International Journal of Conceptions on Computing and Information Technology
Vol. 3, Issue. 1, April’ 2015; ISSN: 2345 - 9808
A Review on Intrusion Detection Systems for
Securing MANETS
V L Pavani
Prof. B Satyanarayana
Research Scholar, Dept.of Computer Science & Technology
Sri Krishnadevaraya University
Anantapur, Andhra Pradesh, India
[email protected]
Professor, Dept. of Computer Science & Technology
Sri Krishnadevaraya University
Anantapur, Andhra Pradesh, India
Abstract— MANET is an infrastructure less network made up of
self-configured nodes that can serve as communication media in
case of emergencies. Due to their popularity MANETs are
becoming ubiquitous. The nodes in MANET are resource
constrained and vulnerable to various kinds of attacks such as
gray hole, black hole, modification or Sybil attack, wormhole
attack, and byzantine attack. Many intrusion detection systems
came into existence to safeguard MANET from these attacks. The
knowhow required to secure MANET communications can help
organizations to be aware of security issues and can make well
informed decisions to protect communications in MANET.
Towards this end, in this paper, we focus on reviewing present
state-of-the-art on intrusion detection systems for MANETs that
cater to preventing various kinds of attacks launched by
adversaries.
Keywords- MANET, vulnerabilities, intrusion detection system,
attacks
I.
INTRODUCTION
Mantes are self managed networks. All the dynamic
mobile nodes are connected randomly. Almost all the manets
have dynamic nature , wireless technology , infrastructure
less technology, Self configuration feature, open medium,
distributed nature, changing topologies, resource constraints,
lack of centralized administration, etc These features made
manets vulnerable to different types of security threats . The
Vulnerabilities may also be caused by the resource constraints
of the participating nodes and nature of communication. The
attacks may be passive or active attacks. Attacks may be eves
dropping, inserting erroneous information regarding routing to
create looping of routes, generating non functional or non
existing routes ,gray hole, black hole, modification or Sybil
attack , wormhole attack ,byzantine attack, etc. Attackers
can also be classified as external or internal. External attackers
modify the routes where as the internal attackers made the
node as compromised nodes. So, there is a much need for most
secure, powerful, efficient, reliable, adaptable, maintainable,
portable , distributed, collaborative, independent and optimal
Intrusion Detection System.
In this paper we throw light into the present state-of-the-art
on intrusion detection systems for MANETs and finding gaps
in the research in safeguarding MANET communications. The
section II of the paper focuses on various kinds of IDS that
cater to handling different attacks on MANETs and section III
contains the research gaps found .
II.
VARIOUS INTRUSION DETECTION SYSTEMS
A. IDS for Sink hole, Worm hole and Block hole attacks
Tseng and Culpepper (2005) [1] considered sequence
number discontinuity and route add ratio as two indicators in a
sinkhole Intrusion detection for manets using Dynamic Source
Routing protocol. Sequence number discontinuity is detected
by 3-tuple and route add ratio is computed by using route add
counters of the nodes. Enhancing the above Kim, Han and
Kim (2010) [2] proposed another sink hole detection
algorithm. Here malicious node does not identify that the sink
hole detection process is active. Sink hole indicator is used to
indicate the sink hole. As soon as the sink hole indicator
indicates a sink hole the algorithm is started automatically.
Qian et al.(2007) [3] identified that multipath routing is
vulnerable to worm hole attack and proposed a statistical
analysis of multipath which is used to detect attacks and to
identify malicious nodes. Tao Song (2007) [4]used System
healthy intrusion monitoring, dynamic registration and
configuration protocol to define the global security of a
network to improve the healthy behavior of individual nodes.
Intrusion Detection is done by monitoring the local nodes to
achieve global integrity of network routing information.
