, IEEE Transactions on Computers.

[4]  Qiang Chen,et al.  Probabilistic techniques for intrusion detection based on computer audit data , 2001, IEEE Trans. Syst. Man Cybern. Part A.

[5]  Qiang Chen,et al.  Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection , 2002, IEEE Trans. Computers.

[6]  Ian H. Witten,et al.  Text Compression , 1990, 125 Problems in Text Algorithms.

[7]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[8]  Somesh Jha,et al.  Markov chains, classifiers, and intrusion detection , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[9]  P. Krishnan,et al.  Optimal prefetching via data compression , 1996, JACM.

[10]  Yuguang Fang,et al.  Security analysis and enhancements of 3GPP authentication and key agreement protocol , 2005, IEEE Trans. Wirel. Commun..

[11]  Daphne Koller,et al.  Toward Optimal Feature Selection , 1996, ICML.

[12]  Karl N. Levitt,et al.  Execution monitoring of security-critical programs in distributed systems: a specification-based approach , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Stephanie Forrest,et al.  Infect Recognize Destroy , 1996 .

[14]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[15]  Ulf Lindqvist,et al.  Detecting computer and network misuse through the production-based expert system toolset (P-BEST) , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[16]  Yi-Bing Lin,et al.  Potential Fraudulent Usage in Mobile Telecommunications Networks , 2002, IEEE Trans. Mob. Comput..

[17]  Refik Molva,et al.  IDAMN: An Intrusion Detection Architecture for Mobile Networks , 1997, IEEE J. Sel. Areas Commun..

[18]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[19]  Peter Reichl,et al.  How to increase security in mobile networks by anomaly detection , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[20]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[21]  Ian H. Witten,et al.  Data Compression Using Adaptive Coding and Partial String Matching , 1984, IEEE Trans. Commun..

[22]  Marc Dacier,et al.  A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.

[23]  Michel Barbeau,et al.  Anomaly-based intrusion detection using mobility profiles of public transportation users , 2005, WiMob'2005), IEEE International Conference on Wireless And Mobile Computing, Networking And Communications, 2005..

[24]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2006, IEEE Trans. Veh. Technol..

[25]  Nong Ye,et al.  A Markov Chain Model of Temporal Behavior for Anomaly Detection , 2000 .

[26]  Jaakko Hollmén,et al.  User profiling and classification for fraud detection in mobile communications networks , 2000 .

[27]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[28]  Hassan A. Karimi,et al.  A predictive location model for location-based services , 2003, GIS '03.

[29]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[30]  Abraham Lempel,et al.  A universal algorithm for sequential data compression , 1977, IEEE Trans. Inf. Theory.

[31]  Stefan Schönfelder Some notes on space, location and travel behaviour , 2001 .

[32]  Richard A. Johnson,et al.  Applied Multivariate Statistical Analysis , 1983 .

[33]  Rangaswamy Jagannathan,et al.  SYSTEM DESIGN DOCUMENT: NEXT-GENERATION INTRUSION DETECTION EXPERT SYSTEM (NIDES) , 1993 .

[34]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[35]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[36]  Abraham Lempel,et al.  Compression of individual sequences via variable-rate coding , 1978, IEEE Trans. Inf. Theory.

[37]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[38]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[39]  Bo Sun,et al.  Towards adaptive anomaly detection in cellular mobile networks , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[40]  Harold S. Javitz,et al.  The SRI IDES statistical anomaly detector , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[41]  Richard A. Kemmerer,et al.  Penetration state transition analysis: A rule-based intrusion detection approach , 1992, [1992] Proceedings Eighth Annual Computer Security Application Conference.