Network Intrusion Detection 2015
SoS Newsletter- Advanced Book Block
Network Intrusion Detection 2015 |
Network intrusion detection (NID) is one of the chronic problems in cybersecurity. The growth of cellular and ad hoc networks has increased the threat, and risks and research into this area of concern reflect its importance. For the Science of Security community, NID is relevant to metrics, composability, and resilience. The articles cited here were presented in 2015.
S. Choudhury and A. Bhowal, “Comparative Analysis of Machine Learning Algorithms Along with Classifiers for Network Intrusion Detection,” Smart Technologies and Management for Computing, Communication, Controls, Energy and Materials (ICSTM), 2015 International Conference on, Chennai, 2015, pp. 89-95. doi:10.1109/ICSTM.2015.7225395
Abstract: Intrusion detection is one of the challenging problems encountered by the modern network security industry. A network has to be continuously monitored for detecting policy violation or suspicious traffic. So an intrusion detection system needs to be developed which can monitor network for any harmful activities and generate results to the management authority. Data mining can play a massive role in the development of a system which can detect network intrusion. Data mining is a technique through which important information can be extracted from huge data repositories. In order to spot intrusion, the traffic created in the network can be broadly categorized into following two categories- normal and anomalous. In our proposed paper, several classification techniques and machine learning algorithms have been considered to categorize the network traffic. Out of the classification techniques, we have found nine suitable classifiers like BayesNet, Logistic, IBK, J48, PART, JRip, Random Tree, Random Forest and REPTree. Out of the several machine learning algorithms, we have worked on Boosting, Bagging and Blending (Stacking) and compared their accuracies as well. The comparison of these algorithms has been performed using WEKA tool and listed below according to certain performance metrics. Simulation of these classification models has been performed using 10-fold cross validation. NSL-KDD based data set has been used for this simulation in WEKA.
Keywords: data mining; learning (artificial intelligence); pattern classification; security of data; BayesNet classifiers; IBK classifiers; J48 classifiers; JRip classifiers; NSL-KDD based data set; PART classifiers; REPTree classifiers; WEKA tool; classification techniques; data mining; data repository; logistic classifiers; machine learning algorithms; management authority; network intrusion detection; network security industry; network traffic; policy violation detection; random forest classifiers; random tree classifiers; Accuracy; Classification algorithms; Intrusion detection; Logistics; Machine learning algorithms; Prediction algorithms; Training; classification; intrusion detection; machine learning; network (ID#: 16-10512)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7225395&isnumber=7225373
T. Probst, E. Alata, M. Kaaniche, and V. Nicomette, “Automated Evaluation of Network Intrusion Detection Systems in IaaS Clouds,” Dependable Computing Conference (EDCC), 2015 Eleventh European, Paris, 2015, pp. 49-60. doi:10.1109/EDCC.2015.10
Abstract: This paper describes an approach for the automated security evaluation of operational Network Intrusion Detection Systems (NIDS) in Infrastructure as a Service (IaaS) cloud computing environments. Our objective is to provide automated and experimental methods to execute attack campaigns and analyze NIDS reactions, in order to highlight the ability of the NIDS to protect clients' virtual infrastructures and find potential weaknesses in their placement and configuration. To do so, we designed a three-phase approach. It is composed of the cloning of the target client's infrastructure to perform the subsequent audit operations on a clone, followed by the analysis of network access controls to determine the network accessibilities in the cloned infrastructure. Using evaluation traffic we modeled and generated, the last phase of the approach, presented in this paper, focuses on executing attack campaigns following an optimized algorithm. The NIDS alerts are analyzed and evaluation metrics are computed. Our approach is sustained by a prototype and experiments carried out on a VMware-based cloud platform.
Keywords: authorisation; cloud computing; virtual machines; IaaS cloud computing; VMware-based cloud platform; automated security evaluation; client virtual infrastructures; cloned infrastructure; infrastructure as a service; network access controls; network intrusion detection systems; Access control; Algorithm design and analysis; Automata; Cloning; Cloud computing; Computational modeling; NIDS; attacks; cloud; evaluation; security (ID#: 16-10513)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371954&isnumber=7371940
P. Singh and A. Tiwari, “An Efficient Approach for Intrusion Detection in Reduced Features of KDD99 Using ID3 and Classification with KNNGA,” Advances in Computing and Communication Engineering (ICACCE), 2015 Second International Conference on, Dehradun, 2015, pp. 445-452. doi:10.1109/ICACCE.2015.49
Abstract: KDDCUP 1999 Dataset widely used dataset of data mining in the field of intrusion detection by various researchers. This dataset are publicly available for the users. Intrusion detection is the key challenges for the users because the intrusion may corrupt or destroy the network services. The intrusion detection system is classified into two categories: Network based intrusion detection system and Misuse intrusion detection system. In this paper, novel method is for intrusion detection with feature reduction using partially ID3 algorithm to find higher information gain for attribute selection and KNN based GA (genetic algorithm) is applied for classification and detection of intrusions on KDD dataset. The simulation & analysis of the method is done on MATLAB2012A. The experimental scenario of proposed methodology produces better result when it compared with some existing approaches, for the measurement of the result comparing with the different performance metrics parameters such as sensitivity, specificity and accuracy.
