BIJIT - BVICAM’s International Journal of Information Technology

Bharati Vidyapeeth’s Institute of Computer Applications and Management (BVICAM), New Delhi (INDIA)

Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks
A. Chaudhary1, V. N. Tiwari2 and A. Kumar3
Submitted in September, 2013; Accepted in February, 2014
Abstract – Due to the advancement in wireless technologies, Manet’s characteristics, Prevention based techniques such as
many of new paradigms have opened for communications. authentication and encryption are not good solution for ad hoc
Among these technologies, mobile ad hoc networks play a networks to eliminate security threats because prevention based
prominent role for providing communication in many areas techniques cannot protect against mobile nodes which contain
because of its independent nature of predefined the private keys. So that Intrusion detection system is an
infrastructure. But in terms of security, these networks are essential part of security for MANETs. It is very effective for
more vulnerable than the conventional networks because detecting the intrusions and usually used to complement for
firewall and gateway based security mechanisms cannot be other security mechanism. That’s why Intrusion detection
applied on it. That’s why intrusion detection systems are used system (IDS) is known as the second wall of defense for any
as keystone in these networks. Many number of intrusion survivable network security [3]. There are some groups which
detection systems have been discovered to handle the works together to enhance the functioning of mobile ad hoc
uncertain activity in mobile ad hoc networks. This paper networks (MANETs). IETF constituted the mobile ad hoc
emphasized on proposed fuzzy based intrusion detection networks working group in 1997 [4].The rest of this paper is
systems in mobile ad hoc networks and presented their organized as follows: Section 2 presents the detailed
effectiveness to identify the intrusions. This paper also introduction of Intrusion detection system. Section 3 describes
examines the drawbacks of fuzzy based intrusion detection the need of fuzzy based IDS on MANETs and Section 4
systems and discussed the future directions in the field of discusses and analyzes the proposed fuzzy based IDSs in
intrusion detection for mobile ad hoc networks. MANETs from the literature. Section 5 discusses the
drawbacks of proposed fuzzy based IDS and finally conclusion
Index Terms – Detection Methods, Fuzzy Logic, Intrusion and direction for future research is outlined in section 6.
detection system (IDS), Intrusion Detection System
Architectures, Mobile Ad Hoc Networks (MANETs), Security 2.0 INTRUSION DETECTION SYSTEM
issues. When any set of actions attempt to compromise with the
security attributes such as confidentiality, repudiation,
1.0 INTRODUCTION availability and integrity of resources then these actions are said
Mobile ad hoc networks (MANETs) do not have any pre- to be the intrusions and detection of such intrusions is known as
existing infrastructure or administrative point as like intrusion detection system (IDS) [5]. The basic functionality of
conventional networks. In MANETs, mobile nodes can IDS depends only on three main modules such as data
communicate freely to each other without the need of collection, detection and response modules. The data collection
predefined infrastructure. This effectiveness and flexibility module is responsible for collecting data from various data
makes these types of networks attractive for many applications sources such as system audit data, network traffic data, etc.
such as military operations, rescue operations, neighborhood Detection module is responsible for analysis of collected data.
area networks, education applications and virtual conferences. While detecting intrusions if detection module detects any
Mobile nodes play the role of host as well as routers and also suspicious activity in the network then it initiates response by
support the multihop communication between the nodes. By the response module. There are three main detection techniques
the help of routing protocols, mobile nodes can send the data presented in the literature such as misuse based, anomaly based
packets to each other in mobile ad hoc networks. Some and specification based techniques. The first technique, misuse-
characteristics of MANETs such as communication via based detection systems such as IDIOT [6] and STAT [7]
wireless links, resource constraints (bandwidth and battery detect the intrusions on the behalf of predefined attack
power), cooperativeness between the nodes and dynamic signature. The disadvantage of this technique is that it cannot
topology make it more vulnerable to attacks [1] [2]. Due to detect new attacks but has low false positive rate so that it is
1,3
Dept. of Computer Science & Engineering, Manipal generally used by the commercial purpose based IDSs. Second
University, Jaipur (India)-302026 intrusion detection technique is anomaly-based detection
2
Dept. of Electronic & communication, Manipal University, technique e.g. IDES [8]. It detects the intrusion on bases of
Jaipur (India)-302026 normal behaviour of the system. Defining the normal behavior
1
E-Mail: [email protected], of the system is a very challenging task because behavior of
2
[email protected] and system can be changed time to time. This technique can detect
3
[email protected], the new or unknown attacks but with high false positive rates.
The third technique is specification - based intrusion detection

