HMM Sequential Hypothesis Tests for Intrusion Detection in MANETs Extended Abstract

Abstract

Most of the work for securing the routing protocols of mobile ad hoc wireless networks has been done in prevention. Intrusion detection systems play a complimentary role to that of prevention for dealing with malicious insiders, incorrect implementation and attack models. We present a statistical framework that allows the incorporation of prior information about the normal behavior of the network and of network attacks in a principled way for the detection of known and unknown attacks. For detecting an attack as soon as possible we use quickest change detection algorithms. We use hidden Markov models (HMMs) as a generative view of the dynamic evolution of the hop count distribution. Our results show that simple attacks can be detected by an anomaly detection framework. However, detection of more complex attacks requires incorporation of prior knowledge in the HMMs.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2003
Accession Number
ADA439785

Entities

People

  • Alvaro A. Cardenas
  • John Baras
  • Vahid Ramezani

Organizations

  • University of Maryland

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Ad Hoc Networks
  • Anomaly Detection
  • Change Detection
  • Detection
  • Detectors
  • Hidden Markov Models
  • Information Operations
  • Intrusion
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Mesh Networks
  • Mobile Ad Hoc Networks
  • Probability
  • Probability Distributions
  • Routing Protocols

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Neural Network Machine Learning.
  • Statistical inference.