Anomaly-based detection for network traffic monitoring in a mobile ad hoc network (ANT-MAN)

A mobile ad hoc network (MANET) is an infrastructure-less network that have nodes which are dynamic in nature. MANET's are used in many applications such as military battlefields, sensor network and disaster area networks, which is the reason why a MANET should be able to function properly. How...

Full description

Saved in:
Bibliographic Details
Main Authors: Chua, Rafael Ignacio D., Cortez, Jessica L., Sy, Janelle Bianca L., Tirados, J-Jayke S. D.
Format: text
Language:English
Published: Animo Repository 2016
Subjects:
Online Access:https://animorepository.dlsu.edu.ph/etd_bachelors/6152
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: De La Salle University
Language: English
Description
Summary:A mobile ad hoc network (MANET) is an infrastructure-less network that have nodes which are dynamic in nature. MANET's are used in many applications such as military battlefields, sensor network and disaster area networks, which is the reason why a MANET should be able to function properly. However, there are attacks that can shorten the lifespan of the MANET. There are a few researchers that tackle anomaly-based intrusion detection systems. One of these researches used a feature selection method to reduce the list of features, and applied the principal component analysis technique. Nevertheless, a major disadvantage of these MANET researches is the significantly high rate of its negative and false positive occurrences. The accuracy of network traffic classification, whether it is malicious or non-malicious, is an important task to resolve in these researches. The proposed study aims to improve the network traffic classification of other known studies with the use of machine learning because of its advantage when it comes to handling large amounts of data. Since it does not have to be carried out manually, unlike other techniques, such as the threshold method which proposes a problem where the node is malicious but it does not exceed the threshold, therefore, the system would still consider it as non-malicious. Experiments show that the pruned and unpruned J48 decision tree has the best performance among the other machine learning algorithms. It also showed that future did not make any significant changes to the classification rate. However, the acquired results are considered as inconclusive because of the incorrect and improper features that have been used. The final set of features was not adequate enough to classify the traffic since there could have been additional features and normalization techniques that should have been used. In summary, although the research has gotten results, is still unresolved due to the reason that the dataset and specified list of features can still be improved on, and are not sufficient enough to gain concrete results.