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 690
 BIJIT - BVICAM’s International Journal of Information Technology

[9]. In this detection method, first specified the set of 1.1 Fuzzy Sets based Agent communication used for tactical
constraints on a particular protocol or program and then detect MANETs IDS
the intrusions at run time violation of these specifications. The Domian Walkins [16] proposed stationary intelligent fuzzy
main problem with this technique is that it takes more time for agents (SIFA) based IDS for detection of port scanning and
defining the specification that’s why it is a time consuming distributed DoS attacks in tactical MANETs. Due to the
technique [10]. On the bases of the audit data, Intrusion dynamic topology of MANETs it is decided that SIFA resides
detection system can be host based and network based. Host in each node. For attack recognition, proposed SIFA is
based IDS collect the audit data from operating system at a dependent on rule based processing system so that reasoning
particular host and network based intrusion detection system system accomplished with three steps: A knowledge-based,
collects audit data from host as well as trace the network traffic database of derived facts and an interference engine which is
for any type of suspicious activity. Normally there are three used in reasoning logic for processing the knowledge base. 
basic types of IDS architecture in literature: Stand-alone This paper used data set for recognition of distributed DoS and
intrusion detection systems - In this type of intrusion detection port scanning from directly tactical Manet environment. In the
system architecture, an IDS run independently on each node in large scale Manet’s environment, SIFA based IDS could
the network; Distributed and Cooperative intrusion detection provide overhead.
systems - In this architecture all nodes have IDS agents so that
each node can take part in intrusion detection locally and 4. 2 Fuzzy Logic controller based IDS   
depend on cooperativeness between the nodes it can be made Sujatha et al. [17] proposed a new fuzzy based response model
decision globally. This architecture dependent IDS are able to (FBRM) for the detection of internal attacks in mobile ad hoc
make two types of decision i.e. collaborative and independent. network which is depicted in figure 1. In the type of internal
In collaborative decision, all nodes take part actively to make attack, they have considered false route request (FRR) attack
decision but in case of independent decision some particular due to this attack flooding, congestion, DoS attack, exhaustion
nodes are responsible for making decision. Hierarchical of resources and exhaustion of bandwidth could happen at
Intrusion Detection Systems - This type of IDS architecture is nodes in the MANETs. In this scheme Fuzzy logic controller
an extended form of distributed and cooperative IDS monitors various feature such as route request rate, sequence
architecture in which whole network is divided into clusters. number, Acknowledgement time and load pattern which can
Each cluster has clusterhead which has more responsibility than detect FFR attack. The architecture of FBRM is broadly
the other node members in the cluster [10] [11]. There are classified into four steps: i) LIDS (local intrusion detection
many number of IDSs have been proposed in MANETs. We system) log file i.e. for collecting the information based on
will discuss fuzzy logic based proposed IDSs for MANETs in selected features from each node’s local intrusion detection
further sections. system and also from the neighbors nodes ii) analysis iii)
evaluation and iv) response. The overall decision of network
3.0 NEED OF FUZZY BASED INTRUSION DETECTION state is based on the level of Hacking (LOH) which calculated
SYSTEMS from sum sequence no., RREQ rate and acknowledge time.
Fuzzy logic is used in intrusion detection since 90’s because it LRM (local response module) and GRM (global response
is able to deal with uncertainty and complexity which is module) is responsible for local and global responses.
derived from human reasoning [12]. By the help of fuzzy In global response module, each node sends their response to
variables or linguistic terms, intrusion detection features can be its neighbor’s nodes for global response.
viewed easily and decision of normal and abnormal activity in
the network are based on its fuzziness nature that can identify 4.3 Biologically Inspired type-2 fuzzy set recognition
the degree of maliciousness of a node instead of yes or no algorithm based IDS
conditions [13] [14]. IF-then-else based fuzzy rules are used to Andrea and Hooman [18] suggested artificial immune system
define all situations in the network for identifying the attacks or for detecting misbehaving nodes in Ad-Hoc wireless networks
intrusions. The fuzzy rule based system is known as fuzzy which is based on type-2 Fuzzy set. The purpose of this work is
interference system (FIS) that is responsible to take decisions. to detect and learn about misbehaviour nodes as well as protect
Many types of fuzzy interference systems are proposed in the the network without human interference. They assumed that the
literature [15]. system is having the different states and any small portion may
indicate misbehaviour. This paper used type-2 fuzzy set
4.0 FUZZY BASED INTRUSION DETECTION SYSTEMS recognition algorithm for minimizing the uncertainties of some
situation in the network where effective network parameter are
IN MANETs
not well defined for detecting misbehavior nodes, alarm
Since, conventional based IDSs cannot be directly applied on threshold value for selected parameters are not clearly defined,
MANETs. So due to this reason many authors have presented system parameter could be negatively affected by background
many IDSs for MANETs. This section is going to describe noise. This paper composed experts knowledge for making the
each category of fuzzy based IDSs which have been proposed difference between normal and abnormal behavior of selected
in Literature. parameters by the helper T-cells on the bases of person MF

