research-article

Signs of a bad neighborhood: a lightweight metric for anomaly detection in mobile ad hoc networks

Authors:

Rodrigo do Carmo,

Matthias HollickAuthors Info & Claims

Q2SWinet '12: Proceedings of the 8h ACM symposium on QoS and security for wireless and mobile networks

Pages 47 - 54

https://doi.org/10.1145/2387218.2387228

Published: 24 October 2012 Publication History

Abstract

Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.

References

[1]

Alix Board 3D2 Wiki. http://goo.gl/fTzhO.

[2]

MDK3 -- Version 7. http://mdk3.no-ip.org/mdk3.

[3]

open80211s project. http://open80211s.org/open80211s.

[4]

The Network Simulator -- Version 3. http://www.nsnam.org.

[5]

IEEE Standard 802.11s. 2011.

[6]

F. Bai and A. Helmy. A survey of mobility models in wireless adhoc networks. In A. Safwat, editor, Wireless Ad Hoc and Sensor Networks. Springer Verlag, Berlin, 2007.

[7]

F. Bai, N. Sadagopan, B. Krishnamachari, and A. Helmy. Modeling path duration distributions in manets and their impact on reactive routing protocols. IEEE Journal on Selected Areas in Communications, 22:1357--1373, 2004.

Digital Library

[8]

T. Camp, J. Boleng, and V. Davies. A survey of mobility models for ad hoc network research. Wireless Communications & Mobile Computing (WCMC): Special Issue On Mobile Ad Hoc Networking: Research, Trends And Applications, 2:483--502, 2002.

[9]

J. Cho, A. Swami, and I. Chen. A survey on trust management for mobile ad hoc networks. Communications Surveys Tutorials, IEEE, 13(4):562--583, Fourth Quarter 2011.

[10]

O. Drugan, T. Plagemann, and E. Munthe-Kaas. Non-intrusive neighbor prediction in sparse manets. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON '07), June 2007.

[11]

M. Gerharz, C. de Waal, M. Frank, and P. Martini. Link stability in mobile wireless ad hoc networks. In Proceedings of the 27th Annual IEEE Conference on Local Computer Networks (LCN'02), May 2002.

Digital Library

[12]

R. Gray, D. Kotz, C. Newport, N. Dubrovsky, A. Fiske, J. Liu, C. Masone, S. McGrath, and Y. Yuan. CRAWDAD data set dartmouth/outdoor (v. 2006-11-06). online, November 2006. http://crawdad.cs.dartmouth.edu/dartmouth/outdoor.

[13]

Y. Hu. and A. Perrig. A survey of secure wireless ad hoc routing. Security and Privacy, IEEE, 2(3):28--39, May-June 2004.

Digital Library

[14]

Y. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications (INFOCOM 2003), March-April 2003.

[15]

Y. Hu, A. Perrig, and D. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw., 11(1-2):21--38, January 2005.

Digital Library

[16]

B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A. Jamalipour. A survey of routing attacks in mobile ad hoc networks. Wireless Communications, IEEE, 14(5):85--91, October 2007.

Digital Library

[17]

R. La and Y. Han. Distribution of path durations in mobile ad hoc networks and path selection. IEEE/ACM Trans. Netw., 15(5):993--1006, October 2007.

Digital Library

[18]

H. Miura, K. Hirano, N. Matsuda, H. Taki, N. Abe, and S. Hori. Indoor localization for mobile node based on RSSI. In Proceedings of the 11th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES 2007). Springer-Verlag, September 2007.

Digital Library

[19]

H. Nguyen and Y. Shinoda. A node's number of neighbors in wireless mobile ad hoc networks: A statistical view. In Proceedings of the 8th International Conference on Networks (ICN '09), March 2009.

Digital Library

[20]

I. Rhee, M. Shin, S. Hong, K. Lee, S. Kim, and S. Chong. On the levy-walk nature of human mobility. IEEE/ACM Transactions on Networking, 19(3):630--643, June 2011.

