A Survey on Contemporary MANET Security: Approaches for Securing the MANET

— The wireless mobile nodes are capable to build spontaneously temporary wireless network in absence of infrastructure like AP, Router etc. and they act as a wireless router. Due to this, wireless mobile nodes are capable for forwarding messages to other nodes. MANET (Mobile Adhoc Network) is a one of the wireless network and forms a temporary connection across the mobile nodes without central infrastructure to exchange the information. Due to the characteristics of MANET, it is vulnerable to active and passive attacks from internal and external attacker. This will lead to various security challenges. There is a requirement to secure the MANET from threats and vulnerability. Many security mechanisms are established to secure and protect the MANET. This article is intended to provide contemporary MANET security with perspective of routing protocol security and data security with key management, and monitoring the MANET during routing and/or data transmission using IDS (Intrusion Detection System). This article presents the various attacks face by MANET and its security goals. The article explored various security solutions for routing protocols, data security using cryptography as a first line of defence, key management for securing communication. It also explored various IDS schemes as a second line of defence in MANET.


I. INTRODUCTION
Wireless Adhoc Network is a temporary connection across the nodes without central infrastructure for exchanging the information. Both Bluetooth (IEEE 802.15.1) [1] and IEEE 802. 11[2] are the main wireless ad hoc network technology [3]. MANET is a self-organized and less infrastructure temporary wireless network where the contents are transferred from node to node. In this environment, all nodes are equally works as a router. The MANET's characteristics are wireless link as a shared medium, dynamic topology, node mobility, limited energy, limited resources, distributed operations, fewer infrastructures, self organized, all nodes are not trusted, multipath route etc. MANET has unique challenges due to its characteristics. Hence, MANET is vulnerable toward a great variety of attacks [4] due to its challenges. However, MANET is flexible, scalable, relatively cheap and easily deployable at any place and time because of its characteristics. On the other side, the MANET is vulnerable to availability, integrity, privacy, indeed, eavesdropping and interception. It is also vulnerable to node suppression, node replication and node impersonation due to self organized topology. Secure routing, security of content transfer, quality of service (QoS) and service discovery are the main security goals in adhoc networking [3].
MANET can be used in tactical networks like military communication and operations, emergency services like disaster recovery and rescue operation, commercial sector like networks of visitors at airports and PAN (Personal Area Network), enterprise networking like networks at construction sites, education network like virtual classrooms, entertainment network like multi user games, sensor network like animal movement, context aware services and coverage extension like linking up with the Internet, intranets etc.
In this paper, we focus on contemporary MANET security. This paper is organized as follows. Section 2 describes the MANET attacks and security goal. Section 3 describes the approaches for securing the MANET routing protocol along with comparison. Section 4 explains the various techniques for MANET data security using cryptography and key management as first line of defence. Section 5, describes the Intrusion Detection System (IDS) as the second line of defence for securing the MANET. Finally, we concluded in the last section.

II. MANET SECURITY
The main security goals/requirements are availability, integrity, confidentiality, authentication and nonrepudiation. As oppose to this, the main goal of attacker is to violate the security goal through resource consumption, routing disruption and packet leashes. Attacks in MANET are classified based on the status of attacker, behaviour of attack, and the purpose of the attack.
The status of the attacker could be either; internal (insider) in case of malicious node present within the network or external (outsider) in case the malicious nodes do not belong to the network. The behavior of attacks could be either active attack like prevention of message flow between the nodes or passive attack like unauthorized listening to the network traffic for traffic analysis or accumulating data from it. Further, active attacks can be classified into four categories: dropping attacks, modification attacks, fabrication attacks and timing attacks. Based upon the purpose of attack, attacks can be categorized into three categories [5]: the purpose of illegal/invalid access like impersonation and masquerade, purpose of stealing like eavesdropping, snooping and interception, and purpose of targeting content or resource to make an active operation like a reply, Denial of Service (DOS) and packet drop (black hole, gray hole). MANET is comprised of layers such as physical layer, data link layer, network layer, transport layer and application layer. Table 1 shows the various possible attacks at different layers of MANET. The MANET can be secured using cryptography, secure routing mechanisms and IDS or may use the combination of these approaches. Cryptographic method and IDS can protect the MANET before information (control) and/or after information (data) forwarded while secure routing mechanism can protect the control (routing) information and discover dynamically reliable routes [6] which can be either proactive or reactive [7].
