Ping Yi,Yue Wu,Jianhua Li

DOI: https://doi.org/10.1049/cp:20070131

2007-01-01

Abstract:Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years. In this paper, we propose a distributed intrusion detection approach based on timed automata. We construct the timed automata by the way of manually abstracting the correct behaviours of the node according to the routing protocol. The monitor nodes can verify every node's behaviour by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data.

Ping Yi,Futai Zou,Jianhua Li

2007-01-01

Journal of Computational Information Systems

Abstract:Wireless mesh networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the timed automata by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.

Yi Ping,Wu Yue,Liu Ning,Wang Zhiyang

2010-01-01

China Communications

Abstract:Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Machine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.

WANG Fang,YI Ping,WU Yue,WANG Zhi-yang

DOI: https://doi.org/10.3969/j.issn.1002-137x.2010.10.027

2010-01-01

Computer Science

Abstract:Mobile ad hoc networks are highly vulnerable to attacks due to the open medium,dynamically changing network topology,cooperative algorithms,lack of centralized monitoring and management point.The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features.We proposed a distributed intrusion detection approach based on finish state machine(FSM).A cluster-based detection scheme was presented,where periodically a node is elected as the monitor node for a cluster.These monitor nodes can not only make local intrusion detection decisions,but also cooperatively take part in global intrusion detection.And then we constructed the finite state machine(FSM)by the way of manually abstracting the correct behaviours of the node according to the routing protocol of Dynamic Source Routing(DSR).The monitor nodes can verify every node's behaviour by the FSM,and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent,our approach is much more efficient while maintaining the same level of effectiveness.Finally,we evaluated the intrusion detection method through simulation experiments.

P Yi,YC Jiang,YP Zhong,SY Zhang

DOI: https://doi.org/10.1109/saintw.2005.1619986

2005-01-01

Abstract:Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on finish state machine (FSM). A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the finite state machine (FSM) by the way of manually abstracting the correct behaviours of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behaviour by the FSM, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness.

Yong-mei GAO,Ji-yi WU,Ling-di PING

DOI: https://doi.org/10.3969/j.issn.1673-629X.2009.08.039

2009-01-01

Abstract:Owing to many new characteristics such as central-less control and multi-hop communication,the security situation is more rigorous than that in the traditional Ad hoc network.Especially,when the number of nodes increase,the difficulty of building network,network availability and network security will be influenced badly.After the particular analysis of Sergio Marti's Watchdog and Pathrater arithmetic,intrusion detection system called SuperWatchdog,as the improved solution,was introduced to overcome the weakness of Watchdog.The main feature of the proposed system is its ability to discover malicious nodes which can partition the network by falsely reporting other nodes as misbehaving and then proceeds to protect the network.Simulation results show that our system decrease the overhead greatly,though it does not increase the throughput obviously.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

Ping Yi,Yiping Zhong,Shiyong Zhang

DOI: https://doi.org/10.1007/11508380_121

2005-01-01

Abstract:The mobile ad hoc networks are particularly vulnerable to intrusion, as its features of open medium, dynamic changing topology, cooperative routing algorithms. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features, because no matter how secure the mobile ad hoc networks, its is still possible the nodes are compromised and become malicious. In this paper, we propose a novel intrusion detection approach for mobile ad hoc networks by using finite state machine. We construct the finite state machine (FSM) by the way of manually abstracting the correct behaviours of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes cooperatively monitor every node's behaviour by the FSM. Our approach can detect real-time attacks without signatures of intrusion or trained data. Finally, we evaluate the intrusion detection method through simulation experiments.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

刘叶卿,易平,蒋兴浩,李建华

DOI: https://doi.org/10.3969/j.issn.1006-9348.2008.11.040

2008-01-01

Abstract:Security of Mobile Ad hoc network is much more important due to its public transmission media,dynamic topology,cooperative route algorithm,lack of monitoring and managing and etc.Now three kinds of Intrusion nodes are defined: to minimize the spense of energe,Selfish node would skip the responsibility of a router;Black hole nodes which are eager to play the router role in order to discard the useful data packet;Faulty node does not forward or pop up packets due to software or hardware fault.The aim is to simulate the malicious nodes' behavior on NS2,and then add the function of monitoring to the DSR routing protocol,compare the results with and without the monitor system.The result shows that the monitor system turns down the packet loss ratio and gets the increase of average route hop under control.