Stafrace (2010) [5] implemented a new mechanism for
detection the sinkhole attacks by adopting the concepts of
military structure and operation tactics and divided the
algorithm into two phases. In first phase reconnaissance
process is used a Command Post (CP) is set on all the nodes
along the route from source to destination which consists
intelligence process(INTEL) and next CP initiates phase
where all the squad work together to detect sink hole nodes.
Ming -Yang Su (2011) [6] talked about the block hole
attacks and implemented a Anti Block hole Mechanism for
detecting the suspicious nodes. Suspicious nodes are identified
basing on the routing messages transmitted. If it exceeds some
threshold vales that the node is suspected and that node details
are broadcasted to all to nodes in order the add the node in the
Block table.
83 | 9 0
International Journal of Conceptions on Computing and Information Technology
Vol. 3, Issue. 1, April’ 2015; ISSN: 2345 - 9808
B. IDS based on Energy Constraints
Kim, Kim and Kim (2006) [7] considered the Network
Survivability is an important issue and suggested by choosing
the monitor node based on the nodes battery power to enhance
the network life time. Otrok et al. (2008) [8] implemented an
IDS by electing a leader .Instead of selecting a leader
randomly; a leader node is elected basing on certain properties
such as node with most remaining energy to maintain the
balance in resource consumption. Selfish nodes which provide
wrong details such as fake value of energy remained, not
running the IDS even though electing as a leader are also
identified by using a catch and punish scheme by randomly
selecting the checker nodes who monitors the actions of the
leader. Any normal IDS runs without considering the energy
constraint leading to a serious problem when a node looses all
its energy for running IDS. To overcome this Cheng and Tseng
(2011) [9], proposes a CAIDS model. It provides and
intelligent mechanism for running the IDS. It not only deals
with security threats but also the residual energy and traffic
loading. Wang, Wang, Wang and Wang (2013)[10] focused
mainly on wireless link performance centric scheme rather
than security centric design approach and proposed a new
technique called network tomography. This technique is
designed by combining anomaly detection with inference
techniques. A novel spatial time model to identify network
topology and an energy aware algorithm to sponsor system
services are proposed. Ramachandran el .at (2008) [11] used a
task allocation algorithm where all the possible nodes are
chosen basing the battery power levels and past history.
C. Intrusion Detection System using layered architecture:
Komninos et al.(2007)[31] focused on Security challenges
in Intrusion Detection and authentication are identified . Two
phase detection procedure is implemented. In phase one only
the authenticated nodes are allowed to enter into Manet and in
phase two compromised nodes are detected. Further this work
is extended (2007) [32]. In phase one ,true communication
nodes are identified by using the challenge response protocols
based on symmetric key techniques and in phase two ,nodes
are identified by using the challenge response protocols based
on public key techniques .Cabrera el. at(2008)[13] introduced
node- cluster- manager , a three level hierarchical system for
distributed anomaly based IDS. For every‘t’ sec data related to
network is acquired at each individual node by allowing the
node to work normally. Komninis along with Douligeris
extended his work on IDS and further proposed a LIDF
(layered intrusion detection framework) which now consists of
a three layers collection, detection and alert modules. This
LIDF is implemented in OSI link layer and network layer
operations. Ramachandran el .at (2008) [11] also used two
layered two tier architecture. Main aim is to converge to an
optimal solution. Stafrace(2010)[5] also used two phase
mechanism for detecting sink hole attack. Shyu et al. (2007)
[15] also designed the IDS by dividing it into the host and
classification layers.
D. Distributed Multi Agent based Intrusion Detection
System:
Shyu et al. (2007) [15] worked on distributed multi agent
IDS architecture which consists of the two layers , the host
layer and the classification layer. A set of host agents
constitutes a host layer which collects the information
regarding the network connections and divides them into
normal or abnormal using ASEM anomaly detection scheme.
In the classification layer multiple host agents are connected to
a classification agents Again the host agents rely on their
classification agents and these classification agents rely on
manager agent which acts a central point. Thus ongoing threats
are communicated in the same hierarchy in order to provide
awareness in ongoing threat to all sub managers, classification
agents and host agents. Kozushko (2003) [16] also
implemented Distributed network based IDA.
