Visible to the public Log-based Anomalies Detection of MANETs Routing with Reasoning and Verification

TitleLog-based Anomalies Detection of MANETs Routing with Reasoning and Verification
Publication TypeConference Paper
Year of Publication2018
AuthorsLi, T., Ma, J., Pei, Q., Shen, Y., Sun, C.
Conference Name2018 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC)
Keywordsactive attacks, Ad hoc networks, anomaly detection, central control program, Cognition, composability, diagnostics, flow graph, flow graphs, log-based anomalies detection, MANET Attack Detection, MANETs, MANETs routing, Merkle hash tree, Metrics, mobile ad hoc networks, mobile computing, multiple malicious nodes, passive attacks, privacy, pubcrawl, reasoning rules, Resiliency, Routing, routing phases, routing procedure, routing security, security, Syslog, telecommunication network routing, telecommunication security, verification, verification phase

Routing security plays an important role in Mobile Ad hoc Networks (MANETs). Despite many attempts to improve its security, the routing procedure of MANETs remains vulnerable to attacks. Existing approaches offer support for detecting attacks or debugging in different routing phases, but many of them have not considered the privacy of the nodes during the anomalies detection, which depend on the central control program or a third party to supervise the whole network. In this paper, we present an approach called LAD which uses the raw logs of routers to construct control a flow graph and find the existing communication rules in MANETs. With the reasoning rules, LAD can detect both active and passive attacks launched during the routing phase. LAD can also protect the privacy of the nodes in the verification phase with the specific Merkle hash tree. Without deploying any special nodes to assist the verification, LAD can detect multiple malicious nodes by itself. To show that our approach can be used to guarantee the security of the MANETs, we deploy our experiment in NS3 as well as the practical router environment. LAD can improve the accuracy rate from 2.28% to 29.22%. The results show that LAD performs limited time and memory usages, high detection and low false positives.

Citation Keyli_log-based_2018