A State-of-the-art Survey on IDS for Mobile Ad-Hoc Networks and Wireless Mesh Networks

An Intrusion Detection System (IDS) detects malicious and selfish nodes in a network. Ad hoc networks are often secured by using either intrusion detection or by secure routing. Designing efficient IDS for wireless ad-hoc networks that would not affect the performance of the network significantly is indeed a challenging task. Arguably, the most common thing in a review paper in the domain of wireless networks is to compare the performances of different solutions using simulation results. However, variance in multiple configuration aspects including that due to different underlying routing protocols, makes the task of simulation based comparative evaluation of IDS solutions somewhat unrealistic. In stead, the authors have followed an analytic approach to identify the gaps in the existing IDS solutions for MANETs and wireless mesh networks. The paper aims to ease the job of a new researcher by exposing him to the state of the art research issues on IDS. Nearly 80% of the works cited in this paper are published with in last 3 to 4 years.

💡 Research Summary

The paper presents a comprehensive, analytically‑driven survey of intrusion detection systems (IDS) designed for Mobile Ad‑hoc Networks (MANETs) and Wireless Mesh Networks (WMNs). Recognizing that most prior surveys rely on simulation‑based performance comparisons—an approach the authors argue is unrealistic due to the myriad of configuration variables (routing protocols, node density, mobility models, etc.)—the authors instead examine 13 recent IDS solutions (approximately 80 % of them published within the last three to four years) through a qualitative lens.

The survey is organized into two main sections. Section 2 reviews seven IDS approaches for MANETs, each described in terms of underlying routing protocol compatibility, architectural style (cluster‑based, neural‑network based, trust‑based, leader‑election based, etc.), and the specific attack classes they aim to mitigate (packet dropping, routing misbehavior, DoS, resource‑exhaustion, etc.). The authors provide a concise table summarizing each solution’s strengths and limitations. Key observations include:

• Energy and resource overhead – solutions such as IDSX (a two‑step consensus architecture) and eSOM‑based neural networks achieve high detection rates but require frequent consensus rounds or periodic retraining, dramatically increasing battery consumption.
• Mobility sensitivity – schemes like SCAN and CONFIDANT assume high node density and relatively static topologies; their detection accuracy and packet delivery ratios degrade sharply when node speed or churn rises, leading to higher false‑positive rates and communication overhead.
• Trust and leader election – VCG‑based leader election balances resource usage but can be gamed by selfish nodes, causing normal nodes to die faster. Repeated election of the same leader further shortens network lifetime.
• Protocol dependence – many IDS are tightly coupled with a specific routing protocol (e.g., AODV, DSR). When the underlying protocol changes, the IDS must be re‑engineered, limiting practical deployment.
• Realism of attack models – watermark‑based pixel‑change detection, while innovative, conflates packet loss or delay with malicious modification, reducing applicability in noisy wireless environments.

Section 3 focuses on IDS for WMNs, where the presence of static backbone routers offers opportunities for centralized monitoring but also introduces new vulnerabilities. The surveyed WMN solutions largely adapt MANET techniques, often without addressing the unique challenges of a hybrid static‑mobile topology. The authors note a scarcity of dedicated WMN IDS literature and highlight gaps such as the lack of robust leader‑selection mechanisms for “umpire” nodes and insufficient handling of backbone node compromise.

Across both network types, the authors identify four recurring research gaps: (1) energy‑efficient detection, (2) mobility‑aware algorithms, (3) routing‑protocol‑agnostic designs, and (4) distributed trust/reputation frameworks that can operate under selfish behavior. They argue that future work should explore lightweight machine‑learning models, dynamic threshold adaptation, and hybrid architectures that combine the strengths of anomaly‑based and misuse‑based detection while minimizing overhead.

In conclusion, the paper serves as a valuable reference for newcomers to the field, offering a clear taxonomy of existing IDS solutions, a critical appraisal of their practical limitations, and a roadmap of open challenges that must be tackled to achieve robust, scalable intrusion detection in both MANET and WMN environments.