Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - OpenLIDS
T2 - International Conference on Mobile Computing and Networking (MobiCom'2009)
AU - Hugelshofer, Fabian
AU - Smith, Paul
AU - Hutchison, David
AU - Race, Nicholas J. P.
PY - 2009
Y1 - 2009
N2 - Wireless mesh networks are being used to provide Internet access in a cost efficient manner. Typically, consumer-level wireless access points with modified software are used to route traffic to potentially multiple back-haul points. Malware infected computers generate malicious traffic, which uses valuable network resources and puts other systems at risk. Intrusion detection systems can be used to detect such activity. Cost constraints and the decentralised nature of WMNs make performing intrusion detection on mesh devices desirable. However, these devices are typically resource constrained. This paper describes the results of examining their ability to perform intrusion detection. Our experimental study shows that commonly-used deep packet inspection approaches are unreliable on such hardware. We implement a set of lightweight anomaly detection mechanisms as part of an intrusion detection system, called OpenLIDS. We show that even with the limited hardware resources of a mesh device, it can detect current malware behaviour in an efficient way.
AB - Wireless mesh networks are being used to provide Internet access in a cost efficient manner. Typically, consumer-level wireless access points with modified software are used to route traffic to potentially multiple back-haul points. Malware infected computers generate malicious traffic, which uses valuable network resources and puts other systems at risk. Intrusion detection systems can be used to detect such activity. Cost constraints and the decentralised nature of WMNs make performing intrusion detection on mesh devices desirable. However, these devices are typically resource constrained. This paper describes the results of examining their ability to perform intrusion detection. Our experimental study shows that commonly-used deep packet inspection approaches are unreliable on such hardware. We implement a set of lightweight anomaly detection mechanisms as part of an intrusion detection system, called OpenLIDS. We show that even with the limited hardware resources of a mesh device, it can detect current malware behaviour in an efficient way.
KW - network resilience
KW - intersection project
KW - wray broadband project
UR - http://www.scopus.com/inward/record.url?scp=70450252038&partnerID=8YFLogxK
U2 - 10.1145/1614320.1614355
DO - 10.1145/1614320.1614355
M3 - Conference contribution/Paper
SN - 978-1-60558-702-8
SP - 309
EP - 320
BT - Proceedings of the 15th Annual International Conference on Mobile Computing and Networking (MobiCom 2009)
PB - ACM
CY - New York
Y2 - 1 January 2009
ER -