Keywords: data mining; genetic algorithms; mathematics computing; security of data; ID3; KDD99; KNNGA; Matlab2012A; genetic algorithm; misuse intrusion detection system; Computers; Decision trees; Feature extraction; Genetic algorithms; Intrusion detection; Probes; Training; KDDCUP dataset; Misuse detection; KNN; GA (ID#: 16-10514)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7306727&isnumber=7306547
K. Elekar, M. M. Waghmare, and A. Priyadarshi, “Use of Rule Base Data Mining Algorithm for Intrusion Detection,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-5. doi:10.1109/PERVASIVE.2015.7087051
Abstract: Due increased growth of Internet, number of network attacks has been increased. Which emphasis need for intrusion detection systems(IDS) for secureing network. In this process network traffic is analyzed and monitored for detecting security flaws. Many researchers working on number of data mining techniques for developing an intrusion detection system. For detecting the intrusion, the network traffic can be classified into normal and anomalous. In this paper we have evaluated five rule base classification algorithms namely Decision Table, JRip, OneR, PART, and ZeroR. The comparison of these rule based classification algorithms is presented in this paper based upon their performance metrics using WEKA tools and KDD-CUP dataset to find out the best suitable algorithm available. The classification performance is evaluated using crossvalidation and test dataset. Considering overall higher correct and lower false attack detection PART classifier performs better than other classifiers.
Keywords: Internet; computer network security; data mining; decision tables; knowledge based systems; pattern classification; telecommunication traffic; IDS; Internet; JRip; OneR; PART; ZeroR; decision table; higher correct attack detection; intrusion detection system; lower false attack detection; network attacks; network security; network traffic analysis; network traffic classification; performance metrics; rule base classification algorithm; rule base data mining algorithm; security flaw detection; Classification algorithms; Computers; Data mining; Decision trees; Intrusion detection; Probes; Classification; Data Mining; DecisionTable; IDS; Intrusion Detection; JRip; KDD CUP dataset; Network Security; OneR; PART; WEKA; ZeroR (ID#: 16-10515)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087051&isnumber=7086957
YooJin Kwon, Huy Kang Kim, Yong Hun Lim, and Jong In Lim, “A Behavior-Based Intrusion Detection Technique for Smart Grid Infrastructure,” PowerTech, 2015 IEEE Eindhoven, Eindhoven, 2015, pp. 1-6. doi:10.1109/PTC.2015.7232339
Abstract: A smart grid is a fully automated electricity network, which monitors and controls all its physical environments of electricity infrastructure being able to supply energy in an efficient and reliable way. As the importance of cyber-physical system (CPS) security is growing, various intrusion detection algorithms to protect SCADA system and generation sector have been suggested, whereas there were less consideration on distribution sector. Thus, this paper first highlights the significance of CPS security, especially the availability as the most important factor in smart grid environment. Then this paper classifies various modern intrusion detection system (IDS) techniques for securing smart grid network. In our approach, we propose a novel behavior-based IDS for IEC 61850 protocol using both statistical analysis of traditional network features and specification-based metrics. Finally, we present the attack scenarios and detection methods applicable for IEC 61850-based digital substation in Korean environment.
Keywords: IEC standards; SCADA systems; power engineering computing; power system security; security of data; smart power grids; statistical analysis; substation protection; CPS security; IEC 61850 protocol; Korean environment; SCADA system protection; behavior-based IDS; behavior-based intrusion detection technique; cyber physical system security; digital substation; electricity infrastructure physical environment; fully automated electricity network reliability; smart grid infrastructure; statistical analysis; Clustering algorithms; Indexes; Inductors; Measurement; Security; Cyber-physical system; IEC 61850; anomaly detection; intrusion detection; smart grid (ID#: 16-10516)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7232339&isnumber=7232233
M. Ennahbaoui, H. Idrissi, and S. El Hajji, “Secure and Flexible Grid Computing Based Intrusion Detection System Using Mobile Agents and Cryptographic Traces,” Innovations in Information Technology (IIT), 2015 11th International Conference on, Dubai, 2015, pp. 314-319. doi:10.1109/INNOVATIONS.2015.7381560
Abstract: Grid Computing is one of the new and innovative information technologies that attempt to make resources sharing global and more easier. Integrated in networked areas, the resources and services in grid are dynamic, heterogeneous and they belong to multiple spaced domains, which effectively enables a large scale collection, sharing and diffusion of data. However, grid computing stills a new paradigm that raises many security issues and conflicts in the computing infrastructures where it is integrated. In this paper, we propose an intrusion detection system (IDS) based on the autonomy, intelligence and independence of mobile agents to record the behaviors and actions on the grid resource nodes to detect malicious intruders. This is achieved through the use of cryptographic traces associated with chaining mechanism to elaborate hashed black statements of the executed agent code, which are then compared to depict intrusions. We have conducted experiments basing three metrics: network load, response time and detection ability to evaluate the effectiveness of our proposed IDS.
