TR-05-01: Anomaly-based Intrusion Detection Using Mobility Profiles of Public Transportation Users

Abstract

For the purpose of anomaly-based intrusion detection in mobile networks, the utilization of profiles based on hardware signatures, calling patterns, service usage and mobility patterns have been explored by various research teams and commercial systems, namely the Fraud Management System by Hewlett-Packard and Compaq. This paper examines the feasibility of using profiles, which are based on the mobility patterns of mobile users, who make use of public transportation, e.g. bus. More specifically, a novel framework, which makes use of an instance based learning technique, for classification purposes, is presented. In addition, an empirical analysis is conducted in order to assess the impact of two key parameters, namely the sequence length and precision level, on the false alarm and detection rates. Moreover, a strategy for enhancing the characterization of users is also proposed. Based on simulation results, it is feasible to use mobility profiles to enhance anomaly-based intrusion detection in mobile wireless networks, provided that the user mobility profiles adequately reflect the mobility behavior of users.