2015 3 rd International Conference on Signal Processing, Communication and Networking (ICSCN) A Comprehensive Performance Analysis of Zone Based Intrusion Detection System in Mobile Ad hoc Networks Nisha Soms 1 , R.Saji Priya 3 , A.Sukkiriya Banu 4 Dr.P.Malathi 2 1 Research Scholar, 3,4 PG Scholar 2 Principal Sri Ramakrishna Institute of Technology Bharathiyar Institute of Engineering for Women Coimbatore, India. Salem, India. 1 nishasoms@gmail.com , 3 sajipriyame@gmail.com , 2 pmalathi2004@yahoo.co.in 4 banusukria@gmail.com Abstract—Wireless networking is currently the medium of choice for several applications. Mobile ad hoc networks (MANETs) are networks that combine wireless communication with a high degree of node mobility. Hence they are vulnerable and are subjected to new security risks. Intrusion Detection Systems (IDS) are an important area of research which acts as a second line of defense against unauthorized activities in networks. The effectiveness of IDS is measured by the response it generates specific to the type of intrusion detected. In this paper, we have proposed and simulated an enhanced detection mechanism in a Zone based Intrusion Detection System (ZBIDS). An extensive simulation is carried out to study the performance of ZBIDS under various routing attacks like blackhole, greyhole, wormhole and impersonation. The simulation results are based on the proposed architecture and shows that the enhanced ZBIDS has achieved desirable performance to meet the security requirement of MANETs. Keywords—Zone based intrusion detection system, blackhole attack, grayhole attack, wormhole attack, impersonation. I. INTRODUCTION An ad hoc network is a local area network that is built spontaneously as devices connect. These networks lack a fixed support infrastructure. In other words, ad hoc networks do not rely on a base station to coordinate the flow of messages to each node in the network. Instead the individual nodes in the network forward the packets to and fro. The frequent changes in the topology due to its mobility nature require the use of specialized protocols and strategies for routing, transport and security. The nature of mobility creates new vulnerabilities due to open medium, dynamically changing communication patterns, cooperative algorithms, lack of centralized monitoring and management points [21]. In other words, MANETs do not have a transparent line of defense; attacks can come from all directions [3]. Hence many of the proven security measures like firewall mechanism and encryption/decryption measures is no longer sufficient [3]. This flexibility in time and space induces new challenge towards the protection of security infrastructure. Therefore an extra layer of defense against actions that attempt to compromise the integrity, confidentiality or availability of a resource is done. Such system that analyzes information collected from the neighboring nodes and determining whether an attack has occurred or not is known as an Intrusion Detection System (IDS). Various researches about Intrusion Detection System (IDS) have been carried out from the 1990s. IDS can be broadly classified into passive and reactive based on its response. A passive IDS alerts the neighboring nodes in network as and when the attack occurs. On the other hand, a reactive IDS not only alerts the neighboring nodes but also takes corrective measures to stop the attack. Reactive IDS are also known as Intrusion Detection and Prevention Systems (IDPS). Depending on the detection techniques used, IDS can be classified into three main classes as follows[1]: (1) signature or misuse based IDS, (2) anomaly based IDS and (3) specification based IDS, that could be a hybrid of the signature and the anomaly based IDS. The signature based IDS uses signatures of known attacks to detect intrusion. The anomaly based IDS detects intrusion by measuring the deviation of normal traffic conditions to becoming abnormal traffic. Each of these IDSs has its pros and cons. The drawbacks of signature based IDS is overcome by the anomaly based IDS, meaning, the former cannot detect unknown attacks [2] whereas the latter can detect the new unknown attacks which are occurring at a faster pace in the current scenario of growing networks. On the other hand, the signature based IDS excels in its performance based on the fact that it exhibits a considerable reduction in false positive rates when compared to the anomaly based IDS which is known for producing high rates of false positive alarms[2]. Hence the specification based IDS combines the good features of the two, i.e. it is capable of detecting unknown attacks with reduced false positive rates [4]. But the implementation of Specification based IDS is tedious as and when compared with the two types of IDSs. Hence research focuses upon any one of the IDS technique for the sake of easier simulation and/or implementation 978-1-4673-6823-0/15/$31.00©2015 IEEE