Mobile Ad Hoc Network Intrusion Detection System

As a new type of mobile communication network, mobile Ad Hoc network has wide application in both military and civilian fields. But the security issues also occur, such as high security risks due to the wireless medium of communication and the difficulty of monitoring the network to detect intrusive behaviors. Security prevention technologies, encryption and authentication, for instance, can avoid the intrusions in mobile Ad Hoc network to a certain extent; however, they can't solve its inherent shortcomings. Intrusion detection can be the second line of security defense for mobile Ad Hoc network to reinforce the prevention methods of intrusion.Firstly, mobile Ad Hoc network and its security problems are analyzed in this thesis. Then, a research on intrusion detection for mobile Ad Hoc network is conducted. By analyzing the proposed intrusion detection systems in mobile Ad Hoc network, this thesis designs a cluster-based hierarchical intrusion detection system for mobile Ad Hoc network, CBIDS(Cluster-Based Intrusion Detection System). The whole network is divided into clusters by employing clustering algorithm. The clusterhead is responsible for global cooperative detection, which solves the problems of decision-making rights between nodes and resources consumption existing in the flat intrusion detection systems. At the same time, CBIDS uses both misuse detection and anomaly detection methods thus it has higher detection rate and lower false alarm rate.CBIDS is built on the basis of clusters, therefore, clustering algorithm of intrusion detection system is the key technology to realize CBIDS. In this thesis, an efficient clustering algorithm, namely, ILCC (Improved Least Cluster Change), is proposed for hierarchical intrusion detection system in mobile Ad Hoc network. To reduce the number of clusters, the ILCC algorithm defines the notion of letting border nodes determine their roles first; and to obtain stable cluster architecture, the ILCC algorithm restricts the change of the clusterhead. Simulation results demonstrate that the number of clusters obtained by the algorithm is fewer than that of typical algorithms for mobile Ad Hoc network and the cluster structure is more stable.