Kiddie, Paul David (2011)
Ph.D. thesis, University of Birmingham.
Existing approaches to intrusion detection in imperfect wireless environments employ local monitoring, but are limited by their failure to reason about the imprecise monitoring within a radio environment that arises from unidirectional links and collisions. This compounds the challenge of detecting subtle behaviour or adds to uncertainty in the detection strategies employed. A simulation platform was developed, based on the Jist/SWANS environment, adopting a robust methodology that employed Monte-Carlo sampling in order to evaluate intrusion detection systems (IDS). A framework for simulating adversaries was developed, which enabled wormholes, black holes, selfishness, flooding and data modification to be simulated as well as a random distribution thereof. A game theoretic inspired IDS, sIDS, was developed, which applied reasoning between the detection and response components of a typical IDS, to apply more appropriate local responses. The implementation of sIDS is presented within the context of a generic IDS framework for MANET. Results showed a 5-15% reduction in false response rate compared to a baseline IDS over a number of attacking scenarios. sIDS was extended with immune system inspired features, namely a response over multiple timescales, as employed by the innate and adaptive components of the immune system, and the recruitment of neighbouring agents to participate in a co-ordinated response to an intrusion. Results showed a true response rate of 95-100% for all simulated attack scenarios. For random misbehaviour and assisted black hole scenarios, PDR gains of up to 30% and 15% were observed respectively compared to the pure game theoretic approach, tracking the omniscient network performance in these scenarios. In all, this study has shown that applying game theoretic reasoning to existing detection methods results in better discrimination of benign nodes from adversaries, which can be used to bias network operation towards the benign nodes. When fused with immune system inspired features, the resulting IDS maintained this discrimination whilst substantially reducing attack efficacy.
This unpublished thesis/dissertation is copyright of the author and/or third parties. The intellectual property rights of the author or third parties in respect of this work are as defined by The Copyright Designs and Patents Act 1988 or as modified by any successor legislation. Any use made of information contained in this thesis/dissertation must be in accordance with that legislation and must be properly acknowledged. Further distribution or reproduction in any format is prohibited without the permission of the copyright holder.
Repository Staff Only: item control page