Trust Based Routing Mechanism Against Black Hole Attack Using AOMDV-IDS System In MANET Format

International Journal of Emerging Technology and Advanced Engineering

653

Trust Based Routing Mechanism Against Black Hole

Attack Using AOMDV-IDS System In MANET Format

Akanksha Jain

1_{Mtech(IT) from S.A.T.I., Vidisha(M.P.)-464001}

1

[email protected]

Abstract—A Wireless Mobile Ad-hoc Network consists of a number of mobile nodes that temporally form a dynamic infrastructure less network. To enable communication between nodes that do not have direct radio contact, each node must function as a wireless router and potential forward data traffic of behalf of the other. Detecting malicious nodes (Attacker) in an open ad hoc network in which participating nodes have no previous security associations presents a number of challenges not faced by traditional wired networks. Traffic monitoring in wired networks is usually performed at switches, routers and gateways, but an ad hoc network does not have these types of network elements where the Intrusion Detection System (IDS) can collect and analyze audit data for the entire network. So according to that above definition we conclude MANET is distributed nature and can’t trust to any of the mobile devices because we cannot manage the every time of topology changes on the network. This is very big challenge. So that particular point we create the trust based routing against the black hole attack in AOMDV (Ad-hoc on demand Multipath Distance Vector) routing scheme case. And analyze the behaviour of AOMDV routing time, Black Hole time and AOMDV-IDS time from following parameter like UDP packet loss, Receives, and Transmit, TCP analysis, Throughput, Routing load and packet delivery fraction based. All the simulation done through theNS-2 Simulator and tested the mobile ad-hoc network

Keywords—, AOMDV, IDS, Black-hole attack, Mobile Ad-hoc Network, NS-2 Simulator.

I. INTRODUCTION

A mobile ad hoc network (MANET) is a self-organized multi-hop system comprised of mobile wireless nodes. Two nodes out of direct communication range need intermediate nodes to forward their messages. Due to multi-hop routing and open working environment, MANETs are vulnerable to attacks by selfish or malicious nodes, such as packet dropping (black-hole) attacks and selective forwarding (gray-hole) attacks. Therefore dependable packet routing is a significant problem in a MANET, Pirzada et al [2].

Employing authentication and encryption mechanism, secure routing protocols, Zapata et al [3, 4] have been developed to ensure properties such as confidentiality, integrity etc. However, those protocols require a centralized trusted third party, making them impractical for MANETs, Griffiths et al [5]. In addition, secure routing protocols cannot prevent malicious or compromised nodes that are authorized participants to the network from doing any misbehavior. As in social society, one will trust another person to carry out an action, but the former cannot guarantee the latter‘s behavior, Gambetta et al [6]. Thus the concept of trust is introduced into computing network to measure an expectation or uncertainty that an entity has about another‘s future behavior for a certain action. Trust can be derived from direct interactions or from recommendations.

In our dissertation we analyze the behavior of black hole attack effect and provide trusted mechanism using AOMDV-IDS against black hole attack effect.

1) Ad hoc on-demand distance vector (AODV)

International Journal of Emerging Technology and Advanced Engineering

654

Upon receiving the first arrived RREQ, the destination node sends a route reply (RREP) to the source node through the reverse path where the RREQ arrived. The same RREQ that arrives later will be ignored by the destination node. In addition, AODV enables intermediate nodes that have sufficiently fresh routes (with destination sequence number equal or greater than the one in the RREQ) to generate and send an RREP to the source node.

2. Ad hoc On-Demand Multipath Distance Vector Routing (AOMDV).

The main objective is to provide a secured AOMDV routing protocol by means of incorporating Shamir's Secret Sharing scheme. In this section the goal is to enhance the AODV protocol to work out multiple disjoint loop-free paths in a route discovery. AOMDV can be implemented even in the existence of unidirectional links with other techniques to assist in discovering bidirectional paths in such circumstances [9].