E. Securing the Manets by using both the IDS and Secure
routing protocols:
By Patwardhan et al. (2008) [17] MANET is secured by
using both IDS and Secure Routing protocols. A node is not
considered as a malicious node just by dropping packets .If the
dropping of packets reaches its threshold value then that node
is suspected. In case of routing protocols AODV protocol is
considered. Generally the AODV provides route discovery and
maintenance of local connectivity .A SecAODV protocol is
implemented which provides a secure routing by binding IPV6
addresses and RSA keys. A node also monitors the neighboring
nodes within the same radio range.
F. IDS using game theory:
Otrok et al. (2008) [8] used a co-operative game theoretic
model is proposed to detect the false positive rate of the
checkers. The efficiency of the IDS is also increased by
formulating the zero sum non co-operative game and this game
is solved by using Bayesian Nash Equilibrium.
G. Trust Based IDS:
Razak et al. (2008) [18] proposed a reliable intrusion
mechanism that detects the attempts of attacks and at the same
time reducing the false alarms raised. The IDS frame work
implemented is based on two types of trust relationships,
namely direct and indirect friendships. Global detection and
response mechanism is also implemented by sharing the audit
data sources with other nodes. Cho, Swami and Chen
(2012)[19] considered the trust management with the concepts
such as trust is dynamic not static , trust is subjective, trust is
not necessarily a transitive, trust is asymmetry and the trust is
context dependent. Initially in a group trust among the nodes is
developed by using the historical information and
authentication by challenge response process. From then
onwards protocol generates the trust metrics of other nodes
basing on social factors such as friendship, honesty, privacy,
etc and QOS such as energy, computational power, radio range,
etc. Further updates are also done continuously and a trust path
is generated. Xia el, at (2013) [20] implemented a trust model
for generating the optimal trust worthy routes in a single route
84 | 9 0
International Journal of Conceptions on Computing and Information Technology
Vol. 3, Issue. 1, April’ 2015; ISSN: 2345 - 9808
discovery. Trusts are classified into historical, current and
route trusts .Packets is divided into control and data packets.
Forwarding ratio of two packets CFR (control packets
forwarding ration) & DFR (data packets forwarding ratio) are
calculated and the results are maintained in Trust record list at
the each node. Node’s current trust is computed by using fuzzy
logic rules prediction method by considering the historical
values and also the current Values of the node such as battery
power, local memory, DFR, CFR, band width. Etc. A source
node initiates the route discovery process. If more than one
route are discovered and all the routes meet the required trust
level then the route with smallest hop count is selected. Chen,
Guo, Bao and Cho (2014) [21] integrated Social trust and QoS
trust and designed a protocol called SQTrust. The protocol was
designed in such a way that the trust biased is minimized and
the application performance is maximized. Among all,
intimacy, honesty in social metrics where as competence and
compliance in QoS metrics are considered. The trust level of
the node is in between 0 and 1, indicating 1- complete trust,
0.5- ignorance and 0- distrust are computed by using the SPN
techniques.
H. Mathematical and statistical methods:
Joseph el. at (2008) [22] discussed about the loop holes in
IDS instead of discussing about different types of IDS in order
to obtain the feasibility. The phenomenon called Base –rate
fallacy means the efficiency of IDS also depends on probability
of occurrence of malicious nodes and used Bayes theorem and
conditional probability. In logical rule based technique
theoretical limitations are considered .OSLR adhoc routing
algorithm is used for comparing of different behavioral patterns
is determined by using statistical methods.
I.
IDS using artificial intelligence techniques:
Sen and Clark (2011) [23] used various artificial
intelligence techniques like genetic programming or genetic
algorithms and grammar evolution for implementing IDS in
Manets. These are mainly used to detect adhoc flooding and
route disruption attacks. This research area is loosely based on
Darwinian Survival of the fittest and fitness of IDS is
calculated.
