Statistical Anomaly-based Intrusion Detection And Reaction System For Mobile Ad Hoc Networks

Mobile Ad hoc Network (MANET) is an example of wireless multi-hop networks which can be used to extend the wired and fixed wireless networks in order to form a hybrid networks. MANET, which was originally developed to be used for military applications, had widely used in most of recent civil applications. By supporting flexible and adaptive applications with no fixed infrastructure, MANET is expected to play an important role in the future. However, the success of MANET’s applications could be strongly affected by the security of systems and protocols those carrying out its basic functions.MANET, at its top level, needs the same security requirements as of the wired and fixed wireless networks, such as authentication, confidentiality, integrity, and availability. However, due to unique features of MANET, the security metrics proposed for wired and fixed wireless networks are no longer suitable to protect MANETs against attacks targeting the different layers of the network model. Recently, the Intrusion Detection Systems (IDSs) are presented for MANETs to act as a second line of defense that cope with the limitations and difficulties of the traditional prevention mechanisms.In this research, we investigate the use of statistical anomaly-based techniques for developing and constructing intrusion detection scheme for MANETs. Based on the finding of this investigation, we evolve methods based on statistical techniques to detect routing attacks against MANET. The detection scheme utilizes the characteristics of path and uses them to evaluate the trustworthiness of the global security information that provided by other monitors. In addition to, we evolve response mechanism to react against attacks in away that mitigates their potential effects. However, in the response mechanism, the concept of reputation is utilized. By which, the accusation’s record is maintained and used to make the decision of node behavior.The evolved detection and reaction methods are used to construct our distributed and cooperative Statistical Anomaly-based Intrusion Detection and Reaction System (SAIDRS). The performance of SAIDRS is evaluated using simulation experiments. Different mobility patterns and attack scenarios are utilized in the simulated network. However, the evaluation results show that, SAIDRS performs well in detecting and reacting to routing attacks with a noticeable improving in the network throughput.