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 691
Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks

(membership function) approach. For reaching the final FOU whether neighbours forwarded the packet or not. Aggregator
(Foot print of uncertainty) they used interval type-2 fuzzy map module calculates the number of packets dropped and based on
(IT2FM) of each selected parameter this each node trust level is determined. Third module trust
IT2FM ( ) Є [0, 100] calculator is calculated with the trust level by using percentage
of packet dropped from the previous module. In this module
Here x percent changes in the parameter fi is indicated the fuzzy logic is used to calculate the trust level where percentage
uncertainty on the behalf of expert knowledge and some of packet dropped treated as fuzzy input variable. However,
indications are used for presenting the changes the parameters fuzzy trust calculator is based on direct trust agent, indirect
such as red region for misbehavior of network parameter fi, trust agent and aggregator functionality where aggregator
Yellow region for suspicious behavior and white region evaluated the total trust values. For total energy measurement at
indicate the normal behavior. Helper T - Cells measure the node to another node can be determined as follows:
actual changes of parameter fi and find the closer region (red,
yellow and white) of IT2FM. Once find the final decision then
E y/x = Pn>0 (Px = y ETack + Px ≠ y ERack) + Pm>0 (Px = y
helper T-cells send the signal to Killer T-Cells for particular ETpck + Px ≠ y ERpck)
immune response. Actually, the proposed solution is totally Where Ey/x energy spent at node Y to node X, ETack and
based on the binding process of receptors and antigens. On the ETpck energy spent at transmit one acknowledgment and one
other hand, the proposed algorithm could moderate a static data packet or ETpck and ERack energy spent at received one
artificial immune system because all information of the acknowledgment and one data packet. This defined equation
parameters of the system should be available in advance. So and disseminator module is used to get the trust value in the
that building the correct type-2 fuzzy map could be inefficient. case of mobility of the nodes in the network. They used
That’ why for future work, they will concentrate on the network simulator NS-2 for carried out the simulation of
learning phase of the algorithm. proposed scheme in the network. At the time of calculation of
trust level such factors i.e. link broken, battery exhaustion and
LRM replay packet generated are not considered so that it could
Sequence No.
degrade the accuracy level of proposed scheme.
Fuzzy
Fuzzy Logic
Logic Controller
Controller
Acknowledge. 4.5 Fuzzy Logic based IDS for MANETs
Time Kulbhushan and Jagpreet [20] proposed a fuzzy logic based
Fuzzifier IDS which can detect black hole attack on MANETs which is
RREQ rate presented in figure 2. They formed the rule for detecting attack
Counter based on Mamdani fuzzy model and for drawing the
Load Pattern membership function, input parameters such as forward packet
measures
Fuzzy ratio and average destination sequence number selected in each
FuzzyLogic
LogicController
Controller
time slot. The output of derived rule is dependent on the fidelity
Online level of each node which value is between 0 to 10 and threshold
threshold modifier Database fidelity level chosen 5.5 for analyzing the level of node. If
calculated fidelity level of node is less than or equal to fidelity
threshold value then node is blackhole otherwise node is not
LIDS (local intrusion detection system) blackhole. Ultimately fidelity level shows the level of node.