Shamshirband el. at (2013) [24] start working by reviewing
all the previously works done and categorizing different
Intrusion detection and prevention techniques. The main
categories are traditional artificial intelligence, computational
intelligence and multi agent based computational intelligence.
By evaluating the performances and limitations, combining the
features of computational intelligence and Multi agent based
computational intelligence a new IDPS called Co-WIDPS (Cooperative Based intrusion detection and prevention system)
architecture was designed. Komninis along with Douligeris
(2009) [12] used Lagrange interpolation .The detection module
checks whether the polynomial converges, and that node is
considered as a compromised node. As soon as a new node
enters it has to prove itself that it is not the compromised node
if not the alert module generates an alarm. It uses linear
threshold scheme.
J.
Work related to Comparison of different IDS:
Kozushko (2003) [16]discussed host based and network
based intrusion detection system by considering the life cycle
of a network packet and divided the ID Architecture into
Distributed network based IDA and centralized Host based .
Pros and cons of both the architectures are compared.
Ramachandran el .at (2008) [11] discussed about various types
of IDS such as host based, network based, hierarchical ,
distributed co-operative based etc. but considered the only the
agent based IDS. The IDS was designed by two tier
architecture. Xenakis (2013) [25] compared different IDS‘s in
stand alone, co-operative, multilayer co-operative, friend
assisted, layered, Hierarchical, cluster based, and derived their
strengths and weaknesses. Comparison of the deployment,
architectural and operational characteristics, processing
overhead, communication overhead, unfaired workload
distribution, and other impacts on nodes. Comparison of
detection of different types of attacks are also done and
concluded by proposing the designs basing on the
characteristics of manets. Pastrana el. at (2012) [26] extends his
work for comparing different classification algorithms to detect
malicious nodes in manets. Gaussian mixture model (GMM),
Multilayer perception (MLP), linear model and support vector
machines (SVM) and proved that SVM are MLP are the best.
Again Behaviour of nodes using new classifiers based on
genetic programming is compared with SVM and found that
GP has low false alarm rate but detection rate is low. So, if an
attack is found in advance such as Flooding GP algorithms
work efficiently.
K. IDS based on acknowledgement:
According to Elhadi M .Shakshuki, Nat Kang, and Tarek
R.Sheltami (2013) [29] MANETS dynamic and limited
infrastructure leads to serious problems in critical situations.
To increase the security in MANETS EAACK technique is
implemented and three of the limitations of watch dog
technique are resolved and forging of acknowledgement
packet are also prevented.
EAACK uses acknowledgements in the IDS. It consists of
three major parts. First it uses end to end ACK scheme. If
acknowledgement is not received then it detects that
misbehaving nodes are present in the route and it switches
from ACK to S-ACK (secure acknowledgement). In S-ACK
malicious nodes are detected and misbehavior report is
generated. To confirm this misbehavior report again it
switches from
S- ACK to MRA which detects the
misbehaving nodes along with false misbehavior report. The
idea of using
Digital Signature for acknowledgement
enhances the security.
By extending the above work Basabba(2014)
[27]implemented an ACA3K IDS . Similar to TWO ACK it
works for three consecutive nodes and detects if any
collaborative misbehaving nodes are present in the route path.
85 | 9 0
International Journal of Conceptions on Computing and Information Technology
Vol. 3, Issue. 1, April’ 2015; ISSN: 2345 - 9808
III. RESEARCH GAPS FOUND
The Qian [3], a multi-path routing protocol with intrusion
detection, cannot run on other wireless protocols such AODV
and AOMDV. However, SAM can be modified and applied to
those protocols. SecAODV [28] consumes more energy
resources for security routing of messages with larger header
(control overhead). This needs to be addressed while
increasing throughput and response times. Friend assisted IDS
[12] can be improved further in order to explore the
performance of IDS framework in the real world with respect
to trust relationships. In the game-theoretic IDS [14] a node is
considered either trusted or untrusted. However, it can be
enhanced using a quantitative approach by giving rating to
nodes that behave genuinely. The rating can provide more
control and flexibility in IDS. FORM [15] can be enhanced
further in order to improve prediction accuracy. In [16] it is
explored that local knowledge is insufficient for accurate
detection of intrusions. Therefore, it is needed to get enhanced
by studying cross-layer approaches for continuous learning
and adaptation to handle new attacks.
