Dynamic anomaly detection by using incremental approximate PCA in AODV-based MANETs

Mobile Ad-hoc Networks (MANETs) by contrast of other networks have more vulnerability because of having nature properties such as dynamic topology and no infrastructure. Therefore, a considerable challenge for these networks, is a method expansion that to be able to specify anomalies with high accuracy at network dynamic topology alternation. In this paper, two methods proposed for dynamic anomaly detection in MANETs those named IPAD and IAPAD. The anomaly detection procedure consists three main phases: Training, Detection and Updating in these methods. In the IPAD method, to create the normal profile, we use the normal feature vectors and principal components analysis, in the training phase. In detection phase, during each time window, anomaly feature vectors based on their projection distance from the first global principal component specified. In updating phase, at end of each time window, normal profile updated by using normal feature vectors in some previous time windows and increasing principal components analysis. IAPAD is similar to IPAD method with a difference that each node use approximate first global principal component to specify anomaly feature vectors. In addition, normal profile will updated by using approximate singular descriptions in some previous time windows. The simulation results by using NS2 simulator for some routing attacks show that average detection rate and average false alarm rate in IPAD method is 95.14% and 3.02% respectively, and in IAPAD method is 94.20% and 2.84% respectively.