Abstract: Mobile ad hoc network is a kind of network that does not need infrastructure. In such networks mobile nodes are self-organized and provide network routing for each other. Ad hoc networks are extremely vulnerable to attacks, especially internal attacks. In this paper, an intrusion detection scheme is proposed to detect internal routing attacks. In the scheme, every node monitors its adjacent nodes and tries to detect their misbehavior by analyzing the difference between their route behavior and the route specification. An FBA (fuzzy behavior analysis) method is introduced into the data analysis procedure, which can greatly decrease the false alarm rate. Simulation result shows that the scheme can effectively detect intrusions, while keeping the false alarm rate comparatively low.