This Article 
 Bibliographic References 
 Add to: 
Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA
March/April 2011 (vol. 8 no. 2)
pp. 233-245
John Felix Charles Joseph, Nanyang Technological University, Singapore
Bu-Sung Lee, Nanyang Technological University, Singapore
Amitabha Das, Infosys Technologies Ltd., Bangalore
Boon-Chong Seet, Auckland University of Technology, Auckland
The uniqueness of security vulnerabilities in ad hoc networks has given rise to the need for designing novel intrusion detection algorithms, different from those present in conventional networks. In this work, we propose an autonomous host-based intrusion detection system for detecting malicious sinking behavior. The proposed detection system maximizes the detection accuracy by using cross-layer features to define a routing behavior. For learning and adaptation to new attack scenarios and network environments, two machine learning techniques are utilized. Support Vector Machines (SVMs) and Fisher Discriminant Analysis (FDA) are used together to exploit the better accuracy of SVM and faster speed of FDA. Instead of using all cross-layer features, features from MAC layer are associated/correlated with features from other layers, thereby reducing the feature set without reducing the information content. Various experiments are conducted with varying network conditions and malicious node behavior. The effects of factors such as mobility, traffic density, and the packet drop ratios of the malicious nodes are analyzed. Experiments based on simulation show that the proposed cross-layer approach aided by a combination of SVM and FDA performs significantly better than other existing approaches.

[1] P. Brutch and C. Ko, "Challenges in Intrusion Detection for Wireless Ad-Hoc Networks," Proc. 2003 Symp. Applications and the Internet Workshops, 2003.
[2] C.J.C. Burges, "A Tutorial on Support Vector Machines for Pattern Recognition," Data Mining and Knowledge Discovery, vol. 2, no. 2, pp. 121-167, 1998.
[3] A. Mishra, K. Nadkarni, and A. Patcha, "Intrusion Detection in Wireless Ad Hoc Networks," IEEE Wireless Comm., vol. 11, no. 1, pp. 48-60, Feb. 2004.
[4] Y.A. Huang and W. Lee, "Attack Analysis and Detection for Ad Hoc Routing Protocols," Proc. Symp. Recent Advances in Intrusion Detection, pp. 125-145, 2004.
[5] M. Little, "TEALab: A Testbed for Ad Hoc Networking Security Research," Proc. IEEE Military Comm. Conf. 2005 (MILCOM '05), 2005.
[6] P. Papadimitratos and Z. Haas, "Secure Routing for Mobile Ad Hoc Networks," Proc. SCS Comm. Networks and Distributed Systems Modeling and Simulation Conf. (CNDS '02), 2002.
[7] G. Thamilarasu et al., "A Cross-Layer Based Intrusion Detection Approach for Wireless Ad Hoc Networks," Proc. IEEE Int'l Conf. Mobile Adhoc and Sensor Systems 2005, 2005.
[8] F. Anjum and P. Mouchtaris, Security for Wireless Ad Hoc Networks. Wiley, 2007.
[9] Y. Liu, Y. Li, and H. Man, "Short Paper: A Distributed Cross-Layer Intrusion Detection System for Ad Hoc Networks," Proc. First Int'l Conf. Security and Privacy for Emerging Areas in Comm. Networks 2005 (SecureComm '05), 2005.
[10] H. Deng, Q.-A. Zeng, and D.P. Agrawal, "SVM-Based Intrusion Detection System for Wireless Ad Hoc Networks," Proc. IEEE 58th Vehicular Technology Conf. 2003 (VTC '03-Fall), vol. 3, pp. 2147-2151, 2003.
[11] Y. Liu, Y. Li, and H. Man, "MAC Layer Anomaly Detection in Ad Hoc Networks," Proc. Sixth Ann. IEEE Systems, Man and Cybernetics (SMC) Information Assurance Workshop, 2005.
[12] P. Ning and K. Sun, "How to Misuse AODV: A Case Study of Insider Attacks Against Mobile Ad-Hoc Routing Protocols," Ad Hoc Networks, vol. 3, no. 6, pp. 795-819, 2005.
[13] R.O. Duda, P.E. Hart, and D.G. Stork, Pattern Classification, second ed. Wiley Inter-Science Publication, 2000.
[14] V.N. Vapnik, Statistical Learning Theory. Wiley, 1998.
[15] P.-W. Yau and C.J. Mitchell, "Security Vulnerabilities in Ad Hoc Networks," Proc. Seventh Int'l Symp. Comm. Theory and Applications (ISCTA '03), 2003.
[16] M. Bykova, S. Ostermann, and B. Tjaden, "Detecting Network Intrusions via a Statistical Analysis of Network Packet Characteristics," Proc. 33rd Southeastern Symp. System Theory, 2001.
[17] K. Nadkarni and A. Mishra, "Intrusion Detection in MANETS— the Second Wall of Defense," Proc. 29th Ann. Conf. IEEE Industrial Electronics Soc. (IECON '03), 2003.
[18] C. Nello and S.-T. John, An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods. Cambridge Univ. Press, 2000.
[19] R. Hixon and M. Gruenbacher, "Evaluation of the Fisher Discriminant and Chi-Square Distance Metric in Network Intrusion Detection," Proc. Region 5 Conf.: Ann. Technical and Leadership Workshop 2004, pp. 119-124, 2004.
[20] Y.G. Zhang, W.K. Lee, and Y.A. Huang, "Intrusion Detection Techniques for Mobile Wireless Networks," Wireless Networks, vol. 9, no. 5, pp. 545-556, 2003.
[21] M. Wang et al., "An Effective Intrusion Detection Approach for OLSR MANET Protocol," Proc. First IEEE ICNP Workshop Secure Network Protocols (NPSec), 2005.
[22] T. Qing, W. Gao-wei, and W. Jue, "The Theoretical Analysis of FDA and Applications," Pattern Recognition, vol. 39, no. 6, pp. 1199-1204, 2006.
[23] L. Pavel et al., "Incremental Support Vector Learning: Analysis, Implementation and Applications," J. Machine Learning Research, vol. 7, pp. 1909-1936, 2006.
[24] Qualnet Version 9, Scalable-Networks, Inc., 2005.
[25] C.-C. Chang and C.-J. Lin, LIBSVM: A Library for Support Vector Machines, 2001.
[26], 2009.
[27] J.F.C. Joseph et al., "CRADS: Integrated Cross Layer Approach for Detecting Routing Attacks in MANETs," Proc. Wireless Networking and Comm. Conf. (WCNC), 2008.
[28] T. Clausen and P. Jacquet, "Optimized Link State Routing Protocol," RFC 3626, The Internet Society, Oct. 2003.

Index Terms:
Cross-layer design, routing attacks, ad hoc networks, intrusion detection, sinking.
John Felix Charles Joseph, Bu-Sung Lee, Amitabha Das, Boon-Chong Seet, "Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA," IEEE Transactions on Dependable and Secure Computing, vol. 8, no. 2, pp. 233-245, March-April 2011, doi:10.1109/TDSC.2009.48
Usage of this product signifies your acceptance of the Terms of Use.