detection and prevention of routing attacks with ncpr protocol...
TRANSCRIPT
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
940
All Rights Reserved © 2014 IJARECE
Abstract— Mobile ad hoc networks (MANETs) is a dynamic network which the mobile node does not have any
infrastructure. Link breakages exist due to its high mobility of
nodes which leads to frequent path failures and route
discoveries. In broadcasting mechanism, the mobile node
blindly rebroadcasts the first received route request, even if
there is no route to destination leads to broadcast storm
problem. Attacks are the main issues in Mobile ad hoc
networks such as DoS, Wormhole attacks etc. In this paper an
Attack Detection and Prevention algorithm (ADPA) is
implemented with Neighbor Coverage based Probabilistic
Rebroadcast Protocol (NCPR) for ensuring security along with
improved performance in the network. ADPA detects and
prevents the attacker nodes more effectively. The neighbor
coverage based probabilistic rebroadcast protocol, exploits the
neighbor coverage knowledge by rebroadcast delay and obtains
additional coverage ratio. Connectivity factor is defined and it
is combined with additional coverage ratio to set rebroadcast
probability. The neighbor coverage and probabilistic
mechanism significantly decreases the number of
retransmissions so as to reduce the routing overhead.
Index Terms— Additional coverage ratio, Attack Detection and
Prevention Algorithm, connectivity factor, Mobile ad hoc
Networks, rebroadcast delay, rebroadcast probability, shortest
path.
I. INTRODUCTION
Mobile Ad hoc network (MANET) is promising to solve
many challenging real-world problems, such as,
communication in emergency response system, military
field operation and oil drilling and mining Operation.
Dynamic topologies, Bandwidth-constrained, variable
capacity links, Energy-constrained operation, Limited
physical security are the several salient features of mobile
ad hoc networks. Due to these features, mobile ad hoc
networks are particularly vulnerable to denial of service
attacks launched through compromised node [13].
Security is one of the most challenging problems as the
operation environment of such network is usually
unpredictable and
Manuscript received Aug , 2014.
Radhu.R.Nair, Communication systems, Anna University/
Dhanalakshmi Srinivasan College of Engineering, Alappuzha, India.
Revathy.R.Nair, Electronics and communication, Kerala University/
Mount Zion College of Engineering for Women, Alappuzha, India,
the existing mechanisms such as routing protocols assume
a trusted environment. Hence any malicious behaviour
could
disrupt the normal operation of the networks [5]. Any
attacker or malicious node in the network can disturb the
whole process or can even stop it. Several attacks like,
wormhole, rushing etc [7] have been come into the picture
under which a genuine node behaves in a malicious
manner. It is quite difficult to define and detect such
behaviour of a node [4]. Mobile ad hoc network (MANET)
is an autonomous system of mobile nodes connected by
wireless links [2]. However, due to node mobility in
MANETs, frequent link breakages may lead to frequent
path failures and route discoveries [1]. Thus, reducing the
routing overhead in route discovery is an essential
problem. The conventional on demand routing protocols
use flooding to discover a route. They broadcast a Route
Request (RREQ) packet to the networks, and the broad
casting induces excessive redundant retransmissions of
RREQ packet [11].
MANET has no clear line of defense, so, it is accessible
to both legitimate network users and malicious attackers
[6]. In the presence of malicious nodes, one of the main
challenges in MANET is to design the robust security
solution that can protect MANET from various routing
attacks. Different mechanisms have been proposed using
various cryptographic techniques to countermeasure the
routing attacks against MANET. However, these
mechanisms are not suitable for MANET resource
constraints.
