CEAP: SVM-based intelligent detection model for clustered vehicular ad hoc networks

The infrastructureless and decentralized nature of Vehicular Ad Hoc Network (VANET) makes it quite vulnerable to different types of malicious attacks. Detecting such attacks has attracted several contributions in the past few years. Nonetheless, the applicability of the current detection mechanisms in the deployed vehicular networks is hindered by two main challenges imposed by the special characteristics of VANETs. The first challenge is related to the highly mobile nature of vehicles that complicates the processes of monitoring, buffering, and analyzing observations on these vehicles as they are continuously moving and changing their locations. The second challenge is concerned with the limited resources of the vehicles especially in terms of storage space that restricts the vehicles' capacity of storing a huge amount of observations and applying complex detection mechanisms. To tackle these challenges, we propose a multi decision intelligent detection model called CEAP that complies with the highly mobile nature of VANET with increased detection rate and minimal overhead. The basic idea is to launch cooperative monitoring between vehicles to build a training dataset that is analyzed by the Support Vector Machine (SVM) learning technique in online and incremental fashions to classify the smart vehicles either cooperative or malicious. To adapt the proposed model to the high mobility, we design it on top of the VANET QoS-OLSR protocol, which is a clustering protocol that maintains the stability of the clusters and prolongs the network's lifetime by considering the mobility metrics of vehicles during clusters formation. To reduce the overhead of the proposed detection model and make it feasible for the resource-constrained nodes, we reduce the size of the training dataset by (1) restricting the data collection, storage, and analysis to concern only a set of specialized nodes (i.e., Multi-Point Relays) that are responsible for forwarding packets on behalf of their clusters; and (2) migrating only few tuples (i.e., support vectors) from one detection iteration to another. We propose as well a propagation algorithm that disseminates only the final decisions (instead of the whole dataset) among clusters with the aim of reducing the overhead of either exchanging results between each set of vehicles or repeating the detection steps for the already detected malicious vehicles. Simulation results show that our model is able to increase the accuracy of detections, enhance the attack detection rate, decrease the false positive rate, and improve the packet delivery ratio in the presence of high mobility compared to the classical SVM-based, Dempster Shafer-based, and averaging-based detection techniques. (C) 2015 Elsevier Ltd. All rights reserved.