Available Online at www.ijpret.com 1247
INTERNATIONAL JOURNAL OF PURE AND
APPLIED RESEARCH IN ENGINEERING AND
TECHNOLOGY
A PATH FOR HORIZING YOUR INNOVATIVE WORK
AN OVERVIEW OF MOBILE ADHOC NETWORK: INTRUSION DETECTION,
TYPES OF ATTACKS AND ROUTING PROTOCOLS
MS. KALYANI P. SABLE1, PROF. G. D. GULHANE2, DR. H. R. DESHMUKH3
1.Student of Master of Engineering in (CSE), IBSS college of Engineering and Technology, Amravati, India. 2.Assistant professor Department of (CSE), IBSS College of Engineering and Technology, Amravati, India. 3.Head of the Department of (CSE), IBSS College of Engineering and Technology, Amravati, India.
Accepted Date: 05/03/2015; Published Date: 01/05/2015
Abstract:Mobile ad hoc network (MANET) is an autonomous system of mobile nodes which
is connected by wireless links. Each node operates as an end system and also as a router to forward packets. The nodes are free to move about and organize themselves into a network. These nodes change position frequently. A MANET is a type of adhoc network that can change locations and configure itself. Because nodes are without any predefined infrastructure and mobility then that are susceptible for intrusion and attack. Securing is an important field in this type of network. Compared to wired networks, MANETs are more vulnerable to security attacks due to the lack of a trusted centralized authority and limited resources. In this paper the concept of intrusion detection system, types of attacks and routing protocols in MANET is represented.
Keywords:MANET, Intrusion Detection System, Black Hole Attack.
Corresponding Author: MS. KALYANI P. SABLE
Access Online On:
www.ijpret.com
How to Cite This Article:
Kalyani P. Sable, IJPRET, 2015; Volume 3 (9): 1247-1254
Available Online at www.ijpret.com 1248 INTRODUCTION
In wireless networking, Mobile ad hoc network is one of the more innovative and challenging areas. Consisting of devices that are autonomously self-organizing in networks, ad hoc networks offer a large degree of freedom at a lower cost than other networking solutions. A MANET is an autonomous collection of mobile users that communicate over relatively “slow” wireless links. Since the nodes are mobile, the network topology may change rapidly and unpredictably over time. The network is decentralized, where all network activity, including discovering the topology and delivering messages must be executed by the nodes themselves. Hence routing functionality will have to be incorporated into the mobile nodes. Each node in a wireless ad hoc network functions as both a host and a router, and the control of the network is distributed among the nodes. The network topology is in general dynamic, because the connectivity among the nodes may vary with time due to node departures, new node arrivals, and the possibility of having mobile nodes. An ad hoc wireless network should be able to handle the possibility of having mobile nodes, which will most likely increase the rate at which the network topology changes. MANET due to nodes mobility and dynamic topology that is frequently change is very susceptible to a variety of attacks such as eavesdropping, routing, packet modification, etc. and securing a MANET under such conditions is challenging. An effective way to identify when an attack occurs in a MANET is the deployment of an Intrusion Detection System (IDS).
I. NETWORK SECURITY IN MANETs:
Different variables have different impact on security issues and design. Especially environments, origin, range, quality of service and security criticality are variables that affect the security in the network.
Available Online at www.ijpret.com 1249 not always critical, but it might cost a lot to ensure it. Sometimes there is trade-off between security and costs.