AOMDV has numerous features which are similar with AODV. It is dependent on the distance vector theory and utilizes hop-by-hop routing technique. Furthermore, AOMDV also discovers routes on demand using a route discovery method. The most important variation is the amount of routes found in each route discovery. In AOMDV, RREQ transmission from the source to the target establishes multiple reverse paths both at intermediary nodes in addition to the destination. Multiple RREPs navigates this reverse route back to form multiple onward routes to the target at the source and intermediary nodes. Moreover, AOMDV also makes intermediary nodes available with alternate routes since they are established to be helpful in dropping route discovery frequency [10]. The basis of the AOMDV protocol lies in guaranteeing that multiple routes revealed are loop-free and disjoint, and in competently discovering such paths by means of a flood-based route discovery. AOMDV path revise rules, exploited locally at every node, play a major role in preserving loop-freedom and disjoint-ness characteristics. AOMDV depends more on the routing information previously available in the fundamental AODV protocol, thus preventing the overhead acquired in determining multiple paths. Specifically, it does not make use of any particular control packets. Additional RREPs and RERRs for multipath discovery and protection together with a small amount of extra fields in routing control packets (i.e., RREQs, RREPs, and RERRs) comprise the only extra overhead in AOMDV compared with AODV.

3. Black Hole Attack

In a black hole attack, a malicious node sends fake routing information, claiming that it has an optimum route and causes other good nodes to route data packets through the malicious one. For example, in AODV, the attacker can send a fake RREP (including a fake destination sequence number that is fabricated to be equal or higher than the one contained in the RREQ) to the source node, claiming that it has a sufficiently fresh route to the destination node. This causes the source node to select the route that passes through the attacker. Therefore, all traffic will be routed through the attacker, and therefore, the attacker can misuse or discard the traffic. Figure (a) shows an example of a blackhole attack, where attacker A sends a fake RREP to the source node S, claiming that it has a sufficiently fresher route than other nodes. Since the attacker‘s advertised sequence number is higher than other nodes‘ sequence numbers, the source node S will choose the route that passes through node A. The route confirmation request (CREQ) and route confirmation reply (CREP) is introduced in [11] to avoid the blackhole attack. In this approach, the intermediate node not only sends RREPs to the source node but also sends CREQs to its next-hop node toward the destination node. After receiving a CREQ, the next-hop node looks up its cache for a route to the destination. If it has the route, it sends the CREP to the source. Upon receiving the CREP, the source node can confirm the validity of the path by comparing the path in RREP and the one in CREP.

Figure (a) : Black hole attack on AODV

International Journal of Emerging Technology and Advanced Engineering

655

If both are matched, the source node judges that the route is correct. One drawback of this approach is that it cannot avoid the blackhole attack in which two consecutive nodes work in collusion, that is, when the next-hop node is a colluding attacker sending CREPs that support the incorrect path. The authors proposed a solution that requires a source node to wait until a RREP packet arrives from more than two nodes. Upon receiving multiple RREPs, the source node checks whether there is a shared hop or not. If there is, the source node judges that the route is safe. The main drawback of this solution is that it introduces time delay, because it must wait until multiple RREPs arrive. In another attempt [14], the authors analyzed the blackhole attack and showed that a malicious node must increase the destination sequence number sufficiently to convince the source node that the route provided is sufficiently enough. Based on this analysis, the authors propose a statistical based anomaly detection approach to detect the blackhole attack, based on differences between the destination sequence numbers of the received RREPs. The key advantage of this approach is that it can detect the attack at low cost without introducing extra routing traffic, and it does not require modification of the existing protocol. However, false positives are the main drawback of this approach due to the nature of anomaly detection.

4. Intrusion Detection Systems.

Intrusion detection systems in the Ad Hoc networks are generally divided into several categories from different viewpoints. The most important ones of the mentioned systems are as following: host based intrusion detection and network based intrusion detection.

