1
MULTI PATH QUERY REQUEST AND REPLY VERIFICATION FOR
ATTACKER DISCOVERY UNDER
MOBILE AD-HOC NETWORKS
Ms. V. Meenakumari1, Mr. V.P. Muthukumar2,
M.Phil Full time Research Scholar, PG & Research Department of Computer Science1 Head of the Department, Department of Computer Applications2
Vivekanandha College of Arts and Sciences for Women (Autonomous) Tiruchengode, Tamilnadu, Namakkal-637 205,
meenakumariv.94@gmail.com1, rajiperiasamy@gmail.com2 ABSTRACT
The mobile nodes with self adaptive and self management features are grouped to construct the Mobile Ad-hoc Network (MANET). The MANET data transmission operations are carried out without the infrastructure dependency. Military and disaster management operations are efficiently handled with the support of the mobile nodes. The mobile nodes are used to collect and distribute the victim details in the rescue operations. The query processing schemes are applied to fetch the victim details with user submitted query values. The MANET applications are designed with the consideration of the energy and bandwidth parameters.
The rescue operations are initiated and managed with reference to the data maintained under
the data provider nodes. The data request is broadcasted as a top-k query value. The query reply is prepared with top-k items using the victim and score information. The query reply values are modified with the Data Replacement Attacks initiated by the malicious nodes. The malicious node activities are detected by analyzing the multi path query reply details. Query forwarding algorithm and Reply transmission algorithm are applied to manage the query process. Attack detection, malicious candidate discovery and malicious node identification algorithms are employed to discover malicious node and intrusions. The attack detection process is completed with node grouping algorithm and global analysis algorithm.
The intrusion detection and prevention scheme is build to support emergency and rescue operations under the MANET environment. The Liar node and False Notification Attack (FNA) discovery mechanisms are integrated with the intrusion detection process. The message authentication, confidentiality and integrity verification tasks are combined with the security features. The malicious node activities are controlled with Message Authentication Code (MAC) scheme.
Keywords: Mobile Ad-Hoc Networks, Query Request/Reply, Data Replacement Attacks, Malicious
Node and Message Authentication Code
1. INTRODUCTION
Ad-hoc networks are susceptible to several security issues. Characteristics such as dynamic topology, resource constraint, limited
physical security and no centralized
infrastructure make these networks vulnerable to several types of attacks, such as Rushing,
Worm hole, Black hole, Spoofing,
Modification, No-cooperation, etc. While many secure schemes focus on preventing attackers from entering the network through secure key management, trust management takes a further step to guard the whole network even if malicious nodes have gained access to the network.
36
sink node, so it is impossible to adapt these methods to MANETs.
We proposed query processing
methods [7], [8], are proposed for for top-k query to reduce traffic and also keep high accuracy of the query result. With these methods, the query-issuing node floods the query message attached with some score information. Each node then estimates the kth score of the data item and sends back data items whose scores are equal to or greater than the estimated one. These methods can, therefore, decrease the number of transmitted data items. However, there is still a drawback that queries are forwarded to all nodes in the network by flooding. Thus, many nodes that do not contribute to the data items with k-highest scores (top-k result) have to send redundant top-k queries and replies. As a result, there is a high level of traffic.
A routing method is applied for top-k query processing in MANETs [2]. In the previous method, each node holds a routing table that comprises a ranking of scores of data items in the network and identifiers of nodes to which queries are forwarded to obtain the top-k result. When each mobile node issues a query, it first refers to its own routing table and then sends the query message that specifies the requiring ranks of data items to the query address for this query by unicast. Nodes that receive the query message behave in the same way. By doing so, the previous method can acquire the top-k result with low traffic. However, if the network topology changes frequently, the accuracy of the query result decreases in the previous method because of the single query transmission path to each data item, which is too restrictive in MANETs.