III. SECURE MANET ROUTING PROTOCOLS Position based, proactive, reactive, topology based and hybrid are the strategies of MANET routing protocol. The routing protocols are classified based on acquired routing information such as proactive information or reactive information, fundamental differences among nodes such as uniform (every node plays equal role or equal important is given to all node: flat) or nonuniform (cluster/zone: hierarchical), path construction metric such as stable link or hop count (major protocol uses [8]), topology based routing information in which the routing protocol gives complete list of intermediate nodes, destination based in which the routing protocol gives list of only next hop and location based in which mobile nodes access geographical information. To secure the routing protocol, majority of protocols use the cryptography. The node who wishes to participate in the routing process must trusted nodes. Authentication based technique can be used to discover the trusted nodes. These trusted elements work according to defined rules of protocol. Authentication can be implemented using symmetric, public key or digital signature. Routing information is significantly control information rather than the data. Hence, it cannot be encrypted (mutable filed) which is still remain useful. Secure routing protocol provides the reliable and accurate path in the presence of untrusted network or malicious attackers [9].
ALARM (Anonymous Location-Aided Routing in MANET) [10] is an anonymous secure location based routing protocol. ALARM finds node's current location by flooding the LAM (Location Announcement Message) throughout the MANET. It then constructs topology utilizing the node's location. It is based on advanced cryptographic group signatures, a public key signature which provides both security and privacy. ALARM provides authentication, integrity, anonymity, and un-traceability. It also provides protection from passive and active attacks as well from internal and external attacks.  [11] protocol defends the network from the security attacks. AASR uses group signature for authenticating the route request packets at each node. Authors used key encryption onion mechanism to record discovered route and designed a mechanism to encrypt a secret message for verification of route request and route reply link.

MANET
RSRP (Robust Secure Routing Protocol) [12] uses the asymmetric cryptography, RSA with CRT (Chinese Remainder Theorem) which quickly performs the decryption process in modular exponentiation. Shamir's secret sharing principle of RSA is applied to discover probable routes. This scheme discovers trustworthy and stable routes based on battery power, mobility and trust value. The probable routes are malicious free and disjoint. This protocol also reduces the key generation complexity by using RSA along with CRT instead of simple RSA. Hence, the routing becomes less expensive and secure. RSRP shows good performance compared to non secure routing protocols like AODV and DSR as well as secure routing protocols ZRP and SEAD.
HASR (Hash-based Anonymous Secure Routing) [13] uses collision resistant one-way hash function and pseudo name generation mechanism similar to AODV. HASR does not apply cryptography on data or key. Hence it requires less computation time and network bandwidth for performing routing functions. HASR provides anonymity and security for communication. HASR protects from replay attack, spoofing attack, route maintenance attack, and DoS attack.
SAODV (Secure AODV) [14], [15] uses public key cryptography for securing the AODV routing protocol. SAODV uses hash chains and digital signature to authenticate the routing information. It uses digitally signed Route Request (RREQ), Route Reply (RREP) and Route Error (RERR) messages. Node-by-node, this digital signature is validated cryptographically. Digital signatures are appended to routing messages. SAODV provides authentication and integrity security services. Key distribution is complicated for establishing a new node in the network. A-SAODV (Adaptive SAODV) [16] is an asymmetric key cryptography protocol based on SAODV which optimize the performance of SAODV. A-SAODV uses a separate thread function for cryptography operation to reduce processing time by applying a parallelism. It uses two threads: one thread for cryptography operation and second for other functions like processing of routing message, management of routing table, generation of the message etc. These threads are referring a FIFO queue for messages that need to verify digitally. Double signature is optional in A-SAODV. In SAODV, nodes may become overloaded as they need to compute double cryptography signatures.
