feature selection IDS ad hoc - Feature Selection in...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
Feature Selection in Intrusion Detection System over Mobile Ad-hoc Network Xia Wang, Tu-liang Lin, Johnny Wong Computer Science Department Iowa State University Ames, Iowa 50010 {jxiawang, tlin, wong}@cs.iastate.edu Abstract As Mobile ad-hoc network (MANET) has become a very important technology the security problem, especially, intrusion detection technique research has attracted many people’s effort. MANET is more vulnerable than wired network and suffers intrusion like wired network. This paper investigated some intrusion detection techniques using machine learning and proposed a profile based neighbor monitoring intrusion detection method. Further analysis shows that the features collected by each node are too many for wireless devices with limited capacity. We apply Markov Blanket algorithm [1] to the feature selection of the intrusion detection method. Experimental studies have shown that Markov Blanket algorithm can decrease the number of features dramatically with very similar detection rate. 1 Introduction In recent years, many wireless devices are available and tend to make life more convenient. e.g., mobile laptop computers, PDAs, and wireless phones. A mobile ad-hoc network (MANET) is composed by a group of mobile wireless nodes without a fixed network infrastructure. It shows many characteristics that are not shared by wired networks, such as shared open medium, dynamically changed network topology, and limited capacity. All those facts tell that new research methods should be investigated for the security problem. There are many important applications for mobile wireless ad-hoc network (MANET), for example, military operations, emergency rescue and home and community networking. System security is significant for the application of those systems. Wired network may use intrusion prevention to secure the system. Firewalls can be installed at the routers or switchers to monitor and filter network traffic. However, MANET doesn’t have this kind of facilities. There is no centered monitoring point for a MANET. Therefore, intrusion detection may be more suitable for wireless networks. An intrusion detection system analyzes network or system activities captured in audit data and uses patterns of well known attacks or normal profile to detect potential attacks. There are two different analyzing methods: misuse detection and anomaly detection. Misuse detection uses the “signature” of well known attacks to match activity as an attack instance. This method is not effective against new attacks. Anomaly detection uses established profile to filter out those system behaviors that deviate from the profile. Anomaly detection can be effective because it doesn’t assume the knowledge of attack patterns. Many intrusion detection systems in MANET have each mobile node monitoring their own traffic and report the measurements or statistics to other nodes when they are asked [Huang cooperative]. Self-monitoring is natural way to implement IDS and is easy to be implemented. But it also has the disadvantage to faking measurements. As each node has
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/19/2012 for the course COMPUTER S 2143 taught by Professor Singh during the Spring '12 term at Punjab Engineering College.

Page1 / 9

feature selection IDS ad hoc - Feature Selection in...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online