Araçsal Tasarsız Ağlar İçin İstatistiksel Tabanlı Bir Saldırı Tespit Yöntemi

Abstract

The number of fast-moving devices connected to the internet is increasing day by day. Accordingly, the proposed mobile ad hoc networks are becoming widespread for these mobile devices to communicate with each other. As special types of mobile ad hoc networks, vehicular ad hoc networks are estimated to be one of the largest existing networks in near future. Vehicular ad hoc networks provide communication between vehicles. Cars in vehicular ad hoc networks can share messages regarding traffic and road conditions, which guarantees the traffic safety. In this respect, prevention of the attacks against this communication and detection of those we cannot prevent, is of great importance. Having a dynamic topology not only causes vehicular ad hoc networks to be vulnerable for certain attacks but also complicates the development of effective safety mechanisms. In the literature, there are several intrusion detection systems for vehicular ad hoc networks recommended. However, it has been observed that there are only a few statistical-based studies and there has been aiv trend towards this area in recent years. In this thesis, a statistical anomaly based intrusion detection system has been proposed for under the name of bogus information attack, changing the distance of the accident and changing the attacker position. The intrusion detection suggested here identifies the direction and degree of the relation between the number of neighboring vehicles and their distance from the accident in an attack-free environment, through Pearson correlation coefficient. It also identifies situations in directions different from this relation as an attack. Two different intrusion detection architectures are proposed: cumulative and majority-based. The performance of the proposed system has been evaluated on the map of Unterstrass - Zurich with a network traffic of 370 vehicles with different rates of attackers. While the proposed system provides a high detection rate for the 1% attacker rate; it has been observed that its performance declines in parallel with the increasing attacker rate, as expected. This study is considered significant in terms of analysing the applicability of the statistical-based intrusion detection methods against bogus information attacks, for the first time. It is thought that this study will constitute a basis for future studies.