Running HybrIDS [25] on distributed network test beds
can improve its usefulness. EAACK [29] is a very effective
IDS. However, it can be improved further in the areas like
adapting hybrid cryptographic techniques, eliminating predistribution of keys, and testing EAACK in real world
environments. SQTrust
uses persistent attack models.
However, it can be exposed to various other attack models
such as fuzzy failure criteria, insidious attacks, opportunistic,
and random models. Hassanzadeh et al. (2014) [30] proposed
an IDS which was both traffic and resource aware.
Experiments were made with Wireless Mesh Networks
(WMNs). RAPID is another IDS explored in [68] for traffic
aware intrusion detection. Basabba et al. (2014)[27]proposed
an A3ACKs IDS which works when nodes are under different
mobility.
Assumptions:
Even through powerful Intrusion detection systems are being
implemented and used still cannot provide security to manets
because of its openness features. The Intrusion Detection
systems are communicating with the nodes in the radio range
to detect the compromised or selfish nodes. Most of the
acknowledgement based Intrusion Detection systems [29] are
also communicating with the nodes by sending control packets
to detect the non legitimate nodes[27]. Other Intrusion
Detection systems are also communicating with the nodes in
the radio range to detect the compromised or selfish nodes. It
further increases the routing overhead. By considering all the
above factors it is assumed that Trust Based Intrusion Systems
are preferred. The trust values can be generated by using both
direct and indirect measurements and updated by using
moving average method. It is also predicted that we can
decrease the routing overhead and computational complexity
to some extent. In case of emergencies such as wars, disasters,
etc and if most of the nodes are compromised where the
secure communication plays a key role only the nodes with
high trust values
communication.
can
be
used
to
provide
secure
TABLE.1: SUMMARY OF INTRUSION DETECTION
SYSTEMS
Author
(s)
Year
Algorithm/Technique
Tao Song
[9]
2007
System Health and
Intrusion Monitoring
Razak et
al. [13]
2008
ADCLI and ADCLU
algorithms
Otrok et
al. [14]
2008
Game-theoretic IDS
H.Chris
Tseng and
B. Jack
Culpepper
[28]
Gisung
Kim,
Younggoo
Han and
Sehun
Kim
Protocol
Dynamic
Registration
and
Configuration
Protocol
Routing
protocol
independent
solution
Routing
protocols
Study
Remarks
Simulation
and
Empirical.
Simulation
Simulation
2005
Sequence Number
discontinuity and
Route add counters
Dynamic
Source
Routing
Protocol
Simulation
2010
Sink hole detection
algorithm
Dynamic
Routing
Protocol
Simulation
Collaborative
techniques
are used in
IDS
Energy
efficient
leader
election
Two
indicators of
sink hole are
proposed and
analysed.
Sinkhole
detection
time and rate
are
decreased.
IV. CONCLUSION AND FUTURE WORK
In this paper we studied MANETs and their security issues.
It throws light into the present state-of-the-art of the intrusion
detection systems that have been employed to safeguard
MANETs in the real world. We strongly felt that there is room
for further research as MANETs became popular and
ubiquitous. Towards this end, this paper focuses on reviewing
intrusion detection systems and finds the gaps in the research.
As security can never be built, we strive to investigate the
possibilities to improve the security of MANETs. This research
can be further extended to investigate hybrid security
mechanisms and more efficient trust based intrusion detection
models for providing fool proof security to MANETs.
