Anomaly-based detection for network traffic monitoring in a mobile ad hoc network (ANT-MAN)

Date of Publication


Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science


College of Computer Studies


Computer Science

Defense Panel Chair

Ong, Arlyn Verina L., chairperson

Defense Panel Member

Fritz Kevin S. Flores
Merlin Teodosia C. Suarez
Gregory C. Cu


A mobile ad hoc network (MANET) is an infrastructure-less network that have nodes which are dynamic in nature. MANET's are used in many applications such as military battlefields, sensor network and disaster area networks, which is the reason why a MANET should be able to function properly. However, there are attacks that can shorten the lifespan of the MANET. There are a few researchers that tackle anomaly-based intrusion detection systems. One of these researches used a feature selection method to reduce the list of features, and applied the principal component analysis technique. Nevertheless, a major disadvantage of these MANET researches is the significantly high rate of its negative and false positive occurrences. The accuracy of network traffic classification, whether it is malicious or non-malicious, is an important task to resolve in these researches. The proposed study aims to improve the network traffic classification of other known studies with the use of machine learning because of its advantage when it comes to handling large amounts of data. Since it does not have to be carried out manually, unlike other techniques, such as the threshold method which proposes a problem where the node is malicious but it does not exceed the threshold, therefore, the system would still consider it as non-malicious. Experiments show that the pruned and unpruned J48 decision tree has the best performance among the other machine learning algorithms. It also showed that future did not make any significant changes to the classification rate. However, the acquired results are considered as inconclusive because of the incorrect and improper features that have been used. The final set of features was not adequate enough to classify the traffic since there could have been additional features and normalization techniques that should have been used. In summary, although the research has gotten results, is still unresolved due to the reason that the dataset and specified list of features can still be improved on, and are not sufficient enough to gain concrete results.

Abstract Format






Accession Number


Shelf Location

Archives, The Learning Commons, 12F, Henry Sy Sr. Hall

Physical Description

viii, 166, [16] leaves : illustrations (some color) ; 28 cm.


Ad hoc networks (Computer networks); Anomaly detection (Computer security)

This document is currently not available here.