Node
Figure 1: Proposed fuzzy controller based IDS [15] Alarm Fuzzy
Fig.2. proposed
AODV fuzzy logic basedVerification
module IDS [17]
4.4 Energy based trust solution using Fuzzy logic for Module
MANETs IDS
Vijayan R et al. [19] suggested trust management scheme based
on energy utilization using fuzzy logic for detection of selfish Network Fuzzy
nodes in Manets. In the proposed scheme, every node monitors Traffic Parameter Fuzzy
their one hop away neighbours for detection of any kind of extraction Computation
malicious behavior with the help of some security components
such as supervisor, aggregator, trust calculator and
disseminator which is running on each node in the network. In
these components, supervisor module is responsible for
passively listening to the neighbor’s communication with the Figure 2: Proposed fuzzy based IDS [18]
help of passive acknowledgement (PACK) mechanism to check This scheme is helpful for detecting blackhole attack but cannot
detect new attack. In literature, there are other approaches also

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 692
 BIJIT - BVICAM’s International Journal of Information Technology

available for detecting blackhole attack using fuzzy logic such compared two well known clustering approaches such as
as M. Wahengbam et al. [21] suggested a fuzzy based IDS for subtractive and Fuzzy c-mean clustering. This proved that the
MANETs which is capable to detect packet dropping attack detection rate based subtractive clustering (97%) is more
such as Black hole and Gray hole attack. They considered that efficient than the fuzzy c-means clustering (91%). This
each node is having IDS and detect malicious activity locally proposed approach only detects the black hole attack.
for this purpose and assumed some threshold value for each
node. In this proposed approach, each node maintains its packet 4.8 Forensic Analysis based on fuzzy Approach for IDS in
list with the feature: sequence no., source node, destination MANET
node, packet type and expire time. During analysis, they Sarah and Nirkhi [24] introduced fuzzy logic based approach
calculated some indications on the bases of degree of for forensic analysis to detect the distributed denial of service
symptoms, frequency of occurrence of symptoms and attacks (DDoS) in Manets. They suggested use of forensic
confirmed the presence of attack. Using NS-2 simulator, they analysis for intrusion detection because it is able to gather
have tested their scheme in two ways: when fuzzy logic is used digital evidences from any system which has been
for detection process and when fuzzy logic is not used. On the compromised. It can reconstruct the compromised system and
bases of analysis result, it proved that the fuzzy logic is more identify the location of attacker. This paper uses fuzzy Logic
capable to find proposed attack accurately. This scheme approach to forensic analysis based on dynamic source routing
chosen the threshold value for each node is very confusing job. (DSR) protocol. Three steps are followed to get the result as a
forensic report: first capture the log files then analyzing log
4.6 Trust and fuzzy logic based security framework for files using fuzzy logic and at last presenting the conclusion in
MANETs terms of forensic report. However, in this paper no simulation
Manoj V. et al. [22] presented a scheme based on certification and experimental results based on forensic analysis are given.
authority (CA) and fuzzy logic for MANETs. Some central
node is authorized by service provider for assigning the keys to 4.9 Mamdani and Sugeno Fuzzy Inference Systems based
source node which is going to request in the network called IDSs in MANETs:
certification authority nodes and with the help of trust agent, Alka C. et al. [25] [26] [27] proposed mamdani and sugeno
direct and recommended trust values are obtained periodically. fuzzy inference systems based IDSs for packet dropping attack
Direct and recommended trust values are calculated from direct (PDA) and sleep deprivation attack (SDA) in MANETs. The
observation of one hop away neighbors with the help of simulation results are proved that the proposed systems are able
algorithms. A proposed fuzzy logic based analyzer used to to detect the PDA and SDA attacks very efficiently in
calculate the trust value of a requested node (which is ready to MANETs.
data exchange between source and destination in the network)
based on the computed fuzzy table. If requested node is trusted 5.0 DRAWBACKS IN PREVIOUS PROPOSED FUZZY
then it would get the certification otherwise not. Fuzzy logic BASED INTRUSION DETECTION SYSTEMS
based analyzer has total control on CA nodes. They have tested The proposed fuzzy based IDSs for detection of intrusions in
their approach on Qualnet simulator 5.0 with 6 and 12 no. of MANETs are not able to cope up all type of attacks. One of few
nodes. In this approach any one trusted node could be proposed IDSs can cope attacks [18] but it is also having some
compromised with malicious node due to the communication limitations. We have analyzed that all proposed fuzzy based
via wireless link in MANETs. IDSs are considered very limited features or attributes for data
collection which is specific for a particular attack. So that these
4.7 Fuzzy based hybrid intrusion detection system for IDSs are only detect the particular attack in MANETs. In IDS
mobile ad hoc networks: Architecture point of view, due to the complex properties of
Vydeki et al. [23] used Fuzzy interference system (sugeno mobile ad hoc networks are required distributed and cooperated
type-2) for detection of Black hole attack in Manet and architecture but some of proposed IDSs are concentrated only
proposed architecture is depicted in distributed architecture that’s why these IDSs only detect the
attacks locally. In case of local detection, each node are only
responsible for raise alarm when it detects intrusion locally or
Simulated Data Data not shared it to other nodes in the network for global detection.
MANET extraction Clustering In terms of detection techniques, as per Table 1 presented that
the most of proposed fuzzy based intrusion detection systems
use misuse detection techniques and very few fuzzy based IDSs
Black hole Sugeno
use anomaly and specification based detection techniques.
detection FIS
However misused detection technique is responsible for
detecting limited attacks i.e. membership function in fuzzy
Figure 3: FIS based IDS [21] based approaches are defined for only specific attack so that
They advised that selection of clustering algorithm in the these fuzzy based detection approaches cannot be detect new
process of FIS based IDSs play an important role so that it malicious activity or attacks that’s why selection of detection

