A framework for misuse detection in ad hoc networks- part II

We focus on detecting intrusions in ad hoc networks using the misuse detection technique. We allow for detection modules that periodically stop functioning due to operational failure or compromise by intruders. Combining theories of stochastic coverage processes and approximation algorithms, we develop a framework to counter failure of detection modules, while minimizing the resource consumption. We show that the selection of the optimal set of nodes for executing the detection modules is an NP-hard problem. We present a distributed polynomial complexity selection algorithm that attains the best possible approximation ratio. We next consider a simple heuristic selection strategy that allows for seamless operation in time varying topologies. We obtain analytical expressions to quantify the tradeoffs between the resource consumption and detection rates attained by these algorithms. Using analysis and simulation, we identify the appropriate algorithms for different failure rates, resource limitation, and required detection rates.