Abstract:
An intrusion detection system plays an important role to ensure security in a mobile ad-hoc
network (MANET). MANET does not have central administration that controls all nodes
within the network. Due to the inherent characteristics of MANET, it suffers from various
attacks such as packet dropping, denial of service, impersonation, and man-of-the middle, and
other attacks. To protect MANET against such attacks, many researchers have proposed
prevention, detection, and mitigation techniques. Since prevention techniques do not protect
internal attacks, an intrusion detection system is preferred to detect both internal and external
attacks. Previously, other scholars proposed several intrusion detection systems to classify as
normal and abnormal activities. The existing traditional intrusion detection systems only
consider data collection from individual layers. In addition, their performance is affected by
the generated data size and the number of malicious nodes. Hence, the traditional intrusion
detection systems may not be suitable for MANET environments. This research mainly focuses
on the detection of packet-dropping attacks and normal behavior. The NS-3 simulator has been
utilized for the generation of normal and the two packet-dropping attacks data including blackhole
and worm-hole within MANET networks for 100 nodes. So, a dataset of 529,876 data
point values with 42 features have been generated. A cross-layer-based anomaly detection
system using deep learning algorithms is proposed. All experiments are performed on a Keras
with 355,016 (67%) samples for training and 174,860 (33%) samples for testing. The extreme
gradient boosting tree (Xgboost) and categorical boosting tree (Catboost) feature importance
score with the threshold is used for feature selection. The proposed system was implemented
using well-known classification techniques such as recurrent neural network (RNN), long
short-term memory (LSTM), and gated recurrent unit (GRU). The performance of the
algorithms was evaluated using classification metrics such as accuracy, confusion matrix,
precision, recall, and f1-score and they have shown good performance. The experimental
results showed that the proposed system using 35 optimal features gives 96.51%, 96.47%,
96.40 %, 96.17%, and 93.76% accuracy using LSTM, GRU, RNN, support vector machine
(SVM), and random forest (RF) classifiers respectively. Moreover, the false alarm rates of
LSTM, GRU, RNN, SVM and RF are 2.10%, 2.19%, 2.24%, 2.46%, and 3.71% respectively.