Abstract :
Location or mobility information of nodes, GPS information, load, link change rate, and routing information, etc., have been used for security purposes for wireless networks, such as intrusion detection in ad hoc networks. However, existing intrusion detection approaches usually focus on one of the aspects of nodes to detect statistical anomaly or malicious signatures. In this paper, a new model is introduced to characterize multiple aspects of legitimate nodes in a general state-space, which is represented by a hidden semi-Markov process, and is used to detect the anomaly of a malicious node. Based on this model, authorized nodes which are GPS-enabled track the aggregate behavior of the unauthorized nodes and distinguish suspects from them. If there exists a suspect, then RSS (received signal strength), claimed GPS positions, media access control information, routing information, exchanged messages, and other significant aspects regard the suspect are tracked and the likelihood of the observations against the hidden semi-Markov model (HSMM) is calculated. This likelihood represents how abnormal the suspect is against the normal behavior of the legitimate nodes, and, therefore, it should be blocked by the network if the likelihood is lower than a threshold
Keywords :
Global Positioning System; ad hoc networks; hidden Markov models; mobile radio; radio tracking; telecommunication network routing; telecommunication security; GPS-enabled track; ad hoc networks; anomaly detection; exchanged messages; hidden semi-Markov process; intrusion detection; media access control information; mobile nodes; multiple tracking; received signal strength; routing information; wireless networks;
