Issue No. 02 - March/April (2011 vol. 8)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TDSC.2009.48
John Felix Charles Joseph , Nanyang Technological University, Singapore
Bu-Sung Lee , Nanyang Technological University, Singapore
Amitabha Das , Infosys Technologies Ltd., Bangalore
Boon-Chong Seet , Auckland University of Technology, Auckland
The uniqueness of security vulnerabilities in ad hoc networks has given rise to the need for designing novel intrusion detection algorithms, different from those present in conventional networks. In this work, we propose an autonomous host-based intrusion detection system for detecting malicious sinking behavior. The proposed detection system maximizes the detection accuracy by using cross-layer features to define a routing behavior. For learning and adaptation to new attack scenarios and network environments, two machine learning techniques are utilized. Support Vector Machines (SVMs) and Fisher Discriminant Analysis (FDA) are used together to exploit the better accuracy of SVM and faster speed of FDA. Instead of using all cross-layer features, features from MAC layer are associated/correlated with features from other layers, thereby reducing the feature set without reducing the information content. Various experiments are conducted with varying network conditions and malicious node behavior. The effects of factors such as mobility, traffic density, and the packet drop ratios of the malicious nodes are analyzed. Experiments based on simulation show that the proposed cross-layer approach aided by a combination of SVM and FDA performs significantly better than other existing approaches.
Cross-layer design, routing attacks, ad hoc networks, intrusion detection, sinking.
A. Das, J. F. Joseph, B. Lee and B. Seet, "Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA," in IEEE Transactions on Dependable and Secure Computing, vol. 8, no. , pp. 233-245, 2009.