Visible to the public Biblio

Filters: Keyword is active-probing-based network intrusion detection system  [Clear All Filters]
2015-05-01
do Carmo, R., Hollick, M..  2014.  Analyzing active probing for practical intrusion detection in Wireless Multihop Networks. Wireless On-demand Network Systems and Services (WONS), 2014 11th Annual Conference on. :77-80.

Practical intrusion detection in Wireless Multihop Networks (WMNs) is a hard challenge. It has been shown that an active-probing-based network intrusion detection system (AP-NIDS) is practical for WMNs. However, understanding its interworking with real networks is still an unexplored challenge. In this paper, we investigate this in practice. We identify the general functional parameters that can be controlled, and by means of extensive experimentation, we tune these parameters and analyze the trade-offs between them, aiming at reducing false positives, overhead, and detection time. The traces we collected help us to understand when and why the active probing fails, and let us present countermeasures to prevent it.

do Carmo, R., Hoffmann, J., Willert, V., Hollick, M..  2014.  Making active-probing-based network intrusion detection in Wireless Multihop Networks practical: A Bayesian inference approach to probe selection. Local Computer Networks (LCN), 2014 IEEE 39th Conference on. :345-353.

Practical intrusion detection in Wireless Multihop Networks (WMNs) is a hard challenge. The distributed nature of the network makes centralized intrusion detection difficult, while resource constraints of the nodes and the characteristics of the wireless medium often render decentralized, node-based approaches impractical. We demonstrate that an active-probing-based network intrusion detection system (AP-NIDS) is practical for WMNs. The key contribution of this paper is to optimize the active probing process: we introduce a general Bayesian model and design a probe selection algorithm that reduces the number of probes while maximizing the insights gathered by the AP-NIDS. We validate our model by means of testbed experimentation. We integrate it to our open source AP-NIDS DogoIDS and run it in an indoor wireless mesh testbed utilizing the IEEE 802.11s protocol. For the example of a selective packet dropping attack, we develop the detection states for our Bayes model, and show its feasibility. We demonstrate that our approach does not need to execute the complete set of probes, yet we obtain good detection rates.