The mobile Adhoc network consists of several mobile nodes that communicate with each other without a fixed infrastructure. As users communicate for lack of boundaries, attacks on MANET routing are important and of great concern. In this work, the detection of intrusions is done by studying the traffic collected from MANET in different stages: i) regular operation, and ii) with a wormhole joining distant parts of the network. Our focus is on detecting anomalous behavior using routing traffic time analysis within the network. Security has become a primary concern in order to provide secure communication in the wireless environment as well as by cable. The security mechanism will be performed considering the routing paths of the different packages ensuring the packages of malicious attacks. This is done by sending RREQ and receiving RREP messages between intermediate nodes to ensure packet delivery.
The Mobile Ad-Hoc Network (MANET) is a less-compiled infrastructure of mobile nodes that can arbitrarily change their geographic locations so that these networks have dynamic topologies and random mobility with limited resources. Two nodes that are outside the direct communication range usually need intermediate nodes to forward their messages. Due to multi-hop routing, MANETs are vulnerable to attacks by malicious nodes such as a wormhole, black hole attacks, and gray hole attacks. The most objective area of research in ad hoc mobile networks is to provide an environment of trust and secure communication. There are several ad hoc network applications that need highly secure communication. MANET's common applications are: military or police networks, commercial operations such as oil drilling platforms or mining operations and emergency response operations, such as following a natural disaster such as a flood, a tornado, a hurricane, and earthquakes. In the wormhole attack, the attacker registers the packets (bits) at one location and the tunnels at another location on the same network or on different networks. The attacker can transfer each bit directly, without waiting for the whole packet. It is very difficult to find the location of the wormhole attack without the packet relay information or without the known infrastructure of routing protocols.