Digital Library

[21]

N. B. Salem and J. Hubaux. Securing wireless mesh networks. Wireless Communications, IEEE, 13(2):50--55, April 2006.

Digital Library

[22]

J. Singh and P. Dutta. Temporal modeling of node mobility in mobile ad hoc network. CIT, 18(1):19--29, 2010.

[23]

N. Song, L. Qian, and X. Li. Wormhole attacks detection in wireless ad hoc networks: a statistical analysis approach. In Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium, April 2005.

Digital Library

[24]

C. Tsao, Y. Wu, W. Liao, and J. Kuo. Link duration of the random way point model in mobile ad hoc networks. In Proceedings of the IEEE 2006 Wireless Communications and Networking Conference, April 2006.

[25]

W. Viriyasitavat, F. Bai, and O. Tonguz. Dynamics of network connectivity in urban vehicular networks. IEEE Journal on Selected Areas in Communications, 29(3):515--533, March 2011.

Digital Library

[26]

Y. Wu, W. Liao, C. Tsao, and T. Lin. Impact of node mobility on link duration in multihop mobile networks. IEEE Transactions on Vehicular Technology, 58(5):2435--2442, June 2009.

Cited By

Gautam D(2020)SECURING MOBILE ADHOC NETWORKS AND CLOUD ENVIRONMENTInternational Journal of Engineering Technologies and Management Research10.29121/ijetmr.v5.i2.2018.6175:2(84-89)Online publication date: 27-Apr-2020
https://doi.org/10.29121/ijetmr.v5.i2.2018.617
Li ZHaas Z(2016)On Residual Path Lifetime in Mobile NetworksIEEE Communications Letters10.1109/LCOMM.2016.252046720:3(582-585)Online publication date: Mar-2016
https://doi.org/10.1109/LCOMM.2016.2520467

Index Terms

Signs of a bad neighborhood: a lightweight metric for anomaly detection in mobile ad hoc networks
1. Networks
  1. Network services
    1. Network monitoring

Recommendations

A weight-based clustering multicast routing protocol for mobile ad hoc networks

In mobile ad hoc networks, the mobile nodes can move arbitrarily without any centralised management mechanism. The topology of these networks can be very dynamic due to the mobility of mobile nodes. Under such changeable network topology, multicasting ...
A New Routing Protocol to Increase Throughput in Mobile Ad Hoc Networks

Mobile ad hoc networks (MANETs) are dynamically configurable wireless networks that have no fixed infrastructures and do not require predefined configurations. In MANETs, the high mobility of mobile nodes is a major cause of link failure. This paper ...
PACMAN: passive autoconfiguration for mobile ad hoc networks

Mobile ad hoc networks (MANETs) enable the communication between mobile nodes via multihop wireless routes without depending on a communication infrastructure. In contrast to infrastructure-based networks, MANET's support autonomous and spontaneous ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Q2SWinet '12: Proceedings of the 8h ACM symposium on QoS and security for wireless and mobile networks

October 2012

98 pages

ISBN:9781450316194

DOI:10.1145/2387218

General Chair:
Peter Muller
IBM Zurich, Switzerland
,
Program Chairs:
Jalel Ben-Otham
Université de Paris 13, France
,
Raffaele Bruno
IIT-CNR, Italy

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSIM: ACM Special Interest Group on Simulation and Modeling

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

MSWiM '12

Sponsor:

SIGSIM

MSWiM '12: The 15th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems

October 24 - 25, 2012

Paphos, Cyprus

Acceptance Rates

Overall Acceptance Rate 46 of 131 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
193
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Gautam D(2020)SECURING MOBILE ADHOC NETWORKS AND CLOUD ENVIRONMENTInternational Journal of Engineering Technologies and Management Research10.29121/ijetmr.v5.i2.2018.6175:2(84-89)Online publication date: 27-Apr-2020
https://doi.org/10.29121/ijetmr.v5.i2.2018.617
Li ZHaas Z(2016)On Residual Path Lifetime in Mobile NetworksIEEE Communications Letters10.1109/LCOMM.2016.252046720:3(582-585)Online publication date: Mar-2016
https://doi.org/10.1109/LCOMM.2016.2520467

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten