Design and Implementation of EAR
Algorithm for Detecting Routing Attacks in
WSN
DIMPLE JUNEJA* , SANDHYA BANSAL**, GURPREET KAUR***, NEHA ARORA****
*MM Institute of Computer Technology & Business Management, MM University, Mullana Haryana, India. **Deptt. Of Computer Science & Engg., MM University, Mullana, Haryana, India
*** Deptt. Of Computer Science & Engg., MM University, Mullana, Haryana, India ****Banasthali University,Rajasthan, India
ABSTRACT
The work proposes an ant-based method for detecting congestion and various routing attacks in Wireless Sensor Network. The prime parameters under consideration are Energy, Age and Reliability (EAR). Although researchers have proposed number of mechanisms for detecting congestion and routing attacks in WSN but very few of them have thought of deploying ants as intelligent entities which are computationally efficient. Moreover, the previous works had been focusing on using parameters like energy, hop and distance but none have used age and reliability of node as important parameters. This work uniquely contributes an ant-based detection algorithm that considers all of the above mentioned attributes. The simulation results show that minimum number of ants can discover maximum number of routing faults and consumes less energy which is an important constraint in Wireless Sensor Network. Keywords: Ant Colony Optimization (ACO), Pheromone, Routing Attacks, Wireless Sensor Networks (WSN)
1. INTRODUCTION
The WSN technology is widely used in many areas [1], but their resource constraint nature like size, memory, processing power makes them prone to attacks and threats [2, 3]. In this paper, we propose a novel method (EAR) that detects the routing anomalies. Routing anomalies like Sink Hole Attack [4], Black Hole Attack [5], Flooding [5] etc if launched in the network can lead to death of network. A survey of various attacks and their classification is available in [6]. The proposed approach is a decentralized and an active approach i.e. analysis of data take place at individual node which does not cause excessive overhead. Although centralized approaches are fault tolerant but they are not resist subversion, adaptive and there is a single point of failure. In this approach ants have been exploited as these are computationally efficient to detect attacks. They have the potential to solve complicated problems collectively with great reliability and consistency. The proposed algorithm is being able to detect all the attacks mentioned above along with congestion in the network using EAR. Description and significance of these parameters can be found in [7]. Evaluation shows that minimum number of ants can discover maximum anomalies using comparatively less energy at source node. The contribution of this paper is a detection technique that can simultaneously identify various routing faults. One of the novelties is the use of swarm intelligence [8].
The rest of the paper is organized as follows. Section 2 provides a review of related works. Section 3 describes Network Model for the proposed work. Section 4 presents the working of EAR. Section 5 analyzes the performance of proposed algorithm. Finally Section 6 concludes the paper.
2. RELATED WORK
Cooperative. Standalone IDS are those in which IDS agent runs on each node independently whereas in Cooperative IDS, a monitor agent observes the behavior of neighboring nodes and learn accordingly. Loo et al [10] presented a standalone approach for detection in which intrusions are related to anomalies. An anomaly is declared when value of any feature exceeds threshold value. Yu and Xiao [11] proposed a decentralized approach to detect selective forwarding attack by changing the ACK packet format. Bhargav and Wang [12] had used features of both Standalone and Cooperative IDS to detect wormhole approach. ANDES [13] uses centralized concept to detect Black Hole, Sink Hole and Selective Forwarding attack by analyzing results of both data and management data. Although, a lot of work has been done in this area, but none of the above mentioned approaches considered congestion of node as a case that can be misinterpreted with attacks. Moreover none of the researchers has thought of deploying ants for detection. The work [14] uses ants for load balancing that have memory and hence requires more energy for transmission. Researchers have applied the concept of Ants in finding optimal route in WSN and shows that ants can increase network lifetime as long as possible [15-19]. [20] Proposes two schemes to select and activate intrusion detection agents for WSN. They had applied the trust values and overhearing techniques to reduce the transmission of alert packets in WSN. A comparative study of various approaches is listed in Table 1.
