An Intrusion Detection System in Ad Hoc Networks: A Social Network Analysis Approach

We introduce a social network analysis method as a new approach to build an Intrusion Detection System (SNIDS) in ad hoc networks. The SN-IDS utilizes social relations as metrics-of-interest for anomaly detections, which is different from most traditional IDS approaches. To construct proper social networks, we first investigate ad hoc MAC and network layer data attributes and select relevant social feature sets; then we build up a set of socio-matrices based on these features. Social analysis methods are applied to these matrices to detect suspicious behaviors of mobile nodes. NS-2 simulation results show that this SN-IDS system can effectively detect common attacks with high detection rates and low false positive alarm rates. Furthermore, it has clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.

[1]  Shaozhi Ye,et al.  Davis social links: integrating social networks with internet routing , 2007, LSAD '07.

[2]  Peter Mell,et al.  Mobile Agent Attack Resistant Distributed Hierarchical Intrusion Detection Systems , 1999, Recent Advances in Intrusion Detection.

[3]  Leonard M. Freeman,et al.  A set of measures of centrality based upon betweenness , 1977 .

[4]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[5]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[6]  T.R. Coffman,et al.  Dynamic classification of groups through social network analysis and HMMs , 2004, 2004 IEEE Aerospace Conference Proceedings (IEEE Cat. No.04TH8720).

[7]  Hector Garcia-Molina,et al.  DHT Routing Using Social Links , 2004, IPTPS.

[8]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.