Intrusion Detection in Mobile Ad Hoc Networks Using Transductive Machine Learning Techniques

This thesis presents a research whose objective is to design an intrusion detection model for Mobile Ad hoc NETworks (MANET). MANET is an autonomous system consisting of a group of mobile nodes with no infrastructure support. The MANET environment is particularly vulnerable because of the characteristics of mobile ad hoc networks such as open medium, dynamic topology, distributed cooperation, and constrained capability. Unfortunately, the traditional mechanisms designed for protecting networks are not directly applicable to MANETs without modifications. In the past decades, machine learning methods have been successfully used in several intrusion detection methods because of their ability to discover and detect novel attacks. This research investigates the use of a promising technique from machine learning to designing the most suitable intrusion detection for this challenging network type. The proposed algorithm employs a combined model that uses two different measures (nonconformity metric measures and Local Distance-based Outlier Factor (LDOF)) to improve its detection ability. Moreover, the algorithm can provide a graded confidence that indicates the reliability of the classification. In machine learning algorithm, choosing the most relevant features for each attack is a very important requirement, especially in mobile ad hoc networks where the network topology dynamically changes. Feature selection is undertaken to select the relevant subsets of features to build an efficient prediction model and improve intrusion detection performance by removing irrelevant features. The transductive conformal prediction and outlier detection have been employed for feature selection algorithm. Traditional intrusion detection techniques have had trouble dealing with dynamic environments. In particular, issues such as collects real time attack related audit data and cooperative global detection. Therefore, the researcher is motivated to design a new intrusion detection architecture which involves new detection technique to efficiently detect the abnormalities in the ad hoc networks. The proposed model has distributed and cooperative hierarchical architecture, where nodes communicate with their region gateway node to make decisions. To validate the research, the researcher presents case study using GLOMOSIM simulation platform with AODV ad hoc routing protocols. Various active attacks are implemented. A series of experimental results demonstrate that the proposed intrusion detection model can effectively detect anomalies with low false positive rate, high detection rate and achieve high detection accuracy

Advanced AODV approach for efficient detection and mitigation of wormhole attack in MANET

Wireless Communication is an inevitable part of Smart Home domain. A Mobile Ad-Hoc Network (MANET) is defined as an arrangement of wireless mobile nodes which creates a temporary network for the communication. MANET suffers from both kinds of attacks, active and passive attacks at all the layers of the network model. The lacks of security measures of routing protocols allow attackers to intrude the network. Wormhole, the attack is generated by tunnels creation and it results in complete disruption of routing paths on MANET. The proposed security approach is to detect and mitigate wormhole attack. It is secured Ad hoc on demand distance vector (AODV) approach which efficiently finds wormhole attack present in a MANET and Digital signature is used to prevent it. This approach is based on a calculation of tunneling time taken by tunnel to analyze the behavior of wormhole. Afterward, it decides some static threshold value. Based upon this tunneling time and threshold value, it decides whether given node is wormhole node or trustworthy node. A digital signature and hash chain algorithm is applied to mitigate the wormhole node

Identifying time measurement tampering in the traversal time and hop count analysis (TTHCA) wormhole detection algorithm

Traversal time and hop count analysis (TTHCA) is a recent wormhole detection algorithm for mobile ad hoc networks (MANET) which provides enhanced detection performance against all wormhole attack variants and network types. TTHCA involves each node measuring the processing time of routing packets during the route discovery process and then delivering the measurements to the source node. In a participation mode (PM) wormhole where malicious nodes appear in the routing tables as legitimate nodes, the time measurements can potentially be altered so preventing TTHCA from successfully detecting the wormhole. This paper analyses the prevailing conditions for time tampering attacks to succeed for PM wormholes, before introducing an extension to the TTHCA detection algorithm called ∆T Vector which is designed to identify time tampering, while preserving low false positive rates. Simulation results confirm that the ∆T Vector extension is able to effectively detect time tampered MANET attacks, thereby providing an important security enhancement to the TTHCA algorithm

Intrusion Detection in Mobile Ad Hoc Networks Using Classification Algorithms

In this paper we present the design and evaluation of intrusion detection models for MANETs using supervised classification algorithms. Specifically, we evaluate the performance of the MultiLayer Perceptron (MLP), the Linear classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and the Support Vector Machine (SVM). The performance of the classification algorithms is evaluated under different traffic conditions and mobility patterns for the Black Hole, Forging, Packet Dropping, and Flooding attacks. The results indicate that Support Vector Machines exhibit high accuracy for almost all simulated attacks and that Packet Dropping is the hardest attack to detect.Comment: 12 pages, 7 figures, presented at MedHocNet 200

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author

Real valued negative selection for anomaly detection in wireless ad hoc networks

Wireless ad hoc network is one of the network technologies that have gained lots of attention from computer scientists for the future telecommunication applications. However it has inherits the major vulnerabilities from its ancestor (i.e., the fixed wired networks) but cannot inherit all the conventional intrusion detection capabilities due to its features and characteristics. Wireless ad hoc network has the potential to become the de facto standard for future wireless networking because of its open medium and dynamic features. Non-infrastructure network such as wireless ad hoc networks are expected to become an important part of 4G architecture in the future. In this paper, we study the use of an Artificial Immune System (AIS) as anomaly detector in a wireless ad hoc network. The main goal of our research is to build a system that can learn and detect new and unknown attacks. To achieve our goal, we studied how the real-valued negative selection algorithm can be applied in wireless ad hoc network network and finally we proposed the enhancements to real-valued negative selection algorithm for anomaly detection in wireless ad hoc network