The proposed attack detection and prevention algorithm
(ADPA) detects and prevents the attacks by using IP
address. The attack prevention algorithm maintains the IP
address history, Nodes entering into the network and also it
stores the IP address of each incoming nodes. If the IP
address of each incoming node is equal to the stored IP
history, then there is no attack. Each time the incoming
node tries to enter into the network, its history is
maintained. But, if the incoming node‟s tries to enter in the
network more than five times, it will get its IP address and
reads its MAC unique id. If this id of server is same as that
of client, it accepts the request from the client and sends a
response for the request. Else that node is placed in attacker
list and its access will be denied.The neighbor coverage
based probabilistic rebroadcast protocol, exploits the
neighbor coverage knowledge by rebroadcast delay and
thus obtains additional coverage ratio. Connectivity factor
Detection and Prevention of Routing Attacks
with NCPR Protocol for MANETs
Radhu.R.Nair, Revathy.R.Nair
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
ISSN: 2278 – 909X All Rights Reserved © 2014 IJARECE
941
is defined and it is combined with additional coverage ratio
to set rebroadcast probability.
II. RELATED WORKS
The goal of the security solutions for MANET is to provide
security services [4]. The MANET protocols are facing
different routing attacks [7] [5]. Broadcasting is an effective
mechanism for route discovery, but the routing overhead
associated with the broadcasting can be quite large,
especially in high dynamic networks [12],[9], [5], [8]. The
gossip-based approach, each node forwards a packet with a
probability [10].
III. DETECTION AND PREVENTION OF ATTACKS WITH NCPR
PROTOCOL
The Mobile Ad-Hoc Networks works by broadcasting the
information. Its broadcasting nature helps attacker, to spy
the network [6]. Many type of attack can be done on
MANETs. The Attack Detection and Prevention Algorithm
(ADPA) prevent such type of attacks. The prevention
algorithm maintains some data‟s such as the IP address
history, Nodes entering into the network and also it stores the
IP address of each incoming nodes. The arrival of each
incoming node is evaluated for each time. There will be no
attackers if the IP address of each incoming node is equal to
the stored IP history. History of incoming node is
maintained whenever the node tries to enter the network. If
the incoming node‟s tries to enter in the network more than
five times, it will get its IP address and reads its MAC unique
id. If this id of server is same as that of client, it accepts the
request from the client and sends a response for the request.
Else that node is placed in attacker list and its access will be
denied. In this way the algorithm detects and prevents the
attacks such as DoS and Worm hole attacks in mobile ad hoc
networks.
A. Rebroadcast Delay Calculation
To estimate how many its neighbors have not been
covered by the RREQ packet from s, when node ni receives
an RREQ packet from its previous node s, it can use the
neighbor list in the RREQ packet. To calculate this, the
Uncovered Neighbors set U(ni) of node is defined. It is
given below:
U(ni)=N(ni)-[N(ni)∩N(s)]-{s} (1)
Where N(s) and N (ni) are the neighbors sets of node s and
ni, respectively. s is the node which sends an RREQ packet
to node ni. The key to success for the neighbor coverage
based probabilistic rebroadcast protocol is the choice of a
proper delay [1] . The rebroadcast delay Td(ni) of node ni is
defined as follows:
Tp (ni) = 1- | N(s)∩N(ni) |
(2)
|N(s)|
)(nTMaxDelay= )(nT ipid (3)
Where Tp(ni) is the delay ratio of node ni, and MaxDelay is
a small constant delay. Its value is 0.01. Consider that node
nk has the largest number of common neighbors with node
s, according to (3). Then the node nk has the lowest delay
[1]. The node can set its own timer after determining the
rebroadcast delay.