REFERENCES
[1]
[2]
[3]
[4]
[5]
86 | 9 0
H. Chris Tseng and B. Jack Culpepper. (2005). Sinkhole intrusion in
mobile ad hoc networks: The problem and some detection
indicators.Computers & Security. ELSEVIER 24 (n.d), 561-570.
Gisung Kim∗,Younggoo Han,Sehun Kim.(2010). A cooperative
sinkhole detection method for mobile adhoc networks. Int. J. Electron.
Commun. ( AEU. 0 (0), p390-397.
Lijun Qiana,_, Ning Songa, Xiangfang Lib (2007) , Detection of
wormhole attacks in multi-path Routed wireless ad hoc networks: A
statistical Analysis approach Multipath routing . Journal of Network
And Computer Applications 30 (2007) 308–330.
Tao Song. (2007). Formal Reasoning about Intrusion Detection
Systems.Computer Science. . (n.d), p-1-206.
Stefan K. Stafrace and Nick Antonopoulos. (2010). Military tactics in
agent-based sinkhole attack detection for wireless ad hoc networks
,Computer Communications 33 (2010) 619–638 elsevier. 33 (n.d), p619–638.
International Journal of Conceptions on Computing and Information Technology
Vol. 3, Issue. 1, April’ 2015; ISSN: 2345 - 9808
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
Ming-Yang Su ⇑. (2011). Prevention of selective black hole attacks on
mobile ad hoc networks through intrusion detection systems. Elsevier.
Computer Communications 34 (2011) 107–117
Hyunwoo Kima,∗, Dongwoo Kimb, Sehun Kimc. (2006). Lifetimeenhancing selection of monitoring nodes for intrusion detection in
mobile ad hoc networks. Elsevier. Int. J. Electron. Commun. (AEÜ) 60
(2006) p248-250.
Hadi Otrok , Noman Mohammed, Lingyu Wang, Mourad Debbabi and
Prabir Bhattacharya. (2008). A game-theoretic intrusion detection model
for mobile ad hoc networks. Elsevier . Computer Communications– 31
(n.d), p-708–721.
Bo-Chao Cheng a,*, Ryh-Yuh Tseng b. (2011). A Context Adaptive
Intrusion Detection System for MANET. Elsevier . 0 (0), p310-318.
Wei Wang a,b, Huiran Wanga, Beizhan Wangc,⇑, Yaping Wangd,
Jiajun Wangc. (2013). Energy-aware and self-adaptive anomaly
detection scheme based on network tomography in mobile ad hoc
networks. Elsevier. 0 (0), p580-602.
Chandrasekar Ramachandran , Sudip Misra and Mohammad S. Obaidat.
(2008). FORK: A novel two-pronged strategy for an agent-based
intrusion detection scheme in ad-hoc networks. elsevier. 31 (n.d), p3855–3869.
Nikos Komninos a,*, Christos Douligeris. (2009). LIDF: Layered
intrusion detection framework for ad-hoc networks. elsevier. 7 (n.d), p171-182
Joa B.D. Cabrera , Carlos Gutie´rrez, Raman K. Mehra. (2008).
Ensemble methods for anomaly detection and distributed intrusion
detection in Mobile Ad-Hoc Networks. elsevier. 9 (n.d), p-96–119.
Hadi Otrok , Noman Mohammed, Lingyu Wang, Mourad Debbabi and
Prabir Bhattacharya. (2008). A game-theoretic intrusion detection model
for mobile ad hoc networks. elsevier. 31 (n.d), p-708–721.
MEI-LING SHYU, THIAGO QUIRINO, and ZONGXING XIE. (2007).
Network Intrusion Detection through Adaptive Sub-Eigenspace
Modeling in Multiagent Systems. ACMTransactions on Autonomous and
Adaptive Systems. 2 (n.d), p-1-37.
