32
Resistance of Denial-of-Service Attack in Network
Coding using Node Authenticity
P. ANITHA
PG Scholar Dept. of Computer Science
Velalar College of Engineering and Technology ANNA UNIVERSITY, CHENNAI
Abstract – Denial of Service (DOS) attacks are strictly disgrace the availability of an internet services and resources to the Internet users. A novel authentication system known as, Supportive Bit-Compacted Authentication (SBA) is centered on random graph typical of node deployment and a cooperative bit-compressed authentication state with probability of neighboring nodes providing the obligatory condition for SBA authentication. This used to provide a whole protection against DOS attacks: (i) it can detect malicious packets at intermediate nodes, and (ii) it can verify the perfect location of all attackers, and eradicate the malicious packets. Node Identity Verification structure is used to distinguish the duplicate nodes. The outcome shows that the system outperforms two other formerly proposed high-tech approaches in terms of detection accuracy.
Index Terms: Denial-of-Service attack, Node Identity, Node Verification and Authentication, Supportive Bit-Compacted Authentication (SBA).
I. INTRODUCTION
DENIAL-OF-SERVICE (DOS) attacks are one form of most vulnerable intrusive behavior to online servers. Denial of Service (DOS) attacks is strictly disgrace the availability of a Internet services to the Internet users. They inflict exhaustive computation tasks to the object by abusing its system vulnerability or flooding it with vast amount of unusable packets. The object can be mandatory out of service from a few minutes to even several days. The DOS attack detection essentially emphases on the development of network-based detection skills. Detection systems based on these technologies monitor traffic conveying above the sheltered networks. These technologies freedom the protected online servers from monitoring attacks and confirm that the servers can devote themselves to deliver quality services with lowest delay in response. In addition, network-based detection systems are lightly coupled with operating systems running on the host equipment which they are protecting.
Generally, network-based discovery systems can be considered into two main categories, namely misuse based discovery systems and anomaly-based discovery systems. Misuse-based discovery systems detect attacks by monitoring network happenings and regarding for equals with the existing attack signatures. Even though of consuming high detection
Dr. V.K. MANAVALASUNDHARAM , M.E., Ph.D.,
Assistant Professor Dept. of Computer Science
Velalar College of Engineering and Technology ANNA UNIVERSITY, CHENNAI
based discovery systems are certainly eluded by any new attacks and even alternatives of the existing attacks. In addition, it is a challenging and struggles complete task to preserve signature database updated for signature compeers is a physical process and deeply implicates network security proficiency.
Latest effort focused on attack detection and its location using Node identity confirmation system. In the course of the initialization and positioning of enormous number of nodes are arbitrarily organized at a certain interest region (CIR) controlled by a region. Destination is an impressive and trustable data collecting node, which has amazing computation and storage abilities and is held responsible for producing nodes and collecting the data. Communication is bi-directional restricted by their transmission range (R). Intermediate nodes can interconnect with each other within R. Intermediate node immediate to destination, cooperatively dealings the destination and which is extreme away from the destination surrounded by the transmission range recourse to additional nodes to form route and interconnect with destination. For the duration of non-transmission stages later deployment the intermediate nodes uses Decisional Welzl's Algorithm to discover the shortest path and this can speed up the broadcasting.
II. RELATED WORK
Zhiyuan tan [1] introduces the DOS attack detection system services the moralities of MCA and anomaly-based detection. It advises the detection system with abilities of perfect characterization for traffic activities and detection of recognized and anonymous attacks respectively. A triangle area technique is established to enrich and to speed up the process of MCA. A statistical regulation technique is used to eradicate the bias from the raw data. An approach based on triangle area was obtainable to produce enhanced discriminative features. Mahalanobis distance was used to extract the relationships between the nominated packet payload features.
33
algorithm for detection and prevention of the DOS attacks. DOS attack desires to attack the service of website. It hang onto on logon to a precise web site more times, and then service delivered by the web server performance keeps violated. To avoid this it continues a status table. In that it preserves the IP addresses of contemporary users and their status. If the specific IP address has been sign up on for a first time, it marks the status as authentic user. For second, third and fourth times it marks as ordinary user. For the fifth time it marks the specific IP address status as Attacker. In the time scheming only consider five times. After that, the user cannot permit get the service of that particular web site. The service is repudiated to that specific IP address. The objective of this solicitation is to make best use of a system effectiveness function.
