BeeID: intrusion detection in AODV-based MANETs using artificial Bee colony and negative selection algorithms




Mobile ad hoc networks (MANETs) are multi-hop wireless networks of mobile nodes constructed dynamically without the use of any fixed network infrastructure. Due to inherent characteristics of these networks, malicious nodes can easily disrupt the routing process. A traditional approach to detect such malicious network activities is to build a profile of the normal network traffic, and then identify an activity as suspicious if it deviates from this profile. As the topology of a MANET constantly changes over time, the simple use of a static profile is not efficient. In this paper, we present a dynamic hybrid approach based on the artificial bee colony (ABC) and negative selection (NS) algorithms, called BeeID, for intrusion detection in AODV-based MANETs. The approach consists of three phases: training, detection, and updating. In the training phase, a niching artificial bee colony algorithm, called NicheNABC, runs a negative selection algorithm multiple times to generate a set of mature negative detectors to cover the nonself space. In the detection phase, mature negative detectors are used to discriminate between normal and malicious network activities. In the updating phase, the set of mature negative detectors is updated by one of two methods of partial updating or total updating. We use the Monte Carlo integration to estimate the amount of the nonself space covered by negative detectors and to determine when the total updating should be done. We demonstrate the effectiveness of BeeID for detecting several types of routing attacks on AODV-based MANETs simulated using the NS2 simulator. The experimental results show that BeeID can achieve a better tradeoff between detection rate and false-alarm rate as compared to other dynamic approaches previously reported in the literature.


[1] P. M. Jawandhiya, "A Survey of Mobile Ad Hoc Network Attacks", International Journal of Engineering Science and Technology, 2(9):4063-4071, 2010.

[2] C. E. Perkins, E. M. B. Royer, and S. R. Das, Ad Hoc On-demand Distance Vector (AODV) routing", in Proceedings of the 2nd IEEE Workshop on Mobile Computing Systems and Applications, New Orleans, LA, USA, 1999.

[3] I. Chlamtac, M. Conti, and J. N. Liu, "Mobile Ad Hoc Networking: Imperatives and Challenges", Ad Hoc Networks, 1(1):13-64, 2003.

[4] B. Wu, J. Chen, J. Wu, and M. Cardei, "A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks", in Y. Xiao, X. Shen, and D.-Z. Du (Eds.): Wireless/Mobile Network Security, Springer, pp. 103-135, 2006.

[5] M. Alikhany and M. Abadi, "A Dynamic Clustering-Based Approach for Anomaly Detection in AODV-Based MANETs", in Proceedings of the 2011 International Symposium on Computer Networks and Distributed Systems (CNDS), Tehran, Iran, 2011.

[6] S. Forrest, A. S. Perelson, L. Allen, and R. Cherukuri, "Self-Nonself Discrimination in a Computer", in Proceedings of the IEEE Computer Symposium on Research in Security and Privacy, Los Alamitos, CA, USA, pp. 202-212, 1994.

[7] D. Dasgupta and L. F. Nino, Immunological Computation: Theory and Applications, Boca Raton: CRC Press, 2009.

[8] Z. Ji, "Negative Selection Algorithms: from the Thymus to V-detector", PhD Thesis, University of Memphis, 2006.

[9] B. Xu and Y. Zhuang, "Hybrid Detector Based Negative Selection Algorithm", in Proceedings of the 2009 International Conference on Wireless Communications, Networking and Mobile Computing (WiCom), Beijing, China, 2009.

[10] D. Dasgupta, K. KrishnaKumar, D. Wong, and M. Berry, "Negative Selection Algorithm for Aircraft Fault Detection", in Proceedings of the International Conference on Artificial Immune Systems (ICARIS), Catania, Italy, pp. 1-14, 2004.

[11] Z. Ji and D. Dasgupta, "Real-Valued Negative Selection Algorithm with Variable-Sized Detectors", in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Seattle, WA, USA, 2004.

[12] D. Dasgupta and F. Gonzalez, "An Immunity- Based Technique to Characterize Intrusions in Computer Networks", IEEE Transactions on Evolutionary Computation, 6(3):281-291, 2002.

