A stochastic approximation approach for improving intrusion detection data fusion structures

Abstract

A variety of attacks on MANET routing, forwarding, and infrastructure protocols can only be detected using distributed cooperative algorithms. One promising strategy is to organize cooperative intrusion detection activities as a multiple-level intrusion detection (ID) hierarchy in which each node reports intrusion detection observations to its parent. This enables detection decisions to be based on aggregated data that has been gathered and consolidated from neighborhoods and larger network regions efficiently. A key challenge is the selection and maintenance of a scalable and robust hierarchy that optimizes detection performance (e.g., low latency, continuous coverage) while incurring minimal cost (e.g., bandwidth consumption). Existing approaches to constructing hierarchies in MANETs based on simple heuristics lack flexibility and cannot simultaneously address diverse performance and cost requirements. Moreover, mobility can produce constant large scale changes in the hierarchy that can degrade performance and increase cost. The main contributions of this paper are to: (a) identify ID structure design requirements and formulate them as objective functions and constraints, (b) adapt a multi-objective optimization framework to the formation of ID structures and, (c) provide indicative results concerning the quality of these structures with respect to the ID design requirements.