Fusion of one-class classifiers for protocol-based anomaly detection in AODV-based mobile ad hoc networks

Ad hoc on-demand distance vector AODV is a widely used routing protocol for mobile ad hoc networks that fully trusts all participants and has no security considerations. As a result, malicious nodes can violate the protocol and disrupt the network operations. In this paper, a protocol-based anomaly detection method in ad hoc networks with AODV routing protocol is proposed. In doing so, we use a step-by-step approach for modelling the normal behaviour of AODV, and utilise a combination of support vector data description SVDD and mixture of Gaussians MoGs one-class classifiers to classify any deviation from the normal behaviour as an anomaly. These two classifiers are chosen among six utilised classifiers according to their diversity and better accuracy. Simulation results demonstrate the effectiveness of the proposed method for detecting many types of attacks e.g., wormhole, blackhole, rushing and denial of service DoS.

[1]  Wuu Yang,et al.  DDoS detection and traceback with decision tree and grey relational analysis , 2011, Int. J. Ad Hoc Ubiquitous Comput..

[2]  Wenke Lee,et al.  Attack Analysis and Detection for Ad Hoc Routing Protocols , 2004, RAID.

[3]  David M. J. Tax,et al.  One-class classification , 2001 .

[4]  Wenke Lee,et al.  A cooperative intrusion detection system for ad hoc networks , 2003, SASN '03.

[5]  Yih-Chun Hu,et al.  Rushing attacks and defense in wireless ad hoc network routing protocols , 2003, WiSe '03.

[6]  Yih-Chun Hu,et al.  Wormhole attacks in wireless networks , 2006, IEEE Journal on Selected Areas in Communications.

[7]  Annette J. Dobson,et al.  An introduction to generalized linear models , 1991 .

[8]  Nei Kato,et al.  A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks , 2009, IEEE Transactions on Vehicular Technology.

[9]  Dharma P. Agrawal,et al.  SVM-based intrusion detection system for wireless ad hoc networks , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[10]  Fabio Roli,et al.  Intrusion detection in computer networks by a modular ensemble of one-class classifiers , 2008, Inf. Fusion.

[11]  Thomas G. Dietterich Multiple Classifier Systems , 2000, Lecture Notes in Computer Science.

[12]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[13]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[14]  Bogdan Gabrys,et al.  Classifier selection for majority voting , 2005, Inf. Fusion.

[15]  Subhash C. Bagui,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2005, Technometrics.

[16]  Philip S. Yu,et al.  Cross-feature analysis for detecting ad-hoc routing anomalies , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[17]  Liying Yang,et al.  Classifiers selection for ensemble learning based on accuracy and diversity , 2011 .

[18]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[19]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[20]  J.B.D. Cabrera,et al.  Infrastructures and algorithms for distributed anomaly-based intrusion detection in mobile ad-hoc networks , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[21]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[22]  Ming-Yang Su Deployment of intrusion detection nodes to prevent wormhole attacks in Mobile Ad hoc Networks , 2011, Int. J. Ad Hoc Ubiquitous Comput..

[23]  Raman K. Mehra,et al.  Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks , 2008, Inf. Fusion.

[24]  Wenli Chen,et al.  ANMP: ad hoc network management protocol , 1999, IEEE J. Sel. Areas Commun..

[25]  Wenke Lee,et al.  Agent-based cooperative anomaly detection for wireless ad hoc networks , 2006, 12th International Conference on Parallel and Distributed Systems - (ICPADS'06).

[26]  Anil K. Jain,et al.  Algorithms for Clustering Data , 1988 .

[27]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[28]  Insup Lee,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[29]  Wenke Lee,et al.  Intrusion detection in wireless ad-hoc networks , 2000, MobiCom '00.

[30]  Ludmila I. Kuncheva,et al.  Combining Pattern Classifiers: Methods and Algorithms , 2004 .

[31]  Biju Issac,et al.  Detailed DoS attacks in wireless networks and countermeasures , 2007, Int. J. Ad Hoc Ubiquitous Comput..

[32]  David G. Stork,et al.  Pattern Classification (2nd ed.) , 1999 .

[33]  Nei Kato,et al.  A self-adaptive intrusion detection method for AODV-based mobile ad hoc networks , 2005, IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, 2005..