By Topic

Multi-Layer Integrated Anomaly Intrusion Detection System for Mobile Adhoc Networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
S. Bose ; Department of Computer Science and Engineering, Anna University, Chennai-600044, India. Email: ; S. Bharathimurugan ; A. Kannan

Most intrusion detection systems for mobile ad hoc networks are focusing on either routing protocols or MAC layer traffic. This paper focuses on the design of a new anomaly detection system for each node of the network, which contains detection subsystem for MAC layer, routing layer and application layer. Audit data taken from MAC level/network level/application level from the traces in Glomosim and are preprocessed separately for each layer's detection subsystem. Feature data sets for each layer are selected from normal transactions. The detection subsystem contains normal profiles obtained from the feature vectors of training data sets. In our work, we used Bayesian classification algorithm, Markov chain construction algorithm and association rule mining algorithm for anomaly detection in MAC layer, routing layer and application layer respectively for effective intrusion detection. Test data obtained from the network traffic is feed in to the detection subsystems. If there is any deviation from normal behavior, it is considered as abnormal or anomaly based on predefined thresholds. Intrusion results from detection subsystems of all the three layers are integrated at local integration module and the final result is sent to the global integration module. Intrusion results are received also from the neighbor nodes and are sent to the global integration module for making a final decision

Published in:

2007 International Conference on Signal Processing, Communications and Networking

Date of Conference:

22-24 Feb. 2007