Ebinger, PeterSommer, MartinAlkassar, AmmarSiekmann, Jörg2019-04-032019-04-032008978-3-88579-222-2https://dl.gi.de/handle/20.500.12116/21493This paper examines how positioning data, radio signal characteristics and routing information can be used to detect active attacks (such as black hole attacks) in mobile ad hoc networks (MANETs). Various data sets are analysed and compared to check their consistency in order to detect anomalies that might indicate attack. Direct positioning data (such as GPS coordinates) and other sources of information (such as radio signal strength) are taken into account from which conclusions can be drawn about the distance between individual nodes. Expected communication relationships derived from node localization are compared to the actual network connectivity graph given by the routing tables. This comparison can detect suspicious properties (divergent values) which could indicate an attack in progress. We propose methods for MANET intrusion detection which allow the detection of active attacks based on different sensor data related to node localization. The typical state of this sensor data during normal network operation is compared to measured results during an active attack. The underlying protocol of the analyzed MANET is Ad hoc On-demand Distance Vector Routing (AODV) and proposed concepts are verified using the network simulator JiST/MobNet. Simulation results show that the proposed IDS components detect can attacks on a MANET with high probability for various set-ups.enText/Conference Paper1617-5468