II. TYPES OF ATTACKS IN MANET:
Due to their particular architecture, ad-hoc networks are more easily attacked than wired network. We can distinguish two kinds of attack: the passive attacks and the active attacks. A passive attack does not disrupt the operation of the protocol, but tries to discover valuable information by listening to traffic. Instead, an active attack injects arbitrary packets and tries to disrupt the operation of the protocol in order to limit availability, gain authentication, or attract packets destined to other nodes. The routing protocols in MANET are quite insecure because attackers can easily obtain information about network topology.
a. Attacks Using Modification: One of the simplest ways for a malicious node to disturb the
good operation of an ad-hoc network is to announce better routes (to reach other nodes or just a specific one) than the other nodes. This kind of attack is based on the modification of the metric value for a route or by altering control message fields.
b. Attacks using impersonation: These attacks are called spoofing since the malicious node
hides its real IP address or MAC addresses and uses another one. As current ad-hoc routing protocols like AODV and DSR do not authenticate source IP address, a malicious node can launch many attacks by using spoofing. For example, a hacker
can create loops in the network to isolate a node from the remainder of the network. To do this, the hacker just has to take IP address of other node in the network and then use them to announce new route (with smallest metric) to the others nodes. By doing this, he can easily modify the network topology as he wants.
c. Attacks using fabrication:
Layer Attacks
Application layer Repudiation and data corruption
Transport layer Session hijacking, SYN flooding
Network layer Wormhole, blackhole, Byzantine, flooding, Resource consumption,
location disclosure attacks
Data link layer Traffic analysis, monitoring, disruption MAC (802.11), WEP weakness
Physical layer Jamming, interceptions, eavesdropping
Multi-layer attacks DoS, impersonation, replay, man-in-the-middle
Available Online at www.ijpret.com 1250
III. INTRUSION DETECTION SYSTEM:
The IDS system is an integrated method for detect any attacks by analyzing and continues monitoring network activities. Intrusion detection systems can be run on each mobile node to check local traffic and detect local intrusions. These nodes can communicate local intrusion information to each other as and when needed. Figure1 show the local model of intrusion detection system. Each node has local IDS that by this, node can connect to network and local IDS checking all send or receive data in/out node. Other technique is to run intrusion detection system for self and neighbor nodes to check for malicious neighbor. The global intrusion detection system can be deployed for clusters of mobile nodes where head node is responsible for global intrusion detection for its cluster.
3.1. IDS architecture
The existing IDS architectures for MANETs fall under three basic categories (a) stand-alone, (b) cooperative, and (c) hierarchical.
• Stand-alone: in stand-alone architectures every node performs IDSs locally without collaborating and respond locally. This IDS architecture has a drawback for network attacks. There limitation is in terms of detection accuracy and the type of attacks that they detect
• Cooperative: in this architecture all nodes in MANET have their own local IDS system. Nodes come to a decision in a distributed fashion cooperatively. Upon determination of an intrusion, nodes share this information, asset attack risk degree and take necessary actions to eliminate the intrusion using active or passive precautions. At the same time, all the nodes participate in a global detection decision making. This is more suitable to a flat MANET.
• Hierarchical: the hierarchical architectures amount to a multilayer approach, by dividing the network into clusters. Specific nodes are selected (based on specific criteria) to act as cluster-heads and undertake various responsibilities and roles in intrusion detection, which are usually different from those of the simple cluster members. The main advantage of this architecture is effective use of constraint resources but has a drawback for highly mobile MANETs for establishing zones and detecting responsible nodes in clusters.
3.2. IDS engine
Available Online at www.ijpret.com 1251 training data and finally applies the classifier to test local audit data in order to classify it as “normal” or “abnormal”.
3.3. IDS watermarking techniques
Watermarking is the method for protecting the related data that should exchange between nodes, or is imperceptible added to the cover-signal in order to convey the hidden data. Watermarking techniques are then applied in order to prevent the possible modification of the produced maps.
IV. ROUTING PROTOCOLS IN MANETS
In order to facilitate communication within the network, a routing protocol is used to discover routes between nodes.
The primary goal of such an ad-hoc network routing protocol is correct and efficient route establishment between a pair of nodes so that messages may be delivered in a timely manner. Route construction should be done with a minimum of overhead and bandwidth consumption. An Ad-hoc routing protocol is a convention or standard that controls how nodes come to agree which way to route packets between computing devices in a MANET. In ad-hoc networks, nodes do not have a priori knowledge of topology of network around them, they have to discover it. The basic idea is that a new node announces its presence and listens to broadcast announcements from its neighbors. The node learns about new near nodes and ways to reach them, and announces that it can also reach those nodes.