Keywords: cryptography; grid computing; mobile agents; IDS; chaining mechanism; cryptographic traces; data collection; data diffusion; data sharing; detection ability metric; intrusion detection system; mobile agents; network load metric; resources sharing; response time metric; security issues; Computer architecture; Cryptography; Grid computing; Intrusion detection; Mobile agents; Monitoring (ID#: 16-10517)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7381560&isnumber=7381480
R. Sanches Miani, B. Bogaz Zarpelao, B. Sobesto, and M. Cukier, “A Practical Experience on Evaluating Intrusion Prevention System Event Data as Indicators of Security Issues,” Reliable Distributed Systems (SRDS), 2015 IEEE 34th Symposium on, Montreal, QC, 2015, pp. 296-305. doi:10.1109/SRDS.2015.17
Abstract: There are currently no generally accepted metrics for information security issues. One reason is the lack of validation using empirical data. In this practical experience report, we investigate whether metrics obtained from security devices used to monitor network traffic can be employed as indicators of security incidents. If so, security experts can use this information to better define priorities on security inspection and also to develop new rules for incident prevention. The metrics we investigate are derived from intrusion detection and prevention system (IDPS) alert events. We performed an empirical case study using IDPS data provided by a large organization of about 40,000 computers. The results indicate that characteristics of alerts can be used to depict trends in some security issues and consequently serve as indicators of security performance.
Keywords: computer network security; IDPS alert events; incident prevention; intrusion detection and prevention system; intrusion prevention system event data; security incident indicators; security inspection; security performance indicators; Computers; IP networks; Intrusion detection; Market research; Measurement; Organizations; empirical study; intrusion detection and prevention systems; network and security management; security incidents; security metrics (ID#: 16-10518)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7371594&isnumber=7371451
D. Adenusi, B. K. Alese, B. M. Kuboye, and A. F. B. Thompson, “Development of Cyber Situation Awareness Model,” Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015 International Conference on, London, 2015, pp. 1-11. doi:10.1109/CyberSA.2015.7166135
Abstract: This study designed and simulated cyber situation awareness model for gaining experience of cyberspace condition. This was with a view to timely detecting anomalous activities and taking proactive decision safeguard the cyberspace. The situation awareness model was modelled using Artificial Intelligence (AI) technique. The cyber situation perception sub-model of the situation awareness model was modelled using Artificial Neural Networks (ANN). The comprehension and projection submodels of the situation awareness model were modelled using Rule-Based Reasoning (RBR) techniques. The cyber situation perception sub-model was simulated in MATLAB 7.0 using standard intrusion dataset of KDD'99. The cyber situation perception sub-model was evaluated for threats detection accuracy using precision, recall and overall accuracy metrics. The simulation result obtained for the performance metrics showed that the cyber-situation sub-model of the cybersituation model better with increase in number of training data records. The cyber situation model designed was able to meet its overall goal of assisting network administrators to gain experience of cyberspace condition. The model was capable of sensing the cyberspace condition, perform analysis based on the sensed condition and predicting the near future condition of the cyberspace.
Keywords: artificial intelligence; inference mechanisms; knowledge based systems; mathematics computing; neural nets; security of data; AI technique; ANN; Matlab 7.0; RBR techniques; anomalous activities detection; artificial neural networks; cyber situation awareness model; cyberspace condition; proactive decision safeguard; rule-based reasoning; training data records; Artificial neural networks; Computational modeling; Computer security; Cyberspace; Data models; Intrusion detection; Mathematical model; Artificial Intelligence; Awareness; cyber-situation; cybersecurity; cyberspace (ID#: 16-10519)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7166135&isnumber=7166109
O. Rottenstreich and J. Tapolcai, “Lossy Compression of Packet Classifiers,” Architectures for Networking and Communications Systems (ANCS), 2015 ACM/IEEE Symposium on, Oakland, CA, 2015, pp. 39-50. doi:10.1109/ANCS.2015.7110119
Abstract: Packet classification is a building block in many network services such as routing, filtering, intrusion detection, accounting, monitoring, load-balancing and policy enforcement. Compression has gained attention recently as a way to deal with the expected increase of classifiers size. Typically, compression schemes try to reduce a classifier size while keeping it semantically-equivalent to its original form. Inspired by the advantages of popular compression schemes (e.g. JPEG and MPEG), we study in this paper the applicability of lossy compression to create packet classifiers requiring less memory than optimal semantically-equivalent representations. Our objective is to find a limited-size classifier that can correctly classify a high portion of the traffic so that it can be implemented in commodity switches with classification modules of a given size. We develop optimal dynamic programming based algorithms for several versions of the problem and describe how a small amount of traffic that cannot be classified can be easily treated, especially in software-defined networks. We generalize our solutions for a wide range of classifiers with different similarity metrics. We evaluate their performance on real classifiers and traffic traces and show that in some cases we can reduce a classifier size by orders of magnitude while still classifying almost all traffic correctly.