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 693
Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks

techniques should be anomaly based or hybrid. Table 1 [10]. S. Sen, J.A. Clark - Guide to Wireless Ad Hoc
summarizes all fuzzy based IDSs in MANETs. Networks; In: Chapter 17-Intrusion Detection in Mobile
Ad Hoc Networks-Springer, 2008.
6.0 CONCLUSION AND FUTURE SCOPE [11]. P. Brutch and C. Ko, “Challenges in Intrusion Detection
In this paper, we have analyzed fuzzy based intrusion detection for Wireless Ad-hoc Networks," In Proceedings of 2003
systems which have been proposed in literature for Manets. We Symposium on Applications and the Internet Workshop,
have analyzed the working style of proposed fuzzy based IDSs pp. 368-373, January 2003.
and reached on decision that still we do not have any promising [12]. B. Shanmugam and N. B. Idris, “Anomaly Intrusion
solution for this dynamic environment because most of Detection based on Fuzzy Logic and Data Mining”, In
Proposed fuzzy based IDSs emphasized on very limited Proceedings of the Postgraduate Annual Research
features for data collection towards detection of very specific Seminar, Malaysia 2006.
range of attacks. Hence, MANETs are required for more [13]. M. Wahengbam and N. Marchang, “Intrusion detection
concentration of researchers. It can be a fastest growing area in manet using fuzzy logic”, 3rd IEEE National
for future research in terms of detection techniques, response Conference on Emerging Trends and Applications in
mechanism and selection of node features for data collection. Computer Science (NCETACS), ISBN: 978-1-4577-
In future, we are concentrating to develop a new intrusion 0749-0, pp. 189 – 192, Shillong, 30-31 March 2012.
detection system that can be used to classify the normal and [14]. Verma, A. K., R. Anil, and Om Prakash Jain. "Fuzzy
malicious activities in the network. Logic Based Revised Defect Rating for Software
Lifecycle Performance Prediction Using GMR."Bharati
REFERENCES Vidyapeeth’s Institute of Computer Applications and
[1]. Y. Li and J. Wei., “Guidelines on selecting intrusion Management, 2009.
detection methods in MANET”, In Proceedings of the [15]. J. S. R. Jang, C. T. Sun and E. Mizutani – Neuro-Fuzzy
Information Systems Educators Conference, 2004. and Soft Computing - A computational Approach to
[2]. A. Hasti, “Study of Impact of Mobile Ad – Hoc Learning and Machine Intelligence; First Edition;
Networking and its Future Applications”, BIJIT – 2012; Prentice Hall of India, 1997.
January - June, 2012; Vol. 4 No. 1; ISSN 0973 – 5658. [16]. Watkins, Damian. "Tactical manet attack detection based
[3]. Y. Zhang and W. Lee., “ Intrusion detection in on fuzzy sets using agent communication." In 24th Army
