On the Anomaly Intrusion-Detection in Mobile Ad Hoc Network Environments

Manet security has a lot of open issues. Due to its characteristics, this kind of network needs preventive and corrective protection. In this paper, we focus on corrective protection proposing an anomaly IDS model for Manet. The design and development of the IDS are considered in our 3 main stages: normal behavior construction, anomaly detection and model update. A parametrical mixture model is used for behavior modeling from reference data. The associated Bayesian classification leads to the detection algorithm. MIB variables are used to provide IDS needed information. Experiments of DoS and scanner attacks validating the model are presented as well.

[1]  David Peel,et al.  The EMMIX Algorithm for the Fitting of Normal and t-Components , 1999 .

[2]  Richard A. Johnson,et al.  Applied Multivariate Statistical Analysis , 1983 .

[3]  Songwu Lu,et al.  Self-organized network-layer security in mobile ad hoc networks , 2002, WiSE '02.

[4]  Peter Adams,et al.  The EMMIX software for the fitting of mixtures of normal and t-components , 1999 .

[5]  Giovanni Vigna,et al.  An intrusion detection tool for AODV-based ad hoc wireless networks , 2004, 20th Annual Computer Security Applications Conference.

[6]  Philip S. Yu,et al.  Cross-feature analysis for detecting ad-hoc routing anomalies , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[7]  Ricardo Staciarini Puttini,et al.  Preventive and Corrective Protection for Mobile Ad Hoc Network Routing Protocols , 2004, WONS.

[8]  Giovanni Vigna,et al.  Sensor-based intrusion detection for intra-domain distance-vector routing , 2002, CCS '02.

[9]  Mary Baker,et al.  Mitigating routing misbehavior in mobile ad hoc networks , 2000, MobiCom '00.

[10]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[11]  Ricardo Staciarini Puttini,et al.  A fully distributed IDS for MANET , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[12]  Ricardo Staciarini Puttini,et al.  A Bayesian Classification Model for Real‐Time Intrusion Detection , 2003 .

[13]  Stephen J. Roberts,et al.  Maximum certainty data partitioning , 2000, Pattern Recognit..

[14]  Yunheung Paek,et al.  Advances in Computer Systems Architecture , 2008 .

[15]  Karl N. Levitt,et al.  A specification-based intrusion detection system for AODV , 2003, SASN '03.

[16]  Haiyun Luo,et al.  Security in mobile ad hoc networks: challenges and solutions , 2004, IEEE Wireless Communications.