Fuzzy Voting for Anomaly Detection in Cluster-Based Mobile Ad Hoc Networks
Subject Areas : electrical and computer engineeringMohammad Rahmanimanesh 1 , Saeed Jalili 2
1 -
2 -
Abstract :
In this paper, an attack analysis and detection method in cluster-based mobile ad hoc networks with AODV routing protocol is proposed. The proposed method uses the anomaly detection approach for detecting attacks in which the required features for describing the normal behavior of AODV protocol are defined via step by step analysis of AODV protocol and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy voting method is used for combining support vector data description (SVDD), mixture of Gaussians (MoG), and self-organizing maps (SOM) one-class classifiers and the combined model is utilized to partially detect the attacks in cluster members. The votes of cluster members are periodically transmitted to the cluster head and final decision on attack detection is carried out in the cluster head. In the proposed method, a fuzzy voting method is used for aggregating the votes of cluster members in the cluster head by which the performance of the method improves significantly in detecting blackhole, rushing, route error fabrication, packet replication, and wormhole attacks. In this paper, an attack analysis method based on feature sensitivity ranking is also proposed that determines which features are influenced more by the mentioned attacks. This sensitivity ranking leads to the detection of the types of attacks launched on the network.
[1] C. Perkins and E. Royer, "Ad hoc on demand distance vector routing," in Proc. of the 2nd IEEE Workshop on Mobile Computing Systems and Applications, WMCSA 99, pp. 90-100, Feb. 1999.
[2] C. Perkins, E. Royer, and S. Das, "Ad hoc on demand distance vector routing," IETF RFC 3561, Jul. 2003.
[3] N. Vapnik, Statistical Learning Theory, John Wiley and Sons, 1998.
[4] D. M. J. Tax, One - Class Classification, Ph. D. Dissertation, Delft University of Technology, 2001.
[5] C. Bishop, Neural Networks for Pattern Recognition, Oxford University Press, 1995.
[6] T. Kohonen, Self - Organizing Maps, Springer-Verlag, Third Edition, 2001.
[7] Y. Huang, W. Fan, W. Lee, and P. Yu, "Cross - feature analysis for detecting ad hoc routing anomalies," in Proc. of the 23rd Int. Conf. on Distributed Computing Systems, ICDCS 03, pp. 478-487, May 2003.
[8] J. R. Quinlan, C4.5: Programs for Machine Learning, Morgan Kaufmann Publishers, 1993.
[9] W. W. Cohen, "Fast effective rule induction," in Proc. of 12th Int. Conf. on Machine Learning, pp. 115-123, Jul. 1995.
[10] E. Alpaydin, Introduction to Machine Learning, MIT Press, 2004.
[11] H. Nakayama, S. Kurosawa, A. Jamalipour, Y. Nemoto, and N. Kato, "A dynamic anomaly detection scheme for AODV - based mobile ad hoc networks," IEEE Trans. on Vehicular Technology, vol. 58, no. 5, pp. 2471-2481, Jun. 2009.
[12] S. Kurosawa, H. Nakayama, N. Kato, A. Jamalipour, and Y. Nemoto, "A self - adaptive intrusion detection method for AODV - based mobile ad hoc networks," in Proc. of IEEE Int. Conf. on Mobile Ad Hoc and Sensor Systems, pp. 773-780, Nov. 2005.
[13] J. B. D. Cabrera, C. Gutierrez, and R. K. Mehra, "Infrastructures and algorithms for distributed anomaly - based intrusion detection in mobile ad hoc networks," in Proc. of IEEE Military Communications Conf., MILCOM 05, vol. 3, pp. 1831-1837, Oct. 2005.
[14] J. B. D. Cabrera, C. Gutierrez, and R. K. Mehra, "Ensemble methods for anomaly detection and distributed intrusion detection in mobile ad hoc networks," Information Fusion, vol. 9, no. 1, pp. 96-119, Jan. 2008.
[15] W. Chen, N. Jain, and S. Singh, "ANMP: ad hoc network management protocol," IEEE J. on Selected Areas in Communications, vol. 17, no. 8, pp. 1506-1531, Aug. 1999.
[16] Y. Zhang and W. Lee, "Intrusion detection in wireless ad hoc networks," in Proc. of 6th Annual Int. Conf. on Mobile Computing and Networking, pp. 275-283, Boston, Aug. 2000.
[17] Y. Zhang, W. Lee, and Y. Huang, "Intrusion detection techniques for mobile wireless networks," ACM Wireless Networks, vol. 9, no. 5, pp. 545-556, Sep. 2003.
[18] H. Deng, Q. A. Zeng, and D. P. Agrawal, "SVM - based intrusion detection system for wireless ad hoc networks," in Proc. of IEEE Vehicular Technology Conf., vol. 3, pp. 2147-2151, Oct. 2003.
[19] H. Deng, R. Xu, J. Li, F. Zhang, R. Levy, and W. Lee, "Agent - based cooperative anomaly detection for wireless ad hoc networks," in Proc. of the 12th Int. Conf. on Parallel and Distributed Systems, ICPADS 06, vol. 1, Jul. 2006.
[20] T. M. Cover and P. E. Hart, "Nearest neighbor pattern classification," IEEE Trans. on Information Theory, vol. 13, no. 1, pp. 21-27, Jan. 1967.