wireless ad hoc networks” , In Proceedings of the 6th Science Conference, Orlando, FL, 2005.
Annual International Conference on Mobile Computing [17]. S. Sujatha, P. Vivekanandan, A. Kannan, “Fuzzy logic
and Networking (MobiCom'00), pages 275-283, 2000. controller based intrusion handling system for mobile ad
[4]. IETF Mobile Ad-Hoc Networks Working Group hoc networks”, Asian Journal of Information
(MANET), IETF web- Technology, ISSN: 1682- 3915, pp.175-182, 2008.
sitewww.ietf.org/dyn/wg/charter/manet-charter.html. [18]. A. Visconti, H. Tahayori, “ A Biologically – Inspired
[5]. R. Heady, G. Luger, A. Maccabe, and M. Servilla, “The type-2 fuzzy set based algorithm for detecting
architecture of a network level intrusion detection misbehaving nodes in ad hoc networks” , International
system” Technical report, Computer Science Journal for Infonomics, Vol.3, No.2, pp. 270-277, June
Department, University of New Mexico, August 1990. 2010.
[6]. S. Kumar and E. H. Spafford, “A software architecture [19]. R. Vijayan, V. Mareeswari and K. Ramakrishna,
to support misuse intrusion detection” In Proceedings “Energy based trust solution for detecting selfish nodes
of the 18th national Information Security Conference, in manet using fuzzy logic”, International Journal of
pages 194- 204, 1995. research and reviews in computer science , Vo. 2, No. 3,
[7]. K. Ilgun, R. A. Kemmerer, and P.A. Porras, “State pp. 647-652, June 2011.
transition Analysis: A rule- based intrusion detection [20]. Kulbhushan and Jagpreet Singh, “Fuzzy logic based
approach”, IEEE Transactions on software Engineering, intrusion detection system against blackhole attack
Vol. 21 No. 3:181-199, March 1995. AODV in manet”, IJCA Special issue on “Network
[8]. T.Lunt, A. Tamaru, F. Gilham, R. Jagannathan, Security and Cryptography” Vol. NSC, No. 2 pp. 28-35,
P.Neumann, H. Javitz, A. Valdes, and T.Garvey, “A December, 2011.
real- time intrusion detection expert system (IDES) – [21]. M. Wahengbam and N. Marchang, “Intrusion detection
final technical report”, Technical report, Computer in manet using fuzzy logic”, 3rd IEEE National
Science Laboratory, SRI International, Menlo Park, Conference on Emerging Trends and Applications in
Clifornia, February, 1992. Computer Science (NCETACS), ISBN: 978-1-4577-
[9]. Uppuluri P, Sekar R, “Experiences with Specification- 0749-0, pp. 189 – 192, Shillong, 30-31 March 2012.
based Intrusion Detection”, In Proc of the 4th Int Symp [22]. V. Manoj, M. Aaqib, N. Raghavendiran and R. Vijayan
on Recent Adv in Intrusion Detection , pp. 172-189. “A Novel security framework using trust and fuzzy logic
2001. in manet” , International Journal of Distributed and

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 694
 BIJIT - BVICAM’s International Journal of Information Technology

