ADAPTIVE ORDERED WEIGHTED AVERAGING FOR ANOMALY DETECTION IN CLUSTER-BASED MOBILE AD HOC NETWORKS

In this paper, an anomaly detection method in cluster-based mobile ad hoc networks with ad hoc on demand distance vector (AODV) routing protocol is proposed. In the method, the required features for describing the normal behavior of AODV are defined via step by step analysis of AODV and independent of any attack. In order to learn the normal behavior of AODV, a fuzzy averaging method is used for combining one-class support vector machine (OCSVM), mixture of Gaussians (MoG), and self-organizing maps (SOM) one-class classifiers and the combined model is utilized to partially detect the attacks in cluster members. The votes of cluster members are periodically transmitted to the cluster head and final decision on attack detection is carried out in the cluster head. In the proposed method, an adaptive ordered weighted averaging (OWA) operator is used for aggregating the votes of cluster members in the cluster head. Since the network topology, traffic, and environmental conditions of a MANET as well as the number of nodes in each cluster dynamically change, the mere use of a fixed quantifier-based weight generation approach for OWA operator is not efficient. We propose a condition-based weight generation method for OWA operator in which the number of cluster members that participate in decision making may be varying in time and OWA weights are calculated periodically and dynamically based on the conditions of the network. Simulation results demonstrate the effectiveness of the proposed method in detecting rushing, RouteError fabrication, and wormhole attacks.