Abstract— Security becomes out of the main concerns in mobile ad hoc networks. Intrusion detection systems are reactive systems that act as a second wall to protect the network. Misuse detection is a technique which is used commonly by intrusion detection systems to match the attacksignature pattern in mobile ad hoc networks. Anomaly detection is another technique that is able to detect novel attacks. Both of the misuse detection and the anomaly detection techniques monitor system activities. The weak point of misuse detection is the disability in detection of unknown attacks. Anomaly detection is able to detect unknown attacks but false positive rate in anomaly detection responses is so high. Therefore in this paper we take advantages of combination schemes to overcome the shortco-ming of each technique. We propose a novel approach to combine the misuse detection with the anomaly detection optimally to save cost associated with resource constraints and security requirements. We perform the whole system as a partially observed Markov decision process considering both system security and resource constraints. We then use dynamic programming Hidden Markov Model (HMM) to share information history and scheduling. Simulation shows the efficiency of proposed scheme.
Index Terms— Component, mobile ad hoc networks, intrusion detection, misuse detection, anomaly detection.
The authors are with Cryptography and Secure Systems Lab, Iran university of Science and Technology, Tehran, Iran (e-mail: moh.imani@ieee.org, merajabi@elec.iust.ac.ir, mahdi_taheri@elec.iust.ac.ir, m_naderi@iust.ac.ir).
[PDF]
Cite: Mohsen Imani, Mohammad Ebrahim Rajabi, Mahdi Taheri, and Majid Naderi, " A Novel Approach to Combine Misuse Detection and Anomaly Detection Using POMDP in Mobile Ad-Hoc Networks," International Journal of Information and Electronics Engineering vol. 5, no. 4, pp. 245-249, 2015.