To prevent from decreasing the accuracy of the query result in highly dynamic networks, in this paper we propose a robust routing method for top-k query processing in MANETs by extending the previous method. In the method we propose in this paper, the query-issuing node sends the query message to query addresses in its routing table by multicast. Each node that receives the query message determines the necessary query addresses that are worth transmitting by referring to its own routing table and the information included in the received query message. Then it sends the query message to
the necessary query addresses to obtain the top-k result. Unlike with the previous method, each node does not specify the requiring ranks of data items in the query message in the proposed method, so multiple paths to the nodes that have the top-k result are constructed in most cases. This gives the proposed method tolerance of highly network topology changes, while suppressing transmission the query messages to unnecessary query addresses. We have verified through simulations that our proposed method works very well in terms of the accuracy of the query result and reduced traffic.
2. RELATED WORK
The notion of malicious node
detection in MANETs has been a subject of interest for a number of years. A number of researchers have discussed the problems of malicious node detection in MANETs as follows.
Saurabh Gupta et. al. [4] proposed a
AOMDV based novel approach for black hole attack named as BAAP. BAAP introduces the concept of legitimacy table, which will be maintained by each node. The good path statistics are based on two different fields: Pathcount and Sentcount i.e. the Legitimacy Ratio of a node is calculated with the help of pathcount & sentcount. Such count calculation
gives the picture of correct routing. Rutvij
H. Thaveri et. al. [9] proposed an on-demand secure routing protocol for Gray Hole and Black Hole Attacks. It deals with the abnormal routing information provided by the neighbor nodes during path setup and these abnormal nodes will be considered as malicious nodes. The intermediate node uses the routing packets
to pass routing and malicious node
information to whole network.
Subrat Kar at.e!' [10] described a
protocol WHOP. WHOP suggests the use of hound packet to promote cooperation among nodes. Their route selection criteria are purely based on node ID. That is each node must expose its ID during path setup. The merit of the protocol lies in the fact that it can detect hidden worm hole also. Adrian Perrig et. al. proposed an on demand AODV like protocol named as RAP. It uses highly efficient digital
signature based cryptography for
37
detection protocol is designed to discover a legitimate neighbor [3]. RAP at the cost of higher overhead can find usable routes, thus allowing successful routing and packet delivery.
Khalil et a!. Proposed a secure routing
protocol called LITEWORP. LITEWORP views secure ad hoc routing as a Quality of Service and energy efficiency issue in multihop network. The proposed model makes use of time threshold to deliver the packet and simple encryption scheme to authenticate the nodes. This protocol has low storage and processing requirement but it is difficult to find a guard node in a sparse network.
Poovendran and Lazos proposed a model for wormhole attack. Proposed model is based on a graph theoretic model. Small number of network nodes, called guards, is assigned special network operations [1]. It detects and protects against authentication, message integrity and non-repudiation. The proposed model makes use of efficient simple cryptography based on Local broadcast Keys rather than relying on expensive asymmetric cryptography operations.
3. TOP-K QUERY PROCESSING AND MALICIOUS NODE IDENTIFICATION IN MANETS
Recently, there has been an increasing interest in mobile ad hoc network (MANET), which is constructed by only mobile nodes. Since such self-distributed networks do not require pre-existing base stations, they are expected to apply to various situations such as military affairs and rescue work in disaster sites. In MANETs, since each node has poor resources, it is effective to retrieve only the necessary data items using top-k query, in data items are ordered according to a particular attribute score and the query-issuing node acquires the data items with k highest scores in the network.
In MANETs, if a normal node becomes malicious owing to an attack from outside the network, the malicious node tries to disrupt the operations of the system. In this case, the user whose network contains the malicious node will typically continue to operate the system normally, unaware of the threat, while the malicious node may execute a variety of attacks. Let us consider a purpose of
malicious node attacking top-k query
processing. Basically, malicious nodes attempt to disrupt query-issuing node's acquisition of the global top-k result for a long period, without being detected. DoS attacks in MANETs have been actively studied for long years and as a result, using existing techniques, such attacks can be exposed by the query issuing node or intermediate nodes. Here, a remarkable characteristic of top-k query processing is that the query-issuing node does not know the global top-k result beforehand. Therefore, even if a malicious node replaces high-score data items with its own low-score ones, when relaying the data items, it is difficult for the query-issuing to detect the attack and it may believe that all the received data items with k highest scores are the global top-k result. In this paper, we define a new type of attack called data replacement attack (DRA), in which a malicious node replaces the received data items with unnecessary yet proper data items. Since DRAs are a strong attack and more difficult to detect than other traditional types of attack, some specific mechanism for defending against DRAs are required.