Figure 1: Rebroadcast delay calculation
B. Rebroadcast Probability Calculation
The RREQ packets from the nodes which have lowered
rebroadcast delay may listen to the node which has a larger
rebroadcast delay. According to the neighbor list in the
RREQ packet from nj, the node ni could further adjust its
UCN set [1]. Then, the U(ni) can be adjusted as follows:
U(ni)=U(ni)-[U(ni)∩N(nj)] (4)
The RREQ packet received from node nj is discarded
after adjusting the U(ni). To determine the order of
disseminating neighbor coverage knowledge to the nodes
which receive the same RREQ packet from the upstream
node, the rebroadcast delay is used [1]. The additional
coverage ratio of node ni is (Ra (ni)), which is defined as
follows:
|)N(n|
|)U(n|)(n R
i
i
ia (5)
This equation indicates the ratio of the number of nodes
that are additionally covered by this rebroadcast to the total
number of neighbors of node ni. To keep the probability of
network connectivity approaching 1, [3] a heuristic formula
is used: ∣N (ni)∣ . Fc (ni) ≥ 5.1774 . Then define the
minimum Fc (ni) as a connectivity factor, which is given by:
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
942
All Rights Reserved © 2014 IJARECE
|)N(n|
N )(n F
i
c
ic (6)
Where Nc = 5:1774 log n, and n is the number of nodes in
the network. From (6), it is observed that Fc(ni) is less than
1, when ∣N(ni)∣ is greater than Nc. The rebroadcast probability Pre (ni) of node ni:
Pre(ni)=Fc(ni).Ra(ni) (7)
Where, set the Pre(ni) to 1,if the Pre (ni) is greater than 1, The
rebroadcast probability is defined with the following
reason. From the additional coverage ratio Ra, it can be
determine that how many neighbors should receive and
process the RREQ packet.
Figure 2: Rebroadcast Probability Calculation
C. Attack Detection and Prevention Algorithm
Step 1: Initialize the Process Step 2: Maintain the IP address History=H;
Step 3: Nodes enter into the Network=U;
Step 4: Store the Each Incoming node‟s IP address=I;
Step 5: Check each time U,
If (I==H)
{
No Attacks
}
Else If (I
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
ISSN: 2278 – 909X All Rights Reserved © 2014 IJARECE
943
Figure 3: Flowchart of ADPA
D. Simulation Parameters
Table 1 Simulation Parameters
Simulation Parameter Value
Simulator NS-2(v2.34)
Topology Size 1200 1200 m
Number of Nodes 350
Transmission Range 250 m
Interface Queue Length 50
Traffic Type CBR
Packet Size 512 bytes
Packet Rate 4 packets/sec
Min Speed 1 m/sec
Max Speed 5 m/sec
E. Performance Analysis
To evaluate the performance of Attack Detection and
Prevention Algorithm (ADPA) with NCPR Protocol, it is
compared with some other protocols such as AODV and
DPR. It is simulated by using NS-2 simulator version 2.34.
The Neighbor Coverage based probabilistic rebroadcast
protocol [1], which is an optimization scheme for reducing
the overhead of RREQ packet in route discovery. Various
performance parameters are evaluated.
Normalized Routing Overhead: It is the ratio of the total
packet size of control packets (include RREQ, RREP,
RERR, and Hello) to the total packet size of data packets
delivered to the destinations.
Packet Delivery Ratio: It is the ratio of the number of data
packets successfully received by the Constant Bit Rate
(CBR) destinations to the number of data packets generated
by the CBR sources.
Average End-To-End Delay: It is the average delay of
successfully delivered Constant Bit Rate (CBR) packets
from source to destination node. It includes all possible
delays from the CBR sources to destinations.
IV. RESULTS
The figure 4 shows the attacker node which tries to enter
into the network. The ADPA maintains the IP address
history, Nodes entering into the network and also it stores the
IP address of each incoming nodes. It checks for each time
whether any nodes entering into the network.
.
Figure 4: NAM window with attacker node
The figure 5 shows the NAM window with the attacker
node normal nodes enters into the network. The ADPA
checks the IP address of each incoming node. The normal
node‟s IP will be equal to the stored IP history. So the
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
944
All Rights Reserved © 2014 IJARECE
normal incoming nodes can enter the network. It does not
cause any attack.
