Improving security in WMNs with reputation systems and self-organizing maps

One of the most important problems of WMNs, that is even preventing them from being used in many sensitive applications, is the lack of security. To ensure security of WMNs, two strategies need to be adopted: embedding security mechanisms into the network protocols, and developing efficient intrusion detection and reaction systems. To date, many secure protocols have been proposed, but their role of defending attacks is very limited.We present a framework for intrusion detection in WMNs that is orthogonal to the network protocols. It is based on a reputation system, that allows to isolate ill-behaved nodes by rating their reputation as low, and distributed agents based on unsupervised learning algorithms (self-organizing maps), that are able to detect deviations from the normal behavior. An additional advantage of this approach is that it is quite independent of the attacks, and therefore it can detect and confine new, previously unknown, attacks. Unlike previous approaches, and due to the inherent insecurity of WMN nodes, we assume that confidentiality and integrity cannot be preserved for any single node.