Title: On effective sampling techniques in host-based intrusion detection in tactical MANET
Authors: Wei Yu; Linqiang Ge; Difan Zhang; Rommie L. Hardy; Robert J. Reschly
Addresses: Department of Computer and Information Sciences, Towson University, 8000 York Road, Towson, MD 21252-0001, USA ' Department of Computer and Information Sciences, Towson University, 8000 York Road, Towson, MD 21252-0001, USA ' Department of Computer and Information Sciences, Towson University, 8000 York Road, Towson, MD 21252-0001, USA ' Network Science Division, Computational & Information Sciences Directorate, U.S. Army Research Laboratory, ATTN: RDRL-LOP, 2800 Powder Mill Road, Adelphi, MD 20783-1197, USA ' Network Science Division, Computational & Information Sciences Directorate, U.S. Army Research Laboratory, ATTN: RDRL-LOP, 2800 Powder Mill Road, Adelphi, MD 20783-1197, USA
Abstract: A tactical Mobile Ad Hoc Network (MANET) demands a robust, diverse and resilient communication and computing infrastructure which enables network-centric operation with minimal downtime. Nevertheless, tactical MANET poses great security risks because mobile nodes are deployed in open hostile environments and wireless communication makes the information accessible to an adversary attacking the tactical MANET. Cyber attack monitoring and detection in the tactical MANET is challenging because of limited resources and its infrastructure-less network environment. To address these issues, we first introduce the host-based detection architecture to monitor and detect cyber attacks against the tactical MANET. We then develop two sampling techniques and discuss other techniques to balance trade-offs between detection accuracy and consumption of network resources. We also analyse the impact of detection accuracy versus sampling techniques and associated parameters. We conduct extensive real-world experiments and simulation studies. Our data validates our theoretical findings well.
Keywords: tactical MANETs; cyber attack monitoring; cyber attack detection; host-based detection; sampling techniques; cyber attacks; mobile ad hoc networks; mission critical network infrastructures; hostile environments; wireless communications; mobile networks.
International Journal of Security and Networks, 2013 Vol.8 No.3, pp.154 - 168
Received: 25 Jan 2013
Accepted: 13 Mar 2013
Published online: 19 Nov 2013 *