See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/338027948

A deep learning methods for intrusion detection systems based machine

learning in MANET

Conference Paper · October 2019

DOI: 10.1145/3368756.3369021

CITATIONS READS
33 3,248

3 authors:

Safaa Laqtib Khalid El Yassini

Université Moulay Ismail Université Moulay Ismail
9 PUBLICATIONS 101 CITATIONS 82 PUBLICATIONS 348 CITATIONS

SEE PROFILE SEE PROFILE

Moulay Lahcen Hasnaoui

École Supérieure de Technologie, Meknes
50 PUBLICATIONS 404 CITATIONS

SEE PROFILE

All content following this page was uploaded by Khalid El Yassini on 25 May 2020.

The user has requested enhancement of the downloaded file.

A Deep Learning Methods for Intrusion Detection Systems
based Machine Learning in MANET

Safaa LAQTIB Khalid El YASSINI Moulay Lahcen HASNAOUI

Informatics and Applications Informatics and Applications Laboratory (IA), Research Team: ISIC ESTM, L2MI
Laboratory (IA), Department Department of Mathematics and Computer Laboratory, ENSAM, Moulay Ismail
of Mathematics and Computer Science, Science, Faculty of Sciences, Moulay Ismail University,
Faculty of Sciences, Moulay Ismail University, Meknes, Morocco Meknes, Morocco
University, Meknes, Morocco [email protected], [email protected]
[email protected]