Keywords: data compression; pattern classification; software defined networking; lossy compression scheme; optimal dynamic programming based algorithms; packet classifiers; software-defined networks; Approximation algorithms; Approximation methods; Binary trees; Encoding; Image coding; Optimization; Transform coding (ID#: 16-10520)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7110119&isnumber=7110105
A. Springall, C. DeVito, Shou-Hsuan, and S. Huang, “Per Connection Server-Side Identification of Connections via Tor,” Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, Gwangiu, 2015, pp. 727-734. doi:10.1109/AINA.2015.260
Abstract: This paper presents two new and novel methods to separate network connections between those that have originated behind the Tor network and those that have not. Our methods identify Tor inbound connections through the use of two distinct timing signatures, delay and round-trip time, that can be used to create effective metrics. In order to evaluate our methods' ability to correctly identify Tor connections, we present the results of two small-scale experiments, one testing performance with HTTP traffic and the other testing SSH. These experiments resulted in very high accuracy rates (100% and 98.99% respectively) when partitioning network connections into Tor and non-Tor originating connections. Through the use of our techniques, we believe that inbound connections that have traversed the Tor network can be identified on a per-connection basis rather than the current per-IP basis.
Keywords: computer network security; HTTP traffic; SSH; Tor inbound connections; Tor network; computer security; connection server-side identification; intrusion detection; the onion router; Browsers; Cryptography; Delays; IP networks; Protocols; Relays; Servers; HTTP; Intrusion detection; Tor; computer security; stepping-stone (ID#: 16-10521)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098045&isnumber=7097928
A. B. Emami, S. Samet, A. Azarpira, and A. Farrokhtala, “SNACK: An Efficient Intrusion Detection System in Mobile Ad-Hoc Network Based on the Selective-Negative Acknowledgement Algorithm,” Electrical and Computer Engineering (CCECE), 2015 IEEE 28th Canadian Conference on, Halifax, NS, 2015, pp. 903-907. doi:10.1109/CCECE.2015.7129395
Abstract: The Mobile Ad-Hoc Network (MANET) consists of independent devices connected together, which can change their locations and configure themselves without being controlled by a central unit. This autonomous topology of MANET makes it vulnerable against the internal attacks, such as black hole, wormhole, and flooding, from inside the system. One existing solution to this problem has been achieved by using Negative Acknowledgement (NACK) as an Intrusion Detection System (IDS). NACK method is easy to implement and has a high level of packet delivery with lightweight security monitoring. However, although packet delivery is guaranteed in NACK, its high rate of routing overhead and high level of energy consumption become as two big weaknesses of the network, especially when it comes to increasing the mobility and the number of insider attacks. In this study the performance of NACK in this regard has been challenged and investigated in different scenarios. Then a new approach, called Selective Negative Acknowledgement (SNACK), based on NACK and Selective Acknowledgement (SACK) is proposed. It is shown that the proposed acknowledgement method outperforms NACK with much less packet overhead, by comparing the results of simulations in Network Simulator v-2.35 (NS-2).
