This paper presents a research whose objective is to design and build up an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ever-present in nature, without any centralized power. These unique MANET characteristics present more than a a small number of changes to secure them.
The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The objective of the proposed model is to provide a security framework that will become aware of various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by a variety of types of attacks, and incessantly monitoring the values of these parameters to detect and respond to attacks.
This paper explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the finding framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder recognition and intruder separation through response action plans.
The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection feature of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments are presented in this paper.