TY - JOUR
T1 - CEAP
T2 - SVM-based intelligent detection model for clustered vehicular ad hoc networks
AU - Wahab, Omar Abdel
AU - Mourad, Azzam
AU - Otrok, Hadi
AU - Bentahar, Jamal
N1 - Funding Information:
This work was supported by the Associated Research Unit of the National Council for Scientific Research CNRS Lebanon, Lebanese American University (LAU), Fonds de Recherche du Québec - Nature et Technologie (FRQNT), Khalifa University of Science, Technology & Research (KUSTAR), NSERC (Canada) and FQRSC (Québec).
Publisher Copyright:
© 2015 Elsevier Ltd.All rights reserved.
PY - 2016/5/15
Y1 - 2016/5/15
N2 - The infrastructureless and decentralized nature of Vehicular Ad Hoc Network (VANET) makes it quite vulnerable to different types of malicious attacks. Detecting such attacks has attracted several contributions in the past few years. Nonetheless, the applicability of the current detection mechanisms in the deployed vehicular networks is hindered by two main challenges imposed by the special characteristics of VANETs. The first challenge is related to the highly mobile nature of vehicles that complicates the processes of monitoring, buffering, and analyzing observations on these vehicles as they are continuously moving and changing their locations. The second challenge is concerned with the limited resources of the vehicles especially in terms of storage space that restricts the vehicles' capacity of storing a huge amount of observations and applying complex detection mechanisms. To tackle these challenges, we propose a multi-decision intelligent detection model called CEAP that complies with the highly mobile nature of VANET with increased detection rate and minimal overhead. The basic idea is to launch cooperative monitoring between vehicles to build a training dataset that is analyzed by the Support Vector Machine (SVM) learning technique in online and incremental fashions to classify the smart vehicles either cooperative or malicious. To adapt the proposed model to the high mobility, we design it on top of the VANET QoS-OLSR protocol, which is a clustering protocol that maintains the stability of the clusters and prolongs the network's lifetime by considering the mobility metrics of vehicles during clusters formation. To reduce the overhead of the proposed detection model and make it feasible for the resource-constrained nodes, we reduce the size of the training dataset by (1) restricting the data collection, storage, and analysis to concern only a set of specialized nodes (i.e., Multi-Point Relays) that are responsible for forwarding packets on behalf of their clusters; and (2) migrating only few tuples (i.e., support vectors) from one detection iteration to another. We propose as well a propagation algorithm that disseminates only the final decisions (instead of the whole dataset) among clusters with the aim of reducing the overhead of either exchanging results between each set of vehicles or repeating the detection steps for the already detected malicious vehicles. Simulation results show that our model is able to increase the accuracy of detections, enhance the attack detection rate, decrease the false positive rate, and improve the packet delivery ratio in the presence of high mobility compared to the classical SVM-based, Dempster-Shafer-based, and averaging-based detection techniques.
AB - The infrastructureless and decentralized nature of Vehicular Ad Hoc Network (VANET) makes it quite vulnerable to different types of malicious attacks. Detecting such attacks has attracted several contributions in the past few years. Nonetheless, the applicability of the current detection mechanisms in the deployed vehicular networks is hindered by two main challenges imposed by the special characteristics of VANETs. The first challenge is related to the highly mobile nature of vehicles that complicates the processes of monitoring, buffering, and analyzing observations on these vehicles as they are continuously moving and changing their locations. The second challenge is concerned with the limited resources of the vehicles especially in terms of storage space that restricts the vehicles' capacity of storing a huge amount of observations and applying complex detection mechanisms. To tackle these challenges, we propose a multi-decision intelligent detection model called CEAP that complies with the highly mobile nature of VANET with increased detection rate and minimal overhead. The basic idea is to launch cooperative monitoring between vehicles to build a training dataset that is analyzed by the Support Vector Machine (SVM) learning technique in online and incremental fashions to classify the smart vehicles either cooperative or malicious. To adapt the proposed model to the high mobility, we design it on top of the VANET QoS-OLSR protocol, which is a clustering protocol that maintains the stability of the clusters and prolongs the network's lifetime by considering the mobility metrics of vehicles during clusters formation. To reduce the overhead of the proposed detection model and make it feasible for the resource-constrained nodes, we reduce the size of the training dataset by (1) restricting the data collection, storage, and analysis to concern only a set of specialized nodes (i.e., Multi-Point Relays) that are responsible for forwarding packets on behalf of their clusters; and (2) migrating only few tuples (i.e., support vectors) from one detection iteration to another. We propose as well a propagation algorithm that disseminates only the final decisions (instead of the whole dataset) among clusters with the aim of reducing the overhead of either exchanging results between each set of vehicles or repeating the detection steps for the already detected malicious vehicles. Simulation results show that our model is able to increase the accuracy of detections, enhance the attack detection rate, decrease the false positive rate, and improve the packet delivery ratio in the presence of high mobility compared to the classical SVM-based, Dempster-Shafer-based, and averaging-based detection techniques.
KW - High mobility
KW - Intrusion detection
KW - Malicious node
KW - Support vector machine (SVM)
KW - Training set size reduction
KW - Vehicular ad hoc network
UR - http://www.scopus.com/inward/record.url?scp=84953789989&partnerID=8YFLogxK
U2 - 10.1016/j.eswa.2015.12.006
DO - 10.1016/j.eswa.2015.12.006
M3 - Article
AN - SCOPUS:84953789989
SN - 0957-4174
VL - 50
SP - 40
EP - 54
JO - Expert Systems with Applications
JF - Expert Systems with Applications
ER -