Dynamic anomaly detection by using incremental approximate PCA in AODV-based MANETs

Mobile Ad-hoc Networks (MANETs) in contrast to other networks have more vulnerability because of having nature properties, such as dynamic topology and no infrastructure. Therefore, a considerable challenge for these networks, is a method expansion that can specify anomalies with high accuracy at network dynamic topology alternation. In this paper, two methods were proposed for dynamic anomaly detection in MANETs, namely IPAD and IAPAD. The anomaly detection procedure consists of three main phases: Training, detection and updating the two methods. In the IPAD method, to create the normal profile, we used the normal feature vectors and principal components analysis in the training phase. In detection phase, during each time window, anomaly feature vectors based on their projection distance from the first global principal component specified. In updating phase, at end of each time window, normal profile updated by using normal feature vectors in some previous time windows and increasing principal components analysis. IAPAD is similar to IPAD method with a difference that each node use approximate first global principal component to specify anomaly feature vectors. In addition, normal profile will be updated by using approximate singular descriptions in some previous time windows. The simulation results using NS2 simulator for some routing attacks show that an average detection rate and an average false alarm rate in IPAD method had 95.14% and 3.02% respectively. The IAPAD method had 94.20% and 2.84% respectively.