IDS modelling and evaluation in WANETs against black/grey-hole attacks using stochastic models

The aim of this paper is to model and evaluate the performance of intrusion detection systems (IDSs) facing black-hole and gray-hole attacks within wireless ad hoc networks (WANETs). The main performance metric of an IDS in a WANET can be defined as the mean time required for the IDS to detect an attack in the network. To evaluate this measure, two types of stochastic models called continuous time Markov chain (CTMC) and stochastic reward net (SRN) are used in this paper. In the first step, two different CTMCs are proposed to model the black-hole and gray-hole attacks, and then, the method of computing the mean time to attack detection is presented on the proposed CTMCs. Since the numbers of states of the proposed CTMCs grow rapidly with increasing the number of the intermediate nodes and the number of attacks which should be done by a single node to trigger the IDS to detect the attack, SRNs are exploited to automatically generate the proposed CTMCs in the second step. The proposed SRNs for the black-hole and gray-hole attacks can appropriately model the network and the process of sending and receiving the messages. Different scenarios are designed to evaluate and compare IDSs on WANETs which show the applicability and usefulness of the proposed CTMCs and SRNs in real networks.