Table1: Comparison with Existing Anomaly Detection Scheme
Schemes Use of
intellig ent Agents
Cooperative/Sta nd alone
Overheads # of
Attacks
Extensibl e
Loo et al. No Standalone Computation, Storage(High) 3 Yes
Yu & Xiao No Standalone Computation, Storage, Communication 1 No
Bhargava and Wang
No Both Computation, Storage, Communication 1 No
ANDES Yes Cooperative Storage(very Low), Communication 6 Yes
EAR Yes Standalone Storage(Low), communication(very Low) 4 Yes 3. THE PROPSED WORK: EAR
3.1 NETWORK MODEL
Let G = (V, E) denote the network, V denotes set of all nodes in the network, n V denotes the number of nodes, and E denotes set of all links (i, j) where i, j V .For node i, link (i, j) exist if and only if j NBRi, where NBRi
is the set of nodes that can be directly reached by nodei. The goal is to find the maximum number of attacks between Vs and Vd, where Vs, Vd V using minimum number of ants.
3.1 Data Structures
The algorithm primarily employs two data structures i.e. Routing Table and Neighbor List which are explained as follows.
Routing Table: Routing table at each node stores the list of reachable nodes and their pheromone value. It is represented as structure consisting of following fields:
Destination_id – This represents the address of the destination node
Next_id – This represents the address of the previous node used to reach current node Ant_id – This represents a unique identifier used to represent each ant.
Pheremone – This represents the value used by the node to calculate the probability of each adjacent node to be the next hop in order to reach the Destination.
Residual Energy: Remaining energy of a node.
Age: Age of ant i.e. time taken by the ant to reach that node. Reliabilty: Ratio of packet sent and packet delivered by the node.
Neighbor list: Neighbor list is used to store the IDs and distance of all the neighboring nodes as shown below
Node ID Neighbors ID Distance
N1 NBR1i NBR1j …. NBR1n D1i D1j …. D1n
N2 NBR2i NBR2j …. NBR2n D2i D2i …. D2i
………… …. ….. …. …. …. …. …. ….
Nn NBRni NBRnj …. NBRnn Dni Dni …. Dni
The algorithm is based on the following key assumptions: 1. An ant does not visit a link twice.
2. Forward ants share same priority as data packets whereas backward ants have higher priority. 3. A faulty node cannot change routing information of other nodes directly.
4. Base station is fixed and cannot be compromised. 5. Ants packet format consists of
Source_ID Dest_ID Ant_ID CT TTL
Where CT denotes creation time of ant and TTL is Time to live for an ant. 4. Working of EAR
EAR is a decentralized and an active detection system that uses Ants to reduce computation per node and to make it more reliable and robust. On the basis of functionality performed, all ants are identified into two types: Forward Ant (FA) and Backward Ant (BA). A FA is generated at source node and proceeds towards a destination node gathering information about the state of the network on its way. A BA makes use of the collected information to update the routing tables of nodes on their path and analyzes the collected information to detect attack. The complete working of EAR detection method is being explained through two algorithms namely, Activation Algorithm and Analysis Algorithm in the upcoming subsections.
4.1 Activation Algorithm
Fig1 Activation Algorithm
EXPLANATION:
The Activation algorithm generates forward ants at source node. Forward ants choose their next node on the basis of transition probability (Tp) [7] given by
Tp= ....(1)
where parameters are as listed in Table 3 and drop a pheromone reflecting its local or internal state. On reaching the base station, it launches backward ant. Backward ant choose next node and calls Analysis Algorithm to detect faults within the network and update the pheromone acc to updation rule [7] given by
+∆pij(t) ….(2) ….(3) Where,
Yes No
No
Yes Choose next node acc. to Tp
Activate FA’s at source
Is source node? Enter values
into log table
Launch BA’s at base station
Choose next node acc. to p
Analyze data and update acc. to analysis algo. Is Base
Station?
