Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems


Under highly security vulnerable, resource-restricted, and dynamically changing mobile ad hoc environments, it is critical to be able to maximize the system lifetime while bounding the communication response time for mission-oriented mobile groups. In this paper, we analyze the tradeoff of security versus performance for distributed intrusion detection protocols employed in mobile group communication systems (GCSs). We investigate a distributed voting-based intrusion detection protocol for GCSs in multi-hop mobile ad hoc networks and examine the effect of intrusion detection on system survivability measured by the mean time to security failure (MTTSF) metric and efficiency measured by the communication cost metric. We identify optimal design settings under which the MTTSF metric can be best traded off for the communication cost metric or vice versa. We conduct extensive simulation to validate analytical results obtained. This work provides a general model-based evaluation framework for developing and analyzing intrusion detection protocols that can dynamically adapt to changing attacker strengths with the goal of system lifetime optimization and/or communication cost minimization.

This is a preview of subscription content, log in to check access.


  1. 1

    Boppana, R. V., & Su, X. (2008). An analysis of monitoring based intrusion detection for ad hoc networks. In IEEE Global Telecommunications Conference (pp. 1–5). New Orleans, LA.

  2. 2

    Brutch, P., & Ko, C. (2003). Challenges in intrusion detection for wireless ad-hoc networks. In Symposium on Applications and the Internet Workshops (pp. 178–373). Orlando, FL.

  3. 3

    Cabrera, J. B. D., & Gutierrez, C., & Mehra, R. K. (2005). Infrastructures and algorithms for distributed anomaly-based intrusion detection in mobile ad-hoc networks. In IEEE Military Communications Conference (Vol. 3, pp. 1831–1837). Atlantic City, NJ.

  4. 4

    Cai, C., Guizani, S., Ci, S., & Al-Fuqaha, A. (2006). NIS02-5: Constructing an efficient mobility profile of ad-Hoc node for mobility-pattern-based anomaly detection in MANET. In IEEE Global Telecommunications Conference (pp. 1–5). San Francisco, LA.

  5. 5

    Chan H., Gligor V. D., Perrig A., Muralidharan G. (2005) On the distribution and revocation of cryptographic keys in sensor networks. IEEE Transactions on Dependable and Secure Computing 2(3): 233–247

  6. 6

    Cho, J. H., & Chen, I. R. (2005). On design tradeoffs between security and performance in wireless group communicating systems. In 1st IEEE Workshop Secure Network Protocols (pp. 13–18). Boston, MA.

  7. 7

    Cho, J. H., & Chen, I. R. (2010). Modeling and analysis of intrusion detection integrated with batch rekeying for dynamic group communication systems in mobile ad hoc networks. Wireless Networks, published online.

  8. 8

    Dacier, M., Deswarte, Y., & Kaâniche, M. (1996). Quantitative assessment of operational security: Models and tools. Technical Report 96493, Laboratory for Analysis and Architecture of Systems.

  9. 9

    Debar, H., & Wespi, A. (2001). Aggregation and correlation of intrusion-detection alerts. In 4th International Symposium Recent Advances in Intrusion Detection (pp. 85–103).

  10. 10

    Gärtner, F. C. (2003). Byzantine failures and security: Arbitrary is not (always) random. Technical Report IC/2003/20, Swiss Federal Institute of Technology School of Computer and Communication Sciences.

  11. 11

    Goseva-Popstojanova, K., Wang, F., Wang, R., Gong, F., Vaidyanathan, K. Trivedi, K., & Muthusamy, B. (2001). Characterizing intrusion tolerant systems using a state transition model. In DARPA Information Survivability Conference and Exposition (Vol. 2, pp. 211–221). Anaheim, CA.

  12. 12

    Hasswa, A., Zulkernine, M., & Hassanein, H. (2005). Routeguard: An intrusion detection and response system for mobile ad hoc networks. In IEEE International Conference on Wireless and Mobile Computing, Networking, and Communications (Vol. 3, pp. 336–343)

  13. 13

    Huang, Y. A., & Lee, W. (2003). A cooperative intrusion detection system for ad hoc networks. In 1st ACM Workshop on Security of Ad-hoc and Sensor Networks (pp. 135–147). Fairfax, VA.

  14. 14

    Jonsson E., Olovsson T. (1997) A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23(4): 235–245

  15. 15

    Kachirski, O., & Guha, R. (2002). Intrusion detection using mobile agents in wireless ad hoc networks. In IEEE Workshop on Knowledge Media Networking (pp. 153–158). Kyoto, Japan.

  16. 16

    Karygiannis, A., Antonakakis, E., & Apostolopoulos, A. (2006). Detecting critical nodes for MANET intrusion detection systems. In 2nd International Workshop on Security, Privacy, and Trust in Pervasive and Ubiquitous Computing (pp. 9–15).

  17. 17

    Karygiannis, T., & Owens, L. (2002). Wireless network security: 802.11, bluetooth and handheld devices (pp. 800–848). National Institute of Standards and Technology (NIST), Special Publication.

  18. 18

    Kazienko, P., & Dorosz, P. (2004). Intrusion detection systems (IDS) part I: Network intrusions, attack symptoms, IDS tasks, and IDS architecture, http://www.windowsecurity.com/articles/intrusion_detection/.

  19. 19

    Kazienko, P., & Dorosz, P. (2004). Intrusion detection systems (IDS) part II: Classification, methods, techniques, http://www.windowsecurity.com/articles/intrusion_detection/.