ABSTRACT 1. INTRODUCTION
Deep learning is a subset of machine learning where algorithms are MANET stands for Mobile ad-hoc Network also called as wireless
created and function similar to those in machine learning, but there ad-hoc network or ad-hoc wireless network that usually has a
are numerous layers of these algorithms each providing a different routable networking environment on top of a Link Layer ad hoc
interpretation to the data it feeds on. Mobile Ad-Hoc Network network. They consist of set of mobile nodes connected wirelessly
(MANET) is picking up huge popularity due to their potential of in a self-configured, self-healing network without having a fixed
providing low-cost solutions to real-world communication infrastructure. MANET nodes are free to move randomly as the
problems. MANETs are more susceptible to the security attacks network topology changes frequently. Each node behaves as a
because of the properties such as node mobility, lack of centralized router as they forward traffic to other specified node in the
network.[1].
management and limited bandwidth. To tackle these security
Limited-range wireless communication and elevated node mobility
issues, traditional cryptography schemes can-not completely
mean that nodes need to collaborate with each other in order to
safeguard MANETs in terms of novel threats and vulnerabilities, provide vital networking, with the underlying network changing
thus by applying deep learning methods in IDS are capable of dynamically to guarantee that demands are continuously met. The
adapting the dynamic environments of MANETs and enables the dynamic nature of the protocols that allow the operation of
system to make decisions on intrusion while continuing to learn MANET implies that they are easily suited for deployment in
about their mobile environment. IDS represent the second line of extreme or volatile circumstances [2]. MANETs have become a
defense against malevolent behavior to MANETs since they very popular research topic and have been suggested for use in
monitor network activities in order to detect any malicious attempt many fields such as rescue activities, tactical activities,
performed by Intruders. Recently, more and more researchers environmental monitoring, meetings, etc. [3][4].
applied deep neural networks (DNNs) to solve intrusion detection For the above reasons, it is very important to deploy an intrusion
problems. Convolutional Neural Network (CNN) and Recurrent detection system. as a second line of defense in MANET. Intrusion
Neural Network (RNN), the two main types of DNN architectures, detection systems (IDS) are a mechanism for monitoring and
are widely explored to enhance the performance of intrusion investigating events occurring in a computer system. An IDS
detection system. In this paper, we present the most well-known incorporates methods for modeling and discovering abnormal
deep learning models CNN, Inception-CNN, Bi-LSTM and GRU behaviors and complex techniques. They try to determine whether
and we made a systematic comparison of CNN and RNN on the or not the network is going through any malicious activity. This is
deep learning-based intrusion detection systems, aiming to give typically accomplished by gathering data automatically from a
basic guidance for DNN selection in MANET variety of systems and network sources and then analyzing the
information for potential security issues [5].
Keywords Traditional techniques of intrusion detection and prevention, such
MANET, Attack, Deep learning, intrusion detection system IDS, as firewalls, access control mechanisms, and encryption, have
several limitations in fully protecting networks and systems from
CNN, inception CNN, Bi-LSTM, GRU
increasingly sophisticated attacks such as service denial. Moreover,
most systems based on such techniques are suffering from high
Permission to make digital or hard copies of all or part of this work for false positive and false negative detection rates and absence of
personal or classroom use is granted without fee provided that copies are not constant adaptation to altering malicious behavior. Deep learning
made or distributed for profit or commercial advantage and that copies bear therefore helps to easily perform data summary and visualization
this notice and the full citation on the first page. Copyrights for components
readily, with the objective of making it easy for safety experts to
of this work owned by others than ACM must be honored. Abstracting with
credit is permitted. To copy otherwise, or republish, to post on servers or to recognize system weaknesses and faults, Several Deep Learning
redistribute to lists, requires prior specific permission and/or a fee. Request (DL) methods have been introduced to the issue of intrusion
permissions from [email protected]. detection to enhance detection rates and adaptability [6].
SCA2019, October 2–4, 2019, CASABLANCA, Morocco The remainder of this paper is organized as follows. First, Section
© 2019 Association for Computing Machinery.
ACM ISBN 978-1-4503-6289-4/19/10…$15.00
is dedicated to discuss Security attacks in MANET. Then, Section
https://doi.org/10.1145/3368756.3369021
3 describes the Intrusion detection system (IDS) Types. Section 4 specifications. It is implemented as a successful option combining
provides a brief survey of Intrusion detection system (IDS) In the strengths of a misuse-based detection techniques to detect
MANET. The notion of deep learning then presented in Section 5. known and unknown attacks lower false positive rate [16][17].
In section 6 we present Comparative study of four deep learning
models-based intrusion detection system in Section 7 Experiment 4. Intrusion detection system (IDS) in
and Results, in section 8 we conclude by conclusion MANET
It is essential for wireless ad-hoc networks to defend against
2. Security attacks in MANET malicious behavior, to secure the routing of MANET, and to cope
MANET attacks can be approximately classified into two main with the limitations of cryptographic systems IDSs [18], which
categories, namely passive attacks and active attacks, depending on have been successfully used in Mobile ad hoc networks to detect
the means of attack. [7][8]. A passive attack gets data exchanged in attacks, can provide an appropriate second line of defense to
