TY - GEN
T1 - A novel online CEP learning engine for MANET IDS
AU - Petersen, Erick
AU - To, Marco Antonio
AU - Maag, Stephane
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/26
Y1 - 2017/12/26
N2 - In recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MAnETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising results.
AB - In recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MAnETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising results.
KW - CEP
KW - Complex Event Processing
KW - IDS
KW - MANET
KW - Mobile Ad hoc Network
KW - Online Rule Generation
KW - SVM
KW - Support Vector Machines
U2 - 10.1109/LATINCOM.2017.8240196
DO - 10.1109/LATINCOM.2017.8240196
M3 - Conference contribution
AN - SCOPUS:85046490047
T3 - 2017 IEEE 9th Latin-American Conference on Communications, LATINCOM 2017
SP - 1
EP - 6
BT - 2017 IEEE 9th Latin-American Conference on Communications, LATINCOM 2017
A2 - Velasquez-Villada, Carlos E.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 9th IEEE Latin-American Conference on Communications, LATINCOM 2017
Y2 - 8 November 2017 through 10 November 2017
ER -