Wireless Networks

, Volume 16, Issue 8, pp 2221–2236 | Cite as

RADAR: A reputation-driven anomaly detection system for wireless mesh networks

  • Zonghua Zhang
  • Pin-Han HoEmail author
  • Farid Naït-Abdesselam


As one of the backup measures of intrusion prevention techniques, intrusion detection plays a paramount role in the second defense line of computer networks. Intrusion detection in wireless mesh networks (WMNs) is especially challenging and requires particular design concerns due to their special infrastructure and communication mode. In this paper, we propose a novel anomaly detection system, termed RADAR, to detect and handle anomalous mesh nodes in wireless mesh networks. Specifically, reputation is introduced to characterize and quantify a node’s behavior in terms of fine-grained performance metrics of interest. The dual-core detection engine of RADAR then explores spatio-temporal property of such behavior to manifest the deviation between that of normal and anomalous nodes. Although the current RADAR prototype is only implemented with routing protocols, the design architecture allows it to be easily extended to cross-layer anomaly detection where anomalous events occur at different layers and can be resulted by either intentional intrusion or accidental network failure. The simulation results demonstrate that RADAR can achieve high detection accuracy, low computational complexity, and low false positive rate.


Wireless mesh networks Reputation management Network security Anomaly detection 


  1. 1.
    Akyildiz, I. F., & Wang, X. (2005). Wireless mesh networks: A survey. Computer Networks, 47, 445–487.zbMATHCrossRefGoogle Scholar
  2. 2.
    Baras, J. S., Radosavac, S., et al. (2007). Intrusion detection system resiliency to byzantine attacks: The case study of wormholes in OLSR. In Proceedings of MILCOM2007.Google Scholar
  3. 3.
    Buchegger, S., & Le Boudec, J.-Y. (2009). Self-policing mobile Ad-Hoc networks by reputation systems. IEEE Communications Magazine, 43(7), 101–107.CrossRefGoogle Scholar
  4. 4.
    Buchegger, S., & Le Boudec, J.-Y. (2002). Performance analysis of the CONFIDANT protocol. In Proceedings of 3rd ACM MobiHoc’02 (pp. 226–236). Lausanne, Switzerland, June 2002.Google Scholar
  5. 5.
    Chartrand, G., Kubicki, G., & Schultz, M. (1998). Graph similarity and distance in graphs. Aequationes Mathematicae, 55(12), 129–145.zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Du, Q., Emelianenko, M., & Ju, L. (2006). Convergence of the Lloyd algorithm for computing centroidal Voronoi tessellations. SIAM Journal of Numerical Analysis, 44, 102–119.zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Forrest, S., Hofmeyr, S. A., & Longstaff, T. A. (1996). A sense of self for UNIX processes. In Proceedings of IEEE Symposium on Security and Privacy (S&P’96) (pp. 120–128). Oakland, USA.Google Scholar
  8. 8.
    Gersho, A., & Gray, R. (1992). Vector quantization and signal compression. Norwell, MA: Kluwer Academic Publisers.zbMATHGoogle Scholar
  9. 9.
    He, Q., Wu, D., & Khosla, P. (2004). SORI: A secure and objective reputation-based incentive scheme for ad hoc networks. In Proceedings of IEEE WCNC’04 (pp. 825–830). Atlanta, USA, Mar.Google Scholar
  10. 10.
    Hu, Y., Johnson, D., & Maltz, D. (2003). The dynamic source routing protocol for mobile ad hoc networks (dsr)., Apr. 2003.
  11. 11.
    Huang, Y., & Lee, W. (2003). A cooperative intrusion detection system for ad hoc networks. In Proceedings of the ACM Workshop On Security in Ad Hoc and Sensor Networks, Fairfax, Virginia, Oct., 2003.Google Scholar
  12. 12.
    Marti, S., Giuli, T. J., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of 6th ACM MobiCom’00. (pp. 255–265). Boston, USA, Aug., 2000.Google Scholar
  13. 13.
