Next Article in Journal
The Spectrum Analysis Solution (SAS) System: Theoretical Analysis, Hardware Design and Implementation
Previous Article in Journal
Optical Method for Estimating the Chlorophyll Contents in Plant Leaves
Article Menu
Issue 2 (February) cover image

Export Article

Open AccessArticle

A Cross-Layer, Anomaly-Based IDS for WSN and MANET

Department of Electrical Engineering, University of South Florida, Tampa, FL 33620, USA
College of Computer & Information Sciences, King Saud University, P.O. Box 51178, Riyadh 11543, Saudi Arabia
Jet Propulsion Laboratory, Pasadena, CA 91109, USA
Author to whom correspondence should be addressed.
Sensors 2018, 18(2), 651;
Received: 30 October 2017 / Revised: 16 February 2018 / Accepted: 19 February 2018 / Published: 22 February 2018
(This article belongs to the Section Sensor Networks)
PDF [1905 KB, uploaded 22 February 2018]


Intrusion detection system (IDS) design for mobile adhoc networks (MANET) is a crucial component for maintaining the integrity of the network. The need for rapid deployment of IDS capability with minimal data availability for training and testing is an important requirement of such systems, especially for MANETs deployed in highly dynamic scenarios, such as battlefields. This work proposes a two-level detection scheme for detecting malicious nodes in MANETs. The first level deploys dedicated sniffers working in promiscuous mode. Each sniffer utilizes a decision-tree-based classifier that generates quantities which we refer to as correctly classified instances (CCIs) every reporting time. In the second level, the CCIs are sent to an algorithmically run supernode that calculates quantities, which we refer to as the accumulated measure of fluctuation (AMoF) of the received CCIs for each node under test (NUT). A key concept that is used in this work is that the variability of the smaller size population which represents the number of malicious nodes in the network is greater than the variance of the larger size population which represents the number of normal nodes in the network. A linear regression process is then performed in parallel with the calculation of the AMoF for fitting purposes and to set a proper threshold based on the slope of the fitted lines. As a result, the malicious nodes are efficiently and effectively separated from the normal nodes. The proposed scheme is tested for various node velocities and power levels and shows promising detection performance even at low-power levels. The results presented also apply to wireless sensor networks (WSN) and represent a novel IDS scheme for such networks. View Full-Text
Keywords: intrusion detection; MANET; WSN; decision trees; linear regression; accumulated measure of fluctuation (AMoF); finite sample size intrusion detection; MANET; WSN; decision trees; linear regression; accumulated measure of fluctuation (AMoF); finite sample size

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Amouri, A.; Morgera, S.D.; Bencherif, M.A.; Manthena, R. A Cross-Layer, Anomaly-Based IDS for WSN and MANET. Sensors 2018, 18, 651.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Related Articles

Article Metrics

Article Access Statistics



[Return to top]
Sensors EISSN 1424-8220 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top