A Cross-Layer, Anomaly-Based IDS for WSN and MANET
| Autor: | Amar Amouri, Mohamed A. Bencherif, Raju Manthena, Salvatore D. Morgera |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Computer science
Anomaly-based intrusion detection system intrusion detection Population Decision tree MANET 02 engineering and technology Intrusion detection system Biochemistry finite sample size Article Analytical Chemistry 0202 electrical engineering electronic engineering information engineering Electrical and Electronic Engineering education Instrumentation education.field_of_study accumulated measure of fluctuation (AMoF) decision trees business.industry 020206 networking & telecommunications Mobile ad hoc network WSN Atomic and Molecular Physics and Optics linear regression 020201 artificial intelligence & image processing business Wireless sensor network Computer network |
| Zdroj: | Sensors (Basel, Switzerland) Sensors; Volume 18; Issue 2; Pages: 651 |
| ISSN: | 1424-8220 |
| Popis: | Intrusion detection system (IDS) design for mobile adhoc networks (MANET) is a crucial component for maintaining the integrity of the network. The need for rapid deployment of IDS capability with minimal data availability for training and testing is an important requirement of such systems, especially for MANETs deployed in highly dynamic scenarios, such as battlefields. This work proposes a two-level detection scheme for detecting malicious nodes in MANETs. The first level deploys dedicated sniffers working in promiscuous mode. Each sniffer utilizes a decision-tree-based classifier that generates quantities which we refer to as correctly classified instances (CCIs) every reporting time. In the second level, the CCIs are sent to an algorithmically run supernode that calculates quantities, which we refer to as the accumulated measure of fluctuation (AMoF) of the received CCIs for each node under test (NUT). A key concept that is used in this work is that the variability of the smaller size population which represents the number of malicious nodes in the network is greater than the variance of the larger size population which represents the number of normal nodes in the network. A linear regression process is then performed in parallel with the calculation of the AMoF for fitting purposes and to set a proper threshold based on the slope of the fitted lines. As a result, the malicious nodes are efficiently and effectively separated from the normal nodes. The proposed scheme is tested for various node velocities and power levels and shows promising detection performance even at low-power levels. The results presented also apply to wireless sensor networks (WSN) and represent a novel IDS scheme for such networks. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|