An example of performing a top-k query in a MANETs, where a rescue worker in a disaster site acquires data items with 2 highest scores. Let us assume that the mobile node held by the rescue worker at P3 becomes a malicious node and it replaces the received highest score data item whose score is 94, with its own lower-score data item whose score is 84. Therefore, the node held by the rescue worker at P1, who issues a top-k query, cannot acquire the data item whose score is 94 and it cannot know the node at P3 performed a DRA. In this paper, we propose top-k query processing and malicious node identification methods again DRAs in MANETs. In the top-k query processing method, in order to maintain accuracy of query result and detect attacks, nodes reply with data items with k
highest scores along multiple routes.
38
information on the data items sent by these candidates. In this way, the query issuing node can identify the malicious node.
When there are multiple malicious nodes in the network, it is difficult to identify all the malicious nodes in a single query. By using our methods, nodes are likely to identify the malicious nodes which are near their own location, while they hardly identify the malicious nodes which are far from their own location. Therefore, in order to quickly identify more malicious nodes, it is effective to share the information about the identified malicious nodes with other nodes. In this case, a malicious node may declare fake information that claims normal nodes as the malicious nodes (false notification attack (FNA)).We need some method to correctly identify the malicious nodes against FNAs.
Therefore, in our malicious node identification method, after nodes share the malicious node identification information, each node divides all nodes into some groups based on the similarity of the information. Then, the node determines the final judgment of malicious nodes based on the judgment result of each group. In our method, even if malicious nodes claim that normal nodes are the malicious nodes, there is a decisive difference in the nature of the information possessed by normal and malicious nodes concerning the identified malicious nodes and therefore, the normal nodes can easily identify the malicious nodes. Furthermore, even if malicious nodes mix the correct information on malicious nodes identified by other normal nodes with their fake information, in order to increase their similarity with normal nodes, the normal nodes in the same group will nonetheless certainly identify the malicious nodes, but not normal nodes. Thus, the information from the malicious nodes can be removed and there is little influence of FNAs.
We describe a new attack model,
DRA, in which a malicious node replaces necessary data items with unnecessary ones and we analyze the effects of such an attack on top-k query processing when there are multiple malicious nodes in the networks. We propose methods for processing top-k queries and for identifying malicious nodes against a DRA in MANETs. We describe an attack model, FNA, in which a malicious node sends fake information that claims some normal
nodes as malicious nodes and we evaluate the effects of such an attack. We verify that our proposed methods can achieve high accuracy of the query result and identify malicious nodes, through extensive simulations that take into account physical layer effects in the networks.
4. ISSUES ON MANET QUERY
PROCESSING SCHEMES
The rescue operations are initiated and
managed with reference to the data maintained under the data provider nodes. The data request is broadcasted as a top-k query value. The query reply is prepared with top-k items using the victim and score information. The query reply values are modified with the Data
Replacement Attacks initiated by the
malicious nodes.
The malicious node activities are detected by analyzing the multi path query reply details. Query forwarding algorithm and Reply transmission algorithm are applied to manage the query process. Attack detection, malicious candidate discovery and malicious node identification algorithms are employed to discover malicious node and intrusions. The attack detection process is completed with node grouping algorithm and global analysis algorithm. The following issues are identified from the current MANET query processing schemes.
Liar node identification is not
provided
False Notification Attack discovery is
not supported
Data security is not provided
Malicious node control mechanism is
not available
5. INTRUSION DETECTION AND
PREVENTION MECHANISM UNDER CLUSTERED MANET
The intrusion detection and prevention
scheme is build to support emergency and
rescue operations under the MANET
environment. The Liar node and False
Notification Attack (FNA) discovery
39
malicious node activities are controlled with Message Authentication Code (MAC) scheme.
The attack resistant query processing
framework is build to support the query process with attack control and discovery mechanism. Cluster based attack discovery scheme is used in the system. Local and global level attack discovery operations are adapted in the system. The system is divided into five major modules. They are Clustering Process, Data Providers, Query Processing, Malicious Node Discovery and Message Authentication Process.
