TY - GEN
T1 - MAC layer anomaly detection in ad hoc networks
AU - Lui, Yu
AU - Li, Yang
AU - Man, Hong
PY - 2005
Y1 - 2005
N2 - It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on tke network layer. In general, these techniques have difficulty to localize attack source, and can not respond to attacks promptly. In this paper, we investigate the use of MAC layer traffic data to characterize normal behaviors in the neighborhood of a mobile node, and to detect misbehaving nodes through MAC layer anomalies. In particular, we evaluate and select a set of features from MAC layer to profile normal behaviors of mobile nodes, and then we apply cross-feature analysis on feature vectors constructed from training data according to the proposed feature set. We are able to reliably detect MAC layer anomalies, some of which may be in fact caused by misbehavior of network layer, since most routing attacks directly impact MAC layer operations. We validate our work through ns-2 simulations. Experimental results show the effectiveness of our method.
AB - It is evident that traditional end-to-end intrusion detection mechanisms developed on wireless local area networks (WLANs) and wired networks are no longer sufficient for breach investigation in ad hoc networks. Most existing intrusion detection techniques for ad hoc networks are proposed on tke network layer. In general, these techniques have difficulty to localize attack source, and can not respond to attacks promptly. In this paper, we investigate the use of MAC layer traffic data to characterize normal behaviors in the neighborhood of a mobile node, and to detect misbehaving nodes through MAC layer anomalies. In particular, we evaluate and select a set of features from MAC layer to profile normal behaviors of mobile nodes, and then we apply cross-feature analysis on feature vectors constructed from training data according to the proposed feature set. We are able to reliably detect MAC layer anomalies, some of which may be in fact caused by misbehavior of network layer, since most routing attacks directly impact MAC layer operations. We validate our work through ns-2 simulations. Experimental results show the effectiveness of our method.
KW - Ad hoc network
KW - Anomaly detection
KW - Cross-feature analysis
KW - MAC layer anomaly
UR - http://www.scopus.com/inward/record.url?scp=33745457611&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745457611&partnerID=8YFLogxK
U2 - 10.1109/IAW.2005.1495980
DO - 10.1109/IAW.2005.1495980
M3 - Conference contribution
AN - SCOPUS:33745457611
SN - 0780392906
SN - 9780780392908
T3 - Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
SP - 402
EP - 409
BT - Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
T2 - 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Y2 - 15 June 2005 through 17 June 2005
ER -