  20. 20

    Leversage D. J., James E. (2008) Estimating a system’s mean time-to-compromise. IEEE Security and Privacy 6(1): 52–60

  21. 21

    Li, X. S., Yang, Y. R., Gouda, M. G., & Lam, S. S. (2001). Batch rekeying for secure group communications. In 10th International Conference on World Wide Web (pp. 525–534). Hong Kong.

  22. 22

    Liu, Y., Camaniciu, C., & Man, H. (2006). A Bayesian game approach for intrusion detection in wireless ad hoc networks. In ACM 2006 Workshop on Game Theory for Communications and Networks, Pisa, Italy.

  23. 23

    Liu J., Yu F. R., Lung C. H., Tang H. (2009) Optimal combined intrusion detection and biometric-based continuous authentication in high security mobile ad hoc networks. IEEE Transactions on Wireless Communications 8(2): 806–815

  24. 24

    MacDougall M. H. (1987) Simulating computer systems. MIT Press, Cambridge, MA, USA

  25. 25

    Madan, B., Goseva-Popstojanova, K., Vaidyanathan, K., & Trivedi, K. (2002). Modeling and quantification of security attributes of software systems. In International Conference Dependable Systems and Networks (pp. 505–514).

  26. 26

    Marti, S., Giuli, T., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In 6th Annual ACM/IEEE Mobile Computing and Networking (pp. 255–265). Boston, MA.

  27. 27

    Mishra A., Nadkarni K., Patcha A. (2004) Intrusion detection in wireless ad-hoc networks. IEEE Wireless Communications 11(1): 48–60

  28. 28

    Nadeem, A., & Howarth, M. (2009). Adaptive intrusion detection and prevention of denial of service attacks in MANETs. In International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly (pp. 926–930). Leipzig, Germany.

  29. 29

    Nicol D. M., Sanders W. H., Trivedi K. S. (2004) Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing 1(1): 48–65

  30. 30

    Perrig A., Tygar J. D. (2002) Secure broadcast communication in wired and wireless networks. Kluwer, Boston

  31. 31

    Phoha S. (2004) Guest editorial: Special section on mission-oriented sensor networks. IEEE Transactions on Mobile Computing 3(3): 209–210

  32. 32

    Santosh, N., Saranyan, R., Senthil, K. P., & Vetriselvi, V. (2008). Cluster based co-operative game theory approach for intrusion detection in mobile ad-hoc grid. In 16th International Conference on Advanced Computing and Communications (pp. 273–278). Chennai, India.

  33. 33

    Sen S., & Clark, J. A. (2009). A grammatical evolution approach to intrusion detection on mobile ad hoc Networks. In 2nd ACM Conference on Wireless Network Security (pp. 95–102). Zurich, Switzerland.

  34. 34

    “Standard Error” definition from Wikipedia http://en.wikipedia.org/wiki/Standard_error_(statistics).

  35. 35

    Steiner, M., Tsudik, G., & Waidner, M. (1996). Diffie-Hellman key distribution extended to group communication. In 3rd ACM Conference on Computer and Communications Security (pp. 31–37). New Delhi, India.

  36. 36

    Steiner M., Tsudik G., Waidner M. (2000) Key agreement in dynamic peer groups. IEEE Transactions on Parallel and Distributed Systems 11(8): 769–980

  37. 37

    Sterne, D., Balasubramanyam, P., Carman, D., Wilson, B., Talpade, R., Ko, C., Balupari, R., Tseng, C. Y., & Bowen, T. (2005). A general cooperative intrusion detection architecture for MANETs. In 3rd IEEE International Workshop on Information Assurance (pp. 57–70). Santa Clara, CA.

  38. 38

    Subhadrabandhu D., Sarkar S., Anjum F. (2006) A framework for misuse detection in ad hoc networks. IEEE Journal on Selected Areas in Communications 24(2): 274–304

  39. 39

    Sun, B., Wu, K., & Pooch, U. W. (2003). Alert aggregation in mobile ad hoc networks. In ACM Workshop on Wireless Security (pp. 69–78). San Diego, CA.

  40. 40

    Wang, D., Bharat, D. W., Madan, B., & Trivedi, K. S. (2003). Security analysis of SITAR intrusion tolerance system. In ACM Workshop on Survivable and Self-regenerative Systems (pp.23–32). Fairfax, VA.

  41. 41

    Yu, F. R., Tang, H., Wang, F., & Leung, V. C. M. (2009). Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks. In International Conference on Computational Science and Engineering (Vol. 2, pp. 787–794). Vancouver, Canada.

  42. 42

    Zhang, Y., & Lee, W. (2000). Intrusion detection in wireless ad hoc networks. In 6th International Conferernce Mobile Computing and Networking (pp. 275–283). Boston, MA.

  43. 43

    Zhang Y., Lee W., Huang Y. A. (2003) Intrusion detection techniques for mobile wireless networks. Wireless Networks 9(5): 545–556

Download references

Author information

Correspondence to Jin-Hee Cho.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Cho, J., Chen, I. Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems. Wireless Pers Commun 60, 725–750 (2011). https://doi.org/10.1007/s11277-010-9971-1

Download citation


  • Model-based evaluation
  • Intrusion detection
  • Key management
  • Group communication systems
  • Mean time to security failure
  • False positives
  • False negatives
  • Mobile ad hoc networks