the network without interrupting the communication operation, identify malicious traffic and misbehaving nodes in wireless
whereas an active attack involves interruption of information, environments [19].
Modification or manufacturing, thus disrupting the MANET's
normal functionality [9]. The attacks can also be classified into two 4.1 Distributed and Cooperative Intrusion
categories according to the domain of the attacks, namely external Detection System
attacks, and internal attacks. External attacks are performed by In this architecture, each node has an IDS agent that locally detects
nodes that are not part of the network's domain. Internal attacks are intrusions and collaborates with neighboring nodes for global
from compromised nodes that are part of the network in fact. detection whenever there is indeterminate evidence and a broader
Internal attacks are more severe than external attacks [9]. search is required. When the intrusion is captured, either a local
2.1 Denial of Service Attacks (DoS) response (e.g. alerting the local user) or a global response may be
DoS attack is a sort of attack which the hacker makes a computer issued by an IDS agent. Each node is involved in the method and
or memory resource too busy or too full to serve legitimate response of intrusion detection as having an IDS agent running on
networking requests, thus denying users access to a device such as it. An IDS agent is responsible for detecting and collecting local
an apache, Smurf, Neptune, death ping, back, mail bomb, UDP information and data in order to identify any attack if an attack
storm, etc. are all DoS attacks [10]. occurs in the network, as well as taking an independent response
[20].
2.2 Remote to User Attacks (R2L)
A remote user attack is an attack in which a user sends packets over 4.2 Hierarchical Intrusion Detection System
the internet to a machine that he / she has no access to expose the Hierarchical IDS system Expand the distributed and cooperative
vulnerabilities of the devices and utilize the rights that a local user IDS system functions and have been implemented for multi-layer
would have on the computer, such as xlock, client, xnsnoop, phf, network infrastructures where the network is divided into various
send-mail dictionary, etc. [11]. small networks known as clusters [21]. Usually, each cluster head
has more functionality than other cluster members, such as
2.3 User to Root Attacks (U2R) transmitting data packets to other clusters. We can therefore say that
These attacks are exploitations in which the hacker begins with a these cluster heads work in some way as central point’s similar to
normal user account on the system and tries to abuse system wired network control devices such as routers, switches or gateways.
vulnerabilities to obtain super user privileges such as perl, xterm.. The multi-layering concept applies to intrusion detection systems
[12]. where there is a proposal for hierarchical IDS. Each IDS agent runs
2.4 Probing on a specific member node and is responsible for its node, i.e.
Probing is an attack in which the hacker scans a machine or monitoring and deciding on intrusions detected locally. A cluster
networking device to identify weaknesses or vulnerabilities that can head is responsible for their node locally as well as globally for their
be exploited later in order to compromise the system. Usually this cluster, such as monitoring network traffic and announcing a global
method is used in information mining such as saint, portsweep, response when detecting network intrusion.
mscan, nmap, etc. [13].
5. Deep learning-based intrusion detection
3. Intrusion detection system (IDS) Types system
Intrusion is any set of actions that try to compromise a resource's With the growing in-depth integration of the Web and social life, the
integrity, confidentiality, or availability and an intrusion detection Internet is changing how people learn and work, but it is also
system (IDS) is a scheme to detect such intrusions. three types of exposing us to ever more serious threats to security. How to
IDS in the detection techniques category [14], are as follows: recognize different network attacks, particularly unseen attacks, is a
Three methods of intrusion detection are used in the literature. The key issue that needs to be addressed urgently [22].
first method is detection of anomaly-based intrusion, which profiles Machine learning and deep learning are two subsets of artificial
the symptoms of the system's ordinary behaviors such as command intelligence which have garnered a lot of attention over the past two
frequency usage, program CPU usage and the like. It detects years, Deep learning outperforms the traditional machine learning
anomalies intrusions. The second method misuse-based intrusion as the scale of data increases (see Figure 1). In recent years, deep
detection compares known attack signatures with current system learning algorithms have become increasingly popular and have
activities. Because it is effective and has a low false positive rate, been applied for a diverse set of tasks, studies have shown that deep
business IDSs usually prefer it [15]. This approach's drawback is learning completely surpasses traditional methods.
that it is unable to identify new attacks. The system is only as deep neural network (DNN), is explored to develop a flexible and
powerful as its signature database, this needs frequent updating for effective IDS to detect and classify unforeseen and unpredictable
new attacks. Both anomaly-based methods and misuse-based attacks. The continuous change in network (MANET) behavior and
methods have their own strengths and weaknesses. Therefore, both rapid evolution of attacks makes it necessary to evaluate various
techniques are generally employed for effective intrusion detection. datasets which are generated over the years through static and
The last method is specification-based intrusion detection. In this dynamic approaches. This type of study facilitates to identify the
approach, a set of constraints on a program or a protocol are best algorithm which can effectively work in detecting future
specified and intrusions are detected as runtime violations of these attacks. [23].

