A connections-constrained model for intrusion detection in Ad-Hoc networks

摘要

In this paper we proposed a novel adaptive model for developing and implementing intrusion detection systems. The adaptive model is consisted by two parts, each one of which is based on statistical properties of the packets connections. By define the Entropy of joint Packets and Connections, we propose the two-steps of Connections-constrained Detection Mode to perform attacks detection. At a particular connection, the Packets Communication Monitoring (PCM) module observes packets IP address and collects statistics of Packets and Bytes of connections. The second component is Malicious Behavior Analyse (MBA) module, which analyse the traffic behaviour. Experiment results performed using the DARPA dataset and KDD, which indicate that the proposed approach can significantly reduce the percentage of false positives. The adaptive mode based on Entropy of joint Packets and Connections is a significant advantage in detection speed and performance.