Abstract
Limited capabilities and mission requirements imply that nodes in tactical mobile ad-hoc networks (MANETs) carry a significant risk of being compromised physically or logically. In addition nodes or groups of nodes may defect, which is a particular concern in coalition environments where networks may spread beyond organizational boundaries. To identify defecting or compromised nodes including Byzantine behavior we propose a clustered intrusion detection architecture. Our architecture exploits multisensor data and supplementary information to identify defectors based on deviations from predicted values and correlated measurements and behavior. Furthermore multi-hop communication complexity is minimized to ensure robustness in environments with limited connectivity and frequent network partitioning. We show that our approach improves accuracy over naive Markov chain and Kullback-Leibler divergence by boosting the number of particles, where probability density functions are highly nonlinear but partially known and can be determined using predictive importance sampling.
Original language | English |
---|---|
Title of host publication | Proc. 2009 IEEE Military Communications Conference (MILCOM 2009) |
Publisher | IEEE Computer Society Press |
Number of pages | 7 |
ISBN (Print) | 978-1-4244-5238-5 |
DOIs | |
Publication status | Published - 18 Oct 2009 |