[13] D. Wang, F. Zhang, and L. Xi, "Evolving Boundary Detector for Anomaly Detection", Expert Systems with Applications, 38(3):2412-2420, 2011.

[14] D. Karaboga and B. Basturk, "On The Performance of Artificial Bee Colony (ABC) Algorithm", Applied Soft Computing, 8(1):687-697, 2008.

[15] P.-W. TSai, J.-S. Pan, B.-Y. Liao, and S.-C. Chu, "Enhanced Artificial Bee Colony Optimization", International Journal of Innovative Computing, Information and Control, 5(12):5081-5092, 2009.

[16] D. Karaboga and C. Ozturk, "Fuzzy Clustering with Artificial Bee Colony Algorithm", Scientific Research and Essays, 5(14):1899-1902, 2010.

[17] F. Gonzalez, D. Dasgupta, and L. F. Nino, "A Randomized Real-Valued Negative Selection Algorithm", in Proceedings of the 2nd International Conference on Artificial Immune Systems, Edinburgh, UK, pp. 261-272, 2003.

[18] P. Papadimitratos and Z. J. Haas, "Secure Routing for Mobile Ad Hoc Networks", in Proceedings of the SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS), San Antonio, TX, USA, 2002.

[19] K. Sanzgiri, B. Dahill, B. N. Levine, C. Shields., and E. M. Belding-Royer, "A Secure Routing Protocol for Ad Hoc Networks", in Proceedings of the 10th IEEE International Conference on Network Protocols (ICNP), Paris, France, 2002.

[20] M. Ostaszewski, F. Seredynski, and P. Bouvry, "Immune Anomaly Detection Enhanced with Evolutionary Paradigms", in Proceedings of the Genetic and Evolutionary Computation Conference (GECCO), Seattle, WA, USA, 2006.

[21] S. Balachandran, D. Dasgupta, and L. Wang, "A Hybrid Approach for Misbehavior Detection in Wireless Ad Hoc Networks", in Proceedings of the 1st Annual Symposium on Information Assurance, New York, USA, 2006.

[22] S. Sarafijanovic, J. Boudec, "Secondary Response for Misbehavior Detection in Mobile Ad Hoc Networks", IEEE Transaction on Neural Networks, 16(5):1076-1087, 2005.

[23] X. Hang and H. Dai, "Applying both Positive and Negative Selection to Supervised Learning for Anomaly Detection", in Proceedings of Genetic and Evolutionary Computation (GECCO), Washington DC, USA, 2005.

[24] H. Nakayama, S. Kurosawa, A. Jamalipour, Y. Nemoto, and N. Kato, "A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks", IEEE Transactions on Vehicular Technology, 58(5):2471-2481, 2009.

[25] D. Karaboga, An Idea Based On Honey Bee Swarm for Numerical Optimization, Technical Report, TR-06, Erciyes University, 2005.

[26] S. Taneja and A. Kush, "A Survey of Routing Protocols in Mobile Ad Hoc Networks", International Journal of Innovation, Management and Technology (IJIMT), 1(3):279-285, 2010.

[27] D. B. Johnson, D. A. Maltz, and Y.-C. Hu, "The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (DSR)", Internet Draft, IETF MANET Working Group, 2003.

[28] V. Park and S. Corson, "Temporally-Ordered Routing Algorithm (TORA)", Functional Specification, Internet Draft, IETF MANET Working Group, 2001.

[29] X. Wang and J. Wong, "An End-to-end Detection of Wormhole Attack in Wireless Ad Hoc Networks", in Proceedings of the 31st Annual International Computer Software and Applications Conference (COMPSAC), 1(1):39-48, 2007.

[30] G. S. Fishman, Monte Carlo: Concepts, Algorithms, and Applications, New York: Springer-Verlag, 1995.

[31] T. Stibor, J. Timmis, and C. Eckert, "On the Use of Hyperspheres in Artificial Immune Systems as Antibody Recognition Regions", in Proceedings of 5th International Conference on Artificial Immune Systems (CARIS), Oeiras, Portugal, Springer-Verlag, vol. 4163, pp. 215-228, 2006.

[32] NS2-The Network Simulator,