Naučno-tehničeskij Vestnik Informacionnyh Tehnologij, Mehaniki i Optiki (Aug 2022)
Development of a model for detecting network traffic anomalies in distributed wireless ad hoc networks
Abstract
Mobile ad hoc networks are one of the promising directions of the edge computing technology and they are used in various applications, in particular, in the development of intelligent transport systems. A feature of mobile ad hoc networks lies in the constantly changing dynamic network topology, as a result of which it is necessary to use reactive routing protocols when transmitting packets between nodes. Mobile ad hoc networks are vulnerable to cyber-attacks, so there is a need to develop measures to identify network threats and develop rules for responding to them based on machine learning models. The subject of this study is the development of a dynamic model for detecting network traffic anomalies in wireless distributed ad hoc networks. Within the framework of this study, methods and algorithms of data mining and machine learning were applied. The proposed approach to traffic monitoring in wireless distributed ad hoc networks consists in the implementation of two stages: initial traffic analysis to identify anomalous events and subsequent in-depth study of cybersecurity incidents to classify the type of attack. Within the framework of this approach, the corresponding models are constructed based on ensemble methods of machine learning. A comparative analysis and selection of the most efficient machine learning algorithms and their optimal hyperparameters has been carried out. In this paper, a formalization of the traffic anomaly detection model in distributed wireless ad hoc networks is carried out, the main quantitative metrics of network performance are identified, a generalized algorithm for detecting traffic anomalies in mobile ad hoc networks is presented, and an experimental study of the network segment simulation is carried out from the point of view of performance degradation during the implementation of various network attack scenarios. Network distributed denial of service attacks and cooperative blackhole attacks have the greatest negative impact on the performance of the mobile ad hoc network segment. In addition, the network simulation results were used to build a machine learning model to detect anomalies and classify types of attacks. The results of a comparative analysis of machine learning algorithms showed that the use of the LightGBM method is the most effective for detecting network traffic anomalies with an accuracy of 91 %, and for determining directly the type of attack being carried out with an accuracy of 90 %. The proposed approach for network anomalies detection through the use of trained traffic analysis models makes it possible to identify the considered types of attacks in due time. The future development direction of this research is the consideration of new scenarios for the emergence of network attacks and online additional training of the constructed identification models. The developed software tool for detecting network traffic anomalies in distributed mobile ad hoc networks can be used for any type of wireless ad hoc networks.
Keywords