Keywords: mobile ad hoc networks; mobility management (mobile radio); security of data; telecommunication network routing; telecommunication security; IDS; MANET; Network Simulator v-2.35; SACK; SNACK method; black hole; independent devices; intrusion detection system; lightweight security monitoring; mobile ad-hoc network; packet delivery; selective acknowledgement; selective-negative acknowledgement algorithm; wormhole; Cryptography; Mobile ad hoc networks; Monitoring; Nickel; Protocols; Routing; Internal Attacker; Intrusion Detection System; Mobile Ad-Hoc Network; Negative/Selective-Acknowledgement (ID#: 16-10522)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7129395&isnumber=7129089
N. Soms, R. Saji Priya, A. S. Banu and P. Malathi, “A Comprehensive Performance Analysis of Zone Based Intrusion Detection System in Mobile AD Hoc Networks,” Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, Chennai, 2015, pp. 1-8. doi:10.1109/ICSCN.2015.7219887
Abstract: Wireless networking is currently the medium of choice for several applications. Mobile ad hoc networks (MANETs) are networks that combine wireless communication with a high degree of node mobility. Hence they are vulnerable and are subjected to new security risks. Intrusion Detection Systems (IDS) are an important area of research which acts as a second line of defense against unauthorized activities in networks. The effectiveness of IDS is measured by the response it generates specific to the type of intrusion detected. In this paper, we have proposed and simulated an enhanced detection mechanism in a Zone based Intrusion Detection System (ZBIDS). An extensive simulation is carried out to study the performance of ZBIDS under various routing attacks like blackhole, greyhole, wormhole and impersonation. The simulation results are based on the proposed architecture and shows that the enhanced ZBIDS has achieved desirable performance to meet the security requirement of MANETs.
Keywords: mobile ad hoc networks; mobility management (mobile radio); security of data; telecommunication network routing; telecommunication security; MANET; ZBIDS; blackhole; greyhole; mobile ad hoc networks; wireless communication; wireless networking; wormhole; zone based intrusion detection system; Ad hoc networks; Color; Computer architecture; Engines; Intrusion detection; Mobile computing; Routing; Zone based intrusion detection system; blackhole attack; grayhole attack; impersonation; wormhole attack (ID#: 16-10523)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219887&isnumber=7219823
B. H. Dang and W. Li, “Impact of Baseline Profile on Intrusion Detection in Mobile Ad Hoc Networks,” SoutheastCon 2015, Fort Lauderdale, FL, 2015, pp. 1-7. doi:10.1109/SECON.2015.7133013
Abstract: Dynamic topology and limited resources are major limitations that make intrusion detection in mobile ad hoc network (MANET) a difficult task. In recent years, several anomaly detection techniques were proposed to detect malicious nodes using static and dynamic baseline profiles, which depict normal MANET behaviors. In this research, we investigated different baseline profile methods and conducted a set of experiments to evaluate their effectiveness and efficiency for anomaly detection in MANETs using C-means clustering technique. The results indicated that a static baseline profile delivers similar results to other baseline profile methods. However, it requires the least resource usage while a dynamic baseline profile method requires the most resource usage of all the baseline models.
Keywords: mobile ad hoc networks; mobile computing; pattern clustering; security of data; MANET behaviors; c-means clustering technique; dynamic baseline profiles; intrusion detection; malicious nodes; mobile ad hoc networks; resource usage; static baseline profiles; Ad hoc networks; Adaptation models; Computational modeling; Mobile computing; Routing protocols; Mobile ad hoc networks; anomaly detection; baseline profile; clustering technique; unsupervised learning techniques (ID#: 16-10524)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7133013&isnumber=7132866
A. Amouri, L. G. Jaimes, R. Manthena, S. D. Morgera, and I. J. Vergara-Laurens, “A Simple Scheme for Pseudo Clustering Algorithm for Cross Layer Intrusion Detection in MANET,” 2015 7th IEEE Latin-American Conference on Communications (LATINCOM), Arequipa, Peru, 2015, pp. 1-6. doi:10.1109/LATINCOM.2015.7430139
Abstract: The Mobile AdHoc Network (MANET) is a type of wireless network that does not require infrastructure for its operation; therefore, MANETs lack a centralized architecture which affects the level of security inside the network and increases vulnerability. Although encryption helps to increase network security level, it is not sufficient to protect against malicious intruders. An intrusion detection scheme is proposed in this paper based on cross layer feature collection from the medium access control (MAC) and network layers. The proposed method employs an hierarchical configuration that avoids using a clustering algorithm and, instead, sequentially activates the promiscuity (ability to sniff all packets transmitted by nodes within radio range) of the node based on its location in the network. The node in this case acts as a pseudo cluster head (PCH) that collects data from its neighboring nodes in each quadrant in the field and then uses this information to calculate an anomaly index (AI) in each quadrant. The mechanism uses a C4.5 decision tree to learn the network behavior under blackhole attack and is able to recognize blackhole attacks with up to 97% accuracy. The presented approach is twofold — it is energy efficient and has a high degree of intrusion detection with low overhead.
