Have a Question?
Ask the Graduate
College at our new
Doctoral Dissertation Announcement
Candidate: Chaoli Cai
Doctor of Philosophy
Department: Computer Science
Title: Anomaly Detection Techniques for Ad Hoc Networks
Dr. Ajay Gupta, Chair
Dr. Rajib Paul
Dr. Leszek Lilien
Date: Friday, November 13, 2009 2:00 p.m. - 4:00 p.m.
D210 Parkview Campus
Anomaly detection is an important and indispensable aspect of any computer security mechanism. Ad hoc and mobile networks consist of a number of peer mobile nodes that are capable of communicating with each other absent a fixed infrastructure. Arbitrary node movements and lack of centralized control make them vulnerable to a wide variety of unknown and known attacks from inside as well as from outside. In this dissertation, two efficient statistical techniques for anomaly detection are proposed for these networks.
This study presents a mobility-pattern-based (MPB) anomaly detection algorithm that can identify abnormal pattern behavior of nodes in mobile networks. MPB characterizes the mobility profile of a node by a Multi-Leaf tree structure in which each node corresponds to a possible destination cluster. Through data mining and fuzzy logic techniques, a normal mobility profile is generated during the training process, and abnormal patterns are distinguished from the normal during testing. Statistical simulations demonstrate that proposed MPB algorithm achieves reasonably low false alarm rates (FAR) and sufficiently high detection rates (DR).
In order to take into account incomplete testing samples and the interaction among multiple features, we present BANBAD – a technique using Belief Networks and Bayesian inference. BANBAD identifies abnormal behavior in any feature, e.g., inappropriate energy consumption of a node in the network. By applying structure learning techniques to the training dataset, it extracts the dependencies among relevant features and represents them by a directed acyclic graph. Probability distributions are associated with the nodes (i.e., features) and edges of the graph. BANBAD maintains this belief network as a dynamic, updated normal profile of feature behaviors and then uses a specific Bayesian inference algorithm to detect abnormal behavior in testing data. The technique works especially well in ad hoc networks but is applicable to other networks including wireless and sensor networks. The proposed method bounds FAR at a predefined threshold and maximizes DR. Experimental results demonstrate excellent performance for synthetic as well as real datasets. The real datasets are taken from Intel Lab Data (lab environment monitored by the sensors) and UMASS Trace Repository (users’ laptop usage).