Intrusion Detection in Mobile Ad Hoc Networks Using Transductive Machine Learning Techniques

This thesis presents a research whose objective is to design an intrusion detection model for Mobile Ad hoc NETworks (MANET). MANET is an autonomous system consisting of a group of mobile nodes with no infrastructure support. The MANET environment is particularly vulnerable because of the characteristics of mobile ad hoc networks such as open medium, dynamic topology, distributed cooperation, and constrained capability. Unfortunately, the traditional mechanisms designed for protecting networks are not directly applicable to MANETs without modifications. In the past decades, machine learning methods have been successfully used in several intrusion detection methods because of their ability to discover and detect novel attacks. This research investigates the use of a promising technique from machine learning to designing the most suitable intrusion detection for this challenging network type. The proposed algorithm employs a combined model that uses two different measures (nonconformity metric measures and Local Distance-based Outlier Factor (LDOF)) to improve its detection ability. Moreover, the algorithm can provide a graded confidence that indicates the reliability of the classification. In machine learning algorithm, choosing the most relevant features for each attack is a very important requirement, especially in mobile ad hoc networks where the network topology dynamically changes. Feature selection is undertaken to select the relevant subsets of features to build an efficient prediction model and improve intrusion detection performance by removing irrelevant features. The transductive conformal prediction and outlier detection have been employed for feature selection algorithm. Traditional intrusion detection techniques have had trouble dealing with dynamic environments. In particular, issues such as collects real time attack related audit data and cooperative global detection. Therefore, the researcher is motivated to design a new intrusion detection architecture which involves new detection technique to efficiently detect the abnormalities in the ad hoc networks. The proposed model has distributed and cooperative hierarchical architecture, where nodes communicate with their region gateway node to make decisions. To validate the research, the researcher presents case study using GLOMOSIM simulation platform with AODV ad hoc routing protocols. Various active attacks are implemented. A series of experimental results demonstrate that the proposed intrusion detection model can effectively detect anomalies with low false positive rate, high detection rate and achieve high detection accuracy

Enhancing Bio-inspired Intrusion Response in Ad-hoc Networks

Practical applications of Ad-hoc networks are developing everyday and safeguarding their security is becoming more important. Because of their specific qualities, ad-hoc networks require an anomaly detection system that adapts to its changing behaviour quickly. Bio-inspired algorithms provide dynamic, adaptive, real-time methods of intrusion detection and particularly in initiating a response. A key component of bio-inspired response methods is the use of feedback from the network to better adapt their response to the specific attack and the type of network at hand. However, calculating an appropriate length of time at which to provide feedback is crucial - premature feedback or delayed feedback from the network can have adverse effects on the attack mitigation process. The antigen-degeneracy response selection algorithm (Schaust & Szczerbicka, 2011) is one of the few bio-inspired algorithms for selecting the appropriate response for misbehavior that considers network performance and adapts to the network. The main drawback of this algorithm is that it has no measure of the amount of time to wait before it can take performance measurements (feedback) from the network. In this thesis, we attempt to develop an understanding of the length of time required before feedback is provided in a range of types of ad-hoc network that have been subject of an attack, in order that future development of bio-inspired intrusion detection algorithms can be enhanced.Aiming toward an adaptive timer, we discuss that ad-hoc networks can be divided into Wireless Sensor Network (WSN), Wireless Personal Area Network (WPAN) and Spontaneously Networked Users (SNU). We use ns2 to simulate these three different types of ad-hoc networks, each of which is analysed for changes in its throughput after an attack is responded to, in order to calculate the corresponding feedback time. The feedback time in this case is the time it takes for the network to stabilise. Feedback time is not only essential to bio-inspired intrusion response methods, but can also be used in network applications where a stable network reading is required, e.g. security monitoring and motion tracking.Interestingly, we found that the network feedback time does not vary greatly between the different types of networks, but it was calculated to be less than half of what Schaust and Szczerbicka used in their algorith

A hierarchical detection method in external communication for self-driving vehicles based on TDMA

