A framework for intrusion detection systems by social network analysis methods in ad hoc networks

Wei Wang, Hong Man, Yu Liu

Research output: Contribution to journalArticlepeer-review

20 Scopus citations

Abstract

Social network analysis (SNA), originally introduced to provide a mathematical framework for analyzing human interactions and economic relationships, has recently been successfully applied to characterizing information propagation in wireless networks. In this paper, we introduce a SNA method as a new approach to build an intrusion detection system (SN-IDS) in mobile ad hoc networks. The SN-IDS utilizes social relations as metrics-of-interest for anomaly detections, which is different from most traditional IDS approaches. The social system can capture and represent similar network statistics as those used in data mining based IDSs. To construct proper social networks, we first investigate ad hoc MAC and network layer data attributes and select relevant social feature sets; then we build up a set of socio-matrices based on these features. Social analysis methods are applied to these matrices to detect suspicious activities and behaviors of mobile nodes. The detection results can be based on single or multi-relation rules. Finally, we analyze the performance of this SN-IDS under different simulated mobility conditions and traffic patterns. NS-2 simulation results show that this SN-IDS system can effectively detect common attacks with high detection rates and low false alarm rates. Furthermore, it has clear advantages over the conventional association rule based data mining IDS in terms of computation and system complexity.

Original languageEnglish
Pages (from-to)669-685
Number of pages17
JournalSecurity and Communication Networks
Volume2
Issue number6
DOIs
StatePublished - 2009

Keywords

  • Ad hoc networks
  • Intrusion detection system
  • Network security
  • Social network analysis

Fingerprint

Dive into the research topics of 'A framework for intrusion detection systems by social network analysis methods in ad hoc networks'. Together they form a unique fingerprint.

Cite this