Multi-Layer Integrated Anomaly Intrusion Detection System for Mobile Adhoc Networks

Most intrusion detection systems for mobile ad hoc networks are focusing on either routing protocols or MAC layer traffic. This paper focuses on the design of a new anomaly detection system for each node of the network, which contains detection subsystem for MAC layer, routing layer and application layer. Audit data taken from MAC level/network level/application level from the traces in Glomosim and are preprocessed separately for each layer's detection subsystem. Feature data sets for each layer are selected from normal transactions. The detection subsystem contains normal profiles obtained from the feature vectors of training data sets. In our work, we used Bayesian classification algorithm, Markov chain construction algorithm and association rule mining algorithm for anomaly detection in MAC layer, routing layer and application layer respectively for effective intrusion detection. Test data obtained from the network traffic is feed in to the detection subsystems. If there is any deviation from normal behavior, it is considered as abnormal or anomaly based on predefined thresholds. Intrusion results from detection subsystems of all the three layers are integrated at local integration module and the final result is sent to the global integration module. Intrusion results are received also from the neighbor nodes and are sent to the global integration module for making a final decision