Abstract Mobile Ad hoc networks (MANETs) are susceptible to several types of attacks due to their open medium, lack of centralized monitoring and management point, dynamic topology and other features. Many of the intrusion detection techniques developed on wired networks cannot be directly applied to MANET due to special characteristics of the networks. However, all such intrusion detection techniques suffer from performance penalties and high false alarm rates. In this paper, we propose a novel intrusion detection method by combining two anomaly methods Conformal Predictor k-nearest neighbor and Distancebased Outlier Detection (CPDOD) algorithm. A series of experimental results demonstrate that the proposed method can effectively detect anomalies with low false positive rate, high detection rate and achieve higher detection accuracy.

Abstract — Government computer networks need a real-time network traffic monitoring tool to detect anomalies in network traffic patterns to improve security. Specifically, they need a tool to determine if a host is using a network connection for something other than the intended use. A key step in developing this tool is creating statistical models to accurately identify the application protocols of sessions in a network without relying on port numbers, which conventionally identify them. This paper outlines the construction of these models. Specifically, it focuses on the methods used to build them, which included: structuring network data in a database, aggregating packet level data into sessions, and then identifying the key variables. The models employ variables such as the inter-arrival time between packets, the variance of those times, the distribution of TCP control flags and other information available from the packet headers. The paper examines the significance of these explanatory variables and attempts to determine which would be useful in a real-time implementation. E I.