Parallel Systems , Vol. 3, No. 1, pp. 285-298, Logic in MANETs”, In Optimization, Reliability, and
January,2012 Information Technology (ICROIT), 2014 International
[23]. D. Vydeki and R.S. Bhuvaneswaran, “Effect of Conference on (pp. 178-181), IEEE.
clustering in designing a fuzzy based hybrid intrusion [26]. Chaudhary, A., Tiwari, V. N., & Kumar, A. (2014,
detection system for mobile ad hoc networks”, Journal February), “Design an anomaly based fuzzy intrusion
of Computer Science, Vol. 9, No. 4, pp. 521-525, ISSN: detection system for packet dropping attack in mobile ad
1549 - 3636, 2013. hoc network”, In Advance Computing Conference
[24]. S. Ahmed & S.M. Nirkhi, “A Fuzzy approach for (IACC), 2014 IEEE International (pp. 256-261), IEEE.
forensic analysis of DDoS attack in manet” International [27]. Chaudhary, A., Tiwari, V. N., & Kumar, A. (2014,
Conference on Computer Science and Information February), “Design an Anomaly Based Novel Approach
Technology, ISBN: 978-93-82208-70-9, Hyderabad, for Detection of Sleep Deprivation Attack in Mobile Ad
10th March 2013. hoc networks Using Soft Computing”, Proceedings of
[25]. Chaudhary, A., Kumar, A., & Tiwari, V. N. (2014, 3rd International Conference on Recent Trends in
February), “ A reliable solution against Packet Engineering & Technology (ICRTET’2014), Elsevier.
dropping attack due to malicious nodes using fuzzy

Detection
Data IDS Routing Addressed Decision Response Simulator
IDS Techniques
Source Architectures Protocol attack type Making Mechanism & Toolbox

Distributed
IDS using Collect denial of
Fuzzy Sets packet service Independent
Distributed & Misuse based not SIFA
based Agent data from attacks and &
cooperative detection specified Alarm Application
communication data port collaborative
[16] stream scanning
attacks

LIDS Fuzzy NS-2 and

audit log based fuzzy logic
Fuzzy Logic False route
file and Distributed & Misuse based response controller
Controller AODV request collaborative
neighbors cooperative detection model on toolbox of
based IDS [17] attack
related attacked MATLAB
data system 6.1

Artificial
Collect Active
Immune
sample Partial- immune
System based
data of Distributed & Anomaly based
on Type-2 not Misbehaving
various cooperative based collaborative response on No detail
Fuzzy Sets for specified Nodes
network detection attacked
Manets IDS
parameters system
[18]

Energy based
trust solution network Anomaly
using fuzzy packet based Selfish
Distributed DSR Independent No detail NS-2
logic for level data Detection nodes
IDS[19]

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 695
Analysis of Fuzzy Logic Based Intrusion Detection Systems in Mobile Ad Hoc Networks

Detection
Data IDS Routing Addressed Decision Response Simulator
IDS Techniques
Source Architectures Protocol attack type Making Mechanism & Toolbox

Network
Fuzzy logic traffic
Distributed Misuse based Blackhole
based IDS [20] related AODV Independent Alarm NS-2
detection Attack
feature

IDS using Packet

Misuse based Blackhole Active
Fuzzy related Distributed AODV Independent NS-2
detection Attack, Gray response
Logic[21] feature
hole Attack

Cryptographic
Trust and Network
Distributed & algorithms
fuzzy logic packet AODV Malicious Qualnet 5.0
cooperative and trust collaborative alarm
based IDS[22] data node
based

Data
packets Active NS-2 and
Fuzzy
and Specification response MATLAB
inference
control and anomaly Blackhole based on Function
system based Distributed AODV Independent
packet based attack FIS system ‘genfis’
IDS[23]
based detection output
features

IDS using Data

Distributed
Forensic packets
denial of not
analysis based and Misuse based
Distributed DSR service Independent specified _
on fuzzy logic routing detection
attacks
approach[24] packets

Packet
Mamdani and Packet dropping
Misuse based Qualnet
Sugeno based based and attack and
Distributed And anomaly Independent alarm Simulator
IDSs mobility AODV sleep
Architecture based 6.1
[25][26][27] based data deprivation
attack

Table 1: Summarization of All Reviewed Fuzzy Based IDSs

Copy Right © BIJIT – 2014; January – June, 2014; Vol. 6 No. 1; ISSN 0973 – 5658 696