Int. J. Space-Based and Situated Computing, Vol. X, No. Y, 200x 1 Copyright © 20XX Inderscience Enterprises Ltd. An effective attack detection approach in wireless mesh networks Felipe Barbosa Abreu, Anderson Morais and Ana Cavalli Télécom SudParis, 9 Rue Charles Fourier, 91000 Evry, France Email: felipe_barbosah@hotmail.com Email: anderson.morais@telecom-sudparis.eu Email: ana.cavalli@telecom-sudparis.eu Bachar Wehbi, Edgardo Montes de Oca and Wissam Mallouli* Montimage, 39 rue Bobillot, 75013 Paris, France Email: bachar.wehbi@montimage.com Email: edgardo.montesdeoca@montimage.com Email: wissam.mallouli@montimage.com *Corresponding author Abstract: Wireless mesh network (WMN) is a recent technology that is gaining significant importance among traditional wireless networks. It is considered a suitable solution for providing internet access in an inexpensive, convenient, and rapid manner. Nonetheless, WMNs are exposed to various types of security threats due to their intrinsic characteristics such as open broadcast medium and decentralised architecture. For instance, a compromised node can generate malicious traffic in order to disrupt the network routing service, putting the entire mesh network at risk. In this paper, we provide an efficient method for detecting active attacks against the routing functionality of a mesh network. The approach relies on the analysis of the protocol routing behaviour by processing the traces produced by each node using the Montimage Monitoring Tool (MMT), which outputs routing events that are correlated between nodes to detect potential intrusions. We demonstrate the approach feasibility by using a virtualised mesh network platform that consists of virtual nodes executing ‘better approach to mobile ad hoc network’ (BATMAN) routing protocol. The experimental results show that the proposed method accurately identifies malicious routing traffic diffused by an attacker through the network. Keywords: wireless mesh network; WMN; routing attack; attack detection; network trace. Reference to this paper should be made as follows: Abreu, F.B., Morais, A., Cavalli, A., Wehbi, B., Montes de Oca, E. and Mallouli, W. (xxxx) ‘An effective attack detection approach in wireless mesh networks’, Int. J. Space-Based and Situated Computing, Vol. X, No. Y, pp.xxx–xxx. Biographical notes: Felipe Barbosa Abreu received his Master’s degree from the University of Ceara, Brazil in 2013. He spent a training period of one year at Telecom SudParis in 2012 in the framework of the Brafitec programme. His research interest are intrusion detection, mesh network, protocol testing and fault injection. Anderson Morais received his Master’s in Computer Science from the Institute of Computing of UNICAMP (University of Campinas) in Sao Paulo, Brazil and his BSc in Computing Engineering at UNICAMP. He worked as a Software Engineer specialising in development of mobile embedded software, mobile protocols and hardware simulation for mobile devices. His main research interests are intrusion detection, mesh networks, security testing, protocol testing, fault injection and mobile services. He received his PhD in Computer Science from Telecom SudParis in 2012. Ana Cavalli obtained her Doctorat d’Etat es Mathematics Science and Informatics from the University of Paris VII, in 1984. She is currently a Full Professor at Telecom Sudparis (ex Institut National des Telecommunications) since 1990. She is the Director of the Software for