Skip to main content
SpringerLink
Log in

RADAR: A reputation-driven anomaly detection system for wireless mesh networks

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

As one of the backup measures of intrusion prevention techniques, intrusion detection plays a paramount role in the second defense line of computer networks. Intrusion detection in wireless mesh networks (WMNs) is especially challenging and requires particular design concerns due to their special infrastructure and communication mode. In this paper, we propose a novel anomaly detection system, termed RADAR, to detect and handle anomalous mesh nodes in wireless mesh networks. Specifically, reputation is introduced to characterize and quantify a node’s behavior in terms of fine-grained performance metrics of interest. The dual-core detection engine of RADAR then explores spatio-temporal property of such behavior to manifest the deviation between that of normal and anomalous nodes. Although the current RADAR prototype is only implemented with routing protocols, the design architecture allows it to be easily extended to cross-layer anomaly detection where anomalous events occur at different layers and can be resulted by either intentional intrusion or accidental network failure. The simulation results demonstrate that RADAR can achieve high detection accuracy, low computational complexity, and low false positive rate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

Notes

  1. The notion of transitive value in WMNs holds true since a node i will have a high opinion of a neighbor which has forwarded most of its packets.

  2. RADAR is an acronym denoting ReputAtion-based system for Detecting Anomalous nodes in wiReless mesh networks.

References

  1. Akyildiz, I. F., & Wang, X. (2005). Wireless mesh networks: A survey. Computer Networks, 47, 445–487.

    Article  MATH  Google Scholar 

  2. Baras, J. S., Radosavac, S., et al. (2007). Intrusion detection system resiliency to byzantine attacks: The case study of wormholes in OLSR. In Proceedings of MILCOM2007.

  3. Buchegger, S., & Le Boudec, J.-Y. (2009). Self-policing mobile Ad-Hoc networks by reputation systems. IEEE Communications Magazine, 43(7), 101–107.

    Article  Google Scholar 

  4. Buchegger, S., & Le Boudec, J.-Y. (2002). Performance analysis of the CONFIDANT protocol. In Proceedings of 3rd ACM MobiHoc’02 (pp. 226–236). Lausanne, Switzerland, June 2002.

  5. Chartrand, G., Kubicki, G., & Schultz, M. (1998). Graph similarity and distance in graphs. Aequationes Mathematicae, 55(12), 129–145.

    Article  MATH  MathSciNet  Google Scholar 

  6. Du, Q., Emelianenko, M., & Ju, L. (2006). Convergence of the Lloyd algorithm for computing centroidal Voronoi tessellations. SIAM Journal of Numerical Analysis, 44, 102–119.

    Article  MATH  MathSciNet  Google Scholar 

  7. Forrest, S., Hofmeyr, S. A., & Longstaff, T. A. (1996). A sense of self for UNIX processes. In Proceedings of IEEE Symposium on Security and Privacy (S&P’96) (pp. 120–128). Oakland, USA.

  8. Gersho, A., & Gray, R. (1992). Vector quantization and signal compression. Norwell, MA: Kluwer Academic Publisers.

    MATH  Google Scholar 

  9. He, Q., Wu, D., & Khosla, P. (2004). SORI: A secure and objective reputation-based incentive scheme for ad hoc networks. In Proceedings of IEEE WCNC’04 (pp. 825–830). Atlanta, USA, Mar.

  10. Hu, Y., Johnson, D., & Maltz, D. (2003). The dynamic source routing protocol for mobile ad hoc networks (dsr). http://www.ietf.org/internet-drafts/draft-ietf-manet-dsr-09.txt, Apr. 2003.

  11. Huang, Y., & Lee, W. (2003). A cooperative intrusion detection system for ad hoc networks. In Proceedings of the ACM Workshop On Security in Ad Hoc and Sensor Networks, Fairfax, Virginia, Oct., 2003.

  12. Marti, S., Giuli, T. J., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of 6th ACM MobiCom’00. (pp. 255–265). Boston, USA, Aug., 2000.

  13. Marti, S., & Molina, H. G. (2006). Taxonomy of trust: Categorizing P2P reputation systems. Computer Networks, 50, 472–484.

