42 Ubiquitous Computing and Communication Journal Volume 2 Number 3 Page www.ubicc.org A SURVEY ON ANOMALY DETECTION METHODS FOR AD HOC NETWORKS Marianne A. Azer National Telecommunication Institute, Cairo, Egypt marazer@nti.sci.eg Sherif M. El-Kassas American University in Cairo, Cairo, Egypt sherif@aucegypt.edu Magdy S. El-Soudani Cairo University, Faculty of Engineering, Cairo, Egypt mesloudani@menanet.net ABSTRACT Mobile ad hoc networks have recently been the topic of extensive research. The interest in such networks stems from their ability to provide temporary and instant wireless networking solutions in situations where cellular infrastructures are lacking and are expensive or infeasible to deploy. Despite their desirable characteristics, vital problems concerning their security must be solved in order to realize their full potential. Various security controls, such as the use of encryption and authentication techniques, have been proposed to help reduce the risks of intrusion. However since such risks cannot be completely eliminated there is a strong need for intrusion detection systems for ad hoc network security. Among intrusion detection techniques anomaly detection may prove to be more economic from the resources point of view, which is more suitable for the resource constrained ad hoc networks. Therefore, in this paper we present a survey on anomaly detection in ad hoc networks. In order to distinguish between the different approaches used for anomaly detection in ad hoc networks in a structured way, we have classified those methods into three categories: classifier based anomaly detection, finite state machine anomaly detection and the game approach anomaly detection. We describe each method in details and give examples for its applications in ad hoc networks. Keywords: Ad hoc networks, anomaly detection, intrusion detection, security. 1 INTRODUCTION A wireless ad-hoc network consists of a collection of autonomous peer mobile nodes forming a temporary or permanent network, that self- configure to form a network and have no pre- determined organization of available links. The broadcast nature of the radio channel introduces characteristics in ad hoc wireless networks that are not usually present in their wired counterparts. In particular, a radio channel allows a node to transmit a signal directly to any other node. Mobile ad hoc networks are generally characterized by the lack of infrastructure, dynamic network topology, distributed operation, bandwidth constraints, variable capacity links, use of low power devices, limited CPU and memory, limited physical security, and complexity of design of network protocols. However, ad hoc wireless networks are highly appealing for many reasons. Due to their inherently distributed nature, they are more robust than their cellular counterparts against single-point failures, and have the flexibility to reroute around congested nodes. Furthermore, mobile ad hoc networks can conserve battery energy by delivering a packet over a multihop path that consists of short hop by hop links. They can be rapidly deployed and reconfigured. Hence, they can be tailored to specific applications. Wireless ad-hoc networks are used in situations where a network must be deployed rapidly, without an existing infrastructure. The set of applications for mobile ad hoc networks is diverse, ranging from small, static networks that are constrained by power sources, to large-scale, mobile, highly dynamic networks. Until recently, these networks have mainly been associated with military applications. However, with the availability of wireless technologies such as Bluetooth and the IEEE 802.11 WLAN, and the development of next generation networks, civilian applications, such as