Journal of Intelligent Information Systems

, Volume 46, Issue 2, pp 391–407 | Cite as

Machine learning for intrusion detection in MANET: a state-of-the-art survey

  • Lediona NishaniEmail author
  • Marenglen Biba


Machine learning consists of algorithms that are first trained with reference input to “learn” its specifics and then used on unseen input for classification purposes. Mobile ad-hoc wireless networks (MANETs) have drawn much attention to research community due to their advantages and growing demand. However, they appear to be more susceptible to various attacks harming their performance than any other kind of network. Intrusion Detection Systems represent the second line of defense against malevolent behavior to MANETs, since they monitor network activities in order to detect any malicious attempt performed by intruders. Due to the inherent distributed architecture of MANET, traditional cryptography schemes cannot completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying machine learning methods for IDS these challenges can be overcome. In this paper, we present the most prominent models for building intrusion detection systems by incorporating machine learning in the MANET scenario. We have structured our survey into four directions of machine learning methods: classification approaches, association rule mining techniques, neural networks and instance based learning approaches. We analyze the most well-known approaches and present notable achievements but also drawbacks or flaws that these methods have. Finally, in concluding our survey we provide some findings of paramount importance identifying open issues in the MANET field of interest.


Machine learning Intrusion detection systems MANETs Classification Association rule mining Neural networks Instance based learning 


Compliance with Ethical Standards

Conflict of interests

L. Nishani and M. Biba state that there are no conflicts of interest.

Research involving Human Participants and/or Animals

This article does not contain any studies with human or animal subjects.

Informed consent

Informed consent is not required for the information referred in this research.