FPNT (Fuzzy Petri Net)-OLSR [17] is an integration of trust based routing mechanism for securing the routing and data forwarding process as well. It utilizes trust based routing mechanism and selects a path based on maximum trust value among all possible paths. FPNT gives better performance compared to OLSR in terms of delivery ratio, average latency and overhead. This algorithm evaluates the trustworthiness of the nodes based on fuzzy rules. Load, packet forwarding rate, average forwarding delay, protocol deviation flags are considered as trust parameters for evaluating the trust of nodes using fuzzy petri net. IBE-RA-OLSR [18] is based on RA-OLSR (Radio Aware OLSR) and Identity Based Encryption (IBE) to provide security to OLSR. IBE-RA-OLSR scheme overcomes the vulnerabilities of RA-OLSR and demonstrates that it does not introduce more overhead compared to the original RA-OLSR protocol. IBE signature secures Hello and Topology Control (TC) messages of OLSR and removes the authenticity verification of public keys. RBC (Reputation Based Clustering) [19] improves the selection of Multi-Point Relay (MPR) in OLSR. In this, residual energy and connectivity index of nodes are used for selection of MPR and cluster head respectively. An election algorithm is introduced for selecting a cluster head which in turn selects the MPR node in the cluster. Trust value of path is evaluated based on trust of the nodes' reputation in the presence of selfish nodes.
TSR (Trust-based Source Routing protocol) [20] is a source based on-demand trust routing protocol. TSR takes care of all routing protocol's functions such as route discovery and path selection, route update, route maintenance, route handoff, route error while dealing with node mobility. Authors proved that TSR performs better than DSR and TDSR. The trust prediction model derives the trust that is either direct trust or indirect trust. Direct trust is the received information from neighbors and it is easy to obtain. Indirect trust is the information received from other nodes such as recommended trust of third party. Authors assumed that initially every node in the network is authenticated and used direct trust for the algorithm. During the process if trust of a neighbor node goes below a threshold, this node is considered as black node. They also used dynamic trust prediction model based on nodes' historical and future behaviors through extended fuzzy logic rules prediction.
CBSRP (Cluster Based Secure Routing Protocol) [21] provides secure key management and secure routing in MANET. It uses digital signature and one-way hashing function. It is a cluster based secure routing protocol that forms small clusters of four to five nodes. Every cluster has a temporary cluster head and member nodes. Within a cluster, all nodes are authenticated using one-way hashing function while cluster-to-cluster authentication is done using digital signature. CBTRP (Cluster Based Trust aware Routing Protocol) [22] is an on-demand source trust based cluster routing protocol for securing routing process from malicious nodes in MANET. It organizes the whole network into one hop disjoint clusters and elects most trustworthy nodes as cluster heads. The member nodes of clusters forward packets only through the trusted cluster heads. Result exhibit that CBTRP out performs the CBRP.
ZRP is hybrid ad-hoc routing protocol that combines properties of both proactive and reactive protocols. SZRP (Secure Zone Routing Protocol) [23] provides security for the Zone Routing Protocol (ZRP) based on digital signature and encryption techniques. SZRP uses both the symmetric and asymmetric key encryption techniques. It provides the integrity, confidentiality and end to end authentication. SZRP effectively works in presence of internal and external attacks. Considering that Certificate Authority (CA) is safe from internal and external attacks generated in the network, it gives good performance on the cost of acceptable overhead. In another work, authors have proposed security of ZRP based on the trust calculations [24]. It provides additional security using trust of nodes which is calculated based upon the performance of nodes such as misbehave, drop data packet etc. Trust value is increased upon successful transmission and decreased upon failure delivery of data. In [25], authors have extended ZRP with trust protocol along with the key hash function SHA256 for authentication and integrity.
In [26], authors have presented a trust based security for OLSR routing protocol. Authors presented trustbased analysis using trust specification language of OLSR. Trust based reasoning allows each node to evaluate the behavior of other nodes. This work offers prevention of OLSR vulnerabilities by isolating the misbehaved nodes in the network.
FL-SAODV (Fuzzy Logic Secure AODV) [27] routing protocol uses fuzzy logic for securing AODV routing protocol. FL-SAODV assumes that each neighbor node has a secret key. First, it establishes the security association with neighbor nodes. Then, message digest authenticates the packet. This strategy rely upon the knowledge of secret key and node's behavior like bandwidth consumption, number of neighbor nodes etc. Security level of a node is determined by fuzzy reasoning system using the analysis and knowledge.