4.1 Host Based Intrusion Detection System (HIDS).

In these systems a technique is presented to detect intrusion. Also the intrusion detection technique is saved by each node and runs independently. Each decision about the suspicious network nodes will be made based on data collected only by the corresponding node and no cooperation between network nodes will exist for this matter. So no any kind of control and security information between network nodes will be sent. According to the structure of the intrusion detection systems and the method for identifying them, it‘ll be much

4.2 Network Based Intrusion Detection System (NIDS).

In this system, detecting attacks and malicious actions are done by a group of neighboring nodes by their cooperation between each other. Usually clustering techniques are used to implement existing models in this category such that a node will be selected as the inter cluster supervisor. The supervisor monitors the performance of existing nodes in the cluster and detects the malicious nodes of the cluster by using received information from the nodes existing in its area. Thus, suspected nodes within other cluster nodes will be found. In addition, the supervisor node is in charge of sending attack warning message to other clusters by communicating with other supervisor nodes of adjacent clusters. a combination of the HIDS and NIDS can be used to discover attacks at the ad hoc network. This combination is a powerful and distributed intrusion detection system. In this system, the exchanged packets in the network and also data collected from the network nodes are considered as a basis for intrusion detection.

Each of intrusion detection systems use the following techniques to detect attacks at Ad hoc network [15, 16] Rather than benefits of Ad hoc networks, these networks have some limitations and weaknesses. That are more about security issues these networks. Because of the specific characteristics and nature of network communication media, the variety and number of attacks is very high in such networks. Tiny drop route request packets with the aim of disrupting the routing, Tiny drop data packets to interfere with submitting information to the destination And creating delays in it, Changing the content of routing packages to change the optimized rout. And other types of network attacks that aim to lower the overall performance and network resource consumption.

Alongside these wide attacks, the various intrusion detection methods are designed That they have sometimes some bugs. Including the ability of discovering just one or two attacks. Or to detect malicious nodes from control packets and exchange them into large networks. This makes overhead for network. Some other methods require heavy computation with complex algorithms to detect malicious nodes.

International Journal of Emerging Technology and Advanced Engineering

656

Our basic approach to analyze the behavior of black hole attack, without attack network behavior analyzes and also after the AOMDV-IDS module through protects the black hole attack effect through the network and comparative analysis find out.

Intrusion Detection System aimed to securing the AOMDV protocol using our Intrusion Detection system. They conclude that AOMDV performs well at all mobility rates and movement speeds. However, we argue that their definition of mobility (pause time) does not truly represent the dynamic topology of MANETs. In this Paper, the work of has been extended and the proposed protocol is called AOMDV-IDS (Intrusion Detection System AOMDV). In our work, we make use of AOMDV based intrusion detection. Our Intrusion Detection and Response Protocol for MANETs have been demonstrated to perform better than that AOMDV protocol and presence of Black Hole Attack, in terms of false positives and percentage of packets delivered. Since the earlier work do not report true positive i.e. the detection rate, we could not compare our results against that parameter with their method, X. Li Z. Jia P. Zhang R. Zhang H. Wang [1].

The implementation of the AOMDV-IDS protocol reported in this Paper has shown to work in real life scenarios. AOMDV-IDS perform real time detection of attacks in MANETs running AOMDV routing protocol.

Experimental results validate the ability of our protocol to successfully detect both local and distributed attacks against the AOMDV routing protocol, with a low number of false positives. The algorithm also imposes a very small overhead on the nodes, which is an important factor for the resource constrained nodes.

II. RELATED WORK

Several researchers have studied the vulnerabilities of MANETs and black hole attack in particular. Black hole attack is one of the active DoS. Many researchers have proposed their solutions which are available in literature. The solution proposed in, Latha Tamilselvan et al[12] require that the requesting node should wait for a predetermined set time to receive RREPs with next hop details instead of from other neighboring node sending data packets immediately after receiving a reply. After the time out, it first checks in CRRT table whether there is any repeated next hop node. If any next hop node is present in the reply path it assumes the path is correct or the chance of malicious path is limited .Extra overhead is added in the process of finding repeated next hop and adds a delay.

In, S. Kurosawa at el [13] author has suggested anomaly based detection technique through dynamic learning method .IN this approach , the normal state of the network view is updated periodically to adopt to the frequent network changes and ―clustering-based ‖ technique is adopted to identify the nodes that deviate from the normal state. As per this approach the characteristics considered to express the normal state of network are.

