To purchase or authenticate to the full-text of this article, please visit this link: http://www.inderscience.com/search/index.php?action=record&rec_id=58233 Byline: Mohammad Rahmanimanesh, Saeed Jalili, Ahmad R. Sharafat Ad hoc on-demand distance vector (AODV) is a widely used routing protocol for mobile ad hoc networks that fully trusts all participants and has no security considerations. As a result, malicious nodes can violate the protocol and disrupt the network operations. In this paper, a protocol-based anomaly detection method in ad hoc networks with AODV routing protocol is proposed. In doing so, we use a step-by-step approach for modelling the normal behaviour of AODV, and utilise a combination of support vector data description (SVDD) and mixture of Gaussians (MoGs) one-class classifiers to classify any deviation from the normal behaviour as an anomaly. These two classifiers are chosen among six utilised classifiers according to their diversity and better accuracy. Simulation results demonstrate the effectiveness of the proposed method for detecting many types of attacks (e.g., wormhole, blackhole, rushing and denial of service (DoS)).