A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

In wireless ad-hoc networks, the participating wireless stations use a routing protocol called as Dynamic Source Routing (DSR). Such networks are highly vulnerable to (packet) routing misbehavior which is generally due to malware, faulty or compromised stations. For such networks, the traditional way of implementing firewalls at switches, routers or gateways and encryption software are not sufficient and effective because the mobile ad-hoc environment does not have such traffic concentration points, thus requiring behavior monitoring of the individual stations. Intelligent machine learning techniques are therefore helpful for misbehavior detection that aims at keeping such vulnerable behavior under check. In this work, the use of an anomaly detection algorithm, inspired by biological immune systems in vertebrae, is investigated to detect such misbehaving nodes. This is a model based on behavior-based intrusion detection techniques which assume misbehavior identification by observing a deviation from normal or expected behavior, of the nodes’ protocol event sequence in wireless routing traffic. The objective is to build an effective technique, which like its natural counterpart, intelligently learns and detects unknown (and new) anomalous behavior with very low false positives. The solution for the classification task of normal versus abnormal will be employed using hybrid negative selection for learning and adaptation, used primarily by the natural immune system. To evaluate the performance of the proposed technique, a radio based wireless network is employed for the simulation experiments, namely GloMoSim. The system is designed to produce multi set detectors produced using monitored behavior of neighborhood nodes, which will eventually be distributed independently for each network node that can run different specialized detector set thus fortifying the overall strength of the active wireless nodes.