D.Muruganandam [10] presents the promising approach to prevent DOS attack by using HAWK technique. HAWK technique covers to assigning a threshold value for all the arriving packets and the packets which spectacle an enormous deviation from the ordinary threshold value is checked. If packet is initiate to be malicious, then that packet is directly congested and the information of that packet is sent across to all IPS. DDOS avoiding algorithms offers an additional layer of security that perceives and avoids Low Rate DDOS attack. Firecol places Intrusion Prevention Systems (IPS) all over the place to the Internet Service Provider (ISP) in a sphere like construction that contributes the network multiple layers of security. When it ascends to detecting LDDOS attacks, uses a HAWK technique that equals the threshold values of the arriving packets and HAWK is the greatest well-organized technique amongst all other LDDOS detecting techniques as it uses a lesser amount of memory. Both the High Rate and Low Rate identifying techniques are well-organized in terms of security and resource usage.
III. DESIGN GOAL
The design goal is to develop a supportive bit-compacted authentication system against malicious node attacks in a protected and well-organized way.
A. Increase the detection rate by early detection of malicious packets
The authentication task in SBA scheme has the capability of increase the detection rate by early detection of malicious packets. This can greatly rise the detection proportion at the intermediate nodes. If the entire authentication task is achieved by the destination, this significantly increases the affliction of the destination and can restricted access the destination. The authentication by intermediate node helps in early detection of malicious packets and thus can increase the detection rate adding a minor overhead at the intermediate
node.
B. Achieving Bit-Compacted Authentication
A Message Authentication Code (MAC) is produced so as to authenticate the communicated data through the intermediary nodes. MAC is one bit, thus making bit-compacted authentication possible.Node Identity Verification
Node Identity Authentication system is used to recognize the duplicate nodes. It can verify the perfect location of all attackers, and exterminate the malicious packets. Node identity confirmation is done by checking each node to its core of original id. Detect duplicate node ids on the course of data forwarding. Node id history log maintenance is done on the network. Duplicate node id is identified with the same node id in other location of the network.
Fig 1: Configuration of the proposed denial-of-service attack detection system
IV. METHODOLOGY
34
Fig 2: Steps in SBA authentication
Nodes are initialized and deployed. Followed by the detection of optimal and safest path using Welzl's Algorithm, then using the authentication scheme data is authenticated and verified which is discussed in the following section and finally the performance is analyzed.
V. AUTHENTICATION SCHEME
A Supportive Bit-Compacted Authentication (SBA) system for filtering malicious node in networks has been proposed. The two notable stages are:
A. Optimal and Safest path selection. B. Authentication and verification of node.
A. Node Generation
All nodes are equivalently and arbitrarily organized at CIR. When the nodes are not difficult in reporting task, they cooperatively establish optimal path by Welzl's Algorithm.
1. Choose the number of nodes.
2. Store the position of each node. 3. Preload each node with public key.
4. Choose the optimal path using Welzl's Algorithm.
B. Optimal Path Generation Using Welzl's Algorithm
The Welzl’s algorithm computes the smallest enclosing disk
of a finite set of points on the plane in a linear expected time,
and returns the radius and center of the disk. Adopt the
Welzl’s algorithm in a different way, which refer to as the
decisional Welzl’s algorithm, to identify a collection site to
cover as many nodes as possible within a radius of d. The
decisional Welzl’s algorithm is shown in Algorithm 1, which
returns the smallest enclosing disk of a given subset of nodes
if its radius is no larger than d, or false otherwise.
Algorithm 1. Decisional Welzl’s Algorithm (S0: a subset of nodes; d: communication range).
1. radius <- ∞; center <- ϕ ;
2. (radius, center) = Welzl (S0) // Welzl’s algorithm on S0
3. if radius > d then 4. return false; 5. else
6. return radius and center. 7. end if
C. Detected Data Reporting
The report R generated by node to node identification of any parameters are send to the destination via, established optimized and safest path selected.
1. Source node achieves time stamp T, indicates m neighboring nodes and send the report R to the destination via intermediate nodes.
