An Artificial Immune System for Misbehavior Detection in Mobile Ad-Hoc Networks with Virtual Thymus, Clustering, Danger Signal, and Memory Detectors
In mobile ad-hoc networks, nodes act both as terminals and information relays, and they participate in a common routing protocol, such as Dynamic Source Routing (DSR). The networks are vulnerable to routing misbehavior, due to faulty or malicious nodes. Misbehavior detection systems aim at removing this vulnerability. For this purpose, we use an Artificial Immune System (AIS), a system inspired by the human immune system (HIS). Our goal is to build a system that, like its natural counterpart, automatically learns and detects new misbehavior.
In this paper we build on our previous work [1,2] and investigate the use of four concepts: (1) “virtual thymus”, a novel concept, introduced in this paper, that provides a dynamic description of normal behavior in the system; (2) “clustering”, a decision making mechanism for decreasing false positive detections (3) “danger signal”, a concept that is, according to the “danger signal theory” of the human immune system [11,12], crucial for correct final decisions making; in our case, the signal is exchanged among nodes, which makes our detection system distributed; (4) “memory detectors”, used for achieving faster secondary response of the detection system.
We implement our AIS in a network simulator and test it on two types of misbehavior. We analyze the performance and show the effects of the four concepts on the detection capabilities. In summary: thanks to the virtual thymus, the AIS does not require a preliminary learning phase in which misbehavior should be absent; the use of the clustering and the danger signal is useful for achieving low false positives; the use of memory detectors significantly accelerates the secondary response of the system.
KeywordsPacket Loss Danger Signal Malicious Node Route Discovery Human Immune System
Unable to display preview. Download preview PDF.
- 1.Le Boudec, J.Y., Sarafijanovic, S.: An Artificial Immune System Approach to Misbehavior Detection in Mobile Ad-Hoc Networks. In: Proceedings of Bio-ADIT 2004, Lausanne, Switzerland, January 2004, pp. 96–111 (2004)Google Scholar
- 2.Sarafijanovic, S., Le Boudec, J.Y.: An Artificial Immune System Approach with Secondary Response for Misbehavior Detection in Mobile Ad-Hoc Networks. TechReport IC/2003/65, EPFL-DI-ICA, Lausanne, Switzerland (November 2003)Google Scholar
- 3.Hofmeyr, S.A., Forrest, S.: Architecture for an Artificial Immune System. Evolutionary Computation 7(1), 45–68 (2000)Google Scholar
- 4.Somayaji, A., Forrest, S.: Automated Response Using System-Call Delays. In: Proceedings of the 9th USENIX Security Symposium, The USENIX Association, Berkeley, CA (2000)Google Scholar
- 6.Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating routing misbehavior in mobile ad hoc networks. In: Proceedings of MOBICOM 2000, pp. 255–265 (2000)Google Scholar
- 7.Buchegger, S., Le Boudec, J.-Y.: A Robust Reputation System for Mobile ad hoc Networks. Technical Report, IC/2003/50, EPFL-DI-ICA, Lausanne, Switzerland (July 2003)Google Scholar
- 8.Buchegger, S., Le Boudec, J.-Y.: Performance Analysis of the CONFIDANT protocol: Cooperation of nodes - Fairness In Distributed Ad-Hoc Networks. In: Proceedings of MobiHOC, June 2002, IEEE/ACM, Lausanne, CH (2002)Google Scholar
- 9.Buchegger, S., Le Boudec, J.-Y.: The Effect of Rumor Spreading in Reputation Systems for Mobile Ad-hoc Networks. In: Proceedings of WiOpt 2003: Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks, Sophia-Antipolis, France (March 2003)Google Scholar
- 10.Kim, J., Bentley, P.J.: Evaluating Negative Selection in an Artificial Immune System for Network Intrusion Detection. In: Genetic and Evolutionary Computation Conference 2001 (GECCO 2001), San Francisko, July 7-11, pp. 1330–1337 (2001)Google Scholar
- 13.Sompayrac, L.M.: How the Immune SystemWorks, 2nd edn. Blackwell Publishing, Malden (2003)Google Scholar
- 14.Goldsby, R.A., Kindt, T.J., Osborne, B.A., Kuby, J.: Immunology, 5th edn. W. H. Freeman and Company, New York (2003)Google Scholar
- 15.Zeng, X., Bagrodia, R., Gerla, M.: Glomosim:Alibrary for parallel simulation of large scale wireless networks. In: Proceedings of the 12th workshop on Parallel and Distributed Simulations PDAS 1998, in Banff, Alberta, Canada, May 26-29 (1998)Google Scholar
- 16.Simulation code, http://lcawww.epfl.ch/ssarafij/ais-code
- 17.Johnson, D.B., Maltz, D.A.: The dynamic source routing protocol for mobile ad hoc networks. Internet draft, Mobile Ad Hoc Network (MANET) Working Group, IETF (February 2003)Google Scholar
- 18.Iannaccone, G., Chuah, C.-N., Mortier, R., Bhattacharyya, S., Diot, C.: Analysis of Link Failures in an IP Backbone. In: Proceeding of IMW 2002, November 2002, ACM Press, Marseille (2002)Google Scholar
- 19.Le Boudec, J.Y., Sarafijanovic, S.: An Artificial Immune System Approach to Misbehavior Detection in Mobile Ad-Hoc Networks. In: Proceedings of Bio-ADIT 2004, Lausanne, Switzerland, January 2004, pp. 96–111 (2004)Google Scholar