Routing anomaly detection in OLSR-based MANETs

Optimised link state routing OLSR protocol as one of the four standard routing protocols provided for mobile ad hoc networks MANETs is vulnerable to attacks launched by authorised nodes. An anomaly detection system ADS that uses a small set of features, is unable to detect different types of attacks. In this paper, we define a set of features for OLSR behaviour to learn all behavioural aspects of this protocol. Furthermore, we propose a Conceptual Data Collection based ADS CDC-ADS in which ensemble methods are used to enhance the accuracy of anomaly detection. Data are collected based on four aspects of OLSR behaviour, then an expert model is learned for each aspect. A selection-based aggregation mechanism is used to conclude from votes of the learned models. The experiments show that creating the experts and combining their predictions increase the accuracy of detecting attacks. Also, testing CDC-ADS with various time slot lengths and network speeds shows its robustness.

[1]  Manel Guerrero Zapata Secure ad hoc on-demand distance vector routing , 2002, MOCO.

[2]  David A. Maltz,et al.  The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4 , 2007, RFC.

[3]  Chai Kiat Yeo,et al.  Distributed Court System for intrusion detection in mobile ad hoc networks , 2011, Comput. Secur..

[4]  Bu-Sung Lee,et al.  Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA , 2011, IEEE Transactions on Dependable and Secure Computing.

[5]  Teuvo Kohonen,et al.  Self-Organizing Maps , 2010 .

[6]  Vijay Laxmi,et al.  Collusion attack resistance through forced MPR switching in OLSR , 2010, 2010 IFIP Wireless Days.

[7]  M. Rahmanimanesh,et al.  ADAPTIVE ORDERED WEIGHTED AVERAGING FOR ANOMALY DETECTION IN CLUSTER-BASED MOBILE AD HOC NETWORKS , 2013 .

[8]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[9]  Nei Kato,et al.  A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks , 2009, IEEE Transactions on Vehicular Technology.

[10]  Srinivas Sampalli,et al.  Detection and Prevention of Routing Intrusions in Mobile Ad Hoc Networks , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[11]  Rafael Timóteo de Sousa Júnior,et al.  Autonomic trust reasoning enables misbehavior detection in OLSR , 2008, SAC '08.

[12]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[13]  Raman K. Mehra,et al.  Ensemble methods for anomaly detection and distributed intrusion detection in Mobile Ad-Hoc Networks , 2008, Inf. Fusion.

[14]  Imrich Chlamtac,et al.  Mobile ad hoc networking: imperatives and challenges , 2003, Ad Hoc Networks.

[15]  Ronggong Song,et al.  ROLSR: A robust Optimized Link State Routing protocol for military Ad-Hoc networks , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[16]  Chun-Ta Li,et al.  A secure routing protocol with node selfishness resistance in MANETs , 2012, Int. J. Mob. Commun..

[17]  Nei Kato,et al.  NIS01-2: A Collusion Attack Against OLSR-based Mobile Ad Hoc Networks , 2006, IEEE Globecom 2006.

[18]  F. Cuppens,et al.  Property Based Intrusion Detection to Secure OLSR , 2007, 2007 Third International Conference on Wireless and Mobile Communications (ICWMC'07).

[19]  Bu-Sung Lee,et al.  CARRADS: Cross layer based adaptive real-time routing attack detection system for MANETS , 2010, Comput. Networks.

[20]  Saeed Jalili,et al.  Fusion of one-class classifiers for protocol-based anomaly detection in AODV-based mobile ad hoc networks , 2013, Int. J. Ad Hoc Ubiquitous Comput..

[21]  Nei Kato,et al.  A study of a routing attack in OLSR-based mobile ad hoc networks , 2007 .

[22]  Jing Zhang,et al.  Factor-analysis based anomaly detection and clustering , 2006, Decis. Support Syst..

[23]  Philippe Jacquet,et al.  Optimized Link State Routing Protocol (OLSR) , 2003, RFC.

[24]  Imane Aly Saroit,et al.  Misbehavior nodes detection and isolation for MANETs OLSR protocol , 2011, WCIT.