Keywords: (not provided) (ID#: 16-10525)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7430139&isnumber=7430110
S. Banerjee, R. Nandi, R. Dey, and H. N. Saha, “A Review on Different Intrusion Detection Systems for MANET and Its Vulnerabilities,” Computing and Communication (IEMCON), 2015 International Conference and Workshop on, Vancouver, BC, 2015, pp. 1-7. doi:10.1109/IEMCON.2015.7344466
Abstract: In recent years, Mobile Ad hoc NETwork (MANET) have become a very popular research topic. By providing communications in the absence of a fixed infrastructure MANET are an attractive technology for many applications such as resource app, military app, environmental monitoring and conferences. However, this flexibility introduces new security threats due to the vulnerable nature of MANET, there will be the necessity of protecting the data, information from the attackers as it is an infrastructure-less network. Thus, securing such demanding network is a big challenge. At this point, IDS came into existence to secure MANET in detecting at what point they are getting weak. In this review paper, we will discuss, MANET and its vulnerabilities, and how we can tackle it using different techniques of IDS (Intrusion Detection System).
Keywords: data protection; mobile ad hoc networks; security of data; IDS; data protection; fixed infrastructure MANET vulnerability; information protection; infrastructure-less network; intrusion detection system; mobile ad hoc network security; security threat; Intrusion detection; Mobile ad hoc networks; Monitoring; Protocols; Routing; Anomaly Detection; EAACK; MANET (ID#: 16-10526)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7344466&isnumber=7344420
P. Joshi, P. Nande, A. Pawar, P. Shinde, and R. Umbare, “EAACK — A Secure Intrusion Detection and Prevention System for MANETs,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi:10.1109/PERVASIVE.2015.7087032
Abstract: Wireless networks are been used now-a-days. The most important fact about wireless network is it is mobile. It is thus used in many fields. One of the most important applications of wireless networks is Mobile Ad hoc NETwork (MANET) in which all the nodes work as both transmitter and receiver. MANETs are used in various fields like military, industry and emergency recovery. So it is important to have a firsthand knowledge about MANETs. But there is a certain drawback in MANETs, that it becomes prone to malicious attacks very fast. To avoid such attacks a good intrusion detection and prevention system is needed. In this paper, we have proposed a system which can detect as well as prevent the malicious attacks. The system is named as Enhanced Adaptive ACKnowledgment (EAACK). EAACK gives a better malicious-behavior-detection than the traditional approaches.S
Keywords: mobile ad hoc networks; security of data; telecommunication security; EAACK; MANET; enhanced adaptive acknowledgment; malicious attacks; mobile ad hoc network; prevention system; secure intrusion detection; Ad hoc networks; Mobile computing; Peer-to-peer computing; Receivers; Routing; Routing protocols; Wireless networks; Enhanced Adaptive ACKnowledgment (EAACK); Mobile Ad hoc NETwork (MANET); Packet Delivery Ratio (PDR); Received Signal Strength (RSS); Rivest Shamir Adleman (RSA) (ID#: 16-10527)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7087032&isnumber=7086957
G. Gowthaman and G. Komarasamy, “A Study on Secure Intrusion Detection System in Wireless MANETs to Increase the Performance of Eaack,” Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, Coimbatore, 2015, pp. 1-5. doi:10.1109/ICECCT.2015.7226169
Abstract: Mobile Ad hoc Network (MANET) has been pervasive in many applications, including some procedures such as security in critical applications has been a major threats in MANETs. This exceptional characteristic of MANETs, anticipation methodologies lonely cannot able to be secure the data. In this circumstance secure acknowledgment of each data should have a defensive force before the attackers violate the system. The mechanism of Intrusion Detection System (IDS) is normally used to protect the wireless networks for security purposes in MANETs. In case of MANETs, intrusion detection system is favored since the first day of their invention. Communication is restricted to the transmitters within a radio frequency range. Owing to the superior technology that reduces the cost of infrastructure services to gain more importance in autonomous topology of mobile nodes. A novel IDS, EAACK is mainly a secure authentication method using acknowledgment for MANETs to transmit packets in mobility nodes. In this case, out of range in mobile nodes cases security issues while transmitting data from source to destination nodes. This results that the communication of each mobility nodes takes place in radio frequency range and the out of range in communication leads the parties to relay data transmissions to reach the destination node.
