A Novel Framework of Dynamic Learning Based Intrusion Detection Approach in MANET

With the growth of security and surveillance system, a huge amount of audit or network data is being generated. It is immense challenge for researcher to protect the mobile ad hoc network from the malicious node as topology of the network dynamically changes. A malicious node can easily inject false routes into the network. A traditional method to detect such malicious nodes is to establish a base profile of normal network behavior and then identify a node´s behavior to be anomalous if it deviates from the established profile. As the topology of a MANET constantly changes over time, the simple use of a static base profile is not efficient. In this paper, a novel framework is proposed to detect the malicious node in MANET. In proposed method k-means clustering-based anomaly detection approach is used in which the profile is dynamically updated. The approach consists of three main phases: training, testing and updating. In training phase, the K-means clustering algorithm is used in order to establish a normal profile. In testing phase, check whether the current traffic of the node is normal or anomalous. If it is normal then update the normal profile otherwise isolate the malicious node and ignore that node from the network. To update the normal profile periodically, weighted coefficients and a forgetting equation is used.