Figure 5: Attacker node and Normal
Nodes
The figure 6 shows the prevention of attacker node by
ADPA. If the incoming node‟s tries to enter in the
network more than 5 times, it will get its IP address and
reads its MAC unique id. If this id of server is same as
that of client, it accepts the request from the client and
sends a response for the request. Else that node is placed
in attacker list and its access will be denied
Figure 6: Prevention of attacker node
F. Varied nodes with various performance metrics
The normalized routing overhead with varied number of
nodes is shown in figure 7. The RREQ traffic is reduced as
the NCPR protocol increases the packet size of RREQ
packets; it reduces the number of RREQ packets more
significantly. Compared with the conventional AODV
protocol, the overhead is reduced by above 45.9 percent in
the NCPR protocol. The overhead is reduced by above 30.8
percent when the NCPR protocol is compared with the
DPR protocol. When network is dense, the NCPR protocol
reduces overhead by above 74.9 percent and 49.1 percent
when compared with the AODV and DPR protocols,
respectively [1].
Figure 7: Normalized Routing Overhead with Varied
Number of Nodes
Average end to end delay with varied number of nodes is
shown in figure 8. The MAC collision rate of conventional
AODV is more severe. Thus the retransmission increases.
It incurs severe end to end delay. NCPR reduces end to end
delay by above 60.8 percent when compared with AODV.
When compared with DPR, NCPR reduces delay by above
46.4 percent on average [1].
Figure 8: Average end to end delay with varied number of
nodes
The packet delivery ratio with varied number of nodes is
shown in figure 9. The MAC collision rate of AODV is
excess. So, it leads to packet drops. It reduces packet delivery
ratio [1]. When AODV and DPR are compared with NCPR,
the packet delivery ratio of NCPR is increased by above 11.9
percent and 3.7 percent respectively.
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
ISSN: 2278 – 909X All Rights Reserved © 2014 IJARECE
945
Figure 9: Packet delivery ratio with varied number of
nodes
G. Performance Evaluation of ADPA
The performance of NCPR protocol with various
performance metrics is evaluated. It is found from the
results that the Attack detection and prevention algorithm
for attacks prevents attacks in mobile ad hoc network. Thus
it ensures secure routing. It is found that it increases
throughput. The figure 10 shows the xgraph of throughput
with prevention algorithm and throughput without
prevention algorithm. The result shows that the NCPR
protocol with prevention algorithm increases the
throughput of the network.
Figure 10: Received Packets with Time
The packet loss rate of NCPR protocol with Detection
and prevention algorithm of attacks is shown in the figure
11. The NCPR protocol with attack prevention and
detection algorithm increases the network performances.
When compared with the NCPR protocol with prevention
algorithm, the packet loss rate of NCPR protocol without
prevention has more packet loss rate.
Figure 11: Packet Loss Rate with Varied Nodes
The delay of NCPR protocol with varied nodes is
shown in the figure 12. The NCPR protocol with attack
detection and prevention algorithm reduces the end to
end delay when it is compared with NCPR protocol
without prevention algorithm.
Figure 12: End to End Delay with Varied Nodes
V. CONCLUSION
The services based on ad hoc networks have been
increased with development in computing environments.
Due to the physical characteristic of both the environment
and the nodes, wireless ad hoc networks are vulnerable to
various attacks such as DoS attacks and wormhole attacks. In
such types of attacks, it is executed by two malicious nodes
causing serious damage to networks and nodes. The
detection and Prevention of wormholes and DoS attacks in ad
hoc networks is still considered to be a challenging task. In
order to protect networks such types of attacks, previous
solutions require specialized hardwares. Thus, the proposed
-
International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)
Volume 3, Issue 8, August 2014
946
All Rights Reserved © 2014 IJARECE
algorithm in this paper is to detect and prevent Dos and
wormhole attacks without any special hardwares
mechanism. The proposed Attack detection and prevention
algorithm ensures secure routing and improves the
performance of mobile ad hoc networks. The NCPR protocol
disseminates the neighbor coverage knowledge and includes
additional coverage ratio and connectivity factor. A new
scheme is used to dynamically calculate the rebroadcast
delay, which is used to determine the forwarding order. A
rebroadcast probability is introduced to reduce the number of
rebroadcasts of the RREQ packet, to improve the routing
performance. This approach significantly decreases the
number of retransmissions so as to reduce the routing
overhead. Apart from conventional routing protocol, it
eliminates broadcast storm problem. The attack detection
and prevention algorithm is incorporated with NCPR
protocol for secure routing with improved performance.