    Marti, S., & Molina, H. G. (2006). Taxonomy of trust: Categorizing P2P reputation systems. Computer Networks, 50, 472–484.zbMATHCrossRefGoogle Scholar
  14. 14.
    McHugh, J. (2001). Intrusion and intrusion detection. IInternational Journal of Information Security, 1(1), 14–35.zbMATHGoogle Scholar
  15. 15.
    Michiardi, P., & Molva, R. (2002). CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In Proceedings of the 6th IFIP Conference on Security Communications, and Multimedia (pp. 107–121). Portoroz, Slovenia, Sept., 2002.Google Scholar
  16. 16.
    Mishra, A., Nadkarni, K., & Patcha, A. (2004). Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications, 11, 48–60.Google Scholar
  17. 17.
    Salem, B., & Hubaux, J.-P. (2006) Securing wireless mesh networks. IEEE Magaine on communication, pp. 50–55, Apr., 2006.Google Scholar
  18. 18.
    So, J., & Vaidya, N. (2004) Multi-channel MAC for ad hoc networks: Handling multi-channel hidden terminals using a single transceiver. In Proceedings of the 5th ACM MobiHoc’04 (pp. 222–233). May, 2004.Google Scholar
  19. 19.
    Sundaresan, K. Sivakumar, R., Ingram, M. A. & Chang, T.-Y. (2004). A fair medium access control protocol for ad hoc networks with MIMO links. In Proceedings of INFOCOM (pp. 2559–2570). Mar., 2004.Google Scholar
  20. 20.
    Tan, K. M. C., & Maxion, R. A. (2002). Why 6? Defining the operational limits of stide, an anomaly-based intrusion detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P’02), May, 2002.Google Scholar
  21. 21.
    Tseng, C. H., Wang, S. -H., Ko, C. & Levitt, K. (2006). DEMEM: Distributed evidence-driven message exchange intrusion detection model for MANET. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006) (pp. 249–271). Sept., 2006.Google Scholar
  22. 22.
    Kamvar, S. D., Schlosser, M. T., & Molina, H. G. (2003). The EigenTrust algorithm for reputation management in P2P Networks. In Proceedings of the 12th International conference on World Wide Web (WWW’03). May, 2003.Google Scholar
  23. 23.
    Kodialam, M., & Nandagopal, T. (2005). Characterizing the capacity region in multi-radio multi-channel wireless mesh networks. In Proceedings of the 11th ACM MobiCom (pp. 73–87). Aug., 2005.Google Scholar
  24. 24.
    The Qualnet simulator from Scalable Networks Inc.
  25. 25.
    Qiu, L. Bahl, P., Rao, A., & Zhou, L. (2006). Troubleshooting wireless mesh networks. ACM SIGCOMM Computer Communication Review, 36(5), 17–28.CrossRefGoogle Scholar
  26. 26.
    Zhang, Y., Lee, W., & Huang, Y. (2003). Intrusion detection techniques for mobile wireless networks. ACM Wireless Networks Journal, 9(5), 545–556.CrossRefGoogle Scholar
  27. 27.
    Zhang, Z., Shen, H., & Sang, Y. (2007). An observation-centric analysis on the modeling of anomaly-based intrusion detection. International Journal of Network Security, 4(3), 292–305Google Scholar
  28. 28.
    Zhang, Z., Ho, P-.H., & Naït-Abdesselam, F. (2009). On achieving cost-sensitive anomaly detection and response in mobile Ad Hoc networks, In Proceedings of IEEE International Conference on Communications (ICC’09), June 2009.Google Scholar
  29. 29.
    Zhou, L., & Hass, Z. (1999). Securing ad hoc networks. IEEE Network Magazine Special issue on network security, 13(6), 24–30.Google Scholar
  30. 30.
    Zouridaki, C., Mark, B. L., Hejmo, M., & Thomas R. K. (2007). Hermes a quantitative trust establishment framework for reliable data packet delivery in MANETs. Journal of Computer Security, 15(1), 3–38.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Zonghua Zhang
    • 1
  • Pin-Han Ho
    • 2
    Email author
  • Farid Naït-Abdesselam
    • 3
  1. 1.Institut Telecom/TELECOMLille 1France
  2. 2.ECE DepartmentUniversity of WaterlooWaterlooCanada
  3. 3.University of Sciences and Technologies of LilleLilleFrance

Personalised recommendations