2
 6.1 Basic convolutional Neural Network
(CNN)
The basic CNN consists of 3 parts: Convolution layer, Pooling
layer, Fully connected layer. If it is simple to describe:
The convolutional layer is responsible for extracting local features
in the image; the pooling layer is used to significantly reduce the
parameter magnitude (dimension reduction); the fully connected
layer is similar to the traditional neural network portion and is used
to output the desired result.[29].

Figure 1: Performance Comparison of Deep learning-based

algorithms Vs Traditional Algorithms
5.1 Convolutional neural network (CNN)
A convolutional neural network (CNN) is a type of artificial neural
network used in image recognition and processing that is
specifically designed to process pixel data. CNNs are powerful
image processing, artificial intelligence (AI) that use deep learning
to perform both generative and descriptive tasks, often using
machine vison that includes image and video recognition, along
with recommender systems and natural language processing (NLP)
[24].
5.2 Recurrent neural network (RNN) Figure. 2. The basic CNN.
A recurrent neural network (RNN) [25] is a class of artificial neural
networks where connections between nodes form a directed 6.2 Inception Architecture (CNN)
graph along a temporal sequence. This allows it to exhibit temporal To solve the problem of large number of parameters and
dynamic behavior. Unlike feedforward neural networks, RNNs can speed up the training of CNN, Szegedy et al. propose the
use their internal state (memory) to process sequences of inputs. inception architecture CNN, which was successfully
This makes them applicable to tasks such as unsegmented, applied in Google Net, inception CNN is a combination of
connected handwriting recognition or speech recognition [26]. all those layers (namely, 1×1 Convolutional layer, 3×3,
5.3 Recursive neural network 5×5) with their output filter banks concatenated into a
A recursive neural network is a kind of deep neural network created single output vector forming the input of the next stage.
by applying the same set of weights recursively over a structured The details of inception architecture CNN we used are shown in
input, to produce a structured prediction over variable-size input (see Figure 3) [30].
structures, or a scalar prediction on it, by traversing a given
structure in topological order. RNNs have been successful, for
instance, in learning sequence and tree structures in natural
language processing, mainly phrase and sentence continuous
representations based on word embedding. RNNs have first been
introduced to learn distributed representations of structure, such
as logical terms. Models and general frameworks have been
developed in further works since the 1990s [27].

6. Comparative study of four deep learning

models-based intrusion detection system
There are lots of popular variants of CNNs and RNNs. To solve Figure 3. The inception architecture CNN.
the hardness of training, the inception architecture CNN is
proposed and successfully applied in Google Net. To alleviate
6.3 Bi-Directional LSTM (BLSTM)
some limitations of the basic RNN, bi-Directional long short-term Bi-Directional RNN is also introduced to overcome the limitation
memory (BLSTM) and gated recurrent unit (GRU) are proposed of RNN. This architecture can be trained using all available input
using gating mechanisms. This section gives a brief introduction information in the past and future of a specific time frame (see
of the models we used in our experiments: basic CNN, the Figure 4). In other words, stacking two RNNs together in which
inception architecture CNN, BLSTM and GRU [28]. the input sequence is fed in normal time order for one network,
and in reverse time order for another as equation. The outputs of
the two networks are usually concatenated at each time-step Table 1. List of NSL-KDD Dataset Files and Their
[31]. Description
S.N
Name of the file Description
o.
The full NSL-KD train set in
1 KDDTrain+.ARFF ARFF format
The full NSL-KDD train set
including attack-type labels and
2 KDDTrain+.TXT
difficulty level in CSV Format
KDDTrain+_20Per A 20% subset of the
3
ce KDDTrain+.arff file
nt.ARFF
KDDTrain+_20Per A 20% subset of the
Figure 4. Bi-Directional LSTM Architecture. 4
ce KDDTrain+.txt file
6.4 Gated recurrent unit (GRU) nt.TXT
GRUs are another type of RNNs with memory cells. They are The full NSL-KDD test set with
similar to LSTM but with simpler cell architecture. GRU also has 5 KDDTest+.ARFF binary labels in ARFF format
gating mechanism to control the flow of information through cell The full NSL-KDD test
state but has fewer parameters and does not contain an output gate. KDDTest+.TXT setincluding attack-type labels
6
GRU is also a very popular variant. Details of GRU (see Figure 5) and difficulty level in CSV format
A subset of the
KDDTest-21.ARFF KDDTest+.arff file which
7
does not include records with
difficulty level of 21 out of 21
A subset of the KDDTest+.txt file
which does not include records
8 KDDTest-21.TXT
with difficulty level of 21 out of
21

