On the Anomaly Intrusion-Detection in Mobile Ad Hoc Network Environments

  • Ricardo Puttini
  • Maíra Hanashiro
  • Fábio Miziara
  • Rafael de Sousa
  • L. Javier García-Villalba
  • C. J. Barenco
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4217)


Manet security has a lot of open issues. Due to its characteristics, this kind of network needs preventive and corrective protection. In this paper, we focus on corrective protection proposing an anomaly IDS model for Manet. The design and development of the IDS are considered in our 3 main stages: normal behavior construction, anomaly detection and model update. A parametrical mixture model is used for behavior modeling from reference data. The associated Bayesian classification leads to the detection algorithm. MIB variables are used to provide IDS needed information. Experiments of DoS and scanner attacks validating the model are presented as well.


Gaussian Mixture Model Intrusion Detection Anomaly Detection Intrusion Detection System Bayesian Classification 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Yang, H., Luo, H., Fan, Y., Lu, S., Zhang, L.: Security in Mobile Ad Hoc Networks: Challenges and Solutions. In: IEEE Wireless Communications, February 2004, pp. 2–11 (2004)Google Scholar
  2. 2.
    Puttini, R., de Sousa, R., Me, L.: Preventive and Corrective Protection for Mobile Ad Hoc Network Routing Protocols. In: Proceedings of 1st International Conference on Wireless On-demand Network Systems in Lecture Notes on Computer Science. Springer, Heidelberg (2004)Google Scholar
  3. 3.
    Puttini, R., Marrakchi, Z., Mé, L.: Bayesian Classification Model for Real-Time Intrusion Detection. In: 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering (MAXENT 2002) (August 2002)Google Scholar
  4. 4.
    Zhang, Y., Lee, W.: Intrusion detection in wireless ad hoc networks. In: Proceedings of 6th ACM Annual International Conference on Mobile Computing and Networking (MOBICOM 2000), pp. 275–283. ACM Press, New York (2000)CrossRefGoogle Scholar
  5. 5.
    Mittal, V., Vigna, G.: Sensor-based intrusion detection for intra-domain distance-vector routing. In: Sandhu, R. (ed.) Proceedings of the ACM Conference on Computer and Communication Security (CCS 2002). ACM Press, Washington (2002)Google Scholar
  6. 6.
    Puttini, R., Percher, J.M., Me, L., de Sousa, R.: A Fully Distributed IDS for Manet. In: Proceedings of 9th IEEE International Symposium on Computers Communications (2004)Google Scholar
  7. 7.
    Vigna, G., Gwalani, S., Srinivasan, K., Royer, E., Kemmerer, R.: A Intrusion detection tool for AODV-based ad hoc wireless network. In: Yew, P.-C., Xue, J. (eds.) ACSAC 2004. LNCS, vol. 3189. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Yang, H., Meng, X., Lu, S.: Self-Organized Network Layer Security in Mobile Ad Hoc Networks. In: The Proceedings of ACM Workshop on Wireless Security – 2002 (WiSe 2002), in conjunction with the ACM MOBICO 2002 (September 2002)Google Scholar
  9. 9.
    Huang, Y., Fan, W., Lee, W., Yu, P.: Cross-feature analysis for detecting ad-hoc routing anomalies. In: The 23rd International Conference on Distributed Computing Systems (May 2003)Google Scholar
  10. 10.
    Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., Levitt, K.: A specification-based intrusion detection system for AODV. In: ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN 2003) (October 2003)Google Scholar
  11. 11.
    Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating routing misbehaviour in mobile ad hoc networks. In: Proceedings of the Sixth Annual International Conference on Mobile Computing and Networking, Boston, MA (August 2000)Google Scholar
  12. 12.
    McLachlan, G.J., Peel, D., Basford, K.E., Adams, P.: The EMMIX Software for the Fitting of Mixtures of Normal and t –Components. Journal of Statistical Software 04 (1999)Google Scholar
  13. 13.
    Dempster, A.P., Laird, N.M., Rubin, D.B.: Journal of the Royal Statistical Society B, 39, pp. 1–38 (1977)Google Scholar
  14. 14.
    Roberts, S.J., Everson, R., Rezek, I.: Pattern Recognition, 33, pp. 833–839 (1999)Google Scholar
  15. 15.
    Johnson, R.A., Wichern, D.A., Wichern, D.W.: Applied Multivariate Statistical Analysis, 4th edn. Prentice-Hall, Englewood Cliffs (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ricardo Puttini
    • 1
  • Maíra Hanashiro
    • 1
  • Fábio Miziara
    • 1
  • Rafael de Sousa
    • 1
  • L. Javier García-Villalba
    • 2
  • C. J. Barenco
    • 3
  1. 1.Faculdade de Tecnologia, Depto. de Engenharia Eléctrica, Laboratório de RedesUniversidade de Brasília (UnB)BrasíliaBrazil
  2. 2.Grupo de Análisis, Seguridad y Sistemas (GASS), Departamento de Sistemas Informáticos y Programación (DSIP), Facultad de Informática, Despacho 431Universidad Complutense de Madrid (UCM)MadridSpain
  3. 3.Departamento de Computación y Tecnología de la InformaciónUniversidad Simón Bolívar (USB)CaracasVenezuela

Personalised recommendations