在无线多跳网络中实现基于主动探测的网络入侵检测:一种探测选择的贝叶斯推理方法

39th Annual IEEE Conference on Local Computer Networks Pub Date : 2014-10-16 DOI:10.1109/LCN.2014.6925790

R. Carmo, Justus Hoffmann, Volker Willert, M. Hollick

{"title":"在无线多跳网络中实现基于主动探测的网络入侵检测:一种探测选择的贝叶斯推理方法","authors":"R. Carmo, Justus Hoffmann, Volker Willert, M. Hollick","doi":"10.1109/LCN.2014.6925790","DOIUrl":null,"url":null,"abstract":"Practical intrusion detection in Wireless Multihop Networks (WMNs) is a hard challenge. The distributed nature of the network makes centralized intrusion detection difficult, while resource constraints of the nodes and the characteristics of the wireless medium often render decentralized, node-based approaches impractical. We demonstrate that an active-probing-based network intrusion detection system (AP-NIDS) is practical for WMNs. The key contribution of this paper is to optimize the active probing process: we introduce a general Bayesian model and design a probe selection algorithm that reduces the number of probes while maximizing the insights gathered by the AP-NIDS. We validate our model by means of testbed experimentation. We integrate it to our open source AP-NIDS DogoIDS and run it in an indoor wireless mesh testbed utilizing the IEEE 802.11s protocol. For the example of a selective packet dropping attack, we develop the detection states for our Bayes model, and show its feasibility. We demonstrate that our approach does not need to execute the complete set of probes, yet we obtain good detection rates.","PeriodicalId":143262,"journal":{"name":"39th Annual IEEE Conference on Local Computer Networks","volume":"56 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Making active-probing-based network intrusion detection in Wireless Multihop Networks practical: A Bayesian inference approach to probe selection\",\"authors\":\"R. Carmo, Justus Hoffmann, Volker Willert, M. Hollick\",\"doi\":\"10.1109/LCN.2014.6925790\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Practical intrusion detection in Wireless Multihop Networks (WMNs) is a hard challenge. The distributed nature of the network makes centralized intrusion detection difficult, while resource constraints of the nodes and the characteristics of the wireless medium often render decentralized, node-based approaches impractical. We demonstrate that an active-probing-based network intrusion detection system (AP-NIDS) is practical for WMNs. The key contribution of this paper is to optimize the active probing process: we introduce a general Bayesian model and design a probe selection algorithm that reduces the number of probes while maximizing the insights gathered by the AP-NIDS. We validate our model by means of testbed experimentation. We integrate it to our open source AP-NIDS DogoIDS and run it in an indoor wireless mesh testbed utilizing the IEEE 802.11s protocol. For the example of a selective packet dropping attack, we develop the detection states for our Bayes model, and show its feasibility. We demonstrate that our approach does not need to execute the complete set of probes, yet we obtain good detection rates.\",\"PeriodicalId\":143262,\"journal\":{\"name\":\"39th Annual IEEE Conference on Local Computer Networks\",\"volume\":\"56 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"39th Annual IEEE Conference on Local Computer Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LCN.2014.6925790\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"39th Annual IEEE Conference on Local Computer Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LCN.2014.6925790","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

无线多跳网络(WMNs)的实际入侵检测是一个难题。网络的分布式特性使得集中的入侵检测变得困难，而节点的资源约束和无线介质的特性往往使分散的、基于节点的方法变得不切实际。我们证明了基于主动探测的网络入侵检测系统(AP-NIDS)对于wmn是实用的。本文的主要贡献是优化主动探测过程:我们引入了一个通用贝叶斯模型，并设计了一个探针选择算法，该算法在减少探针数量的同时最大限度地提高了AP-NIDS收集的洞察力。通过实验验证了模型的正确性。我们将其集成到我们的开源AP-NIDS DogoIDS中，并利用IEEE 802.11s协议在室内无线网状测试台上运行它。以选择性丢包攻击为例，给出了贝叶斯模型的检测状态，并证明了该模型的可行性。我们证明了我们的方法不需要执行完整的探针集，但我们获得了良好的检测率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Making active-probing-based network intrusion detection in Wireless Multihop Networks practical: A Bayesian inference approach to probe selection

Practical intrusion detection in Wireless Multihop Networks (WMNs) is a hard challenge. The distributed nature of the network makes centralized intrusion detection difficult, while resource constraints of the nodes and the characteristics of the wireless medium often render decentralized, node-based approaches impractical. We demonstrate that an active-probing-based network intrusion detection system (AP-NIDS) is practical for WMNs. The key contribution of this paper is to optimize the active probing process: we introduce a general Bayesian model and design a probe selection algorithm that reduces the number of probes while maximizing the insights gathered by the AP-NIDS. We validate our model by means of testbed experimentation. We integrate it to our open source AP-NIDS DogoIDS and run it in an indoor wireless mesh testbed utilizing the IEEE 802.11s protocol. For the example of a selective packet dropping attack, we develop the detection states for our Bayes model, and show its feasibility. We demonstrate that our approach does not need to execute the complete set of probes, yet we obtain good detection rates.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

39th Annual IEEE Conference on Local Computer Networks

自引率

0.00%

发文量