ARSoS: An Adaptive, Robust, and Sub-Optimal Strategy for Automated Deployment of Anomaly Detection System in MANETs

While a variety of AIDS (anomaly-based intrusion detection system) are claimed to be fully distributed, lightweight, and ready for application, their detection cost are not always neglectable, especially when considering the fact that MANET nodes have scarce resources which usually impels them to avoid any unnecessary action. It is therefore a significant issue to optimally deploy AIDS sensors to achieve a better tradeoff between performance and detection cost. However, this optimization problem is challenging in essence because of the special characteristics of MANETs. In particular, the deployment strategy must be adaptive to capture nodes´ mobility and robust to detection failures resulted from either accidental system error or intentional subversion. In this paper, we propose an adaptive, robust, and sub-optimal strategy, called ARSoS, to tackle this issue. ARSoS treats each AIDS sensor as an independent agent, and then formulates the sensors´ cooperative behavior as a decentralized decision problem. Since each AIDS sensor is only aware of partial information about the other sensors and the neighboring nodes, a reward signal integrating both local observations and global detection measures is introduced to guide the overall cooperation of sensors. An online policy gradient algorithm is then applied to solve the formulated problem. To validate the ARSoS system in terms of adaptability, robustness and optimality, we conducted extensive simulations of an implemented prototype and the obtained results highlight a good performance of the system.