Due to the recent increased interest in wireless mesh networks (WMN), their security challenges have become of paramount importance. An important security mechanism for WMN, intrusion detection, has received considerable attention from the research community. Recent results show that traditional monitoring mechanisms are not applicable to real-world WMN due to their constrained resources (memory and processing power), which result in high false negative rates since only a few IDS functions can be activated on monitoring nodes. Cooperative solutions, on the other hand, have high communication overhead and detection delay when the traffic load is high. A practical traffic-aware IDS solution was recently proposed for resource-constrained WMN, however, traffic-awareness might not be feasible for some WMN applications. This article proposes a traffic-agnostic IDS solution that uses a link-coverage approach to monitor both local and backbone WMN traffic. Using real-world experiments and extensive simulations, we show that our proposed IDS solutions outperform traffic-aware IDS solutions while incurring lower computation and communication overhead. 2014 Elsevier Ltd. All rights reserved.
