Skip to main content
SpringerLink
Log in

A Novel Intrusion Detection System Based on Trust Evaluation to Defend Against DDoS Attack in MANET

  • Research Article - Computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

With the increasing demand of data communication in Internet and electronic commerce environments, security of the data is the prime concern. Large-scale collaborative wireless mobile ad hoc networks may face attacks and damages due to harsh behavior of the malicious nodes. To protect the systems from the intrusion of the attackers, security of the system has to be improvised. In researches involving the designing of the intrusion detection system (IDS), performance efficiency of the system is bound to be compromised. For an effective data communication process in the secured system, there is a need for better IDS without reducing the performance metrics. Intrusion detection is the progression of monitoring node movements and data transmission events that occur in a system for possible intrusions. Distributed denial of service (DDOS) attacks are the primary threat for security in the collaborative wireless Mobile Ad hoc networks. The attacks due to DDOS are much severe when compared to the non DDOS attacks. So proper preventive measures are necessary to detect and revoke such attacks. Our proposed approach involves trust-based evaluation wherein the intrusion detection is done using secured trust evaluation policies. In this paper, a novel IDS is designed using the trust evaluation metrics. This is used for the detection of the flooding DDOS attacks in the networked architecture. The proposed system combines the existing Firecol-based security procedures with Dynamic Growing Self-Organizing Tree Algorithm in the trust evaluation-based environment. Simulation results show that the Trust-based IDS is found to be better in terms of Security metrics viz. Detection probability and Performance metrics viz. Packet Data Ratio, Average Delay, Throughput and Energy Consumption.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Milliken, J.; Selis, V.; Yap, K.M.; Marshall, A.: Impact of metric selection on wireless DeAuthentication DoS attack performance. IEEE Wirel. Commun. Lett. 2(5), 571–574 (2013)

  2. Chung, C.-J.; Khatkar, P.; Xing, T.; Lee, J.; Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)

  3. François, J.; Aib, I.; Boutaba, R.: FireCol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)

  4. Kompella, R.R.; Singh, S.; Varghese, G.: On scalable attack detection in the network. IEEE/ACM Trans. Netw. 15(1), 1034–1036 (2007)

  5. Mzrak, A.T.; Cheng, Y.-C.; Marzullo, K.; Savage, S.: Detecting and isolating malicious routers. IEEE Trans. Dependable Secure Comput. 3(3), 230–244 (2006)

  6. Tartakovsky, A.G.; Rozovskii, B.L.; Bla-zek, R.B.; Kim, H.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. Signal Process. 54(9), 3372–3382 (2006)

  7. Eric, Y.K.; Chan, H.W.; Chan, K.M.; Chan, P.S.; Chan, S.T.; Chanson, M.H.; Cheung, C.F.; Chong, K.P.; Chow, A.K.T.; Hui, L.C.K.; Hui, S.K.; Ip, C.K.; Lam, W.C.; Lau, K.H.; Pun, Y.F.; Tsang, W.W.; Tsang, C.W.; Tso, D.Y.; Yeung, S.M.; Yiu, K.Y.; Yu, W.J.: Intrusion detection routers: design, implementation and evaluation using an experimental testbed. IEEE J. Sel. Areas Commun. 24(10), 1889 (2006)

  8. Collaborative Internet Worm Containment, Infrastructure Security”, PUBLISHED BY THE IEEE COMPUTER SOCIETY, 1540-7993/05/$20.00 © 2005 IEEE, IEEE SECURITY & PRIVACY

  9. Manikopoulos, C.; Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. Telecommunications network security. IEEE Commun. Mag. 40(10), 76–82 (2002)

  10. Aivaloglou E., Gritzalis S.: Hybrid trust and reputation management for sensor networks. Wirel. Netw. 16(5), 1493–1510 (2010)

    Article  Google Scholar 

  11. Poongodi, M.; Bose, S.: Design of Intrusion Detection and Prevention System (IDPS) using DGSOTFC in collaborative protection networks. In: Advanced Computing (ICoAC), 2013 Fifth International Conference on IEEE, 2013.