Ei=Eini_i-ET_i ...(4)
ET_i=K*( 2 .…(5)
Ageant_i= CT+AT ….(6)
And RFi=Packet Senti/Packet Receivedi …(7)
Table 3: Parameters and Their Meaning.
SYMBOLS MEANING Some Constant Parameter.
ij Pheromone value corresponding to neighbor j at node i: 0=
Local heuristic value of edge(i,j) for node : 0 1
Ni Normalization Parameter
Ei Remaining Energy of sensor node i. RFi Reliability factor of node i.
Ageant_i Age of ant at node i.
Evaporation Coefficient of Local Search Eini i Initial energy of node i
ET i Energy consumed in transmitting a packet 4.2 Analysis Algorithm
As every node maintains its log table that contains the information about their remaining energy, age of ant, reliability (ratio of packet sent and packet delivered), BA ant checks values corresponding to these column for selected node and compares remaining energy with a predefined threshold value. If this value comes out to be below a threshold value, then flooding attack is detected and BA evaporates pheromone of that node according to eq. (2) and eq. (3). If remaining energy is above threshold then it checks age attribute that reflects congestion along the path. If node is not congested then it checks reliability parameter. If reliability of node is less than one then it reports Sink Hole attack and evaporate pheromone. If packet sent and packet received ratio is then it again evaporates pheromone and declares Black Hole attack. If both packets sent and packet received is equal then BA ant declares that node is stable and it not under any attack and increases the acc to eq. (2) and eq. (3). The flowchart and the algorithm of analysis algorithm is depicted in figure 2.
Fig2 Analysis algorithm
While (node i! =source node)
{ Read_logtable of i NBRds If Eri<threshold then Evaporate pheromone Return flooding attack If AgeAnt_ID>TTL then Evaporate pheromone Return Congested node If RFi<1 then
Evaporate pheromone Return SinkHole attack If RFi= then
Evaporate pheromone Return BlackHole attack If RFi=Stable then
Update
5. Simulation and Results 5.1 Test bed Setup
To evaluate the above analysis, JAVA has been used as programming language. The network comprises of 30 homogeneous nodes. Out of these nodes last node act as Base Station and one node as source node. The tested spans a 50 *50 area. Each node is placed at random distance. Some of the experimental parameters used in the simulation are listed in Table 4.
Table 4: Parameters in Network Model
Parameters Values Initial Energy Eini 1 Joule per node
No. of Ants ( N) 3,5,7,10,12,15 times the neighboring nodes of source node Packet Size (K) 1 K
Bandwidth (B) 1 Mbits/s Traffic Load Random. 5.2 Results
EAR is tested against different forms of anomalies. To evaluate the results we had varied the no. of ants at the source node as given in Table 4. From fig 3 it is clear that minimum number of ants can detect maximum number of routing attacks. From fig. 4, it is observed that energy consumption at source node is directly proportional to number of ants generated.
Average Detection Rate
0 1 2 3 4 5 6
3 5 7 10 12 15
No. of Ants
No
. o
f No
d
e
s
Total Attacks detected
Congested Nodes
Fig3. Average Detection Rate
Energy Consumption Rate
0 0.2 0.4 0.6 0.8 1
3 5 7 10 12 15
No. of ants
R
e
m
a
in
in
g
E
n
e
rg
y
Remaining Energy
6. CONCLUSIONS & FUTURE WORK
WSN is an emerging technology but they are prone to security threats, routing attacks and intrusion. This paper presented an ant based novel approach using energy, age, reliability to detect anomalies. The proposed approach is decentralized, active and extensible. Simulation results show the efficiency of using ants for this purpose. In future detection of other types attacks using this algorithm may be attempted and more adaptive values for threshold can be explored.
REFRENCES
[1] I.F Akyildiz, W.Su, Y. Sankarasubramaninam, E.Cayiric. “Wireless Sensor Networks: a Survey”. New York, NY, USA: Computer Networks: The International Journal of Computer and Telecommunications Networking, 2002..
