ebook img

Intrusion Detection for IP-Based Multimedia Communications over Wireless Networks PDF

96 Pages·2013·3.022 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Intrusion Detection for IP-Based Multimedia Communications over Wireless Networks

SPRINGER BRIEFS IN COMPUTER SCIENCE Jin Tang Yu Cheng Intrusion Detection for IP- Based Multimedia Communications over Wireless Networks 123 SpringerBriefs in Computer Science SeriesEditors StanZdonik PengNing ShashiShekhar JonathanKatz XindongWu LakhmiC.Jain DavidPadua XueminShen BorkoFurht V.S.Subrahmanian MartialHebert KatsushiIkeuchi BrunoSiciliano Forfurthervolumes: http://www.springer.com/series/10028 Jin Tang • Yu Cheng Intrusion Detection for IP-Based Multimedia Communications over Wireless Networks 123 JinTang YuCheng AT&TLabs DepartmentofElectricalandComputer Warrenville Engineering IL,USA IllinoisInstituteofTechnology Chicago,IL,USA ISSN2191-5768 ISSN2191-5776(electronic) ISBN978-1-4614-8995-5 ISBN978-1-4614-8996-2(eBook) DOI10.1007/978-1-4614-8996-2 SpringerNewYorkHeidelbergDordrechtLondon LibraryofCongressControlNumber:2013949152 ©TheAuthor(s)2013 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’slocation,initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer. PermissionsforusemaybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violations areliabletoprosecutionundertherespectiveCopyrightLaw. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpub- lication,neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforany errorsoromissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespect tothematerialcontainedherein. Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) To mywifeHuan—Jin To mywifeYanningandourdaughterAnnabelle—Yu Preface IP-based multimedia communications have become prevailing in recent years. At thesametime,withtheincreasingcoverageoftheIEEE802.11TM-basedwireless networks,IP-basedmultimedia communicationsoverwireless networksare draw- ingextensiveattentioninbothacademiaandindustry.However,duetotheopenness anddistributednatureoftheprotocolsinvolved,suchasthesessioninitiationproto- col(SIP)andtheIEEE802.11TM standard,itbecomeseasyformalicioususersin thenetworktoachievetheirowngainordisrupttheserviceby deviatingfromthe normal protocol behaviors. This book presents real-time intrusion detection tech- niquesthat can quicklytrack down the malicious behaviorswhich manipulatethe vulnerabilitiesfromeitherthe802.11TMortheSIPprotocols. Specifically,forthe intrusiondetectionoverthe802.11TM protocol,a real-time detectorexploitingthenonparametriccumulativesum(CUSUM)testisdesignedto quicklyfinda selfish maliciousnodewithoutanya prioriknowledgeof thestatis- ticsoftheselfishmisbehavior.Whilemostoftheexistingschemesforselfishmis- behavior detection depend on heuristic parameter configuration and experimental performanceevaluation,thisbookpresentsaMarkovchain-basedanalyticalmodel tosystematicallystudytheCUSUM-baseddetector,forguaranteedperformancein termsof averagefalse positive rate, averagedetectiondelay,and missed detection ratio.Further,toachievebetterdetectionperformance,byenhancingtheFSdetec- tor, an adaptive detector is developed with the Markov decision process (MDP). Then based on a reward function defined in this book, an optimal decision policy canbedeterminedtomaximizetheoverallsystembenefitthroughalinearprogram- ming formulation.The optimal policy also indicates the operation of the adaptive detector,which yields better performancein both false positive rate and detection delay. ForattacksontheSIPlayer,thisbookfirstfocusesonthewell-knownflooding attackanddevelopsanonlineschemetodetectandsubsequentlypreventtheattack, byintegratinganovelthree-dimensionalsketchdesignwiththeHellingerdistance detectiontechnique.Averychallengingattack,thestealthyattack,isalsoaddressed inthisbook.Inastealthyattack,intelligentattackerscanaffordalongtimetoattack thesystemandonlyincurminorchangestothesystemwithineachsamplingperiod. vii viii Preface Awavelet-basedtechniqueispresentedtoeffectivelydealwiththestealthyattack. Moreover, a new type of malformed message attack, which manipulates both the “Session-Expires”headerintheSIPmessageandopennessofwirelessprotocolsto severelydrainthenetworkresources,isalsoaddressed. Insummary,thisbookpresentsinterdisciplinarytechniquestoachieveaneffec- tivereal-timeintrusiondetectionsystem,whichinterleavesmediumaccesscontrol (MAC)protocolanalysis,CUSUM-baseddetectordesign,anovelMarkovianmodel for CUSUM detectors, Markov decision process-based performanceoptimization, sketch-basedtrafficmodeling,andwavelet-basedsignalprocessingtechniques. Chicago,IL,USA JinTangandYuCheng Contents 1 Introduction................................................... 1 1.1 SelfishMisbehaviorDetectionin802.11TM..................... 2 1.2 SIPLayerAttackDetection .................................. 4 1.3 OverviewofThisBook...................................... 7 References..................................................... 7 2 Real-TimeMisbehaviorDetectioninIEEE802.11TM: AnAnalyticalApproach ........................................ 11 2.1 SelfishMisbehaviorin802.11TM ............................. 11 2.2 FairShareDetectorDesign .................................. 12 2.3 MarkovChainBasedAnalyticalModel ........................ 14 2.4 TheoreticalPerformanceAnalysis............................. 16 2.5 SimulationResults ......................................... 27 2.6 Summary ................................................. 33 References..................................................... 34 3 Adaptive Misbehavior Detection in IEEE 802.11TM BasedonMarkovDecisionProcess............................... 35 3.1 AdaptiveDetectorDesign ................................... 35 3.2 MarkovDecisionProcessBasedModeling ..................... 36 3.3 TheoreticalPerformanceAnalysis............................. 42 3.4 SimulationResults ......................................... 46 3.5 Summary ................................................. 48 3.6 RelatedWorkofSelfishMisbehaviorDetectionin802.11TM ...... 49 References..................................................... 50 4 SIPFloodingAttackDetection................................... 53 4.1 SIPFloodingAttack ........................................ 53 4.2 BasicTechniques........................................... 55 4.3 DetectionandPreventionSchemeDesign ...................... 56 4.4 PerformanceEvaluation ..................................... 63 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.