Since the imbalance of detailed category in NSL-KDD dataset, it is

difficult to predict category using origin class label. In the
following experiment, according to their characteristics, class label
of records in the dataset are categorized into 5 main categories
(Normal, Dos, Probe, U2R and R2L).
Figure 5. GRU Architecture. There are 4 non-numeric attributes: protocol_type, service, flag and
class. For example, the feature protocol_type has three types of
7. Experiment and Results attributes: tcp, udp, and icmp, and its one-hot encoder values are
7.1 Data preprocessing binary vectors [1,0,0], [0,1,0] and [0,0,1]. Similarly, the feature
service has 70 types of attributes, the feature flag has 11 types of
The methodology discussed in this paper is applied on the entire attributes, and class have 5 types of attributes. In this way, 41-
NSL-KDD dataset. The NSL-KDD dataset was proposed to deal dimensional features are mapped into 122-dimensional features
with inherent problems of the KDD Cup 1999 dataset which after transformation, prediction target is mapped into 5 categories
contain too many redundant records. Although it is quite old and classification.
not a perfect representation of existing real networks, it is
continuously an index which is used to compare the IDS models
Table 2. Attacks in the NSL-KDD Dataset
in common.
7.2 Dataset Category Training Set Testing Set
The inherent drawbacks in the KDD cup 99 dataset has been apache2, back, land,
revealed by various statistical analyses has affected the detection DoS back, land, Neptune, mailbomb, Neptune, pod,
accuracy of many IDS modelled by researchers. NSL-KDD data pod, smurf, teardrop smurf, teardrop, worm
set is a refined version of its predecessor. processtable, udpstorm
It contains essential records of the complete KDD data set. NSL- Probe ipsweep, nma, ipsweep, mscan, nmap,
KDD dataset includes three sub-files and others listed in table 1: portsweep, satan portsweep, saint, satan
KDDTrain+, KDDTest+ and KDDTest–21. There are 125,973 spy, warezclient, ftpwrite, guesspasswd,
network traffic samples in the KDDTrain+ dataset, 22,554 ftpwrite, guesspasswd, httptunnel, imap, multihop,
network traffic samples in the KDDTest+ dataset and 11850 R2L imap, multihop, phf, named, phf, sendmail,
network traffic samples in the KDDTest–21 dataset. There are 41 warezmaster snmpgetattack, snmpguess,
features, 1 class label and 1 difficulty label for each traffic record. wxlock,
The features include basic features (No.1-No.10), content features warezmaster, xsnoop
(No.11 - No.22), and traffic features (No.23 - No.41). bufferoverflow, ps, bufferoverflow, ps, perl,
U2R loadmodule, rootkit loadmodule, sqlattack, xterm
Normal normal normal

4
 7.3 Evaluation metrics Table 6. DR of KDDTest+

For evaluation purposes, Precision (P), Recall (R), F-measure (F) Normal Dos Probe R2L U2R
and Accuracy (ACC) metrics are used. These metrics are
calculated by using four different measures, true positive (TP), CNN 90.895% 83.8765% 70.742% 20.765% 20.992%
true negative (TN), false positive (FP) and false negative (FN),:
Inc-
Accuracy: the percentage of the records number classified 88.468% 69.5483% 61.357% 18.579% 22.348%
CNN
correctly over total the records in Equation
Bi-
87.975% 71.576% 63.574% 29.110% 24.022%
LSTM

Accuracy = (1) GRU 77.463% 80.908% 55.9762% 35.893% 10.093%

Table 7. FPR of KDDTest+

Precision = (2)
Normal Dos Probe R2L U2R

Recall = (3) CNN 36.898% 26.621% 9.194% 3.246% 0.004%

True Positive Rate (TPR): also known as Detection Rate (DR), Inc-
is the percentage of the anomaly records number correctly flagged 28.584% 28.622% 6.061% 2.178% 0.063%
as anomaly over the total number of anomaly records in Equation CNN
Bi-
65.448% 24.659% 10.323% 7.810% 0.082%
DR = TPR = (4). LSTM

False Positive Rate (FPR): the percentage of the normal records GRU 50.508% 23.991% 8.714% 4.246% 0.044%
number wrongly flagged as anomaly is divided by the total number
of normal records in Equation [32](6).
Table 8. DR of KDDTest- 21
FPR = (5)
Normal Dos Probe R2L U2R
7.4 Results Analysis
CNN 97.7876% 80.298% 70.9776% 24.781% 8.9552%
Table 3. Accuracy for each model
Inc-
95.5762% 77.182% 67.2456% 16.323% 0.0819%
CNN Inc-CNN Bi-LSTM GRU CNN
KDDTest+ 85,99% 89,03% 84,33% 78,98% Bi-
82.4518% 67.584% 61.8651% 20.567% 0.0634%
LSTM
KDDTest–
21 77.98% 73.36% 75.20% 69.30% 76.4873% 70.780% 57.6602% 15.712% 0.0833%
GRU

