12.6. Conclusion

In this chapter, we have presented an introduction to intrusion detection systems, and a model for their adaptation to cognitive networks. Intrusion detection and prevention technologies can provide support for the self-protecting and self-healing capabilities that will be required of a sustainable cognitive network infrastructure. This model, based on the Observe-Orient-Decide-Act loop, describes both the information that needs to flow between the network nodes and the operations they must support to maintain the properties specified by the security policy. The OODA loop also provides information about the performances that these cognitive network nodes must offer in order to support these functions.

However, there is a number of issues that remain unsolved and must be studied for an effective application of intrusion detection technologies to cognitive networks. It is quite clear that misuse detection alone will not solve the security issues we face, because of the lack of comprehensive knowledge about vulnerabilities and attack processes. However, anomaly detection algorithms may observe changes in network conditions that impact them and vice versa, thus introducing instability between the model and the network. These unstable conditions may be difficult to model and control, and should be addressed in all planes of the model. Furthermore, the model does not address the position of the detection and reaction nodes with respect to one another, and the constraints ...

Get Cognitive Networks: Towards Self-Aware Networks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.