A framework for misuse detection in ad hoc Networks-part I

We consider ad hoc networks with multiple, mobile intruders. We investigate the placement of the intrusion detection modules for misuse-based detection strategy. Our goal is to maximize the detection rate subject to limited availability of communication and computational resources. We mathematically formulate this problem, and show that computing the optimal solution is NP-hard. Thereafter, we propose two approximation algorithms that approximate the optimal solution within a constant factor, and prove that they attain the best possible approximation ratios. The approximation algorithms though require recomputation every time the topology changes. Thereafter, we modify these algorithms to adapt seamlessly to topological changes. We obtain analytical expressions to quantify the resource consumption versus detection rate tradeoffs for different algorithms. Using analysis and simulation, we evaluate these algorithms, and identify the appropriate algorithms for different detection rate and resource consumption tradeoffs.