Keywords: cryptography; mobile ad hoc networks; safety systems; telecommunication security; EAACK; mobile ad hoc network; mobile nodes; secure authentication method; secure intrusion detection system; wireless MANET; Access control; Ad hoc networks; Communication system security; Conferences; Cryptography; Mobile computing; Digital signature; Enhanced Adaptive Acknowledgment (EAACK); Hybrid Cryptographic Key Exchange Algorithm (ID#: 16-10528)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226169&isnumber=7225915
T. A. Ghaleb, “Would an Intrusion Detection System Perform Alike with the Change of the Number of Mobile Nodes? An Experimental Evaluation,” Cloud Computing (ICCC), 2015 International Conference on, Riyadh, 2015, pp. 1-5. doi:10.1109/CLOUDCOMP.2015.7149666
Abstract: Intrusion Detection Systems (IDSs) have recently been introduced to protect MANETs from malicious attacks that can reduce their performance. The performance of the IDSs proposed in the literature have been evaluated under certain network conditions such as the change of mobility speed, simulation time, mobility models, etc. However, none of these IDSs have been evaluated across the variation of mobile nodes (MNs). The increase of mobility nodes may directly impact the performance of the network and, consequently, the accuracy of the IDS. When the number of mobiles nodes goes up, intruders have better opportunity to spread over the existing paths and can trick the IDS. In this paper, we evaluate the effect of the increase/decrease of mobile nodes on the performance of IDSs. The IDS chosen in this paper is the Adaptive Acknowledgment (AACK). Our experiments are accomplished in NS2 and configured in a way all parameters set to be fixed during the entire simulation, except the number of mobile nodes (cooperative and malicious), which repeatedly kept increasing. Experimental results demonstrate the cases in which the performance of AACK is either improved or degraded when the number of MNs changes.
Keywords: mobile ad hoc networks; mobile computing; security of data; AACK; IDS; MANETs; MNs; NS2; adaptive acknowledgment; intrusion detection system; malicious attacks; mobile nodes; Ad hoc networks; Delays; Mobile computing; Mobile nodes; Routing; Routing protocols (ID#: 16-10529)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7149666&isnumber=7149613
N. Kashyap, “Smart Intrusion Detection System for MANET,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 252-177. doi:10.1109/ICACEA.2015.7164690
Abstract: Mobile Ad hoc networks (MANET) are infrastructure less networks which consist of self organized & self configured multihop nodes. The topology of these networks change with time. The nodes in the network not only act as routers but also as hosts. Two main issues in MANET are challenging namely, optimized routing and security. The approach followed in this paper suggests use of data mining techniques such as clustering and classification in developing intrusion detection system for MANET. We will use Zone routing protocol (ZRP) for packet flow which is hybrid in nature. Then various properties of the malicious, selfish and loyal nodes are used to identify the cluster heads. Cluster head is one of the loyal nodes which are having sufficient energy to transmit the message in the mobile Ad hoc networks and also guarantees successful transmission of data from source to destination.
Keywords: mobile ad hoc networks; routing protocols; security of data; telecommunication network topology; telecommunication security; MANET; cluster heads; data mining; packet flow; routers; smart intrusion detection system; zone routing protocol; Data mining; Intrusion detection; Knowledge based systems; Mobile ad hoc networks; Routing; Routing protocols; Classification; Clustering; Mining; Zone routing protocol (ID#: 16-10530)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164690&isnumber=7164643
Ing-Ray Chen, R. Mitchell, and Jin-Hee Cho, “On Modeling of Adversary Behavior and Defense for Survivability of Military MANET Applications,” Military Communications Conference, MILCOM 2015 – 2015 IEEE, Tampa, FL, 2015, pp. 629-634. doi:10.1109/MILCOM.2015.7357514
Abstract: In this paper we develop a methodology and report preliminary results for modeling attack/defense behaviors for achieving high survivability of military mobile ad hoc networks (MANETs). Our methodology consists of 3 steps. The first step is to model adversary behavior of capture attackers and inside attackers which can dynamically and adaptively trigger the best attack strategies while avoiding detection and eviction. The second step is to model defense behavior of defenders utilizing intrusion detection and tolerance strategies to reactively and proactively counter dynamic adversary behavior. We leverage game theory to model attack/defense dynamics with the players being the attackers/defenders, the actions being the attack/defense strategies identified, and the payoff for each outcome being related to system survivability. The 3rd and final step is to identify and apply proper solution techniques that can effectively and efficiently analyze attack/defense dynamics as modeled by game theory for guiding the creation of effective defense strategies for assuring high survivability in military MANETs. The end product is a tool that is capable of analyzing a myriad of attacker behaviors and seeing the effectiveness of countering adaptive defense strategies which incorporate attack/defense dynamics.