The clustering process module is build
to setup the MANET and node grouping process. The data provider manages the shared data values. The query submission process is build to submit the query for the MANET nodes. The attacks and its sources are discovered under the malicious node detection process. The message authentication process is designed to protect the query request and response operations.
5.1. Clustering Process
The mobile ad-hoc network is
constructed with user parameters. Clustering process is initiated to group the MANET nodes. Coverage and resource details are used in the clustering process. The cluster head manages the nodes under the group.
5.2. Data Providers
The data provider node shares the data
values to other nodes. Provider list shows the data providers with victim count details. Victim ID and score details are listed in the victim data details. The data values are distributed with reference to the query values.
5.3. Query Processing
The mobile node submits the data
query with K threshold value. Query forwarding algorithm is used to distribute the query value to all the nodes. The data provider prepares the reply and retransmits it in multiple routes. Reply message sending algorithm is used in the query response process.
5.4. Malicious Node Discovery
The malicious node discovery module
is used to detect the malicious nodes and data attacks. Attack detection algorithm is used to discover the Data Replacement Attacks. Query reply is verified with adjacent node reply data details. Local and global level detection
schemes are used to discover the malicious nodes.
5.5. Message Authentication Process
The query request and reply values are
secured using Cryptography and digital
signature techniques. The Message
Authentication Codes (MAC) are used to verify the request and reply values. RSA, Advanced Encryption Standard (AES) and Secure Hash Algorithm (SHA) are used for the authentication and security process. Liar node and False Notification Attacks (FNA) are also detected in the system.
6. CONCLUSION
Top – K queries are used to retrieve
data items from MANET nodes. Malicious nodes replaces the necessary data with unnecessary data values. Node grouping method is applied to perform the top-K queries with malicious node identification process. Liar Node and False Notification Attacks are detected with message authentication schemes. Data values are shared between the nodes
under the Mobile Ad-hoc Network
environment. The system detects Data Replacement Attacks (DRA) initiated by the malicious nodes. Clustering methods are adapted to detect Liar nodes and False Notification Attacks. Data security is provided in the message communication process.
REFERENCES
[1] Saurabh Sharma and Dr. Sapna Gambhir, “CRCMD&R: Cluster and Reputation based Cooperative Malicious Node Detection & Removal Scheme in MANETs”, 2017 11th
International Conference on Intelligent
Systems and Control (ISCO), 2017.
[2] D. Amagata, T. Hara and S. Nishio, “A routing method for top-k query processing in mobile ad hoc networks,” Proc. Int. Conf. on
Advanced Information Networking and
Applications, 2013.
[3] G. S. Mamatha and Dr. S. C. Sharma
"Analyzing the MANET Variaitons,
Challenges, Capacity and Protocol Issues" international Journal 0/ Computer Science & Engineering Survey (fJCSES), voU, no.1 , pp. 14-21 , August 2010.
40
[5] X. Liu, J. Xu and W. -C. Lee, “A cross pruning framework for top-k data collection in wireless sensor network,” Proc. Int. Conf. on MDM, pp.157–166, 2010.
[6] S. Mo, H. Chen and Y. Lie, “Clustering-based routing for top-k querying in wireless sensor networks,” EURASIP Journal on Wireless Communications and Networking, vol.2011, no.1, 2011.
[7] Y. Sasaki, R. Hagihara, T. Hara and S. Nishio, “A top-k query method by estimating score distribution in mobile ad hoc networks,” Int. Workshop on Data Management for wireless and Pervasive Communications, pp.944–949, 2010.
[8] Y. Sasaki, T. Hara and S. Nishio, “Two-phase top-k query processing in mobile ad hoc networks,” Proc. Int. Conf. on Network-Based Information Systems, pp.42–49, 2011.
[9] Rutvij H. Ihaveri, Sankita J. Patel and Devesh C. linwala, "A Novel Approach for GrayHole and BlackHole Attacks in Mobile Ad hoc Networks," in Proc. ACCT '12, 2012, p. 556-560.
