Evolutionary computation techniques for intrusion detection in mobile ad hoc networks

Sevil Sen, John A. Clark
2011 Computer Networks  
Intrusion detection on mobile ad hoc networks (MANETs) is difficult. This is because of their dynamic nature, the lack of central points, and their highly resource-constrained nodes. In this paper we explore the use of evolutionary computation techniques, particularly genetic programming and grammatical evolution, to evolve intrusion detection programs for such challenging environments. Cognizant of the particular importance of power efficiency we analyse the power consumption of evolved
more » ... s and employ a multi-objective evolutionary algorithm to discover optimal trade-offs between intrusion detection ability and power consumption. MANETs share the vulnerabilities of wired networks, such as eavesdropping, denial of service, spoofing and the like; these are simply accentuated by the ad hoc context [1] . In this paper we focus on attacks which are more specific to MANET operation, namely attacks on MANET routing protocols. Conventional networks use dedicated nodes to carry out basic functions like packet forwarding, routing, and network management. In ad hoc networks, however, these are carried out by all available nodes. Mobile nodes that are within each other's radio range can communicate directly via wireless links, while those that are far apart must rely on other nodes to relay messages. (This is usually referred to as multi-hop communication.) The mobility of network nodes forces routes between nodes to be updated frequently and various protocols have been designed for finding/updating routes and providing communication between endpoints through cooperating intermediate nodes. Routing protocols on MANETs are of two basic forms: proactive (e.g. OLSR [2]) and reactive protocols (e.g. AODV [3], DSR [4]). Hybrid approaches are also possible. Attacks on these protocols can be implemented easily; they do not require physical access to a wired medium since all communication is wireless, and so form an important threat consideration. In addition, they pose specific technical challenges. For example, the dynamic topology of MAN-ETs makes it harder to differentiate normal behaviour of the network from anomalous behaviour; packets may be lost due to malicious intervention, or simply because a route is no longer feasible. Furthermore, routing algorithms for MANETs usually assume that nodes are cooperative and non-malicious. This presents significant security problems, for example a malicious node can easily become an important routing agent and disrupt network operations by disobeying the protocol specifications.
doi:10.1016/j.comnet.2011.07.001 fatcat:prbh2rbrgbcgxgoyhoruzitvjy