Intrusion Detection in Mobile Ad Hoc Networks Using Transductive Machine Learning Techniques

This thesis presents a research whose objective is to design an intrusion detection model for Mobile Ad hoc NETworks (MANET). MANET is an autonomous system consisting of a group of mobile nodes with no infrastructure support. The MANET environment is particularly vulnerable because of the characteristics of mobile ad hoc networks such as open medium, dynamic topology, distributed cooperation, and constrained capability. Unfortunately, the traditional mechanisms designed for protecting networks are not directly applicable to MANETs without modifications. In the past decades, machine learning methods have been successfully used in several intrusion detection methods because of their ability to discover and detect novel attacks. This research investigates the use of a promising technique from machine learning to designing the most suitable intrusion detection for this challenging network type. The proposed algorithm employs a combined model that uses two different measures (nonconformity metric measures and Local Distance-based Outlier Factor (LDOF)) to improve its detection ability. Moreover, the algorithm can provide a graded confidence that indicates the reliability of the classification. In machine learning algorithm, choosing the most relevant features for each attack is a very important requirement, especially in mobile ad hoc networks where the network topology dynamically changes. Feature selection is undertaken to select the relevant subsets of features to build an efficient prediction model and improve intrusion detection performance by removing irrelevant features. The transductive conformal prediction and outlier detection have been employed for feature selection algorithm. Traditional intrusion detection techniques have had trouble dealing with dynamic environments. In particular, issues such as collects real time attack related audit data and cooperative global detection. Therefore, the researcher is motivated to design a new intrusion detection architecture which involves new detection technique to efficiently detect the abnormalities in the ad hoc networks. The proposed model has distributed and cooperative hierarchical architecture, where nodes communicate with their region gateway node to make decisions. To validate the research, the researcher presents case study using GLOMOSIM simulation platform with AODV ad hoc routing protocols. Various active attacks are implemented. A series of experimental results demonstrate that the proposed intrusion detection model can effectively detect anomalies with low false positive rate, high detection rate and achieve high detection accuracy

A Novel Cooperative Intrusion Detection System for Mobile Ad Hoc Networks

Mobile ad hoc networks (MANETs) have experienced rapid growth in their use for various military, medical, and commercial scenarios. This is due to their dynamic nature that enables the deployment of such networks, in any target environment, without the need for a pre-existing infrastructure. On the other hand, the unique characteristics of MANETs, such as the lack of central networking points, limited wireless range, and constrained resources, have made the quest for securing such networks a challenging task. A large number of studies have focused on intrusion detection systems (IDSs) as a solid line of defense against various attacks targeting the vulnerable nature of MANETs. Since cooperation between nodes is mandatory to detect complex attacks in real time, various solutions have been proposed to provide cooperative IDSs (CIDSs) in efforts to improve detection efficiency. However, all of these solutions suffer from high rates of false alarms, and they violate the constrained-bandwidth nature of MANETs. To overcome these two problems, this research presented a novel CIDS utilizing the concept of social communities and the Dempster-Shafer theory (DST) of evidence. The concept of social communities was intended to establish reliable cooperative detection reporting while consuming minimal bandwidth. On the other hand, DST targeted decreasing false accusations through honoring partial/lack of evidence obtained solely from reliable sources. Experimental evaluation of the proposed CIDS resulted in consistently high detection rates, low false alarms rates, and low bandwidth consumption. The results of this research demonstrated the viability of applying the social communities concept combined with DST in achieving high detection accuracy and minimized bandwidth consumption throughout the detection process

Energy Efficient unauthorized Intrusion Detection in mobile Ad-Hoc Neworks

Mobile Ad hoc Networks (MANET) are self-configuring, infrastructure-less, dynamic wireless networks in which the nodes are resource constrained. Intrusion Detection Systems (IDS) are used in MANETs to monitor activities so as to detect any intrusion in the network. The proposed system present efficient scheme for analyzing and optimizing the time duration for which the intrusion detection systems need to remain active in a Mobile Ad Hoc Network. A probabilistic model is proposed that makes use of cooperation between IDSs among neighborhood nodes to reduce their individual active time. Usually, an IDS has to run all the time on every node to oversee the network behavior. This can turn out to be a costly overhead for a battery-powered mobile device in terms of power and computational resources. Hence, this project aim is to reduce the duration of active time of the IDSs without compromising on their effectiveness. To validate this proposed approach, it models the interactions between IDSs as a multi-player cooperative game in which the players have partially cooperative and partially conflicting goals

Energy Efficient Unauthorized Intrusion Detection in Mobile AD-HOC Networks

Mobile Ad hoc Networks (MANET) are self-configuring, infrastructure-less, dynamic wireless networks in which the nodes are resource constrained. Intrusion Detection Systems (IDS) are used in MANETs to monitor activities so as to detect any intrusion in the network. The proposed system present efficient scheme for analyzing and optimizing the time duration for which the intrusion detection systems need to remain active in a Mobile Ad Hoc Network. A probabilistic model is proposed that makes use of cooperation between IDSs among neighborhood nodes to reduce their individual active time. Usually, an IDS has to run all the time on every node to oversee the network behavior. This can turn out to be a costly overhead for a battery-powered mobile device in terms of power and computational resources. Hence, this project aim is to reduce the duration of active time of the IDSs without compromising on their effectiveness. To validate this proposed approach, it models the interactions between IDSs as a multi-player cooperative game in which the players have partially cooperative and partially conflicting goals

A hierarchical detection method in external communication for self-driving vehicles based on TDMA

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms

Protection of an intrusion detection engine with watermarking in ad hoc networks

Mobile ad hoc networks have received great attention in recent years, mainly due to the evolution of wireless networking and mobile computing hardware. Nevertheless, many inherent vulnerabilities exist in mobile ad hoc networks and their applications that affect the security of wireless transactions. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient we need a second line of defense, Intrusion Detection. In this pa-per we present an intrusion detection engine based on neural networks and a protection method based on watermarking techniques. In particular, we exploit information visualization and machine learning techniques in order to achieve intrusion detection and we authenticate the maps produced by the application of the intelligent techniques using a novel combined watermarking embedding method. The performance of the proposed model is evaluated under different traffic conditions, mobility patterns and visualization metrics

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author