NotesFAQContact Us
Search Tips
ERIC Number: ED513684
Record Type: Non-Journal
Publication Date: 2009
Pages: 155
Abstractor: As Provided
Reference Count: 0
ISBN: ISBN-978-1-1095-7329-9
Anomaly Detection Techniques for Ad Hoc Networks
Cai, Chaoli
ProQuest LLC, Ph.D. Dissertation, Western Michigan University
Anomaly detection is an important and indispensable aspect of any computer security mechanism. Ad hoc and mobile networks consist of a number of peer mobile nodes that are capable of communicating with each other absent a fixed infrastructure. Arbitrary node movements and lack of centralized control make them vulnerable to a wide variety of unknown and known attacks from inside as well as from outside. In this dissertation we propose two efficient statistical techniques for anomaly detection for these networks. We present a mobility-pattern-based (MPB) anomaly detection algorithm that can identify abnormal pattern behavior of nodes in mobile networks. MPB characterizes the mobility profile of a node by a Multi-Leaf tree structure in which each node corresponds to a possible destination cluster. Through data mining and fuzzy logic techniques, a normal mobility profile is generated during the training process, and abnormal patterns are distinguished from the normal during testing. Statistical simulations demonstrate that proposed MPB algorithm achieves reasonably low false alarm rates (FAR) and sufficiently high detection rates (DR). In order to take into account incomplete testing samples and the interaction among multiple features, we present BANBAD--a technique using Belief Networks and Bayesian inference. BANBAD identifies abnormal behavior in any feature, e.g., inappropriate energy consumption of a node in the network. By applying structure learning techniques to the training dataset, it extracts the dependencies among relevant features and represents them by a directed acyclic graph. Probability distributions are associated with the nodes (i.e., features) and edges of the graph. BANBAD maintains this belief network as a dynamic, updated normal profile of feature behaviors and then uses a specific Bayesian inference algorithm to detect abnormal behavior in testing data. Our technique works especially well in ad hoc networks but is applicable to other networks including wireless and sensor networks. The proposed method bounds FAR at a predefined threshold and maximizes DR. Experimental results demonstrate excellent performance for synthetic as well as real datasets. The real datasets are taken from Intel Lab Data (lab environment monitored by the sensors) and UMASS Trace Repository (users' laptop usage). [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A