Limited capabilities and mission requirements imply that nodes in tactical mobile ad-hoc networks (MANETs) carry a significant risk of being compromised physically or logically. In addition nodes or groups of nodes may defect, which is a particular concern in coalition environments where networks may spread beyond organizational boundaries. To identify defecting or compromised nodes including Byzantine behavior we propose a clustered intrusion detection architecture. Our architecture exploits multisensor data and supplementary information to identify defectors based on deviations from predicted values and correlated measurements and behavior. Furthermore multi-hop communication complexity is minimized to ensure robustness in environments with limited connectivity and frequent network partitioning. We show that our approach improves accuracy over naive Markov chain and Kullback-Leibler divergence by boosting the number of particles, where probability density functions are highly nonlinear but partially known and can be determined using predictive importance sampling.