  1. Abdel-Fattah, F., & Dahalin, F. (2010). Dynamic intrusion detection method for mobile ad hoc network using CPDOD algorithm. In IJCA Special Issue on Mobile Ad-hoc Networks MANETs.Google Scholar
  2. Abdel-Fattah, F., Dahalin, F., & Jusoh, Sh. (2010). Distributed and cooperative hierarchical intrusion detection on MANETs. International Journal of Computer Applications, 12(5).Google Scholar
  3. Anjana-Devi, V., & Bhuvaneswaran, R.S. (2011a). Adaptive association rule mining based on cross layer intrusion detection system for MANET. International Journal of Network Security & Its Applications (IJNSA), 3(510.5121/ijnsa.2011.3519), 243.Google Scholar
  4. Anjana-Devi, V., & Bhuvaneswaran, R.S. (2011b). Agent based cross layer intrusion detection system for MANET. In Advances in Network Security and Applications Communications in Computer and Information Science, (Vol. 196 pp. 427–440).Google Scholar
  5. Bose, S., Bharathimurugan, S., & Kannan, A. (2007). Multi-layer intergraded anomaly intrusion detection for mobile ad hoc networks. In Proceedings of the IEEE International Conference on Signal Processing Communications and Networking (ICSCN 2007) (pp. 360–365).Google Scholar
  6. Cabrera, J.B.D., Gutirrez C., & Mehra, R.K. (2008). Ensemble methods for anomaly detection and distributed intrusion detection in mobile ad hoc networks. Information Fusion, 9, 96–119.CrossRefGoogle Scholar
  7. Cannady, J. (1998). Artificial neural networks for misuse detection. In Artificial Neural Networks - ICANN: International Conference Vienna.Google Scholar
  8. Changguo, Y., Qin, Zh., Jingwei, Zh., Nianzhong, W., Xiaorong, Zh., & Tailei W. (2009). Improvement of association rules mining algorithm in wireless network intrusion detection. In Computational Intelligence and Natural Computing International Conference. Google Scholar
  9. Cliftom, C., & Gengo, G. (2000). Developing custom intrusion detection filters using data mining. Military communications International LosAngeles.Google Scholar
  10. Deepika, T., Vinchurkar, P., & Reshamwala, A. (2012). A review of intrusion detection system using neural network and machine learning. ISSN: 2319-5967 ISO 9001:2008 (IJESIT), 1(2).Google Scholar
  11. Deng, H., Zeng, Q., & Agrawal, D.P. (2003). SVM-based intrusion detection system for wireless ad hoc networks. In Proceedings of the 58thIEEE Vehicular Technology Conference (VTC03), (Vol. 3, pp. 2147–2151).Google Scholar
  12. Engen, V. (2010). Machine learning for network based intrusion detection. An investigation into Discrepancies in Findings with the KDD Cup 99 Data Set and Multi-Objective Evolution of Neural Network Classifier Ensembles for Imbalanced Data, Dissertation. Bournemouth University.Google Scholar
  13. Fung, C., & Boutaba, R. (2010). Cooperation in Intrusion Detection Networks. Cooperative Networks.Google Scholar
  14. Fung, C., & Boutaba, R. (2013). Design and Management of Collaborative Intrusion Detection Networks. Ghent Belgium: IFIP/IEEE Integrated Network Management Symposium (IM).Google Scholar
  15. Ghodratnama, S., Moosavi, M., Taheri, M., & Zolghadri, M. (2010). A cost sensitive learning algorithm for intrusion detection. In Proceedings of the 18th Iranian Conference on Electrical Engineering (ICEE), (pp. 559–565).Google Scholar
  16. Hanemann, A. (2006). A hybrid rule-based/case-based reasoning approach for service fault Diagnosis. In Proceedings of the 2006 International Symposium on Frontiers in Networking with Applications.Google Scholar
  17. Huang, Y., & Lee, W. (2003). A Cooperative Intrusion Detection System for Ad Hoc Networks. In Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks (pp. 135–147).Google Scholar
  18. Huang, Y., Lee, W., & Yu, P. (2003). Cross-feature analysis for detecting ad-hoc routing anomalies. In Proceedings of the 23rd International Conference on Distributed Computing Systems (p. 478).Google Scholar
  19. Kaur, H., Singh, G., & Minhas, J. (2013). A review of machine learning based anomaly detection techniques. International Journal of Computer Applications Technology and Research, 2(2), 185–187.CrossRefGoogle Scholar
  20. Lalli, M., & Palanisamy, V. (2014). A novel intrusion detection model for mobile ad-hoc networks using CP-KNN. International Journal of Computer Networks & Communications (IJCNC), 6(5). doi: 10.5121/ijcnc.2014.6515_193.
  21. Lane, T., & Brodley, C.E. (1999). Temporal sequence learning and data reduction for anomaly detection, ACM Transactions on Information and System Security, 295331.Google Scholar
  22. Mabu, S., Chen, C., Lu, N., & Shimada, K. (2011). An intrusion-detection model based on fuzzy class-association-rule mining using genetic network programming. IEEE Transactions on Systems Man and Cybernetics Part C, 41(1), 130–139.CrossRefGoogle Scholar
  23. Maheshwar, K., & Singh, D. (2013). A review of data mining based intrusion detection techniques. International Journal of Application or Innovation in Engineering & Management (IJAIEM), 2(2), 2319–4847.Google Scholar
  24. Mitrokotsa, A., & Kominos, N. (2007). Intrusion detection and response in ad hoc networks. In International Journal of Computer Research.Google Scholar
  25. Mitrokotsa, A., Komninos N., & Douligeris, Ch. (2007). Intrusion detection with neural networks and watermarking techniques for MANET. In Proceedings of IEEE International Conference on Pervasive Services (pp. 118–127).Google Scholar
  26. Mitrokotsa, A., & Dimitrakakis, C. (2012). Intrusion detection in MANET using classification algorithms: The effects of cost and model selection ad-hoc Networks, Retrieved from doi: 10.1016/j.adhoc.2012.05.006.
  27. Moradi, Z., Teshnehlab, M., & Rahmani, A. (2011). Implementation of neural networks for intrusion detection in MANET. In International Conference on Emerging Trends in Electrical and Computer Technology (ICETECT).Google Scholar
  28. Mukkamala, S., & Sung, A. (2006). Significant feature selection using computational intelligent techniques for intrusion detection. Berlin Heidelber: Springer.zbMATHGoogle Scholar
  29. Panos, Ch., Xenakis, Ch., & Stavrakakis, I. (2011). An evaluation of anomaly-based intrusion detection engines for mobile ad hoc networks. Trust Privacy and Security in Digital Business Lecture Notes in Computer Science, 6863, 150–160.CrossRefGoogle Scholar
  30. Piatetsky-Shapiro, G., & Frawley, J. (1991). Discovery analysis and presentation of strong rules. Knowledge Discovery in Databases AAAI/MIT Press.Google Scholar
  31. Ponsam, J., & Srinivasan, J. (2014). Multilayer intrusion detection in MANET. International Journal of Computer Applications, 98(20).Google Scholar
  32. Shao, M., Lin, J., & Lee, Y. (2010). Cluster-based cooperative back propagation network approach for intrusion detection in MANET. In IEEE 10th International Conference on Computer an Information Technology (CIT).Google Scholar
  33. Shrestha, R., Han, K., Choi, D., & Han, S. (2010). A cross layer intrusion detection system in MANET. In 24th IEEE International Conference on Advanced Information Networking and Applications.Google Scholar
  34. Somasundaram, R.M., & Lakshmana, K. (2013). An intrusion detection system for MANET using CRF based Feature Selection and Temporal Association Rules. In International Journal of Soft Computing.Google Scholar
  35. Visumathi, J., & Shunmunganathan, K.S. (2012). An effective IDS using feature selection and classification algorithm. In International Conference on Modeling Optimization and computing, Procedia Enginnering (pp. 2816–2823).Google Scholar
  36. Zhang, Y., & Lee, W. (2003). A cooperative intrusion detection system for ad-hoc networks. In Proceedings of the 1st ACM Workshop on Security of Ad Hoc and Sensor Networks, SASN03 (p. 135147).Google Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  1. 1.University of New York Tirana Kodra e Diellit TiranaTiranaAlbania

Personalised recommendations