X Jin,YX Zhang,YY Wei

2004-01-01

Abstract:Intrusion Detection Systems (IDSs) for Mobile Ad hoc NETworks (MANETs) is becoming an exciting and important technology in very recent years, because the intrusion prevention techniques can not satisfy the security requirements in mission critical systems. Most existing IDSs for MANETs are focusing on the security vigor of the design but losing sight of the network performance aspect. In this paper we propose a cluster-based intrusion detection system for MANETs, which can rectify its detection level dynamically adapting to both the run-time resource constraints and the threat level of the network. Compared with the scheme that each node runs its own IDS, our proposed scheme is more efficient while maintaining the same level of detection rate. While compared with the common cluster-based IDS scheme, this scheme is more flexible when facing the emergent situations. Thus, our scheme effectively balances security strength and network performance in practice.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

Jing Yan,Xiaolei Li,Xiaoyuan Luo,Xinping Guan

DOI: https://doi.org/10.3390/s17051168

IF: 3.9

2017-01-01

Sensors

Abstract:Due to the lack of a physical line of defense, intrusion detection becomes one of the key issues in applications of underwater wireless sensor networks (UWSNs), especially when the confidentiality has prime importance. However, the resource-constrained property of UWSNs such as sparse deployment and energy constraint makes intrusion detection a challenging issue. This paper considers a virtual-lattice-based approach to the intrusion detection problem in UWSNs. Different from most existing works, the UWSNs consist of two kinds of nodes, i.e., sensor nodes (SNs), which cannot move autonomously, and actuator nodes (ANs), which can move autonomously according to the performance requirement. With the cooperation of SNs and ANs, the intruder detection probability is defined. Then, a virtual lattice-based monitor (VLM) algorithm is proposed to detect the intruder. In order to reduce the redundancy of communication links and improve detection probability, an optimal and coordinative lattice-based monitor patrolling (OCLMP) algorithm is further provided for UWSNs, wherein an equal price search strategy is given for ANs to find the shortest patrolling path. Under VLM and OCLMP algorithms, the detection probabilities are calculated, while the topology connectivity can be guaranteed. Finally, simulation results are presented to show that the proposed method in this paper can improve the detection accuracy and save the energy consumption compared with the conventional methods.

Jaydip Sen

DOI: https://doi.org/10.48550/arXiv.1101.0241

2010-12-31

Cryptography and Security

Abstract:Intrusion detection in wireless ad hoc networks is a challenging task because these networks change their topologies dynamically, lack concentration points where aggregated traffic can be analyzed, utilize infrastructure protocols that are susceptible to manipulation, and rely on noisy, intermittent wireless communications. Security remains a major challenge for these networks due their features of open medium, dynamically changing topologies, reliance on co-operative algorithms, absence of centralized monitoring points, and lack of clear lines of defense. In this paper, we present a cooperative, distributed intrusion detection architecture based on clustering of the nodes that addresses the security vulnerabilities of the network and facilitates accurate detection of attacks. The architecture is organized as a dynamic hierarchy in which the intrusion data is acquired by the nodes and is incrementally aggregated, reduced in volume and analyzed as it flows upwards to the cluster-head. The cluster-heads of adjacent clusters communicate with each other in case of cooperative intrusion detection. For intrusion related message communication, mobile agents are used for their efficiency in lightweight computation and suitability in cooperative intrusion detection. Simulation results show effectiveness and efficiency of the proposed architecture.

Zhi-sheng YIN,Xiu-zhen CHEN,Xiao-hua CHEN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.17.051

2008-01-01

Abstract:Mobile Ad hoc Networks(MANET) is suffering from the threat of variety of attacks for its dynamic topology and wireless channel features.This paper presents an attack detection policy based on data link monitoring with support of secure routing protocol,which aims at traffic pattern distortion attacking.The nodes on data link monitor the behaviors of the previous and next nodes to assure the security of data link on a base of trustworthy routing information.Analysis and simulation results show that the policy is efficient.