REFERENCES
[1] Zhang X.M, Wang E.B, Xia J.J, and Sung D.K, “Neighbor Coverage based Probabilistic Rebroadcast for Reducing Routing Overhead in
Mobile Ad hoc Networks‟, IEEE transactions on mobile computing, vol
12, No.3, march 2013.
[2] Chadha M.S, Joon.R, Sandeep „Simulation and comparison Of AODV,
DSR and AOMDV routing protocols in MANETs’, International journal
of advanced research in Computer Engineering & Technology, Vol 2, No
3, July 2012.
[3] Zhang X.M, Wang E.B, Xia J.J, and Sung D.K,(2011) , „An Estimated Distance Based Routing Protocol for Mobile Ad Hoc Networks,‟ IEEE
Trans. Vehicular Technology, Vol. 60, no. 7, pp. 3473-3484.
[4] Mohini.G, A. kanungo, „A novel defense IPS scheme against wormhole
attack in MANET’, International journal Of computer application
(0975-8887) volume 79,no-17, October 2013
[5] Shilpa.J, Sumeet.A, „A novel paradigm: Detection and Prevention of Wormhole attack in Mobile Ad hoc Networks‟, International journal of
Engineering Trends and Technology, volume 3,Issue 5 2012
[6] Kumar. S, Pahal. V, Garg.S, „Wormhole Attack in Mobile Ad Hoc Networks: A Review‟, Engineering Science and Technology an
International Journal, ISSN 2250-3498, Vol 2, No 2, April 2012
[7] “Security in Mobile Ad-Hoc Networks” Yongguang Zhang and Wenke Lee, , in Book Ad Hoc Networks Technologies and Protocols, (Springer),
(2005).
[8] S.Y. Ni, Y.C. Tseng, Y.S. Chen, and J.P. Sheu, “The Broadcast Storm
Problem in a Mobile Ad Hoc Network,” Proc. ACM/IEEE MobiCom, pp.
151-162, 1999.
[9] J.D. Abdulai, M. Ould-Khaoua, and L.M. Mackenzie, “Improving
Probabilistic Route Discovery in Mobile Ad Hoc Networks,” Proc.IEEE
Conf. Local Computer Networks, pp. 739-746, 2007.
[10] Z. Haas, J.Y. Halpern, and L. Li, “Gossip-Based Ad Hoc Routing,”
Proc. IEEE INFOCOM, vol. 21, pp. 1707-1716, 2002.
[11] AlAamri.H, Abolhasan.M, and Wysocki .T, (2009), „On Optimizing Route Discovery in Absence of Previous Route Information in
MANETs,‟ Proc. IEEE Vehicular Technology Conf. (VTC), pp. 1-5.
[12] Chen .J, Lee Y. Z, Zhou. H, Gerla. M and Shu.Y (2006), „Robust Ad Hoc
Routing for Lossy Wireless Environment,‟ Proc. IEEE Conf.
Military Comm. (MILCOM‟06), pp1-7
[13] S. Corson , J. Macker , Mobile Ad hoc Networking (MANET):
Routing Protocol Performance Issues and Evaluation Considerations,
RFC 2501,January 1999.
Radhu. R. Nair received the B.E
degree in Electronics and
communication engineering under
Anna University, Chennai in 2012. She
completed her master of Engineering
in Communication Systems under
Anna University Chennai in 2014. She
has published papers in International
Journals and presented papers in
various National and International
Conferences She is interested in
Wireless Ad Hoc and Sensor Networks.
Revathy.R.Nair, is currently working
toward her BTech degree in Electronics
and Communication Engineering
under Kerala University. Her research
interests include wireless networks.