CCE Theses and Dissertations

Campus Access Only

All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.

Date of Award


Document Type

Dissertation - NSU Access Only

Degree Name

Doctor of Philosophy in Computer Science (CISD)


Graduate School of Computer and Information Sciences


Wei Li

Committee Member

Junping Sun

Committee Member

James Cannady


Anomaly detection in mobile ad hoc network (MANET) is a relatively new area of research. The lack of fixed infrastructure, limited resources, and dynamic topology present numerous problems in MANET security. Recently, several machine learning and data mining techniques have been proposed for anomaly detection in MANETs. In addition, researchers continue to examine new unsupervised detection techniques. As the number of unsupervised learning techniques grows, there is a lack of evidence to support the use of one technique over another.

This dissertation research conducted a set of experiments to evaluate the effectiveness of different unsupervised learning techniques for anomaly detection in MANETs, more specifically, the K-means, the C-means, the Fixed-width clustering, the Principal Component Analysis, and the One-class Support Vector Machine. While the main goal of the research was to compare performance of the unsupervised learning techniques, this dissertation research also investigated: i) tradeoffs between competing factors such as high detection performance and limited resource utilization, ii) the impact of normal profile selection models on anomaly detection, iii) the influence of the link change rate as the weighting function on the unsupervised learning algorithms and iv) the influence of decision thresholds on the detection techniques.

The results of this dissertation research showed that both K-means and C-means delivered the best performance when using different normal profile models. The results indicated that direct application of clustering techniques provided a worse average performance than that of trained clusters. This dissertation research found that a small value for the time slot was preferred for all techniques. Moreover, a short training interval was also preferred. These preferences appeared to provide better performance while minimizing resource usage (e.g. execution time, CPU, and memory usages). Additionally, the method of using only the initial training data set was found to provide a comparable performance to that of random, recent, and adaptive normal profile models, but required the least resource usage. Finally, the study found that the application of link change rate as the weighting function to adjust the importance of the time slot had no influence on all techniques. Choosing appropriate parameter and decision thresholds for each detection algorithm had a significant influence on maximizing the performance results.

Files over 10MB may be slow to open. For best results, right-click and select "Save as..."

To access this thesis/dissertation you must have a valid OR email address and create an account for NSUWorks.

Free My Thesis

If you are the author of this work and would like to grant permission to make it openly accessible to all, please click the Free My Thesis button.

  Contact Author