Methodology for evaluating the effectiveness of intrusion detection in tactical mobile ad-hoc networks

Tactical mobile ad-hoc networks encompass a multitude of security vulnerabilities that are vastly different from their traditional wired countreparts. The wide-open distributed nature of the network environment leaves it susceptible to stealthy and coordinated attacks designed to access sensitive data, disrupt network communication, or consume resources. Intrusion detection algorithms and approaches are well-known. However, it is uncertain if these approaches are effective in a mobile ad-hoc environment where resources such as bandwidth are limited. To address this problem the Tactical Environment Assurance Laboratory, (TEALab) was established to provide an environment for characterizing tactical battlefield ad-hoc networks experiencing intrusive behaviors. This paper presents a methodology for evaluating the effectiveness of intrusion detection in a tactical ad-hoc environment. The methodology includes generating representative network event data with and without network attacks, running attacks with widely available intrusion detections systems and evaluating the behavior of the IDS in an ad-hoc environment.