Table 4. Precision for each model

Table 9. FPR of KDDTest- 21
CNN Inc-CNN Bi-LSTM GRU
KDDTest+ Normal Dos Probe R2L U2R
90.90% 85.08% 93.98% 81,09%
KDDTest– CNN 34.259% 16.875% 3.792% 1.975% 0.052%
21 83.09% 83.66% 77.89% 72.76%
Inc-
36.870% 14.583% 2.357% 0.479% 0.068%
Table 5. Recall for each model CNN
Bi-
CNN Inc-CNN Bi-LSTM GRU 51.975% 19.576% 7.574% 1.110% 0.022%
LSTM
KDDTest+ 81,17% 85,58% 86,01% 87,56%
GRU 38.453% 21.988% 5.962% 2.883% 0.093%
KDDTest–
21 73.08% 72.11% 72.98% 72.36%
Accuracy, Precision, Recall of CNN, Bi-LSTM, Inception DR of CNN, Bi-LSTM, Inception CNN, GRU used for
CNN, GRU used for Intrusion Detection. Intrusion Detection.
100 100

95

Value In (In %)
90 80
Value in %

85

80 60

75

70 40

65

60 20
ACCURACY PRECISION RECALL NORMAL DOS PROBE R2L U2R
CNN Inception CNN
Bi-LSTM GRU CNN Inception CNN
Bi-LSTM GRU

Figure 6. Accuracy, Precision and Recall of KDDTest+. Figure 8. FPR of KDDTest+

Accuracy, Precision, Recall of CNN, Bi-LSTM, Inception DR of CNN, Bi-LSTM, Inception CNN, GRU used for
CNN, GRU used for Intrusion Detection. Intrusion Detection.
100 100
95

90 80
VALUE IN (IN %)

85
VALUE IN (IN %)

80 60

75

70 40

65

60 20
ACCURACY PRECISION RECALL NORMAL DOS PROBE R2L U2R

CNN Inception CNN CNN Inception CNN

Bi-LSTM GRU Bi-LSTM GRU

Figure 7. Accuracy, Precision and Recall of KDDTest-21. Figure 9. FPR of KDDTest+

Tables 67,8 and 9 shows a comparison of the experimental results.
From the results, we could find that the inception architecture
Inception-CNN got the highest overall ACC and overall recall rate.
Besides, the CNN model surpassed the two Bi-LSTM and GRU
models on both the overall precision and overall recall rate in
KDD+ and KDD-21. Although the GRU model gets the lowest
normal ACC, precision, recall rate, it failed apparently on those on

