Skip to Main Content
We introduce a social network analysis method as a new approach to build an Intrusion Detection System (SN-IDS) in ad hoc networks. The SN-IDS utilizes social relations as metrics-of-interest for anomaly detections, which is different from most traditional IDS approaches. To construct proper social networks, we first investigate ad hoc MAC and network layer data attributes and select relevant social feature sets; then we build up a set of socio-matrices based on these features. Social analysis methods are applied to these matrices to detect suspicious behaviors of mobile nodes. NS-2 simulation results show that this SN-IDS system can effectively detect common attacks with high detection rates and low false positive alarm rates. Furthermore, it has clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.