2. Each intermediate node on receiving R generate mac.
3. mac generated by intermediate neighboring nodes generate authentication vector.
4. All the vectors are aggregated to form the MAC authentication information.
D. Intermediate Node Filtering
Each intermediate node checks the honesty of the report, R and the time stamp T. If T is invalid, the report R is prohibited or else supportive neighbor based mac verification is done.
1. Checks the timestamp T.
2. Every single intermediate node uses non-interactive key pair establishment to compute shared keys with each node.
3. If R is cooperatively authenticated by k neighbor nodes the report is MAC verified.
E. Destination Verification
Destination on getting the report checks the honesty of R and timestamp T. If T is invalid R is prohibited or else R submits to the destination verification.
VI. RESULTS AND DISCUSSION
35
PARAMETER VALUE
Simulation area 1200 × 1200 Number of nodes 100
Transmission range 15m, 20m Neighboring nodes 4,6 Routing nodes 5,…,12
Table 1. Parameter setting
Intermediate Node Filtering Probability (FPR):
The intermediate node filtering probability FPR in terms of different number of intermediate routing nodes. As the number of routing nodes increases, FPR increases.
Throughput: SBA scheme establishes to have high throughput.
]
VII. CONCLUSION AND FUTURE SCOPEThe proposed SBA scheme is a novel scheme for
filtering the malicious packets and to prevent malicious node
attacks. This scheme is established to have high intermediate
node clarifying possibility. Node identity verification system
is used to recognize the duplicate nodes. It can authenticate
the accurate location of all attackers. SBA system increases
the detection rate by early detection of malicious node at the
intermediate node and also provide authentication to
legitimate data. Optimal path selection also supports to fast
reporting of data and detection accuracy. SBA scheme can be
applied to applications, where security of data is of high
concern. To be part of the upcoming work, supplementary
testing the DOS attack detection system exhausting actual
world data and hire more refined classification techniques to
promote assuage the false positive rate.
REFERENCES
[1] Zhiyuan tan, aruna jamdagni, priyadarsi nanda, “A system for
denial-of-service attack detection based on multivariate correlation analysis,”
IEEE Transactions On Parallel And Distributed Systems Vol:25 No:2
Year 2014.
[2] Priyadharshini V, Kuppusamy k, “Prevention of DOS Attacks using
New Cracking Algorithm,” International Journal of Engineering
Research and Applications, 2012.
[3] P.Garca-Teodoro, J.Daz-Verdejo, G.aci-Fernndez, and E.Vzquez,
“Anomaly-based Network Intrusion Detection: Techniques, Systems
and Challenges,” Computers & Security, vol. 28,pp. 18-28, 2009.
[4] R. Lu, X. Lin, C. Zhang, H. Zhu, P. Ho, and X. Shen, “AICN: An
Efficient Algorithm to Identify Compromised Nodes in Wireless Sensor
Network,” Proc. IEEE Int’l Conf. Comm. (ICC ’08), May 2008.
[5] C. F. Tsai and C. Y. Lin, “A Triangle Area Based Nearest Neighbors
Approach to Intrusion Detection,” Pattern Recognition, vol. 43,
pp.222-229, 2010.
[6] R. Ahlswede, N. Cai, S.-y. R. Li, and R. W. Yeung, “Network
Information Flow,” IEEE Trans. Inf. Theory, vol. 46, no. 4, pp. 1204–
1216, Jul. 2000.
[7] Daojing He and Sammy Chan, “DiCode: DoS Resistant and Distributed
Code Dissemination in Wireless Sensor Networks,” IEEE transaction
on wireless communication, vol. 11, No. 5, May 2012.
[8] Teenu Liza Thomas and P. Vijayalakshmi, “Cooperative
Bit-Compressed Authentication Scheme against Compromised Node
Attacks in Wireless Sensor Networks,” International Journal of
Computer Applications (0975 – 8887), Volume 71– No.19, June 2013.
[9] D.Muruganandam and Martin LeoManickam, “Detection and
prevention of low and high Rate flooding DDOS attacks,” Issue 3 Vol
3,May-June 2013.
[10] S. Panichpapiboon, G. Ferrari, and O. Tonguz, “Optimal Transmit
Power in Wireless Sensor Networks,” IEEE Trans. Mobile Computing,