[21] T. Avram, S. Oh, and S. Hariri, "Analyzing attacks in wireless ad hoc network with self - organizing maps," in Proc. of Fifth Annual Conf. on Communication Networks and Services Research, CNSR'07, pp. 166-175, May 2007.
[22] Y. A. Huang and W. Lee, "Attack analysis and detection for ad hoc routing protocols," in Proc. of Recent Advances in Intrusion Detection, pp. 125-145, Sep. 2004.
[23] I. Aad, J. Hubaux, and E. W. Knightly, "Impact of denial of service attacks on ad hoc networks," IEEE/ACM Trans. on Networking, vol. 16, no. 4, pp. 791-802, Aug. 2008.
[24] F. Xing and W. Wang, "Understanding dynamic denial of service attacks in mobile ad hoc networks," in IEEE Military Communication Conf., MILCOM'06, 7 pp., Oct. 2006.
[25] Y. Hu, A. Perrig, and D. Johnson, "Wormhole attacks in wireless networks," IEEE J. on Selected Areas in Communications, vol. 24, no. 2, pp. 370-380, Feb. 2006.
[26] Y. C. Hu, A. Perrig, and D. B. Johnson, "Rushing attacks and defense in wireless ad hoc network routing protocols," in Proc. of ACM Workshop Wireless Security, WiSe'03, pp 30-40, Sep. 2003.
[27] L. I. Kuncheva, Combining Pattern Classifiers, Methods, and Algorithms, John Wiley and Sons, 2004.
[28] D. M. J. Tax, M. V. Breukelen, R. P. W. D. Duin, and J. Kittler, "Combining multiple classifiers by averaging or by multiplying?," Pattern Recognition, vol. 33, no. 9, pp. 1475-1485, Sep. 2000.
[29] Z. Chen, Consensus in Group Decision Making Under Linguistic Assessments, Ph. D. Dissertation, Kansas State University, 2005.
[30] F. Herrera, E. Herrera - Viedma, and J. L. Verdegay, "Direct approach processes in group decision making using linguistic OWA operators," Fuzzy Sets and Systems, vol. 79, no. 2, pp. 175-190, Apr. 1996.
[31] R. R. Yager, "On ordered weighted averaging aggregation operators in multi-criteria decision making," IEEE Trans. on Systems, Man and Cybernetics, vol. 18, no. 1, pp. 183-190, Jan./Feb. 1988.
[32] H. Chen and L. Zhou, "An approach to group decision making with interval fuzzy preference relations based on induced generalized continuous ordered weighted averaging operator," Expert Systems with Applications, vol. 38, no. 10, pp. 13432-13440, Sep. 2011.
[33] M. Dursun, E. E. Karsak, and M. A. Karadayi, "A fuzzy multi-criteria group decision making framework for evaluating health - care waste disposal alternatives," Expert Systems with Applications, vol. 38, no. 9, pp. 11453-11462, Sep. 2011.
[34] J. M. Merigo and A. M. Gil-Lafuente, "Fuzzy induced generalized aggregation operators and its application in multi - person decision making," Expert Systems with Applications, vol. 38, no. 8, pp. 9761-9772, Aug. 2011.
[35] J. Y. Yu and P. H. J. Chong, "A survey of clustering schemes for mobile ad hoc networks," IEEE Communications Surveys & Tutorials, vol. 7, no. 1, pp. 32-48, First Quarter 2005.
[36] J. Wu et al., "On calculating power - aware connected dominating sets for efficient routing in ad hoc wireless networks," International J. of Communication Networks and Distributed Systems, vol. 4, no. 1, pp. 59-70, Mar. 2002.
[37] T. C. Hou and T. J. Tsai, "An access - based clustering protocol for multi - hop wireless ad hoc networks," IEEE J. on Selected Areas in Communications, vol. 19, no. 7, pp. 1201-1210, Jul. 2001.
[38] V. S. Anitha and M. P. Sebastian, "(k, r) - dominating set - based, weighted and adaptive clustering algorithms for mobile ad hoc networks," IET Communications, vol. 5, no. 13, pp. 1836-1853, Sep. 2011.
[39] J. A. Torkestani and M. R. Meybodi, "Clustering the wireless ad hoc networks: a distributed learning automata approach," J. of Parallel and Distributed Computing, vol. 70, no. 4, pp. 394-405, Apr. 2010.
[40] K. Bhargavan, C. A. Gunter, M. Kim, I. Lee, D. Obradovic, O. Sokolsky, and M. Viswanathan, "Verisim: formal analysis of network simulations," IEEE Trans. on Software Engineering, vol. 28, no. 2, pp. 129-145, Feb. 2002.
[41] R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, "McPAD : a multiple classifier system for accurate payload - based anomaly detection," Computer Networks, Special Issue on Traffic Classification and Its Applications to Modern Networks, vol. 53, no. 6, pp. 864-881, Apr. 2009.
[42] G. Giacinto, R. Perdisci, M. Del Rio, and F. Roli, "Intrusion detection in computer networks by a modular ensemble of one - class classifiers," Information Fusion, Special Issue on Applications of Ensemble Methods, vol. 9, no. 1, pp. 69-82, Jan. 2008.
[43] NS-2 (Network Simulator Version 2), URL: http://www.isi.edu/nsnam/ns/ns-documentation, Jan. 2010.
[44] A. J. Dobson and A. G. Barnett, An Introduction to Generalized Linear Models, Chapman and Hall, 3rd Edition, 2008.