(i) Total number of RREQs sent out. (ii) Total number of RREPs received.

(iii) average of destination sequence number difference between the RREP sequence number and the one held in the list in each time slot .

The network state in time slot ; is expressed by three –dimensional vector

Xi = (xi1,xi2,xi3).

The mean vector values of these features are calculated as in (1.1) where D is training data set for N time slots.

1

1/

N D

i

x

N

xi







(1.1)

Hence the initial training data refer to the data collected in first interval of the network i.e ΔT0. The distance of each input data sample x to the mean vector for each time slot is calculated as

shown in (1.2)

2

( )

d x



x x



Th = d(x1), where I=argi max d(xi) xi €D

(1.3)

When the distance for any input data sample is larger than the Th, it is considered as dividing from the normal traffic and hence judged as attack else . By using data collected in initial time ΔT0 , the calculated mean vector is used to detect next period time interval i.e ΔT .If ΔT is considered as normal , the corresponding data set else it is treated as data with attack and consequently discarded.

International Journal of Emerging Technology and Advanced Engineering

657

III. PROPOSED ARCHITECTURE

AOMDV-IDS

In multipath routing with intrusion detection system detect the intrusive process name as black hole attack and provide secure communication between senders to destination node.

IDS also block the route where black hole node present in below we provide proposed architecture diagram (b)

Figure (b) Architecture Diagram of Propose module

IV. SIMULATION ANALYSIS &RESULT

Here we show our parameter with result analysis in all cases IDS and Attacker time.

a) Simulation Parameter. We get Simulator Parameter like Number of nodes, Dimension, Routing protocol, traffic etc. According to below Table I we simulate our network.

TABLE I

SIMULATION PARAMETER

Number of nodes 10

Dimension of simulated area 800×600

Routing Protocol AOMDV , Black Hole , AOMDV-IDS

Simulation time (seconds) 100

Transport Layer TCP ,FTP

Traffic type CBR

Packet size (bytes) 1000

Number of traffic connections 8

Maximum Speed (m/s) Random

b) Simulation Scenario. The overall goal of the simulation experiments is to measure the accuracy and robustness of our Trust based routing and intrusion detection scheme for wireless mobile ad hoc networks while continuing to successfully deliver data packets to their destinations. To measure this ability, a variety of workloads were applied to the simulated network, including node movement, data traffic patterns, node density and varying percentages of malicious nodes. Our simulation test bed in ns-2 simulator [17] is based on a movement space with 10 mobile nodes. IEEE 802.11 MAC layer is used with carrier sense and back-off mechanisms and the transport layer used is User Datagram Protocol (UDP) and transport control protocol (TCP). Nodes move according to the random waypoint mobility model. Assuming that the mobility of the ad-hoc networks is inversely proportional to the pause time, we have simulated the mobility by use of pause time. The longer the pause time, the less the mobility.

1. Throughput.

International Journal of Emerging Technology and Advanced Engineering

658

Figure (c): Throughput Comparison Graph

X-Axis = Time in Second, Y-Axis = Number of Packets Receives/Time, Blue Line = In AOMDV-IDS time, Red Line = AOMDV Time , Green Line = Black Hole Node Present Case.

2. Packet Delivery Fraction Comparison

With the help of AWK tool, we have obtained this graph. Which create the graph between those files which we have given to the command Packet delivery fraction is a ratio of receives packets from packets sends at time unit. We formulize that

*100

Rx

PDF

Send





 

_



_

If packet delivery fraction is higher that means our performance is best, here in our result if attacker node (Black Hole) in the network that time our packet delivery ratio is nearly 0 that conclude node can‘t sends any data packet to destiny. Result also shows AOMDV-IDS time packet delivery ratio 100 percent that is also higher than the AOMDV routing mechanism.

Figure (d): Packet Delivery Ratio Comparison

X-Axis = Time in Second, Y-Axis = Packets Receives%, Blue Line = In AOMDV-IDS Time, Red Line = AOMDV Case, Green Line = Black Hole Node Present Case.

