TY - JOUR
T1 - A framework for intrusion detection systems by social network analysis methods in ad hoc networks
AU - Wang, Wei
AU - Man, Hong
AU - Liu, Yu
PY - 2009
Y1 - 2009
N2 - Social network analysis (SNA), originally introduced to provide a mathematical framework for analyzing human interactions and economic relationships, has recently been successfully applied to characterizing information propagation in wireless networks. In this paper, we introduce a SNA method as a new approach to build an intrusion detection system (SN-IDS) in mobile ad hoc networks. The SN-IDS utilizes social relations as metrics-of-interest for anomaly detections, which is different from most traditional IDS approaches. The social system can capture and represent similar network statistics as those used in data mining based IDSs. To construct proper social networks, we first investigate ad hoc MAC and network layer data attributes and select relevant social feature sets; then we build up a set of socio-matrices based on these features. Social analysis methods are applied to these matrices to detect suspicious activities and behaviors of mobile nodes. The detection results can be based on single or multi-relation rules. Finally, we analyze the performance of this SN-IDS under different simulated mobility conditions and traffic patterns. NS-2 simulation results show that this SN-IDS system can effectively detect common attacks with high detection rates and low false alarm rates. Furthermore, it has clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.
AB - Social network analysis (SNA), originally introduced to provide a mathematical framework for analyzing human interactions and economic relationships, has recently been successfully applied to characterizing information propagation in wireless networks. In this paper, we introduce a SNA method as a new approach to build an intrusion detection system (SN-IDS) in mobile ad hoc networks. The SN-IDS utilizes social relations as metrics-of-interest for anomaly detections, which is different from most traditional IDS approaches. The social system can capture and represent similar network statistics as those used in data mining based IDSs. To construct proper social networks, we first investigate ad hoc MAC and network layer data attributes and select relevant social feature sets; then we build up a set of socio-matrices based on these features. Social analysis methods are applied to these matrices to detect suspicious activities and behaviors of mobile nodes. The detection results can be based on single or multi-relation rules. Finally, we analyze the performance of this SN-IDS under different simulated mobility conditions and traffic patterns. NS-2 simulation results show that this SN-IDS system can effectively detect common attacks with high detection rates and low false alarm rates. Furthermore, it has clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.
KW - Ad hoc networks
KW - Intrusion detection system
KW - Network security
KW - Social network analysis
UR - http://www.scopus.com/inward/record.url?scp=74849136546&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74849136546&partnerID=8YFLogxK
U2 - 10.1002/sec.108
DO - 10.1002/sec.108
M3 - Article
AN - SCOPUS:74849136546
SN - 1939-0114
VL - 2
SP - 669
EP - 685
JO - Security and Communication Networks
JF - Security and Communication Networks
IS - 6
ER -