    Article  MATH  Google Scholar 

  14. McHugh, J. (2001). Intrusion and intrusion detection. IInternational Journal of Information Security, 1(1), 14–35.

    MATH  Google Scholar 

  15. Michiardi, P., & Molva, R. (2002). CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In Proceedings of the 6th IFIP Conference on Security Communications, and Multimedia (pp. 107–121). Portoroz, Slovenia, Sept., 2002.

  16. Mishra, A., Nadkarni, K., & Patcha, A. (2004). Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications, 11, 48–60.

    Google Scholar 

  17. Salem, B., & Hubaux, J.-P. (2006) Securing wireless mesh networks. IEEE Magaine on communication, pp. 50–55, Apr., 2006.

  18. So, J., & Vaidya, N. (2004) Multi-channel MAC for ad hoc networks: Handling multi-channel hidden terminals using a single transceiver. In Proceedings of the 5th ACM MobiHoc’04 (pp. 222–233). May, 2004.

  19. Sundaresan, K. Sivakumar, R., Ingram, M. A. & Chang, T.-Y. (2004). A fair medium access control protocol for ad hoc networks with MIMO links. In Proceedings of INFOCOM (pp. 2559–2570). Mar., 2004.

  20. Tan, K. M. C., & Maxion, R. A. (2002). Why 6? Defining the operational limits of stide, an anomaly-based intrusion detector. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (S&P’02), May, 2002.

  21. Tseng, C. H., Wang, S. -H., Ko, C. & Levitt, K. (2006). DEMEM: Distributed evidence-driven message exchange intrusion detection model for MANET. In Proceedings of the 9th International Symposium on Recent Advances in Intrusion Detection (RAID 2006) (pp. 249–271). Sept., 2006.

  22. Kamvar, S. D., Schlosser, M. T., & Molina, H. G. (2003). The EigenTrust algorithm for reputation management in P2P Networks. In Proceedings of the 12th International conference on World Wide Web (WWW’03). May, 2003.

  23. Kodialam, M., & Nandagopal, T. (2005). Characterizing the capacity region in multi-radio multi-channel wireless mesh networks. In Proceedings of the 11th ACM MobiCom (pp. 73–87). Aug., 2005.

  24. The Qualnet simulator from Scalable Networks Inc. http://www.scalable-networks.com

  25. Qiu, L. Bahl, P., Rao, A., & Zhou, L. (2006). Troubleshooting wireless mesh networks. ACM SIGCOMM Computer Communication Review, 36(5), 17–28.

    Article  Google Scholar 

  26. Zhang, Y., Lee, W., & Huang, Y. (2003). Intrusion detection techniques for mobile wireless networks. ACM Wireless Networks Journal, 9(5), 545–556.

    Article  Google Scholar 

  27. Zhang, Z., Shen, H., & Sang, Y. (2007). An observation-centric analysis on the modeling of anomaly-based intrusion detection. International Journal of Network Security, 4(3), 292–305

    Google Scholar 

  28. Zhang, Z., Ho, P-.H., & Naït-Abdesselam, F. (2009). On achieving cost-sensitive anomaly detection and response in mobile Ad Hoc networks, In Proceedings of IEEE International Conference on Communications (ICC’09), June 2009.

  29. Zhou, L., & Hass, Z. (1999). Securing ad hoc networks. IEEE Network Magazine Special issue on network security, 13(6), 24–30.

    Google Scholar 

  30. Zouridaki, C., Mark, B. L., Hejmo, M., & Thomas R. K. (2007). Hermes a quantitative trust establishment framework for reliable data packet delivery in MANETs. Journal of Computer Security, 15(1), 3–38.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut Telecom/TELECOM, Lille 1, France

    Zonghua Zhang

  2. ECE Department, University of Waterloo, Waterloo, Canada

    Pin-Han Ho

  3. University of Sciences and Technologies of Lille, Lille, France

    Farid Naït-Abdesselam

Authors
  1. Zonghua Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pin-Han Ho
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Farid Naït-Abdesselam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pin-Han Ho.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zhang, Z., Ho, PH. & Naït-Abdesselam, F. RADAR: A reputation-driven anomaly detection system for wireless mesh networks. Wireless Netw 16, 2221–2236 (2010). https://doi.org/10.1007/s11276-010-0255-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-010-0255-1

Keywords

Search

Navigation