TY - GEN
T1 - ARSoS
T2 - International Wireless Communications and Mobile Computing Conference
AU - Zhang, Zonghua
AU - Naït-Abdesselam, Farid
AU - Djahel, Soufiene
PY - 2008/8/15
Y1 - 2008/8/15
N2 - While a variety of AIDS (Anomaly-based Intrusion Detection System) are claimed to be fully distributed, light-weight, and ready for application, their detection cost are not always neglectable, especially when considering the fact that MANET nodes have scarce resources which usually impels them to avoid any unnecessary action. It is therefore a significant issue to optimally deploy AIDS sensors to achieve a better tradeoff between performance and detection cost. However, this optimization problem is challenging in essence because of the special characteristics of MANETs. In particular, the deployment strategy must be adaptive to capture nodes' mobility and robust to detection failures resulted from either accidental system error or intentional subversion. In this paper, we propose an adaptive, robust, and sub-optimal strategy, called ARSoS, to tackle this issue. ARSoS treats each AIDS sensor as an independent agent, and then formulates the sensors' cooperative behavior as a decentralized decision problem. Since each AIDS sensor is only aware of partial information about the other sensors and the neighboring nodes, a reward signal integrating both local observations and global detection measures is introduced to guide the overall cooperation of sensors. An online policy gradient algorithm is then applied to solve the formulated problem. To validate the ARSoS system in terms of adaptability, robustness and optimality, we conducted extensive simulations of an implemented prototype and the obtained results highlight a good performance of the system.
AB - While a variety of AIDS (Anomaly-based Intrusion Detection System) are claimed to be fully distributed, light-weight, and ready for application, their detection cost are not always neglectable, especially when considering the fact that MANET nodes have scarce resources which usually impels them to avoid any unnecessary action. It is therefore a significant issue to optimally deploy AIDS sensors to achieve a better tradeoff between performance and detection cost. However, this optimization problem is challenging in essence because of the special characteristics of MANETs. In particular, the deployment strategy must be adaptive to capture nodes' mobility and robust to detection failures resulted from either accidental system error or intentional subversion. In this paper, we propose an adaptive, robust, and sub-optimal strategy, called ARSoS, to tackle this issue. ARSoS treats each AIDS sensor as an independent agent, and then formulates the sensors' cooperative behavior as a decentralized decision problem. Since each AIDS sensor is only aware of partial information about the other sensors and the neighboring nodes, a reward signal integrating both local observations and global detection measures is introduced to guide the overall cooperation of sensors. An online policy gradient algorithm is then applied to solve the formulated problem. To validate the ARSoS system in terms of adaptability, robustness and optimality, we conducted extensive simulations of an implemented prototype and the obtained results highlight a good performance of the system.
KW - Acquired immune deficiency syndrome
KW - Sensors
KW - Mobile computing
KW - Ad hoc networks
KW - Robustness
KW - Sensor phenomena and characterization
KW - Monitoring
UR - http://www.scopus.com/inward/record.url?scp=52949119240&partnerID=8YFLogxK
U2 - 10.1109/IWCMC.2008.105
DO - 10.1109/IWCMC.2008.105
M3 - Conference contribution
AN - SCOPUS:52949119240
SN - 9781424422012
T3 - International Wireless Communications and Mobile Computing Conference
SP - 606
EP - 613
BT - IWCMC 2008 - International Wireless Communications and Mobile Computing Conference
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 6 August 2008 through 8 August 2008
ER -