  12. Poongodi, M.; Bose, S.; Ganesh kumar, N.: The effective intrusion detection system using optimal feature selection algorithm. Int. J. Enterp. Netw. Manag. Forth Coming issue. http://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijenm (2015)

  13. Poongodi M., Bose S.: The COLLID based intrusion detection system for detection against DDOS attacks using trust evaluation. Adv. Nat. Appl. Sci. 9(6), 574–580 (2015)

    Google Scholar 

  14. Tartakovsky, A.G.; Polunchenko, A.S.; Sokolov, G.: Efficient computer network anomaly detection by changepoint detection methods. IEEE J. Sel. Top. Signal Process. 7(1), 4–11 (2013)

  15. Zargar, S.T.; Joshi, J.; Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)

  16. Luo F., Khan L., Bastani F., Yen I.-L., Zhou J.: A dynamically growing self-organizing tree (DGSOT) for hierarchical clustering gene expression profiles. Bioinformatics 20, 2605–2617 (2004)

    Article  Google Scholar 

  17. Dopazo J., Carazo J.: Phylogenetic reconstruction using an unsupervised growing neural network that adopts the topology of a phylogenetic tree. J. Mol. Evol. 44, 226–233 (1997)

    Article  Google Scholar 

  18. Heylighen, F.: The science of self-organization and adaptivity. In: Kiel, L.D. (ed.) Knowledge Management, Organizational Intelligence and Learning, and Complexity. In: The Encyclopedia of Life Support Systems (EOLSS). Eolss Publishers, Oxford. http://www.eolss.net (2001)

  19. Heylighen, F. : Complexity and self-organization. In: Bates, M.J.; Maack, M.N. Encyclopedia of Library and Information Sciences, CRC Press, Boca Raton (2009)

  20. Oswaldo Aguirre, M.S.; Taboada, H.: A clustering method based on dynamic self organizing trees for post-pareto optimality analysis. Sciverse Science Direct, Procedia Computer Science 6 (2011) 195–200, Conference Organized by Missouri University of Science and Technology 2011- Chicago, IL

  21. Li, X.; Zhou, F.; Du, J.: LDTS: a lightweight and dependable trust system for clustered wireless sensor networks. In: IEEE Transactions on Information Forensics and Security, pp. 451–551 (2013)

  22. Bao F., Chen I.-R., Chang M.J., Cho J.-H.: Hierarchical trust management for wireless sensor networks and its applications to trust-based routing and intrusion detection. IEEE Trans. Netw. Serv. Manag. 9(2), 169–183 (2012)

    Article  Google Scholar 

  23. Fultz, N.; Grossklags, J.; Blue versus red, towards a model of distributed security attacks, in financial cryptography and data security. In: Dingledine, R.; Golle, P. (eds.) Lecture Notes in Computer Science, vol. 5628, pp. 167–183. Springer, Berlin (2009)

  24. Liu P., Zang W., Yu M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur. 8(1), 78–118 (2005)

    Article  Google Scholar 

  25. Criscuolo, P.J.: Distributed denial of service, tribe flood network 2000, and stacheldraht CIAC-2319, Department of Energy Computer Incident Advisory Capability (CIAC), UCRL-ID-136939, Rev. 1.,Lawrence Livermore National Laboratory, February 14, 2000

  26. Mirkovic J., Reiher P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  27. Peng, T.; Leckie, C.; Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39, 1, Article 3 (2007)

  28. RioRey, Inc. 2009-2012, RioRey Taxonomy of DDoS Attacks, RioReyTaxonomy Rev 2.3 2012 (2012). http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.eps

  29. Douligeris C., Mitrokotsa A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  30. Poongodi M., Bose S.: A firegroup mechanism to provide intrusion detection and prevention system against DDoS attack in collaborative clustered networks. Int. J. Inf. Secur. Priv. 8(2), 1–15 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Anna University, Chennai, India

    M. Poongodi & S. Bose

Authors
  1. M. Poongodi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Bose
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. Poongodi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Poongodi, M., Bose, S. A Novel Intrusion Detection System Based on Trust Evaluation to Defend Against DDoS Attack in MANET. Arab J Sci Eng 40, 3583–3594 (2015). https://doi.org/10.1007/s13369-015-1822-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-015-1822-7

Keywords

Search

Navigation