BANBAD - A Centralized Belief-Networks-Based Anomaly Detection Algorithm for MANETs

We present an efficient anomaly detection algorithm, named BANBAD. Using belief networks (BNs), the algorithm identifies abnormal behavior, like inappropriate energy consumption, in mobile ad-hoc networks (MANETs). By applying structure learning techniques to training dataset, BANBAD extracts the dependencies among relevant features, such as average velocity, displacement, local computation and communication time, energy consumption, and response time, of a node of the network. A directed acyclic graph (DAG) is used to represent the features and their dependencies. Probability distributions and correlations among the features are associated with the nodes and edges of the DAG. Using a training process, BANBAD maintains dynamic, updated profiles of network node behaviors and uses specific Bayesian inference algorithm to distinguish abnormal behavior during testing. BANBAD works well in MANETs. Simulation results demonstrate that a centralized BANBAD achieves low false alarm rates, below 2%, and high detection rates, greater than 95%. The key to achieving such high performance is that the false alarm rate can be bounded by certain predefined threshold value based on our technique, and by fine tuning the threshold, we can achieve the high detection rate as well.