Abstract
An Intrusion Detection System (IDS) is a tool used to protect computer resources against malicious activities. Existing IDSs have several weaknesses that hinder their direct application to ubiquitous computing environments like smart home/office. These shortcomings are caused by their lack of considerations about the heterogeneity, flexibility and resource constraints of ubiquitous networks. Thus the evolution towards ubiquitous computing demands a new generation of resource-efficient IDSs to provide sufficient protections against malicious activities. In this chapter we proposed a Service-oriented and User-centric Intrusion Detection System (SUIDS) for ubiquitous networks. SUIDS keeps the special requirements of ubiquitous computing in mind throughout its design and implementation. It sets a new direction for future research and development.
Top1. Introduction
With the wide spread of computers, our daily lives are highly computerised and closely connected with computer networks. In the near future, one will be able to open a door by simply sending an order to the electric door lock from his/her PDA, or read news on a computer embedded “e-paper” with the content updated through wireless connections. The trend towards a computerised smart space is part of the conception of ubiquitous computing (Weiser 1991). In the era of ubiquitous computing, devices with computing and communicating abilities will surround us all over. Eventually it will achieve the non-intrusive availability of computers throughout physical environments.
Just like other networks, one of the main prerequisites for a ubiquitous network is adequate security (Stajano 2002). The network has to be properly secured so that it can be relied upon. On the one hand, people want to construct a ubiquitous network to make the best use of computers; on the other hand, they must secure their network in order to cope with a number of security threats from malicious entities.
Intrusion Detection Systems (Axelsson 2000; Sabahi 2008) are widely used to protect computer networks. If an intrusion is detected quickly enough, the intruder can be identified and ejected from the system before any damage is done or any data are compromised. Moreover, an effective intrusion detection system can even serve as a deterrent, acting to prevent intrusions.
Traditional IDSs, which were originally developed for wired networks, are not suitable for ubiquitous computing due to the unique characteristics and inherent vulnerabilities of the environment. This unfitness directly compromises the effectiveness and efficiency of existing IDSs. For example, with the concept of ubiquitous computing, there must be some small-size devices in order to achieve unaware deployment. Inevitably, they will have limited energy supplies and storage spaces. An obvious issue is how to implement an IDS in a resource-effective way. This is a big challenge since one of the most desirable features for an IDS is real-time detection and response, which is extremely energy consuming. Another key issue is related to the system architecture. Current host-based IDSs do not fit for ubiquitous computing due to the nodes’ capacity constraints, while network-based IDSs simply cannot capture inside users’ activities as the network’s infrastructure tends to be heterogeneous.
The above discussion indicates that the evolution towards ubiquitous computing demands a new generation of resource-efficient IDSs to provide sufficient protections against malicious activities. The aim of this chapter is to analyse the requirements on such an IDS and propose a suitable solution. It should have an appropriate system architecture and detection strategy to be flexible and energy-efficient.
The objectives of this chapter are:
- •
To provide a background to ubiquitous computing and demonstrate the unfitness of existing IDSs when applying them to ubiquitous computing environments.
- •
To posit the requirements for an appropriate IDS that is associated with resource-sensitive design and distributed modules’ deployment.
- •
To present the design of a system (i.e. SUIDS, standing for Service-oriented and User-centric Intrusion Detection System) that detects security attacks at the service layer and builds a defence wall against malicious users.
- •
To prototype the SUIDS system in order to provide proof-of-concept for proposed work and perform an assessment in relation to the proposed requirements, where possible.
- •
To propose an original set of mechanisms, strategies and protocols that together achieve energy-efficiency in SUIDS.
Key Terms in this Chapter
Intrusion Detection System: Software and/or hardware designed to detect unwanted attempts at accessing, manipulating, and/or disabling of computer systems, mainly through a network, such as the Internet.
Ubiquitous Computing: Ubiquitous computing (ubicomp) is a post-desktop model of human-computer interaction in which information processing has been thoroughly integrated into everyday objects and activities.
User-centric IDS: Instead of monitoring or creating profiles for individual devices, user-centric IDS creates profiles for each user. Thus the system complexity of implementing such an IDS will be much reduced.
Network Security: Network security consists of the provisions made in an underlying computer network infrastructure, policies adopted by the network administrator to protect the network and the network-accessible resources from unauthorized access and consistent and continuous monitoring and measurement of its effectiveness (or lack) combined together.
Resource-efficient IDS: Resource-efficient IDS takes the limited system resources into account, making sure that the system’s normal activities will not be affected by the IDS.
Mobile Agent: A mobile agent is a composition of computer software and data which is able to migrate (move) from one computer to another autonomously and continue its execution on the destination computer.
Service-oriented IDS: Service-oriented IDS focuses on activities took place on the service layer rather than on the normally used network layer.