6
 attack data. The proper explanation is that RNNs (both LSTM and 6. Salman Iqbal, Miss Laiha Mat Kiah, Babak Dhaghighi,
GRU) tried a lot on the whole sequence comprehension, CNNs Muzammil Hussain, Suleman khan, Muhammad Khurram Khan,
could extract the key information more quickly. It can be concluded Kim-Kwang Raymond Choo,On Cloud Security Attacks: “A
that if one only wants to classify the network traffic as normal or Taxonomy and Intrusion Detection and Prevention as a Service,”
attack, CNN or Inception CNN models will be a better choice. Journal of Network and Computer Applications Volume
The results of 5 multi-class classification are (see Figure 8). and 9. 74, October 2016, Pages 98-120
We found that all 4 models had good performance on the normal
7. Raja Waseem Anwar, Majid Bakhtiari, AnazidaZainal, Abdul
data and DoS data and Probe. But for R2L data and Ur2 data, basic
Hanan Abdullah and Kashif Naseer Qureshi, “ Enhanced Trust
CNN and inception architecture CNN failed on the Recall in KDD
Aware Routing against Wormhole Attacks in Wireless Sensor
Test+. What’s more, the Bi-LSTM model performed worse than the
other 3 models on precision rate in KDD Test+. Networks,” International Conference on Smart Sensors and
Meanwhile, table 6 shows the DR of KDDTest+; table 7 shows the Application, IEEE.
FPR of KDDTest+; table 8 shows the DR of KDDTest–21; table 9 8. Saurabh Ughade, R.K. Kapoor, Ankur Pandey, “An overview on
shows the FPR of KDDTest–21. In addition, compare DR and FPR Wormhole Attack in Wireless Sensor Network: Challenges,
of KDDTest+ and KDDTest–21, we can find that results of R2L Impacts, and Detection Approach," International Journal of
and U2R are relatively quite small for all methods, which might Recent Development in Engineering and Technology, ISSN 2347
because of the insufficiency of their records in the dataset. – 6435 (Online) Volume 2, Issue4.2014
However, the models still can detect some of them. 9. VarshaGharu, Mahesh Pawar, Jitendra Agarwal , “A Literature
Survey on Security Issues of WSN and Different Types of Attacks
8. Conclusion in Network,” Indian Journal of Computer Science and
Recently, Deep learning for intrusion detection has received much Engineering (IJCSE),2017
deliberation. In any IDS, audit data samples are analyzed to set 10. Neellima Singla, Mr.Ramanjeet Singh, “Wormhole Attack
detection rules in highly mobile node network to protect against Prevention and Detection in MANETs Using HRL Method ”
number of novel attacks. The primary advantage of using DL- ,International Journal of Advance Research, Ideas and
based detection systems is that it is highly accurate and able to Innovations in Technology,2017
detect or categorize attacks without any environmental influence. 11. Sushama Singh ; Atish Mishra ; Upendra Singh, “Detecting and
Different DL-based IDS approaches have their own benefits and avoiding of collaborative black hole attack on MANET using
disadvantages. Therefore, considering the MANET scenarios, it is trusted AODV routing algorithm,” Symposium on Colossal Data
important to choose a precise method for implementing IDS. The
Analysis and Networking (CDAN), 18-19 March 2016
comparative study illustrated here, presents the details of the deep
12. Tauseef Jamal ,Shariq Aziz Butt, “Malicious node analysis in
learning-based intrusion detection methods which may be proved
MANETS”, International Journal of Information Technology, 20
important for selecting the appropriate methods on bases of the
April 2018
situation in MANETs.
13. Houda Moudni ; Mohamed Er-rouidi ; Hicham
Mouncif ; Benachir El Hadadi, “Performance analysis of AODV
routing protocol in MANET under the influence of routing
References attacks, “ International Conference on Electrical and Information
Technologies (ICEIT), 4-7 May 2016
1. Ehsan Amiria, Hassan Keshavarz, Hossein Heidari, Esmaeil 14. Desai, V., & Shekokar,.N, “Performance evaluation of OLSR
Mohamadi, Hossein Moradzadeh, “Intrusion Detection Systems protocol in MANET under the influence of routing attack. In
in MANET: A Review, ” ICIMTR International Conference on Wireless Computing and Networking (GCWCN),” IEEE Global
Innovation, Management and Technology Research, Malaysia, 22 Conference on (pp. 138-143). 2014.
– 23 September, 2013 15. Noureldien A. Noureldien, Saeed K. Saeed, M. Ahmed Salih and
2. Safaa Laqtib, Khalid El Yassini, Meriem Houmer, Moulay Driss Alsawi M. Ahmed, “Survey of Mobile Ad hoc Networks Attacks
El Ouadghiri, Moulay Lahcen Hasnaoui,“Impact of mobility and a New Classification Scheme,” British Journal of