Harley Kozushko. (2013). Intrusion Detection: Host-Based and
Network-Based Intrusion Detection Systems. Independent Study. 11
(n.d), p-1-23
A. Patwardhan , J. Parker , M. Iorga , A. Joshi , T. Karygiannis and Y.
Yesha. (2008). Threshold-based intrusion detection in ad hoc networks
and secure AODV. elsevier. 6 (n.d), p-578–599.
S.A. Razak , S.M. Furnell , N.L. Clarke and P.J. Brooke. (2008). Friendassisted intrusion detection and response mechanisms for mobile ad hoc
networks. elsevier. 6 (n.d), p-1151–1167.
Jin-Hee Cho a,n, Ananthram Swami a, Ing-Ray Chen b,1. (2012).
Modeling and analysis of trust management with trust chain
optimization in mobile ad hoc networks. Elsevier. 0 (0), p1001-1012.
[20] Hui Xia , Zhiping Jia , Xin , Lei Ju , Edwin H.-M. Sha. (2013). Trust
prediction and trust-based source routing in mobile ad hoc
networks.elsevier. 11 (n.d), p-2096-2114.
[21] Ing-Ray Chen a,⇑, Jia Guo a, Fenye Bao a, Jin-Hee Cho b. (2014). Trust
management in mobile ad hoc networks for bias minimization and
application performance maximization. Elsevier. 0 (0), p59-74.
[22] John Felix Charles Joseph , Amitabha Das , Boon-Chong Seet and BuSung Lee . (2008). Opening the Pandora’s Box: Exploring the
fundamental limitations of designing intrusion detection for MANET
routing attacks. elsevier. 31 (n.d), p-3178–3189.
[23] Sevil Sen and John A. Clark. (2011). Evolutionary computation
techniques for intrusion detection in mobile ad hoc networks. elsevier.
55 (n.d), p-3441–3457
[24] Shahaboddin Shamshirband , NorBadrulAnuar , MissLaihaMatKiah and
AhmedPatel.
(2013).
Anappraisalanddesignofamultiagentsystembasedcooperative
wirelessintrusiondetectioncomputationalintelligencetechnique. elsevier.
26 (n.d), p-2105-2127
[25] Christos Xenakis ,Christoforos Panos and Ioannis Stavrakakis . (2013).
A comparative evaluation of intrusion detection architectures for mobile
ad hoc networks. elsevier. 30 (n.d), p-63-80
[26] Sergio Pastrana a,⇑, Aikaterini Mitrokotsa b, Agustin Orfila a, Pedro
Peris-Lopez a (July 2012) Evaluation of classification algorithms for
intrusion detection in MANETs. , Knowledge-Based Systems 36 (2012)
217–225
[27] Abdulsalam Basabaa, Tarek Sheltami, and Elhadi Shakshuki (2014).
Implementation of A3ACKs Intrusion Detection System under various
mobility speeds
[28] H. Chris Tseng a,*, B. Jack Culpepper b. (2005). Sinkhole intrusion in
mobile ad hoc networks: The problem and some detection indicators.
Elsevier. 0 (0), p561-570
[29] Elhadi M. Shakshuki, Nan Kang, and Tarek R. Sheltami. (2013).
EAACK—A Secure Intrusion-Detection System for MANETs. IEEE. 60
(3), p1089-1099.
[30] Amin Hassanzadeh, Ala Altaweel, Radu Stoleru. (2014). Traffic-andresource-aware intrusion detection in wireless mesh networks. elsevier.
21 (.), p-18-41.
[31] Nikos Komninos a,*, Dimitrios D. Vergadosa, Christos Douligeris.
(2007 ) Authentication in a layered security approach for mobile ad
hoc
networks , computers & s e c u rity 2 6 ( 2 0 0 7 ) 3 7 3 – 3 8 0
[32] Nikos Komninos a,*,
Christos Douligeris. (2007). Detecting
unauthorized and compromised nodes in mobile ad hoc
networks elsevier. Ad Hoc Networks 5 (2007) 289–2987
87 | 9 0