Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weight...Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.展开更多
Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protec...Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.展开更多
Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the sec...Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.展开更多
文摘Association rules are useful for determining correlations between items. Applying association rules to intrusion detection system (IDS) can improve the detection rate, but false positive rate is also increased. Weighted association rules are used in this paper to mine intrustion models, which can increase the detection rate and decrease the false positive rate by some extent. Based on this, the structure of host-based IDS using weighted association rules is proposed.
基金Acknowledgements Project supported by the National Natural Science Foundation of China (Grant No.60932003), the National High Technology Development 863 Program of China (Grant No.2007AA01Z452, No. 2009AA01 Z118 ), Project supported by Shanghai Municipal Natural Science Foundation (Grant No.09ZRI414900), National Undergraduate Innovative Test Program (091024812).
文摘Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, Lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer suffi- cient and effective for those features. In this paper, we propose a distributed intrusion detection ap- proach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we con- struct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Ma- chine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.
基金This work was partially supported by the National Natural Science Foundation of China under Cxants No. 61272451, No. 61103220, No. 61173154, No. 61173175 the National Critical Patented Projects in the next generation broadband wireless mobile communication network under Grant No. 2010ZX03006-001-01.
文摘Wireless Mesh Networks (WMNs) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnorrml behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete inforrmtion game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the perforrmnce of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.
