NIS02-5: Constructing an Efficient Mobility Profile of Ad-Hoc Node for Mobility-Pattern-Based Anomaly Detection in MANET

Numerous approaches have been proposed for intrusion detection, especially for anomaly detection, in ad hoc networks. However, little research work has been done in actually implementing such a scheme based on statistical methods. In this paper, we present an efficient anomaly detection algorithm based on a statistical method originated from pattern recognition, which can effectively identify abnormal behavior such as mobility pattern of MANETs. In the proposed algorithm, the mobility pattern of a specific node is characterized by a multi-leaf tree structure, second-level nodes stands for the possible starting points and leaf nodes stand for the destination node of each possible path. Since our algorithm is using statistical method, a normal profile for each node is generated through extensive experiments, where the specific tree generated may have several starting points and ending with several destination points. For each path between any two nodes (parent and children), we can get the distribution of every different mobility pattern. By comparing the mobility patterns with the training data, we can distinguish abnormal nodes from normal behavior nodes in mobile Ad Hoc networks. Simulation results demonstrate that our proposed detection algorithm can achieve good performance in terms of false alarm rate and detection rate for nodes with regular mobility patterns.