. C. Ioannou,V. Vassiliou,S. M. Kasongo,Y. Sun,Y. Xiao,C. Xing,T. Zhang,Aman deep Kaur,Prakash Rao Ragiri,H. Alipour,Y. B. Al-Nashif,P. Satam

2020-01-01

Abstract:The threat of cyber intrusion is progressively high and harmful. Intrusion Detection Systems (IDS) provides the ability to identify security breaches in a system. A security breach will be taking any action based on the owner of the system believes unauthorized. Attacks in Wireless Networks (WNs) aim in limiting or even eliminating the ability of the network to perform its expected function. WNs are networks with limited resources and often deployed in uncontrollable environments that an intruder can easily access. WN attacks target specific network layer’s vulnerabilities but normally affect other layers as well. Network layer should be monitored and evaluated in order to detect possible malicious intervention. In this research, a general methodology of an anomaly-based Intrusion Detection System is proposed and evaluated the proposed system using routing layer attacks in Ad-hoc Distance Vector Routing (AODV) protocol and IDS is able to detect malicious activity and our solution delivered the packets to the receiver in a new route without discarding.

Xianji Jin,Jianquan Liang,Weiming Tong,Lei Lu,Zhongwei Li

DOI: https://doi.org/10.1016/j.compeleceng.2017.04.013

IF: 4.152

2017-01-01

Computers & Electrical Engineering

Abstract:In order to achieve both a higher detection rate and a lower false positive rate of internal node intrusion detection in layer-cluster wireless sensor networks, an intrusion detection scheme based on the use of both a multi-agent system and a node trust value is proposed. In this scheme, the multi-agent model framework is established in both the cluster heads and the ordinary sensor nodes to perform intrusion detection. First, various, typical node trust attributes are defined and Mahalanobis distance theory is used to judge whether these attributes are normal. Second, the node trust value is calculated and updated based on the combination of the Beta distribution and a tolerance factor. Finally, node intrusion detection is realized. Simulation results demonstrate that the modified scheme has a higher detection rate and a lower false positive rate, even when several types of intrusions are present.

Ping Yi,Ting Zhu,Jianqing Ma,Yue Wu

2013-01-01

Abstract:Mobile ad hoc networks (MANETs) are vulnerable to attacks with dynamic change of topology and unreliable wireless communication. Intrusion detection systems (IDSs) are important in MANETs to effectively identify an intruder. Then, IDS may broadcast the blacklist to all nodes in network. This method is simple but it may exhaust communication bandwidth and node resource, especially when there are a large number of nodes in network. In the paper, we develop an intrusion prevention mechanism in MANETs called mobile firewall. It can isolate an intruder with less overhead, and it can track the intruder to continually prevent the attack. We analyze the overhead cost of the mobile firewall and compare it with the flooding broadcast method. Simulations show our method can prevent invader effectively and communication overhead is less.

Dong Yongle,Qian Jun,Shi Meilin

DOI: https://doi.org/10.1109/CCECE.2003.1226031

2003-01-01

Abstract:Widespread attacks involving multiple hosts/networks happen more frequently as internetworking among computer systems via the Internet becomes more widely and keeps rapid increase. Due to lack of information, it can be quite difficult for conventional intrusion detection systems to identify such attacks in progress. Cooperative intrusion detection, on the basis of information sharing, is proved as a necessary measure to detect widespread attacks by other researcher D. Frincke (2000), Polla, D. et al., (1998). This paper presents a cooperative approach for intrusion detection that provides a method for individual ID components working cooperatively to perform concerted detections. Being constructed on the basis of ID components, CoIDS can adopt both existed (usually more mature) and new ID techniques. This makes CoIDS extensible and scalable. In addition, an ID component is essentially an autonomous agent, which makes CoIDS available with certain loss of functionality even when the intrusion detection manager does not work. Its reliability is also improved because failure of one ID component will not cause any other to stop working. Furthermore, it improved the accuracy of detection for conventional intrusions by validating analysis result with data from different ID components.