3. Routing Load Comparison

Routing message overhead is calculated as the total number of control packets transmitted. The increase in the routing message overhead reduces the performance of the ad-hoc network as it consumes portions from the bandwidth available to transfer data between the nodes.

Routing Load = Total No of packet Receives – Routing Packets

International Journal of Emerging Technology and Advanced Engineering

659

Figure (e): Routing Load Comparison

4. UDP Packet Analysis for Finding Malicious Node

Here we deploy the table of UDP packet analysis in the form of which sender node sends data packet and who is receivers and dropper node in AODMV routing time , Black Hole attack time and AOMDV-IDS Time, very first we describe result of AOMDV module, according to result UDP sender node is node number two that is sends 2178 packet and receiver node is five that receives 2002 packet means 92.6% receives and nearly 8.4% packet drop by the intermediate node via 0,1,2 and 8.

In Black Hole attack case receiver node can‘t receives any data packet all data drop by the node 8 and node 2 here node eight 82.4% and 17.6% by node two. That result concludes maximum data drop by the node eight and that node is a black hole attacker node. In next table shows the result in case of AOMDV-IDS time and conclude 100% data receives by the receiver node five and no any data drop by the any node

Table II.

UDP Packet Analysis for Finding Malicious Node

Here we deploy bar graph for analyzing UDP packet and we get AOMDV-IDS gives 100% data receiving analysis and no data loss and the case Black Hole attack case result just inverse here 0% receives and 100% data loss.

Figure (f): UDP Analysis Bar Graph

5. TCP Analysis Table

Here we analyze TCP packet in the form of sender node, dropper node and receiver node in all three module namely AOMDV , Black Hole Case and AOMDV-IDS time, very first we describe AOMDV module case here shows node three as a sender node that sends 2974 packet and node one as a receiver node that receives 2955 TCP packet and five packet drop by the intermediate node, TCP also uses acknowledgment scheme so after packet receiving, receiver sends acknowledgment to the sender node here sender node three receives 2933 acknowledgment and seven acknowledgment drop. But the case of Black Hole attacker case only 460 packets sends by the sender node that is only 15% of AOMDV sending packets, that result conclude attacker node block the TCP packet. At last we analyze AOMDV-IDS time and we get sender node three sends 4664 packet that means 64% greater than AOMDV module.

International Journal of Emerging Technology and Advanced Engineering

660

In this bar graph we also analyze TCP packet comparison in all three cases and find out if we apply AOMDV-IDS module in our simulation result will be very better than the AOMDV routing and other side in Black Hole case TCP packet Minimum transmitted.

Figure (g): TCP Analysis Bar Graph

V. CONCLUSION AND FUTURE WORK

We perform number of test in ns-2 simulator and analyze the result we get the summery result according to test simulation in normal multipath routing time total number of packet transmitted by the genuine sender is 5067 but in case of attacker node (Black Hole) inter on the network so that packet transmission only 2638 that means 50% transmission decreases. But if we set one node as AOMDV-IDS so transmission percentage increases as compare normal AOMDV time that result concludes 13% data delivery increases. Other side also PDF packet delivery fraction analysis if attacker node comes on to the network so 16.6% PDF. And AOMDV-IDS gives better the PDF it is 99.8%. we also analyze routing overhead in normal case only 0.19 % of routing load but attacker node present so routing overhead is increases and routing load as 1.74%. That means very–very routing over head increases it gives poor performance of the network, finally we conclude our result AOMDV-IDS (intrusion detection system) 99.9% data recover. And IDS time only 0.14% routing overhead.

Table IV. Conclusion Table

Figure(h) : Overall Analysis Bar Graph

In this Paper we show that trust system on top of AOMDV has an advantage over schemes that rely only on first-hand observations despite the limited amount of information and the additional problems of AOMDV.

Our scheme focuses mainly on black hole attack but can handle also other misbehavior patterns like gray hole, worm hole and packet capturing. It can be improved to dynamically change the rating policy, in order to handle the different patterns better (like considering only data packets when control packets are forwarded well).

