Article

Distributed and control theoretic approach to intrusion detection

Authors:

Huaping LiuAuthors Info & Claims

IWCMC '07: Proceedings of the 2007 international conference on Wireless communications and mobile computing

Pages 115 - 120

https://doi.org/10.1145/1280940.1280965

Published: 12 August 2007 Publication History

Abstract

Ad hoc wireless networks are more vulnerable to malicious attacks than traditional wired networks due to the silent nature of these attacks and the inability of the conventional intrusion detection systems (IDS) to detect them. These attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to a normal behavior. In this paper we discuss a control-theoretic Hidden Markov Model (HMM) strategy for intrusion detection using distributed observations across multiple nodes. This model consists of a distributed HMM engine that executes in a randomly selected monitor node and functions as a part of the feedback control engine. This drives the defensive response based on hysteresis to reduce the frequency of false positives, thereby avoiding inappropriate ad hoc responses.

References

[1]

S. Ci, M. Guizani, H. H. Chen, and H. Sharif, "Self-regulating network utilization in mobile ad-hoc wireless networks," IEEE Trans. Veh. Technol., vol. 55, no. 4, pp. 1302--1310, July 2006.

[2]

X. Du, Y. Xiao, S. Guizani, and H. H. Chen, "A secure routing protocol for heterogeneous sensor networks, in Proc. IEEE Globecom'06, Nov. 2006, San Francisco, CA.

[3]

L.R. Rabiner, "A tutorial on hidden Markov models and selected applications in speech recognition," Proceedings of the IEEE, vol. 77, pp. 257--286, Feb. 1989.

[4]

R. Khanna and H. Liu, "System approach to intrusion detection using hidden Markov model," in Proc. 2006 Int. Conf. Commun. and Mobile Comput. (IWCMC'06), July 2006, pp. 349--354.

Digital Library

[5]

S. S. Joshi and V. V. Phoha, "Investigating hidden Markov models capabilities in anomaly detection," in Proc. 43rd Annual Southeast Regional Conf. (ACM-SE 43), Kennesaw, GA, Mar. 2005, pp. 98--103.

Digital Library

[6]

A. Arnes, F. Valeur, G. Vigna, and R. Kemmerer, "Using hidden Markov models to evaluate the risks of intrusions: System architecture and model validation," in Proc. Int. Symp. Recent Advances in Intrusion Detection (RAID), Hamburg, Germany, Sep. 2006.

Digital Library

[7]

D. Ourston, S. Matzner, W. Stump, and B. Hopkins, "Applications of hidden Markov models to detecting multi-stage network attacks," in Proc. 36th Annual Hawaii Int. Conf. (System Sciences, 2003), Hamburg, Germany, Jan. 2003.

Digital Library

[8]

W. Wang, X.-H. Guan, and X.-L. Zhang, "Modeling program behaviors by hidden Markov models for intrusion detection," in Proc. Int. Conf. Machine Learning and Cybernetics, 2004, Aug. 2004, pp. 2830--2835.

[9]

S. Zanero, "Behavioral Intrusion Detection," in In ISCIS 2004, 2004.

[10]

D. Wagner and D. Dean, "Intrusion detection via static analysis," in Proc. IEEE Symposium on Research in Security and Privacy, Oakland, CA, 2001.

Digital Library

[11]

S. Manganaris, M. Christensen, D. Serkle, and K. Hermix, "A data mining analysis of RTID alarms," 2nd Int. Workshop Recent Advances in Intrusion Detection, Purdue Univ., West Lafayette, Indiana, USA, Sep. 1999.

[12]

G. Widmer and M. Kubat, "Learning in the presence of concept drifting and hidden contexts," Machine Learning, vol. 23, pp. 69--101, 1996.

Digital Library

[13]

W. Fan, "Systematic data selection to mine concept drifting data streams," ACM SIGKDD, 2004.

Digital Library

[14]

S. Kullback and R. A. Leibler, "On information and sufficiency," Annals of Mathematical Statistics, vol. 22, pp. 79--86, Mar. 1951.

[15]

G. R. Grimmett and D. R. Stirzaker, Probability and random processes. Oxford, U.K.: Clarendon Press, 2nd edition, 1992.

[16]

T. K. Moon, "The expectation-maximization algorithm," IEEE Signal Processing Magazine, pp. 47--59, Nov. 1996.

Cited By

Kayode ABabatunde IHaruna Danjuma Israel (2013)DGM approach to network attacker and defender strategies8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)10.1109/ICITST.2013.6750213(313-320)Online publication date: Dec-2013
https://doi.org/10.1109/ICITST.2013.6750213
Khanna RLiu HChen H(2009)Reduced complexity intrusion detection in sensor networks using genetic algorithmProceedings of the 2009 IEEE international conference on Communications10.5555/1817271.1817383(598-602)Online publication date: 14-Jun-2009
https://dl.acm.org/doi/10.5555/1817271.1817383

Index Terms

Distributed and control theoretic approach to intrusion detection
1. Mathematics of computing
  1. Probability and statistics
    1. Multivariate statistics
    2. Stochastic processes

Recommendations

System approach to intrusion detection using hidden Markov model
IWCMC '06: Proceedings of the 2006 international conference on Wireless communications and mobile computing

In an era of cooperating ad hoc networks and pervasive wireless connectivity, we are becoming more vulnerable to malicious attacks. Many of these attacks are silent in nature and cannot be detected by the conventional intrusion detection system (IDS) ...
Intelligent IDS: Venus Fly-Trap Optimization with Honeypot Approach for Intrusion Detection and Prevention
Abstract
Intrusion Detection Systems and Intrusion Prevention Systems are used to detect and prevent attacks/malware from entering the network/system. Honeypot is a type of Intrusion Detection System which is used to find the intruder, study the intruder ...
Overview of intrusion detection and intrusion prevention
InfoSecCD '08: Proceedings of the 5th annual conference on Information security curriculum development

This report provides an overview of IPS systems. In the first section a comparison of IDS and IPS is made, where an IPS system is defined as an integration of IDS and a firewall. The second section describes what is needed to set up an IPS system. In ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IWCMC '07: Proceedings of the 2007 international conference on Wireless communications and mobile computing

August 2007

716 pages

ISBN:9781595936950

DOI:10.1145/1280940

General Chairs:
Mohsen Guizani
Western Michigan University, USA
,
Hsiao-Hwa Chen
National Sun Yat-Sen University, Taiwan
,
Program Chair:
Xi Zhang
Texas A&M University, USA

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDOC: ACM Special Interest Group on Systems Documentation
ACM: Association for Computing Machinery

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 August 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

IWCMC07

Sponsor:

SIGDOC
ACM

IWCMC07: International Wireless Communications and Mobile Computing Conference

August 12 - 16, 2007

Hawaii, Honolulu, USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
656
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kayode ABabatunde IHaruna Danjuma Israel (2013)DGM approach to network attacker and defender strategies8th International Conference for Internet Technology and Secured Transactions (ICITST-2013)10.1109/ICITST.2013.6750213(313-320)Online publication date: Dec-2013
https://doi.org/10.1109/ICITST.2013.6750213
Khanna RLiu HChen H(2009)Reduced complexity intrusion detection in sensor networks using genetic algorithmProceedings of the 2009 IEEE international conference on Communications10.5555/1817271.1817383(598-602)Online publication date: 14-Jun-2009
https://dl.acm.org/doi/10.5555/1817271.1817383

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents