Anomaly detection in mobile ad hoc network (MANET) is a relatively new area of research. The lack of fixed infrastructure, limited resources, and dynamic topology present numerous problems in MANET security. Recently, several machine learning and data mining techniques have been proposed for anomaly detection in MANETs. In addition, researchers continue to examine new unsupervised detection techniques. As the number of unsupervised learning techniques grows, there is a lack of evidence to support the use of one technique over another.
This dissertation research conducted a set of experiments to evaluate the effectiveness of different unsupervised learning techniques for anomaly detection in MANETs, more specifically, the K-means, the C-means, the Fixed-width clustering, the Principal Component Analysis, and the One-class Support Vector Machine. While the main goal of the research was to compare performance of the unsupervised learning techniques, this dissertation research also investigated: i) tradeoffs between competing factors such as high detection performance and limited resource utilization, ii) the impact of normal profile selection models on anomaly detection, iii) the influence of the link change rate as the weighting function on the unsupervised learning algorithms and iv) the influence of decision thresholds on the detection techniques.
The results of this dissertation research showed that both K-means and C-means delivered the best performance when using different normal profile models. The results indicated that direct application of clustering techniques provided a worse average performance than that of trained clusters. This dissertation research found that a small value for the time slot was preferred for all techniques. Moreover, a short training interval was also preferred. These preferences appeared to provide better performance while minimizing resource usage (e.g. execution time, CPU, and memory usages). Additionally, the method of using only the initial training data set was found to provide a comparable performance to that of random, recent, and adaptive normal profile models, but required the least resource usage. Finally, the study found that the application of link change rate as the weighting function to adjust the importance of the time slot had no influence on all techniques. Choosing appropriate parameter and decision thresholds for each detection algorithm had a significant influence on maximizing the performance results.
| Identifer | oai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1127 |
| Date | 01 January 2014 |
| Creators | Dang, Binh Hy |
| Publisher | NSUWorks |
| Source Sets | Nova Southeastern University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | CEC Theses and Dissertations |
Page generated in 0.0022 seconds