A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks

• Published in: IEEE transactions on vehicular technology Vol. 58; no. 5; pp. 2471 - 2481
• Main Authors: Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., Kato, N.
• Format: Journal Article
• Language: English
• Published: New York IEEE 2009; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Ad hoc networks; Ad hoc on-demand distance vector (AODV); anomaly detection; Cryptography; dynamic learning; Dynamical systems; Dynamics; forgetting curve; Learning; malicious attacks; Mobile ad hoc networks; mobile ad hoc networks (MANETs); Multidimensional systems; Network topology; Networks; projection distance; Proposals; Protection; Routing protocols; Simulation; Topology; Training; Training data; Wireless networks
• ISSN: 0018-9545; 1939-9359
• DOI: 10.1109/TVT.2008.2010049

Mobile ad hoc networks (MANETs) are usually formed without any major infrastructure. As a result, they are relatively vulnerable to malicious network attacks, and therefore, security is a more significant issue than infrastructure-based wireless networks. In MANETs, it is difficult to identify malicious hosts as the topology of the network dynamically changes. A malicious host can easily interrupt a route for which it is one of the forming nodes in the communication path. In the literature, there are several proposals to detect such malicious hosts inside the network. In those methods, a baseline profile, which is defined as per static training data, is usually used to verify the identity and the topology of the network, thus preventing any malicious host from joining the network. Since the topology of a MANET dynamically changes, the mere use of a static baseline profile is not efficient. In this paper, we propose a new anomaly-detection scheme based on a dynamic learning process that allows the training data to be updated at particular time intervals. Our dynamic learning process involves calculating the projection distances based on multidimensional statistics using weighted coefficients and a forgetting curve. We use the network simulator 2 (ns-2) system to conduct the MANET simulations and consider scenarios for detecting five types of attacks. The simulation results involving two different networks in size show the effectiveness of the proposed techniques.