Routing protocols may generally be categorized as:
(a) Table-driven OR Proactive routing protocols.
Available Online at www.ijpret.com 1252 Classification of Routing Protocols in MANETs:
Fig.1: Classification of Routing Protocols in MANETs
V. BLACK HOLE ATTACK:
Black hole problem in MANETS is a serious security problem to be solved. In this problem, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In flooding based protocol, if the malicious reply reaches the requesting node before the reply from the actual node, a forged route has been created. This malicious node then can choose whether to drop the packets to perform a denial-of-service attack or to use its place on the route as the first step in a man-in-the-middle attack.
One solution for black hole is to find more than one route to the destination (redundant routes, at least three different routes). Then, the source node unicasts a ping packet to the destination using these three routes (we should assign different packet IDs and sequence number, so any node who receive the first packet will not drop the second one if it exists in both paths). The receiver and the malicious in addition to any intermediate node might have a route to the destination will reply to this ping request. The source will check those acknowledgements, and process them in order to figure out which one is not safe and might have the malicious node.
Available Online at www.ijpret.com 1253 Countermeasures for black hole attacks:
Some secure routing protocols, such as the security-aware ad hoc routing protocol (SAR), can be used to defend against black hole attacks. The security-aware ad hoc routing protocol is based on on-demand protocols, such as AODV or DSR. In SAR, a security metric is added into the RREQ packet, and a different route discovery procedure is used. Intermediate nodes receive an RREQ packet with a particular security metric or trust level. At intermediate nodes, if the security metric or trust level is satisfied, the node will process the RREQ packet, and it will propagate to its neighbors using controlled flooding. Otherwise, the RREQ is dropped. If an end-to-end path with the required security attributes can be found, the destination will generate a RREP packet with the specific security metric. If the destination node fails to find a route with the required security metric or trust level, it sends a notification to the sender and allows the sender to adjust the security level in order to find a route. To implement SAR, it is necessary to bind the identity of a user with an associated trust level. To prevent identity theft, stronger access control mechanisms such as authentication and authorization are required. In SAR, a simple shared secret is used to generate a symmetric encryption/decryption key per trust level. Packets are encrypted using the key associated with the trust level; nodes belonging to different levels cannot read the RREQ or RREP packets. It is assumed that an outsider cannot obtain the key.
In SAR, a malicious node that interrupts the flow of packets by altering the security metric to a higher or lower level cannot cause serious damage because the legitimate intermediate or destination node is supposed to drop the packet, and the attacker is not able to decrypt the packet. SAR provides a suite of cryptographic techniques, such as digital signature and encryption, which can be incorporated on a need-to-use basis to prevent modification.
CONCLUSION
As the use of mobile ad hoc networks (MANETs) has increased, the security in MANETs has also become more important accordingly. The evolution in the field of mobile computing is driving a new alternative way for mobile communication, in which mobile devices form a self-creating, self-organizing and self-administering wireless network, called a mobile ad hoc network.
Available Online at www.ijpret.com 1254 networks is still year away, the research in this field will continue being very active and imaginative
REFERENCES
1. Qingting Wei, Hongzou. “Efficiency Evaluation & Comparison of Routing Protocols in MANETs” in International Symposium on Information Science & Engineering 2008.
2. Hongmei Deng, Wei Li, Dharma P. Agarwal, “Routing Security in Wireless Ad-Hoc Networks” in IEEE Communication Magazine Oct. 2002.
3. Sudipto Das, “Security issues in Mobile Ad-Hoc networks”
4. Tarek Sheltami & Hussein Mouftah, “A Comparative study of On-Demand & Cluster –Based Routing Protocols in MANETs”, in IEEE 2003.
5. Williams Schilling, “Internet Protocols and Networking.
