Limits...
RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks.

Amin SO, Siddiqui MS, Hong CS, Lee S - Sensors (Basel) (2009)

Bottom Line: By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks.Other aspects, such as creation of rules are not discussed.We also investigate the settings and their effects on the performance of related parameters for both of the components.

View Article: PubMed Central - PubMed

Affiliation: Department of Computer Engineering, School of Electronics and Information, Kyung Hee University, Korea; E-Mails: obaid@networking.khu.ac.kr (S.O.A.); shoaib@networking.khu.ac.kr (M.S.S.); drsungwon@khu.ac.kr (S.-W.L.).

ABSTRACT
The IP-based Ubiquitous Sensor Network (IP-USN) is an effort to build the "Internet of things". By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System) called RIDES (Robust Intrusion DEtection System) for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control) technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.

No MeSH data available.


Related in: MedlinePlus

(a) False positive probability for different values of ĥ and k̂ for CBR traffic; (b) False positive probability for different values of ĥ and k̂ for Poisson traffic.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC3297149&req=5

f10-sensors-09-03447: (a) False positive probability for different values of ĥ and k̂ for CBR traffic; (b) False positive probability for different values of ĥ and k̂ for Poisson traffic.

Mentions: We made two modules for our Anomaly detection system. The first module is used to learn the parameters μ0 and σX; while the second module is used to detect the intrusion in the network. The value of μ0 is used in equation (3) and (4); whereas the value of σX is used to derive the value of H and K as discussed in Section 3.2.2. To verify the recommended values of ĥ and k̂ given in Section 3.2.2 we first learn the parameters μ0 and σX from one simulation and then apply it on the same simulation for different values of ĥ and k̂. In this way we ify the effects of traffic dissimilarity and only consider the changes of ĥ and k̂. Figure 10a,b shows the false positive probability with different values of ĥ and k̂ for two different traffic models. As shown in the figure, a little increment in k̂ significantly reduces the FPP. On the other hand, the values of ĥ slightly affects the FPP. This also shows that CUSUM charts are more sensitive to the value of k̂ instead of ĥ. However, as discussed later, higher values of k̂ turn CUSUM into a bad classifier. In other words, with higher values of k̂ CUSUM is unable to classify normal traffic and abnormal traffic.


RIDES: Robust Intrusion Detection System for IP-Based Ubiquitous Sensor Networks.

Amin SO, Siddiqui MS, Hong CS, Lee S - Sensors (Basel) (2009)

(a) False positive probability for different values of ĥ and k̂ for CBR traffic; (b) False positive probability for different values of ĥ and k̂ for Poisson traffic.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC3297149&req=5

f10-sensors-09-03447: (a) False positive probability for different values of ĥ and k̂ for CBR traffic; (b) False positive probability for different values of ĥ and k̂ for Poisson traffic.
Mentions: We made two modules for our Anomaly detection system. The first module is used to learn the parameters μ0 and σX; while the second module is used to detect the intrusion in the network. The value of μ0 is used in equation (3) and (4); whereas the value of σX is used to derive the value of H and K as discussed in Section 3.2.2. To verify the recommended values of ĥ and k̂ given in Section 3.2.2 we first learn the parameters μ0 and σX from one simulation and then apply it on the same simulation for different values of ĥ and k̂. In this way we ify the effects of traffic dissimilarity and only consider the changes of ĥ and k̂. Figure 10a,b shows the false positive probability with different values of ĥ and k̂ for two different traffic models. As shown in the figure, a little increment in k̂ significantly reduces the FPP. On the other hand, the values of ĥ slightly affects the FPP. This also shows that CUSUM charts are more sensitive to the value of k̂ instead of ĥ. However, as discussed later, higher values of k̂ turn CUSUM into a bad classifier. In other words, with higher values of k̂ CUSUM is unable to classify normal traffic and abnormal traffic.

Bottom Line: By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks.Other aspects, such as creation of rules are not discussed.We also investigate the settings and their effects on the performance of related parameters for both of the components.

View Article: PubMed Central - PubMed

Affiliation: Department of Computer Engineering, School of Electronics and Information, Kyung Hee University, Korea; E-Mails: obaid@networking.khu.ac.kr (S.O.A.); shoaib@networking.khu.ac.kr (M.S.S.); drsungwon@khu.ac.kr (S.-W.L.).

ABSTRACT
The IP-based Ubiquitous Sensor Network (IP-USN) is an effort to build the "Internet of things". By utilizing IP for low power networks, we can benefit from existing well established tools and technologies of IP networks. Along with many other unresolved issues, securing IP-USN is of great concern for researchers so that future market satisfaction and demands can be met. Without proper security measures, both reactive and proactive, it is hard to envisage an IP-USN realm. In this paper we present a design of an IDS (Intrusion Detection System) called RIDES (Robust Intrusion DEtection System) for IP-USN. RIDES is a hybrid intrusion detection system, which incorporates both Signature and Anomaly based intrusion detection components. For signature based intrusion detection this paper only discusses the implementation of distributed pattern matching algorithm with the help of signature-code, a dynamically created attack-signature identifier. Other aspects, such as creation of rules are not discussed. On the other hand, for anomaly based detection we propose a scoring classifier based on the SPC (Statistical Process Control) technique called CUSUM charts. We also investigate the settings and their effects on the performance of related parameters for both of the components.

No MeSH data available.


Related in: MedlinePlus