Title: Fusion of one-class classifiers for protocol-based anomaly detection in AODV-based mobile ad hoc networks

Authors: Mohammad Rahmanimanesh; Saeed Jalili; Ahmad R. Sharafat

Addresses: Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran 14115-143, Islamic Republic of Iran ' Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran 14115-143, Islamic Republic of Iran ' Faculty of Electrical and Computer Engineering, Tarbiat Modares University, Tehran 14115-143, Islamic Republic of Iran

Abstract: Ad hoc on-demand distance vector (AODV) is a widely used routing protocol for mobile ad hoc networks that fully trusts all participants and has no security considerations. As a result, malicious nodes can violate the protocol and disrupt the network operations. In this paper, a protocol-based anomaly detection method in ad hoc networks with AODV routing protocol is proposed. In doing so, we use a step-by-step approach for modelling the normal behaviour of AODV, and utilise a combination of support vector data description (SVDD) and mixture of Gaussians (MoGs) one-class classifiers to classify any deviation from the normal behaviour as an anomaly. These two classifiers are chosen among six utilised classifiers according to their diversity and better accuracy. Simulation results demonstrate the effectiveness of the proposed method for detecting many types of attacks (e.g., wormhole, blackhole, rushing and denial of service (DoS)).

Keywords: MANETs; mobile ad hoc networks; AODV; ad hoc on-demand distance vector; anomaly detection; one-class classifiers; classifier selection; classifier fusion; mobile networks; routing protocols; network security; intrusion detection; cyber attacks; modelling; support vector data description; SVDD; mixture of Gaussians; MoGs; simulation.

DOI: 10.1504/IJAHUC.2013.058233

International Journal of Ad Hoc and Ubiquitous Computing, 2013 Vol.14 No.3, pp.158 - 171

Accepted: 15 Aug 2012
Published online: 11 Dec 2013 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article