QTABR (Q-learning based Trust ABR) [28] identifies a secure routing path. Associativity Based Routing (ABR) purely depends on associativity with neighbor nodes which is a measure of connectivity among nodes. Participating node must satisfy node's observed associativity for performing routing process. Authors proposed Q-learning technique to score the trust of neighbor nodes in trust evaluation table. QTABR exhibits reduced route selection time and increased end to end packet delivery in comparison of ABR protocol.
SDSDV (Secure Destination Sequenced Distance Vector) [29] protocol uses two one-way hash chains. Routing table of DSDV contains hop count and recent sequence number. These two fields play a vital role for DSDV. Malicious node can easily disturb the routing protocol by modifying either hop count or sequence number. With the help of two one-way hash chain mechanism, hop count and destination sequence number (metric values) are protected from malicious nodes. Two additional fields are added in the packet, ALteration (AL) and ACcumulation (AC). Contents of AL field alter from node to node and contents of AC field accumulates related information of all nodes on a route.
T-AOMDV (Trust-Adhoc On-demand Multipath Distance Vector) [30] is a multipath routing protocol based on trust. This scheme applies soft encryption using bitwise XOR for securing message of the sender node. After that, the sender node discovers the secure path through trust model. Path trust is measured based on the trust values assigned to nodes by trust model. Data sensitive level of source node is classified into secret class and confidential class. Sender node then selects a particular path for transmission based on its class and path trust. Authors introduced the secure and reliable policy based trust routing in AOMDV [31]. Trust enhanced Routing Table (TRT) module is included to measure a reliable metric for routes. Secure route is mapped via Security Associations (SAs) with the authenticated (trusted) nodes. In [32], Authors have used RBDR (Rank Base Data Routing) scheme for detection and prevention of packet drop attack in AOMDV routing protocol. It identifies the malicious path using rank base data routing record and avoids the malicious path for preventing from packet drop attack.
TOHIP (TOpology-HIding Protocol) [33] discovered the multipath based on topology hiding concept. TOHIP does not maintain link connectivity in route. Hence, the malicious cannot contact to the network topology based attacks. TOHIP can discover the secure multiple disjoint paths by excluding the malicious nodes in routes. TOHIP has capability to find routes and increase packet delivery ratio in the presence of malicious nodes. TOHIP is secured against black hole attack, sybil attack, rushing attack and wormhole attack. Table 2 summarizes the related work for securing the routing protocol. Cryptography, game theory, reputation, trust, fuzzy reasoning, etc. are the various mechanisms for securing routing protocol. Among these, some approaches are able to find reliable single or multi-paths, some are able to find only trusted path, some are able to find a secure path in presence of outsider and insider attacks by sharing security keys. IV. MANET DATA SECURITY We have discussed the various proposed approaches to secure the routing protocol. But MANET cannot be secured 100% by using only secure routing protocol. Hence, MANET requires first level of defence i.e. cryptography in MANET for securing the data. However, once cryptography involved in MANET, the extra overhead may affect the performance of MANET. Cryptography plays a vital role for MANET security.
IBC (Identity Based Cryptography) [34] is used for key distribution without Key Distribution Center (KDC) or Trusted Third Party (TTP) or Certificate Authority (CA). It is effective in MANET for key management, data security and routing protocol security. Authors demonstrated and compared major strengths and weaknesses of various IBC based schemes. IBC requires a Key Generation Center (KGC) to distribute the private-public pair keys to all the nodes before starting the cryptographic operation. Due to this dependency on KGS, IBC hampers the true nature of ad-hoc networks.
Identity-based RSA (Id-RSA) [35] model is a lightweight authentication and encryption scheme for MANET. Id-RSA model performs fast cryptography operations that enhances network performance. Authors compared this model with RSA Threshold Cryptography (RSA-TC) and ECC based Threshold Cryptography (ECC-TC) with respect to cryptography operation execution time and overhead caused due to security messages. They proved that RSA-TC and ECC-TC increase delay and overhead as compared to Id-RSA. In [36], authors improved Id-RSA by removing certificate authentication scheme which in turn requires less computational cost than Id-RSA.
