A framework for intrusion detection in ad hoc networks
We focus on detecting intrusions in ad hoc networks using misuse detection techniques and investigate the placement of the intrusion detection modules. Our goal is to maximize the detection performance subject to limited availability of system resources. We first assume that the detection modules are not compromised and hence functioning properly. Next, we allow detection module to fail periodically and subsequently also generate a false positive. Combining theories of hypothesis testing, stochastic analysis, and approximation algorithms, we develop a framework to counter different threats while minimizing the resource consumption. We obtain computationally simple optimal rules for aggregating and thereby minimizing the errors in the decisions of the nodes executing the intrusion detection software (IDS) modules. We then show that the selection of the optimal set of nodes for executing these modules is an NP-hard problem. We present distributed selection algorithms that attain guaranteeable approximation bounds. These approximation bounds are the same as those attained by the best known centralized approximation algorithms. We also propose analytical expressions to quantify the resource consumption versus detection rate tradeoff for different algorithms. Using a combination of analysis and simulation, we identify the appropriate algorithms for different threat models, compromise levels, resource limitations, and levels of security requirements.^
Engineering, Electronics and Electrical
"A framework for intrusion detection in ad hoc networks"
(January 1, 2006).
Dissertations available from ProQuest.