Security is considered a major challenge for self-driving and semi self-driving vehicles. These vehicles depend heavily on communications to predict and sense their external environment used in their motion. They use a type of ad hoc network termed Vehicular ad hoc networks (VANETs). Unfortunately, VANETs are potentially exposed to many attacks on network and application level. This paper, proposes a new intrusion detection system to protect the communication system of self-driving cars; utilising a combination of hierarchical models based on clusters and log parameters. This security system is designed to detect Sybil and Wormhole attacks in highway usage scenarios. It is based on clusters, utilising Time Division Multiple Access (TDMA) to overcome some of the obstacles of VANETs such as high density, high mobility and bandwidth limitations in exchanging messages. This makes the security system more efficient, accurate and capable of real time detection and quick in identification of malicious behaviour in VANETs. In this scheme, each vehicle log calculates and stores different parameter values after receiving the cooperative awareness messages from nearby vehicles. The vehicles exchange their log data and determine the difference between the parameters, which is utilised to detect Sybil attacks and Wormhole attacks. In order to realize efficient and effective intrusion detection system, we use the well-known network simulator (ns-2) to verify the performance of the security system. Simulation results indicate that the security system can achieve high detection rates and effectively detect anomalies with low rate of false alarms

Real valued negative selection for anomaly detection in wireless ad hoc networks

Wireless ad hoc network is one of the network technologies that have gained lots of attention from computer scientists for the future telecommunication applications. However it has inherits the major vulnerabilities from its ancestor (i.e., the fixed wired networks) but cannot inherit all the conventional intrusion detection capabilities due to its features and characteristics. Wireless ad hoc network has the potential to become the de facto standard for future wireless networking because of its open medium and dynamic features. Non-infrastructure network such as wireless ad hoc networks are expected to become an important part of 4G architecture in the future. In this paper, we study the use of an Artificial Immune System (AIS) as anomaly detector in a wireless ad hoc network. The main goal of our research is to build a system that can learn and detect new and unknown attacks. To achieve our goal, we studied how the real-valued negative selection algorithm can be applied in wireless ad hoc network network and finally we proposed the enhancements to real-valued negative selection algorithm for anomaly detection in wireless ad hoc network

Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network

In recent years, wireless ad hoc sensor network becomes popular both in civil and military jobs. However, security is one of the significant challenges for sensor network because of their deployment in open and unprotected environment. As cryptographic mechanism is not enough to protect sensor network from external attacks, intrusion detection system needs to be introduced. Though intrusion prevention mechanism is one of the major and efficient methods against attacks, but there might be some attacks for which prevention method is not known. Besides preventing the system from some known attacks, intrusion detection system gather necessary information related to attack technique and help in the development of intrusion prevention system. In addition to reviewing the present attacks available in wireless sensor network this paper examines the current efforts to intrusion detection system against wireless sensor network. In this paper we propose a hierarchical architectural design based intrusion detection system that fits the current demands and restrictions of wireless ad hoc sensor network. In this proposed intrusion detection system architecture we followed clustering mechanism to build a four level hierarchical network which enhances network scalability to large geographical area and use both anomaly and misuse detection techniques for intrusion detection. We introduce policy based detection mechanism as well as intrusion response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap with arXiv:1111.1933 by other author

DPRAODV: A Dynamic Learning System Against Blackhole Attack In AODV Based MANET

Security is an essential requirement in mobile ad hoc networks to provide protected communication between mobile nodes. Due to unique characteristics of MANETS, it creates a number of consequential challenges to its security design. To overcome the challenges, there is a need to build a multifence security solution that achieves both broad protection and desirable network performance. MANETs are vulnerable to various attacks, blackhole, is one of the possible attacks. Black hole is a type of routing attack where a malicious node advertise itself as having the shortest path to all nodes in the environment by sending fake route reply. By doing this, the malicious node can deprive the traffic from the source node. It can be used as a denial-of-service attack where it can drop the packets later. In this paper, we proposed a DPRAODV (Detection, Prevention and Reactive AODV) to prevent security threats of blackhole by notifying other nodes in the network of the incident. The simulation results in ns2 (ver-2.33) demonstrate that our protocol not only prevents blackhole attack but consequently improves the overall performance of (normal) AODV in presence of black hole attack