We study efficient and lightweight Intrusion Detection Systems (IDS) for ad-hoc networks via the prism of IPv6-enabled Wireless Sensor Actuator Networks. These networks consist of highly constrained devices able to communicate wirelessly in an ad-hoc fashion, thus following the architecture of ad-hoc networks. Current state-of-the-art (IDS) has been developed taking into consideration the architecture of conventional computer networks, and as such they do not efficiently address the paradigm of ad-hoc networks, that is highly relevant in emergent networks, such as the Internet of Things (IoT). In this context, the network properties of resilience and redundancy have not been studied yet. In this work, we firstly identify a trade-off between the communication overhead and energy consumption of an IDS (as captured by the number of active IDS agents in the network) and the performance of the system in terms of successfully identifying attacks. In order to fine tune this trade-off, we model such networks as Random Geometric Graphs; a rigorous approach that allows us to capture underlying structural properties of the network. We then introduce a novel IDS architectural approach that consists of a central IDS agent a set of distributed IDS agents deployed uniformly at random over the network area. These nodes are able to efficiently detect attacks at the networking layer in a collaborative manner by monitoring locally available network information provided by IoT routing protocols such as RPL. Our detailed experimental evaluation demonstrates significant performance gains in terms of communication overhead and energy consumption while maintaining high detection rates. We also show that the performance of our IDS in ad-hoc networks does not rely on the size of the network but on fundamental underling network properties, such as the network topology and the average degree of the nodes. Conducted experiments show that our proposed IDS architecture is resilient against frequent topology changs due to nodes failures.

我们通过启用IPv6的无线传感器执行器网络的棱镜，为自组织网络研究高效轻巧的入侵检测系统（IDS）。这些网络由高度受限的设备组成，这些设备能够以自组织方式进行无线通信，因此遵循自组织网络的体系结构。考虑到常规计算机网络的体系结构，开发了当前的最新技术（IDS），因此它们无法有效解决ad-hoc网络的范式，这在新兴网络（例如：物联网（IoT）。在这种情况下，还没有研究弹性和冗余的网络属性。在这项工作中 我们首先在成功识别攻击方面确定IDS的通信开销和能耗（由网络中活动IDS代理的数量捕获）与系统性能之间的权衡。为了微调这种权衡，我们对诸如随机几何图的网络进行建模。一种严格的方法，使我们能够捕获网络的基础结构属性。然后，我们介绍一种新颖的IDS体系结构方法，该方法由中央IDS代理和一组在网络区域上随机均匀部署的分布式IDS代理组成。这些节点能够通过监视由IoT路由协议（例如RPL）提供的本地可用网络信息，以协作的方式有效地检测网络层的攻击。我们详细的实验评估表明，在保持较高的检测率的同时，在通信开销和能量消耗方面的性能显着提高。我们还表明，在临时网络中IDS的性能不取决于网络的大小，而是取决于基本的基础网络属性，例如网络拓扑和节点的平均程度。进行的实验表明，我们提出的IDS体系结构可以抵抗由于节点故障引起的频繁拓扑更改。例如网络拓扑和节点的平均程度。进行的实验表明，我们提出的IDS体系结构可以抵抗由于节点故障引起的频繁拓扑更改。例如网络拓扑和节点的平均程度。进行的实验表明，我们提出的IDS体系结构可以抵抗由于节点故障引起的频繁拓扑更改。