TY - JOUR
T1 - A distributed cross-layer intrusion detection system for ad hoc networks
AU - Liu, Yu
AU - Li, Yang
AU - Man, Hong
PY - 2006
Y1 - 2006
N2 - Most existing intrusion detection systems (IDSS) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based IDS that utilizes cross-layer features to detect attacks, and localizes attack sources within one-hop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from both MAC layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables the IDS to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.
AB - Most existing intrusion detection systems (IDSS) for ad hoc networks are proposed for single layer detection. Although they may apply to other layers of network protocol stack, individual layers of data is still being analyzed separately. In addition, most have not been able to emphasize localization of attack source. In this paper, we propose an anomaly-based IDS that utilizes cross-layer features to detect attacks, and localizes attack sources within one-hop perimeter. Specifically, we suggest a compact feature set that incorporate intelligence from both MAC layer and network layer to profile normal behaviors of mobile nodes; we adapt a data mining anomaly detection technique from wired networks to ad hoc networks; and we develop a novel collaborative detection scheme that enables the IDS to correlate local and global alerts. We validate our work through ns-2 simulation experiments. Experimental results demonstrate the effectiveness of our method.
KW - Ad hoc network
KW - Intrusion detection
KW - Modeling
KW - Performance evaluation
KW - Radiocommunication
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=33745225594&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745225594&partnerID=8YFLogxK
U2 - 10.1007/BF03219912
DO - 10.1007/BF03219912
M3 - Review article
AN - SCOPUS:33745225594
SN - 0003-4347
VL - 61
SP - 357
EP - 378
JO - Annales des Telecommunications/Annals of Telecommunications
JF - Annales des Telecommunications/Annals of Telecommunications
IS - 3-4
ER -