A novel Device to Device (D2D) authentication mechanism is proposed for security in [37]. This mechanism uses secure initial key establishment using Ciphertext Policy Attribute Based Encryption (CP-ABE).
Communicating devices mutually authenticate each other and derive the link key. This scheme provides protection against Man in the Middle (MIM) and replay attacks.
A hash chain based public key encryption algorithm has been introduced for MANET in [38]. Authors used montgomery algorithm with hash chain for public key distribution in the scheme. Montgomery is an algorithm that reduces division in modular multiplication compared to RSA. In [39], authors used a credit based cooperation mechanism with hash chains for both routing and data forwarding messages. With this scheme, computational overhead of the node is reduced and security against malicious nodes is provided. In first transaction, only source node uses the digital signature. For further transactions, scheme uses only hash function instead of a digital signature for source node as well for all other intermediate nodes.
In [40], self-certifying ID based cryptography has been adopted instead of digital certificate chains and therefore, storing and managing a public key is not required. Authors employed trust metric to deal with malicious nodes. A node determines the trust and public key of other nodes generated on the basis of identities of the nodes. This scheme significantly reduces communication overhead and computation costs.
Authors surveyed security related issues in modern wireless ad-hoc communications [41]. They provided analysis of the existing networking services and also find out new threats in the existing services. Authors classified two security mechanisms: security by design and trust management for dealing the threats.
A fully and dynamic distributed certificate authority scheme based on Elliptic Curve Cryptography (ECC) has been used for MANET in [42]. This scheme takes less computational overhead and provides same level of security like RSA. They applied polynomial secret sharing and fully distributed CA over an elliptic curve, trust graphs and threshold cryptography.
In [43], combined Real-time Recurrent Neural Network (RRNN) cipher and trust based multipath routing called TR-RRNN has been applied for message security in a multipath environment in MANET. Results have shown that this scheme outperforms the reviewed schemes in security and route formation time.
A secure data transmission is provided along with security services like confidentiality, integrity, authentication, and availability of data using disjoint Secure Multipath Routing (SecMR) protocol for MANET in [44]. Involvement of multipath in SecMR, reduces energy consumption. During route discovery phase, nodes are mutually authenticated and maintain the integrity of routing packet. Symmetric secret key is also exchanged during route discovery phase. The first node slices the message into blocks during data transmission phase. After that, encryption operation is performed on these blocks before distributing over multiple routes.
Authors designed a secure data transfer scheme using threshold secret sharing scheme along with Residue Number System (RNS) [45]. They modified XTR (abbreviated for ECSTR which is an Efficient and Compact Subgroup Trace Representation) cryptosystem for reliable exchange of secret keys. The malefactor cannot learn about transmitted data, if does not know secret key or has less than k-projections (threshold) of a secret key. This scheme provides confidentiality and integrity of the transmitted data.
Authors introduced a novel scheme for hiding identity in MANET [46]. The scheme is implemented at using two popular XOR and DES cryptosystem. This scheme provides prevention from passive eavesdropping due to randomly changed identity of nodes, and impersonation due to hidden identity and ARP spoofing. Authors proved that even in presence of the misbehaving nodes, the scheme gives good results in comparison of traditional AODV in terms of end-to-end delay and packet delivery ratio.
HIBEM (Hierarchical Identity Based Encryption Model) [47] is implemented using hierarchical identitybased integer lattices. HIBEM is secure against key exposed and quantum-computing attacks.
In [48] Elliptical Curve Diffe-Hellman algorithm used to detect unreliable node in MANET. By finding the unreliable node the network is able to transfer the reliable data. The scheme is isolate the unreliable nodes from routing and also increase the network performance. Table 3 summaries the above MANET data security schemes using utilized service, required security mechanism and addressed attack in MANET. . This algorithm confidentially exchanges the keys with zero prior knowledge. Thereafter, the key is used to establish a cryptography channel in MANET.
In [50], authors use Identity Based Broadcast Encryption (IBBE) for group key distribution. In this scheme, no message communication is required for establishing the group key and therefore, communication overhead remain same irrespective of group size. Group key distribution is efficient in terms of computations and communication. In [51], IBC based on Feldman's verifiable secret sharing scheme is used for private key distribution. This eliminate the use of Certificate Server (CS) which is mandatory in case of IBC.