Keywords: game theory; military communication; mobile ad hoc networks; security of data; capture attackers; game theory; inside attackers; intrusion detection; military MANET applications; military mobile ad hoc networks; Adaptation models; Analytical models; Game theory; Intrusion detection; Mathematical model; Mobile ad hoc networks; Vehicle dynamics; adversary modeling; defense behavior modeling; reliability; survivability (ID#: 16-10531)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7357514&isnumber=7357245
M. E. Sherine, “Effective Intrusion Detection Method for Manets Using EAACK,” Circuit, Power and Computing Technologies (ICCPCT), 2015 International Conference on, Nagercoil, 2015, pp. 1-6. doi:10.1109/ICCPCT.2015.7159354
Abstract: The movement to remote system from wired system has been a worldwide pattern in the recent decades. The versatility what's more adaptability brought by remote system made it conceivable in numerous applications. Among all the contemporary remote systems, Mobile Ad hoc Network (MANET) is a standout amongst the most imperative and special applications. On the in spite of conventional system structural engineering, MANET does not oblige an altered system base; each and every hub functions as both a transmitter and a collector. Hubs correspond specifically with one another when they are both inside the same correspondence range. Else, they depend on their neighbors to transfer messages. The planning toward oneself capacity of hubs in MANET made it prominent among basic mission applications like military utilization or crisis recuperation. On the other hand, the open medium and wide dissemination of hubs make MANET defenseless against malignant assailants. For this situation, it is essential to create proficient interruption identification instruments to ensure MANET from assaults. With the changes of the innovation furthermore cut in equipment costs, we are seeing a current pattern of growing Manets into mechanical applications. To acclimate to such pattern, we unequivocally accept that it is crucial to address its potential security issues. In this paper, we propose and actualize another interruption recognition framework named Enhanced Adaptive Acknowledgment (EAACK) uniquely intended for Manets using JAVA programming platform. Analyzed to contemporary methodologies, EAACK shows higher malevolent conduct location rates in specific circumstances while does not significantly influence the system exhibitions.
Keywords: Java; channel capacity; electronic messaging; mobile ad hoc networks; radio transmitters; telecommunication computing; telecommunication network planning; telecommunication security; EAACK; JAVA programming; MANET; collector; effective intrusion detection method; enhanced adaptive acknowledgment; hub capacity; hub functions; mechanical applications; message transfer; mobile ad hoc network; planning; potential security issue; proficient interruption identification instruments; remote system; transmitter; wired system; Computers; Intrusion detection; Mobile ad hoc networks; Mobile computing; Servers; AACK; Digital signature; Digital signature algorithm (DSA); Enhanced Adaptive Acknowledgment (EAACK); Intrusion Detection; Mobile Ad hoc Networks (MANET); TwoACK; Watchdog (ID#: 16-10532)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7159354&isnumber=7159156
S. V. Shirbhate, S. S. Sherekar, and V. M. Thakare, “A Novel Framework of Dynamic Learning Based Intrusion Detection Approach in MANET,” Computing Communication Control and Automation (ICCUBEA), 2015 International Conference on, Pune, 2015, pp. 209-213. doi:10.1109/ICCUBEA.2015.46
Abstract: With the growth of security and surveillance system, a huge amount of audit or network data is being generated. It is immense challenge for researcher to protect the mobile ad hoc network from the malicious node as topology of the network dynamically changes. A malicious node can easily inject false routes into the network. A traditional method to detect such malicious nodes is to establish a base profile of normal network behavior and then identify a node's behavior to be anomalous if it deviates from the established profile. As the topology of a MANET constantly changes over time, the simple use of a static base profile is not efficient. In this paper, a novel framework is proposed to detect the malicious node in MANET. In proposed method k-means clustering-based anomaly detection approach is used in which the profile is dynamically updated. The approach consists of three main phases: training, testing and updating. In training phase, the K-means clustering algorithm is used in order to establish a normal profile. In testing phase, check whether the current traffic of the node is normal or anomalous. If it is normal then update the normal profile otherwise isolate the malicious node and ignore that node from the network. To update the normal profile periodically, weighted coefficients and a forgetting equation is used.
Keywords: mobile ad hoc networks; telecommunication security; MANET; anomaly detection approach; dynamic learning; intrusion detection approach; k-means clustering; malicious nodes; mobile ad hoc network; network data; novel framework; security system; static base profile; surveillance system; topology node; Heuristic algorithms; Intrusion detection; Mobile ad hoc networks; Network topology; Routing; Testing; Training; Dynamic Intrusion Detection System; K-means clustering (ID#: 16-10533)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155836&isnumber=7155781
R. Bhumkar and D. J. Pete, “Reduction of Error Rate in Sybil Attack Detection for MANET,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-6. doi:10.1109/ISCO.2015.7282328
Abstract: Mobile ad hoc networks (MANETs) require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. Fully self-organized MANETs represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop security solutions. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations, we are able to demonstrate that our proposed scheme detects Sybil identities with 95% accuracy (true positive) and about 5% error rate (false positive) even in the presence of mobility.
Keywords: emergency management; mobile ad hoc networks; protocols; telecommunication security; MANET; Sybil attack detection; complex distributed system; crisis management operation; error rate reduction; identity-based attack; mobile ad hoc network; resource constraint node; security protocol; Handheld computers; IEEE 802.11 Standard; Mobile ad hoc networks; Mobile computing; Identity-based attacks; Sybil attacks; intrusion detection; mobile ad hoc networks (ID#: 16-10534)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282328&isnumber=7282219
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.