Anomaly Detection and Mitigation for Disaster Area Networks

  • Jordi Cucurull
  • Mikael Asplund
  • Simin Nadjm-Tehrani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6307)


One of the most challenging applications of wireless networking are in disaster area networks where lack of infrastructure, limited energy resources, need for common operational picture and thereby reliable dissemination are prevalent. In this paper we address anomaly detection in intermittently connected mobile ad hoc networks in which there is little or no knowledge about the actors on the scene, and opportunistic contacts together with a store-and-forward mechanism are used to overcome temporary partitions. The approach uses a statistical method for detecting anomalies when running a manycast protocol for dissemination of important messages to k receivers. Simulation of the random walk gossip (RWG) protocol combined with detection and mitigation mechanisms is used to illustrate that resilience can be built into a network in a fully distributed and attack-agnostic manner, at a modest cost in terms of drop in delivery ratio and additional transmissions. The approach is evaluated with attacks by adversaries that behave in a similar manner to fair nodes when invoking protocol actions.


Intrusion Detection Delivery Ratio Anomaly Detection Disaster Area Optimise Link State Routing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Denning, P.J.: Hastily formed networks. Communications of the ACM 49(4), 15–20 (2006)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Steckler, B., Bradford, B.L., Urrea, S.: Hastily formed networks for complex humanitarian disasters after action report and lessons learned from the naval postgraduate school’s response to hurricane katrina. Technical Report, Naval Postgraduate School (2005)Google Scholar
  3. 3.
    Asplund, M., Nadjm-Tehrani, S.: A partition-tolerant manycast algorithm for disaster area networks. In: IEEE Symposium on Reliable Distributed Systems, pp. 156–165 (2009)Google Scholar
  4. 4.
    Aschenbruck, N., Gerhards-Padilla, E., Gerharz, M., Frank, M., Martini, P.: Modelling mobility in disaster area scenarios. In: MSWiM 2007: Proceedings of the 10th ACM Symposium on Modeling, Analysis, and Simulation of Wireless and Mobile Systems, pp. 4–12. ACM, New York (2007)CrossRefGoogle Scholar
  5. 5.
    Ye, N., Chen, Q.: An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Quality and Reliability Engineering International 17(2), 105–112 (2001)CrossRefMathSciNetGoogle Scholar
  6. 6.
    Yang, H., Luo, H., Ye, F., Lu, S., Zhang, L.: Security in mobile ad hoc networks: challenges and solutions. IEEE Wireless Communications 11(1), 38–47 (2004)CrossRefGoogle Scholar
  7. 7.
    Prasithsangaree, P., Krishnamurthy, P.: On a framework for energy-efficient security protocols in wireless networks. Computer Communications 27(17), 1716–1729 (2004)CrossRefGoogle Scholar
  8. 8.
    Farrell, S., Cahill, V.: Security considerations in space and delay tolerant networks. In: Second IEEE International Conference on Space Mission Challenges for Information Technology, Washington, DC, USA, pp. 29–38. IEEE, Los Alamitos (2006)CrossRefGoogle Scholar
  9. 9.
    Liu, Y., Li, Y., Man, H., Jiang, W.: A hybrid data mining anomaly detection technique in ad hoc networks. International Journal of Wireless and Mobile Computing 2(1), 37–46 (2007)CrossRefGoogle Scholar
  10. 10.
    García-Teodoro, P., Díaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: Techniques, systems and challenges. Computers & Security 28(1-2), 18–28 (2009)CrossRefGoogle Scholar
  11. 11.
    Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., Kato, N.: A dynamic anomaly detection scheme for AODV-based mobile ad hoc networks. IEEE Transactions on Vehicular Technology 58(5), 2471–2481 (2009)CrossRefGoogle Scholar
  12. 12.
    Cabrera, J.B., Gutirrez, C., Mehra, R.K.: Ensemble methods for anomaly detection and distributed intrusion detection in mobile ad-hoc networks. Information Fusion 9(1), 96–119 (2008)CrossRefGoogle Scholar
  13. 13.
    Chuah, M., Yang, P., Han, J.: A ferry-based intrusion detection scheme for sparsely connected ad hoc networks. In: Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, pp. 1–8. IEEE, Los Alamitos (2007)CrossRefGoogle Scholar
  14. 14.
    Scalavino, E., Russello, G., Ball, R., Gowadia, V., Lupu, E.C.: An opportunistic authority evaluation scheme for data security in crisis management scenarios. In: ASIACCS 2010: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 157–168. ACM, New York (2010)CrossRefGoogle Scholar
  15. 15.
    Thamilarasu, G., Balasubramanian, A., Mishra, S., Sridhar, R.: A cross-layer based intrusion detection approach for wireless ad hoc networks. In: IEEE International Conference on Mobile Adhoc and Sensor Systems Conference, pp. 854–861. IEEE, Los Alamitos (2005)Google Scholar
  16. 16.
    Sun, B., Wu, K., Pooch, U.W.: Zone-based intrusion detection for ad hoc networks. International Journal of Ad Hoc & Sensor Wireless Networks. Old City Publishing (2004)Google Scholar
  17. 17.
    Tseng, C.H., Wang, S.H., Ko, C., Levitt, K.: DEMEM: Distributed evidence-driven message exchange intrusion detection model for MANET. In: Zamboni, D., Krügel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 249–271. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    Huang, Y.a., Lee, W.: A cooperative intrusion detection system for ad hoc networks. In: SASN 2003: Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, pp. 135–147. ACM, New York (2003)CrossRefGoogle Scholar
  19. 19.
    Deodhar, A., Gujarathi, R.: A cluster based intrusion detection system for mobile ad hoc networks. Technical Report, Virginia Polytechnic Institute & State UniversityGoogle Scholar
  20. 20.
    Wang, S.H., Tseng, C.H., Levitt, K., Bishop, M.: Cost-sensitive intrusion responses for mobile ad hoc networks. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 127–145. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  21. 21.
    Moore, D.S., Cabe, G.P.M.: Introduction to the practice of statistics, 5th edn. W. H. Freeman, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jordi Cucurull
    • 1
  • Mikael Asplund
    • 1
  • Simin Nadjm-Tehrani
    • 1
  1. 1.Department of Computer and Information ScienceLinköping UniversityLinköpingSweden

Personalised recommendations