Fully distributed ID based Multiple Secret Keys Management (IMKM) [52] scheme is used for securing clustered ad-hoc networks. The IMKM uses ID based multiple secrets and threshold cryptography to eliminate the need of certificate based authentication public key distribution. This scheme also supports efficient mechanism for key update and key revocation. Authors also developed an IDAGKA (ID-based Authenticated Group Key Agreement) protocol. This protocol supports the authentication process without verifying signatures and it requires only single round of operation.
In [53], authors used key distribution scheme using Identity Based Broadcast Encryption (IBBE) in MANET. This scheme provides authentication of the broadcaster, average computation load, efficient communication and scalability. It is secure against Chosen Ciphertext Attack (CCA) also. Encrypted broadcast is forwarded to the receivers where decryption operation takes place at all receivers. Introduced Scheme combines the identity-based cryptosystem with a bilinear map to replace group key setup. Each group member can select the broadcaster and designated receivers for transmission of a confidential message.
An identity-based secret key management scheme is proposed for MANET in [54]. This scheme is implemented using Simpler Threshold version of Schnorr signature (SimpleTSch). It is compared with Certificate based Key Management (CKM) scheme and Identity-based Key Management (IKM) scheme. Comparison shows that the proposed scheme is at par with other ordinary key management schemes in the middle scale network.
On-demand self organized certificate less public key management is presented with enhanced security in [55]. In this scheme, public key verification is performed by Media Access Control (MAC) function instead of RSA certificates. It saves storage space, bandwidth and computation power.
Trusted Party (TP) less threshold key management scheme based on bilinear pairing ECC and singencryption is used in [56]. It provides confidentiality and authentication in MANET. It requires fewer communications which in turn lowers bandwidth consumption.
An authentication scheme based on Diffie-Hellman key agreement algorithm is introduced in [57]. The proposed scheme assists certificate store server to help mobile nodes to achieve identity authentication for issuing user's certificate.
A fully self organized iFUSO identity-based key management scheme is proposed for MANET [58]. iFUSO is an asynchronous network in which only trusted nodes are considered for participation in group initialization. This scheme can revoke the private key of malicious or compromised nodes. Nodes themselves perform all operations without any presence of central server or entity in a fully distributed manner.
The above mentioned schemes are summarized in table 4 based on utilized service and security mechanism used for Key Management.  [59] is a software application or tool or device that monitors the activities of machines/networks to report against violation of policy or malicious activities. The IDS collects the behavior or traffic of machines and/or networks for performing the analysis of suspicious activates. Anomaly based, specification based, signature based, reputation based, hybrid etc. are the techniques used for performing the analysis. The information collection can be online or offline. Finally, IDS reports or take an action against affected machines or networks to mitigate the detected effect. Hence the IDS response strategies are either reactive or passive. The reactive IDS (IDPS-Intrusion Detection and Prevention System) is last level of intrusion response system. IDS is the second level of defense in MANET [60], [61]. Only information security is not sufficient to provide complete protection [62] and therefore, IDS need to integrate.
In [63], authors presented the statistical classification based IDS in AODV reactive routing protocol. This scheme locally collects data and merges the collected data for classifying the model. It detects flooding attack, forging attack and packet dropping black hole attack. A specification based IDS placed in host is used for AODV routing protocol in [64]. It addresses RREQ flooding attack, Denial of Service (DoS) attack, black hole attack, wormhole attack and rushing attack. In [66], authors used contamination borders [65] for sinkhole attack detection in AODV reactive routing protocol.
A behavior based cluster IDS engine is used in DSR routing protocol [67]. It detects modification attack, packet dropping black hole attack, impersonation attack and fabrication attack with fewer false alarms.