Additional mechanisms to work in the field of QoS (quality of service) and to increase the fairness in the network are possible areas for future research. Our work is dedicated to AOMDV based IDS scheme and security of mobile ad-hoc network, but can be adopted to other routing algorithms as well as to mobile ad-hoc network.

VI. REFERENCE

[1].X. Li Z. Jia P. Zhang R. Zhang H. Wang ―Trust-based on-demand multipath routing in mobile ad hoc networks‖ The Institution of Engineering and Technology 2010 , IET Inf. Secur., 2010, Vol. 4, Iss. 4, pp. 212–232, doi: 10.1049/iet-ifs.2009.0140

[2] Pirzada, A.A., McDonald, and C., Datta, A.:‘Performance comparison of trust-based reactive routing protocols‘, IEEE Trans. on Mobile Computing, 2006, 5, (6), 695–710

International Journal of Emerging Technology and Advanced Engineering

661

[4] Hu, Y.C., Perrig, A., and Johnson, D.B.:‘Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks‘, Proc. Int. Conf. Mobile Computing and Networking (Mobicom‘02), Atlanta, Georgia, September 2002, pp.12-23.

[5] Griffiths, N., Jhumka, A., Dawson, A., and Myers, R.:‘A Simple Trust Model for On-Demand Routing in Mobile Ad-hoc Networks‘, Proc. Int. Symp. on Intelligent Distributed Computing (IDC 2008), 2008, pp. 105-114

[6] Gambetta, D.:‗Can we trust trust?‘, in Gambetta, D. (Ed.):‘Trust: Making and Breaking Cooperative Relations‘(Oxford Press, 2000, 1st edn.), pp. 213–237

[07]C. Perkins and E Royer, ―Ad Hoc On-Demand Distance Vector Routing,‖ 2nd IEEE Wksp. Mobile Comp. Sys. and Apps., 1999.

[08]C. Perkins, E. Belding-Royer, and S. Das, ―Ad Hoc On demand Distance Vector (AODV) Routing,‖ IETF RFC 3561, July 2003.

[9] Marina MK, Das SR, ―Routing performance in the presence of unidirectional links in multihop wireless networks‖, In Proceedings of ACM MobiHoc, 2002.

[10] Nasipuri A, Castaneda R, Das SR, ―Performance of multipath routing for on-demand protocols in mobile ad hoc networks‖, ACM/Kluwer Mobile Networks and Applications (MONET), Vol. 6, No. 4, Pp. 339–349, 2001.

[11] S. Lee, B. Han, and M. Shin, ―Robust Routing in Wireless Ad Hoc Networks,‖ 2002 Int‘l. Conf. Parallel Processing Wksps., Vancouver, Canada, Aug. 18–21, 2002.

[12] Latha Tamilselvan, V sankaranarayanan, ―Prevention of Blackhole Attack in MANET‖. In Proceedings of The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007), pp. 21-21, Aug. 2007.

[13] S. Kurosawa, H. Nakayama, N. Kato, A. Jamalipour and Y. Nemoto ‖ Detecting Black hole attack on AODV-based mobile ad hoc networks by Dynamic Learning Method‖, Intl. Journal of Network Security, vol 5, no 3 Nov 2007, Pp 338-346.

[14]S. Kurosawa et al., ―Detecting Blackhole Attack on AODV-Based Mobile Ad Hoc Networks by Dynamic Learning Method,‖ Proc. Int‘l. J. Network Sec., 2006.

[15] Muhammad Sulleman Memon, Manzoor Hashmani and Niaz A. Memon, 2008, A review for uniqueness and variations in throughput due to performance parameters of simulators on MANETs routing protocols, presented in 7th _{International}

Conference on EHAC‘08, University of Cambridge, UK Cambridge, 20-22 Feb, 2008, PP: 202-208.

[16] Dhanant Subhadrabandhu and Saswati Sarkar Farooq Anjum, " Signature based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative study of various routing protocols," IEEE VTC, 2004