We consider adhoc networks with multiple, mobile colluding intruders. We investigate the placement of the intrusion detection modules for misuse intrusion detection. Our goal is to maximize the detection performance subject to limitation in the computational resources. We mathematically formulate different detection objectives, and show that computing the optimal solution is NP-hard in each case. Thereafter, we propose a family of algorithms that approximate the optimal solution, and prove that some of these algorithms have guaranteeable approximation ratios. The algorithms that have analytically guaranteeable performance require re-computation every time the topology changes due to mobility. We next modify the computation strategy so as to seamlessly adapt to topological changes due to mobility. Using simulation we evaluate these algorithms, and identify the appropriate algorithms for different detection performance and resource consumption tradeoffs.
Date of this Version
Date Posted: 20 February 2005
This document has been peer reviewed.