A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks
Mobile ad hoc networks (MANETs) are usually formed without any major infrastructure. As a result, they are relatively vulnerable to malicious network attacks, and therefore, security is a more significant issue than infrastructure-based wireless networks. In MANETs, it is difficult to identify malic...
Saved in:
Published in | IEEE transactions on vehicular technology Vol. 58; no. 5; pp. 2471 - 2481 |
---|---|
Main Authors | , , , , |
Format | Journal Article |
Language | English |
Published |
New York
IEEE
2009
The Institute of Electrical and Electronics Engineers, Inc. (IEEE) |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Mobile ad hoc networks (MANETs) are usually formed without any major infrastructure. As a result, they are relatively vulnerable to malicious network attacks, and therefore, security is a more significant issue than infrastructure-based wireless networks. In MANETs, it is difficult to identify malicious hosts as the topology of the network dynamically changes. A malicious host can easily interrupt a route for which it is one of the forming nodes in the communication path. In the literature, there are several proposals to detect such malicious hosts inside the network. In those methods, a baseline profile, which is defined as per static training data, is usually used to verify the identity and the topology of the network, thus preventing any malicious host from joining the network. Since the topology of a MANET dynamically changes, the mere use of a static baseline profile is not efficient. In this paper, we propose a new anomaly-detection scheme based on a dynamic learning process that allows the training data to be updated at particular time intervals. Our dynamic learning process involves calculating the projection distances based on multidimensional statistics using weighted coefficients and a forgetting curve. We use the network simulator 2 (ns-2) system to conduct the MANET simulations and consider scenarios for detecting five types of attacks. The simulation results involving two different networks in size show the effectiveness of the proposed techniques. |
---|---|
Bibliography: | ObjectType-Article-2 SourceType-Scholarly Journals-1 ObjectType-Feature-1 content type line 23 |
ISSN: | 0018-9545 1939-9359 |
DOI: | 10.1109/TVT.2008.2010049 |