Skip to Main Content
Mobile ad hoc networks (MANETs) are multi-hop wireless networks of autonomous mobile nodes without any fixed infrastructure. In MANETs, it is difficult to detect malicious nodes because the network topology constantly changes due to node mobility. A malicious node can easily inject false routes into the network. A traditional method to detect such malicious nodes is to establish a base profile of normal network behavior and then identify a node's behavior to be anomalous if it deviates from the established profile. As the topology of a MANET constantly changes over time, the simple use of a static base profile is not efficient. In this paper, we propose a clustering-based anomaly detection approach, called DCAD, which allows the profile to be dynamically updated. In the approach, we use the weighted fixed width clustering (WFWC) algorithm in order to establish a normal profile and to detect anomalies. We also use weighted coefficients and a forgetting equation to periodically update the normal profile. We conduct MANET simulations using the NS2 simulator and consider scenarios for detecting several types of routing attacks on AODV protocol. The simulation results show that DCAD can be successfully used for detecting anomalies caused by malicious nodes in AODV-based MANETs.