A novel online CEP learning engine for MANET IDS
| Title | A novel online CEP learning engine for MANET IDS |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Petersen, E., To, M. A., Maag, S. |
| Conference Name | 2017 IEEE 9th Latin-American Conference on Communications (LATINCOM) |
| Date Published | nov |
| Keywords | anomaly detection, attack traffic, attacks signatures, battlefield communications, CEP, communications protocols, complex event processing, compositionality, computer network security, detection engine, detection techniques, Engines, feature extraction, IDS, IDS rules, Intrusion detection, Intrusion Detection Systems, IPv6, learning (artificial intelligence), Linux, Linux containers, MANET, MANET IDS, Metrics, mobile ad hoc network, mobile ad hoc networks, Monitoring, network security part, novel Machine Learning technique, novel online CEP learning engine, Online Rule Generation, Peer-to-peer computing, peer-to-peer networks, Protocols, pubcrawl, resilience, Resiliency, Routing Protocol, Routing protocols, security, Support vector machines, SVM, telecommunication traffic, Vehicular Networks, wired networks, wireless ad hoc networks |
| Abstract | In recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MAnETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising results. |
| URL | https://ieeexplore.ieee.org/document/8240196/ |
| DOI | 10.1109/LATINCOM.2017.8240196 |
| Citation Key | petersen_novel_2017 |
- resilience
- mobile ad hoc network
- mobile ad hoc networks
- Monitoring
- network security part
- novel Machine Learning technique
- novel online CEP learning engine
- Online Rule Generation
- Peer-to-peer computing
- peer-to-peer networks
- Protocols
- pubcrawl
- Metrics
- Resiliency
- Routing Protocol
- Routing protocols
- security
- Support vector machines
- SVM
- telecommunication traffic
- vehicular networks
- wired networks
- wireless ad hoc networks
- feature extraction
- attack traffic
- attacks signatures
- battlefield communications
- CEP
- communications protocols
- complex event processing
- Compositionality
- computer network security
- detection engine
- detection techniques
- Engines
- Anomaly Detection
- IDS
- IDS rules
- Intrusion Detection
- Intrusion Detection Systems
- IPv6
- learning (artificial intelligence)
- Linux
- Linux containers
- MANET
- MANET IDS