[2] Xie Hui , Zhang Zhi-gang , Zhou Xue-guang , “A Novel Routing Protocol in Wireless Sensor Networks based on Ant Colony Optimization” International Conference on Environmental Science and Information Application Technology., 2009
[3] Song Han, Elizabeth Chang, Li Gao and Tharam Dillon “Taxonomy of Attacks on Wireless Sensor Networks” Springer London , 2006 [4] Hemanta Kumar Kalita and Avijit Kar “Wireless Sensor Network Security Analysis” International Journal of Next-Generation Networks
(IJNGN), 2009
[5] Karlof, C. and Wangner, D. “Secure Routing in Wireless Sensor Network Attacks and Countermeasures”, In proceeding of the 1st IEEE
International Workshop on Sensor network Protocols and Applications , 2003
[6] Anthony D. Wood and John A. Stankovic “A Taxonomy for Denial- of – Service Attacks in Wireless Sensor Networks.. CRC Press, 2005 [7] Dimple Juneja, Neha Arora, Sandhya Bansal “An Agent based Routing Algorithm for Detecting Attacks in Wireless Sensor Networks”.
IJCIR, 2010.
[8] Kennedy J, Shi Y. and Eberhart R.C., “Swarm Intelligence”, Morgan Kaufmann Publishers, San Francisco, 2001.
[9] A. tiranuch, and W. Jie ,“ A survey on Intrusion Detcetion in Mobile Ad hoc Networks”, Chapter 7, Wireless/Mobile Networks Security, Springer, 2006.
[10] Chong Eik Loo, Mun Young Ng, Christopher Leckie, Marimuthu Palaniswami. “Intrusion Detection for routing attacks in Sensor networks”
International Journal of Distributed Sensor Networks, 2006.
[11] Bo Yu, Bin Xiao “Detecting Selective Forwarding Attacks in Wireless Sensor Networks” Greece: IPDPS, 2006 .
[12] Bharat Bhargav, Weichao Wang “Visualization of Wormholes in Sensor Networks. New York , NY, USA: ACM press , 2004. [13] Sumit Gupta, “Anomaly Detection in Wireless Sensor Networks “, MS Thesis, University of Houstan.
[14] J. Bruten, O.Holland and R.Schoonderwoerd, “Ant-like agents for load balancing in telecommunications networks” Agents’97 Marina del Rey CA USA, 1997.
[15] Heng Chen, Depei Qian, Weiguo Wu, Lu Cheng, “Swarm Intelligence Based Energy Balance Routing for Wireless Sensor Networks”iita, Second International Symposium on Intelligent Information Technology Application., 2008
[16] L.Osadciw,R..Muraleedharan,“Jamming Attack Detection and countermeasures In Wireless Sensor Network Using Ant System” SPIE Defence and Security, Orlando, 2006.
[17] L.Osadciw ,R..Muraleedharan and, “Cross Layer Denial of Service Attacks in Wireless Sensor Network Using Swarm Intelligence” IEEE, 2006.
[18] L.Osadciw ,R..Muraleedharan,“ Decision Making in a Building access system Using Swarm intelligence and Posets” 38th Annual Conference on Information Sciences and Systems, Princeton University, 2004..
[19] Rajani Muraleedharan and Lisa Osadciw, “Sensor Communication Networks Using Swarm Intelligence”, IEEE Upstate New York Networking Workshop, Syracuse University, Syracuse, NY, October 10, 2003.
[20] Tran Hoang Hai, Eui-Nam Huh, “Optimal Selection and Activation of Intrusion Detection Agents for Wireless Sensor Networks” Future Generation Communication and Networking , 2007
[21] Liping Teng, Yongping Zhang, "SeRA: A Secure Routing Algorithm Against Sinkhole Attacks for Mobile Wireless Sensor Networks," Second International Conference on Computer Modeling and Simulation, 2010.