models on Optimized Link State Routing Protocol in Mathematics & Computer Science 8(1): 25-38, 2015,
MANET,” Proceedings of the International Conference on 16. Ruchita M, Seema L. Review paper on flooding attack in
Wireless Networks and Mobile Communications MANET, Int. Journal of Engineering Research and Applications.
(WINCOM), 26-29 Oct. 2016. 2014;4(1).
3. B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, “An 17. Rishabh J, Charul D, Meenakshi, “A survey of protocols and
On-demand Secure Routing Protocol Resilient to Byzantine attacks in MANET Routing,” International Journal of Computer
Failures,” Proceedings of the ACM Workshop on Wireless Science and Management Studies. 2012;12(3).
Security, pp. 21-30, 2002. 18. Manjeet Singh, Gaganpreet Kaur.,”A survey of attacks in
4. Bing Wu, Jianmin Chen, Jie Wu, Mihaela Cardei , “A Survey on MANET,” International Journal of Advanced Research in
Attacks and Countermeasures in Mobile Ad Hoc Networks,” Computer Science and Software Engineering. 2013;3(6).
,Department of Computer Science and Engineering Florida 19. Alomari E, Manickam S, Gupta BB, Karuppayah S, Alfaris R,
Atlantic University, WIRELESS/MOBILE NETWORK “Botnet-based distributed denial of service (DDoS) attacks on
SECURITY. web servers: classification and art,” International Journal of
5. Ismail Butun , Salvatore D. Morgera , Ravi Sankar , “A Survey Computer Applications. 2012;49:24-32.
of Intrusion Detection Systems in Wireless Sensor 20. R. Bhuvaneswari , R. Ramachandran ,” Denial of service attack
Networks,” IEEE Communications Surveys & mitigation addressing all the security attributes in OLSR
Tutorials ,Volume: 16 , Issue: 1 , 17 May 2013
 MANET,” International Journal of Wireless and Mobile Journal of Advanced Research in Arti_cial Intelligence, Vol. 4,
Computing ,2018 No.3, pp. 9-18, 2015
21. Ruchi Makani, B.V.R. Reddy, “Taxonomy of Machine Leaning 28. Gauthama Raman M R, Nivethitha Somu, Kannan Kirthivasan,
Based Anomaly Detection and its suitability”, International Shankar Sriram V S ,”A Hypergraph and Arithmetic Residue-
Conference on Computational Intelligence and Data Science based Probabilistic Neural Network for Classi_cation in Intrusion
(ICCIDS 2018). Detection Systems,” Neural Networks, Vol- ume 92, August
22. Robert Mitchell and Ing-Ray Chen., “A Survey of Intrusion 2017, pp. 89-97, ELSEVIER.
Detection in Wireless Network Applications”, Elsevier, vol. 42, 29. Aastha Puri and Nidhi Sharma, “A Novel Technique for Intrusion
1- 23.2014 Detection System for Network Security Using Hybrid SVM-
23. Ismail Butun, Salvatore D. Morgera, and Ravi Sankar. “A Survey CART,” International Jour- nal of Engineering Development and
of Intrusion Detection Systems in Wireless Sensor Networks”, Research, Volume 5, Issue 2, ISSN: 2321- 9939, pp. 155-
IEEE Communications Surveys & Tutorials Volume: 16, Issue: 161.2017
1,pp266 – 282.2014 30. Wenjuan Li, Weizhi Meng, Lam-For Kwok, and Horace H. S. IP
24. Sumit, S., D. Mitra, and D. Gupta, “Proposed Intrusion Detection , “Enhancing Collaborative Intrusion Detection Networks Against
on ZRP based MANET by effective k-means clustering method Insider Attacks Using Supervised Intrusion Sensitivity-Based
of data mining,” 2014. IEEE. Trust Management Model,”Journal of Network and Computer
25. Mohit Soni ; Manish Ahirwa ; Shikha Agrawal, “A Survey on Applications, Volume 77, 1 January 2017, pp. 135-145,
Intrusion Detection Techniques in MANET,” International ELSEVIER.
Conference on Computational Intelligence and Communication 31. Ch. Nagamani and Suneetha Chittineni , “Network Intrusion
Networks (CICN)12-14 Dec. 2015 Detection Mechanisms Using Outlier Detection, ” Second
26. Neethu B. “Classification of intrusion detection dataset using International Conference on Inven- tive Communication and
machine learning approaches,” International Journal of Computational Technologies (ICICCT), pp. 1468-1473,2018.
Electronics and Computer Science Engineering; 2012. 32. Eduardo Massato Kakihata, Helton Molina Sapia, Ronaldo
27. Nutan Farah Haq, Musharrat Rafni, Abdur Rahman Onik, Faisal Toshiaki Oiakawa, Danillo Roberto Pereira, Joao Paulo Papa,
Muhammad Shah, Md. Avishek Khan Hridoy and Dewan Md. Victor Hugo Costa de Albuquerque and Francisco Assis da Silva
Farid, “Application Of Machine Learning Approaches in , “ Intrusion Detection System Based On Flows Using Machine
Intrusion Detection System: A Survey," (IJARAI) Inter- national Learning Algorithms, ” IEEE Latin America Transactions,
Volume 15, Issue: 10, pp. 1988 - 1993, Oct. 2017.

View publication stats