In MDSR (Modified DSR) [68], an anomaly based IDS uses 2-hop collaborative neighbor scheme for black hole attack detection and removal of selective attack in DSR routing protocol. In selective black hole attack, malicious nodes drop the data packets selectively. MDSR reduces energy consumption and packet loss compared to DSR routing protocol. IDAR (Intrusion Detection & Adaptive Response) [69] is an anomaly based clustered IDS that addresses the rushing attack, Sleep Deprivation (SD) attack, black hole attack and gray hole attack. In this scheme, attacks are identified by using Network Characteristic Matrix (NCM) and Performance Matrix (PM). Thereafter, intruder node is simply isolated or routing is done around it as per no punishment policy in AODV reactive routing protocol. However, the performance of the network is degraded in IDAR. In [70], authors used Genetic Programming (GP) along with Multi Objective Evolutionary Algorithm (MOEA) to find out optimal tradeoffs between security criteria and the power consumption of the nodes. This scheme addresses route request flooding and route disruption attacks utilizing anomaly detection as in AODV reactive routing protocol. DPS (Detection and Prevention System) distributed IDS is employed for black hole detection and prevention in AODV routing protocol in [71]. For the working of DPS, some special nodes are deployed in the network. These nodes analyze the behavior of their neighbors to detect black hole attack and broadcast a message to declare the node malicious. Thereafter, network rejects all types of data from the declared malicious nodes. CDC-ADS (Conceptual Data Collection -Anomaly Detection System) [72] is an anomaly routing detection IDS that enhances the accuracy of anomaly detection in OLSR routing protocol.
ACF-EX (Adaptive Character Frequency-based EXclusive) [73] signature matching scheme improves the process of signature matching. This scheme is evaluated in a distributed network environment and its performance is compared with Snort. ACF-EX performs well by reducing time and packet rate in comparison of Snort. CCIDS (Court like Cluster IDS) [74] is a signature based cluster IDS for protecting against link spoofing and link deletion attacks in OLSR routing protocol. This scheme adopts a court-like structure that provides timely and accurate detection of attacks. Court-like structure works similar to real life for accusation, investigation and defense of the network that is divided into one hop clusters.
The effective K-means clustering data mining technique is introduced to identify malicious nodes responsible for black hole attack in ZRP routing protocol [75]. In [76], watchdog sensor and Bayesian filtering based scheme are used for identifying black hole attack and selfish nodes in peer to peer network. This system monitors traffic of every neighbor nodes and decreases number of false positive due to integration of bayesian filtering inside the watchdog.
In [77], AACK (Adaptive ACKnowledgment) based IDS in distributed environment is introduced to identify the selfish and misbehaving nodes in DSR routing protocol. This scheme not only reduces routing overhead compared to TWOACK scheme, but also increases detection efficiency by applying node detection instead of link detection.
MEACA (Mobility and Energy Aware Clustering Algorithm) [78] is used in hierarchical cluster based architecture for improving upon detection accuracy and energy consumption. The Nash equilibrium game theory is proposed in cluster based architecture for addressing sinkhole attack [79]. Bayesian game theory and trust in cluster based architecture is proposed for addressing internal and external intrusions [80]. The Bayesian game theory is used for detecting external intrusions and building the trust relation between nodes by observing the behavior of their neighbor nodes for avoiding internal intrusions. Table 5 summarize the related work of IDSs for securing the MANET using detection mechanism, used architecture, addressed attack, used routing protocol, way of collecting data for analysis and how the system response to the intrusion.

VII. CONCLUSION
As MANET is a wireless adhoc network, it has its own characteristics and features. It is vulnerable to active and passive attacks from internal and external attackers due to its characteristic and features. Single approach is not sufficient to secure MANET. Some security mechanisms can be used to prevent from malicious activity during path discovery process in MANET. To secure the data being transmitted, cryptography may integrate as a first level of defense. The IDS is used to monitor the network as a second line of defense. These solutions are application specific. Cryptographic method and IDS can protect the MANET before forwarded message (control) and/or after forwarded message (data). While secure routing mechanism can protect the control (routing) information and discover dynamically reliable routes. Besides using cryptography as first line of defense, some other security mechanisms like game theory, fuzzy, trust etc. can also be used during route discovery phase and data transmission. Performance of the network may goes down with the inclusion of security mechanisms that is negotiated as a tradeoff for supporting the need of security. There are more and more new applications in the commercial sector that are using MANET recently. Therefore, the success of this technology will largely depend on security of new applications and programs to be developed.