Detection of Malicious node by Black Hole attack in
Wireless Sensor Network based on Data Mining
Nitin A. Sakhare PG student,
Department of Computer Technology, YCCE,
Nagpur, India
Nilesh U. Sambhe Assistant Professor,
Department of Computer Technology, YCCE,
Nagpur, India
Abstract—A Wireless Sensor Network (WSN) is a temporary
network set up by wireless mobile computers (or nodes) moving arbitrary in the places that have no network infrastructure. Since the nodes communicate with each other, they cooperate by forwarding data packets to other nodes in the network. Therefore the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless Sensor Networks are unprotected to attacks of the malicious nodes. One of the most malicious threats to WSN is in the form of black hole attack that target the routing protocols. Ad-hoc On-Demand Distance Vector (AODV) Routing Protocol is used for finding a path to the destination in an ad-hoc network. To find the path to the destination all nodes work in cooperation using the routing control messages. AODV Routing Protocol offers quick adaptation to dynamic network conditions, low processing and memory overhead, low network bandwidth utilization with small size control messages. A wireless sensor network consists of a large number of small sensors with limited energy. Clustering the sensor nodes is an effective technique to achieve these goals. Network is divided into number of clusters. Nodes are assigned to the cluster having minimum distance to the cluster head having maximum energy. The distance is calculated using Euclidean Distance Formula. We propose a new protocol, RAEED (Robust formally Analyzed protocol for Wireless Sensor Networks Deployment), which is able to address the problem of black hole attacks. Using formal modeling we prove that RAEED avoids Black Hole attack.
Keywords-Wireless Sensor Network, Black Hole Attack, Cluster Head, AODV
I. INTRODUCTION
Wireless Sensor Networks are composed of autonomous nodes that are self-managed with none infrastructure. During this manner, ad- hoc networks have a dynamic topology such nodes will simply be part of or leave the network at any time. They need several potential applications, especially, in military and rescue areas like connecting soldiers on the battlefield or establishing a brand new network in place of a network that folded when a disaster like an earthquake. Wireless Sensor Networks are appropriate for areas wherever
it's unfeasible to line up a fixed infrastructure. Whenever the nodes communicate with one another while not an infrastructure, nodes supply the connectivity by forwarding packets over themselves. To support this connectivity, nodes use some routing protocols like AODV (Ad- hoc On Demand Distance Vector), DSR (Dynamic source Routing) and DSDV (Destination Sequenced Distance Vector). Besides acting as a host, every node conjointly acts as a router to find a path and forward packets to the correct node within the network.
As Wireless Sensor Networks lack an infrastructure, they're posed to lots of attacks. One among these attacks is that the black hole attack. In the black hole attack, a malicious node absorbs all data packets in itself, almost like a hole that sucks in everything in. during this manner, all packets in the network are dropped. A malicious node dropping all the traffic within the network makes use of the vulnerabilities of the route discovery packets of the on demand protocols, like AODV.
In our study, we simulated the black hole attack in Wireless Sensor Networks and evaluated its harm within the network. We created our simulations using NS-2 (Network simulator version-2).Afterwards, we projected an RAEED (Robust formally analyzed protocol for wirEless sEnsor networks Deployment), that is ready to address the problem of black hole attacks. Using formal modeling we prove that RAEED avoids this kind of attack in Wireless Sensor Network.
II. BLACK HOLE ATTACK
towards destination, it‟ll send Route Reply (RREP) packet towards source node.
The fresh route means the intermediate node should have the highest sequence number and minimum hop count as compared to one mentioned in the RREQ packet. The black hole node advertises itself of having shortest path by sending RREP packet with highest sequence number. Then, the source node can begin start sending the data packets towards the black hole node and therefore the black hole node can drop all the data packets.
Figure 1: Black Hole Attack
III. PROPOSED METHODOLOGY
In this chapter, we mentioned the techniques and algorithms that have been projected our project for detection and prevention of malicious node by black hole attack in wireless sensor network. Analysis the parameter such as packet delivery ratio, throughput and energy consumption under black hole and without Black hole.
A. K-Means Algorithm
K-Means is that the simplest algorithm used for clustering that is unsupervised clustering algorithm. This algorithm partitions the data set into k clusters using the cluster mean value so the ensuing clusters intra cluster similarity is high and inter cluster similarity is low. K-Means is iterative in nature. It follows following steps:
1. At random generate k points (cluster centers), k being the number of clusters desired.
2. Calculate the distance between each of the data points to each of the centers, and assign each point to the nearest center.
3. Calculate the new cluster center by calculative the mean value of all data points in the respective cluster. 4. With the new centers, repeat step 2. If the assignment of cluster for the data points changes, repeat step 3 else stop the process. (The distance between the data points is calculated using Euclidean distance.)
B. AODV Algorithm
Use Algorithm for packet transmission and reception routine as follows:
1. The source node „S‟ broadcast the ROUTE-REQUEST to any or all its neighbors.
2. When obtaining the ROUTE-REQUEST the neighbor nodes check the ROUTE-ID, whether the ROUTE- REQUEST has been received before.
3. If the ROUTE-REQUEST packet has been already received by the neighbor node, then it discards the packet.
4. Otherwise, a reverse path is established between the source and its neighbor‟s node.
5. If this node isn't the destination or having no path to the destination, then Repeat step 1 and onwards (neighbor node in place of source node).
6. Once the ROUTE-REQUEST packet find the destination node or node having path to the destination, the destination node unicast the ROUTE-REPLY towards the source node.
7. Once the ROUTE-REPLY packet reach to the source node following the path of intermediate nodes, the route is established within the reverse manner i.e. from the destination to the source.
8. The route is established, and the data packets will be sent through the established route.
C. RAEED Model:
The RAEED (Robust formally analyzed protocol for
Wireless Sensor Networks Deployment) model is a solution to Denial of Service attacks also. RAEED model performs bidirectional verification check to remove unidirectional and fading links. It may also remove virtual links by communicating with 2-hop nodes. Thus, any try of black hole attack via virtual links isn't possible in RAEED. The formal verification of the projected neighborhood watch confirms that black hole attacks as a result of compromised nodes are solved. We've verified that the issues detected in the Arrive protocol, in our earlier work are removed. The mechanism employed by the scheme is based on informing higher level nodes that there's no additional node accessible for forwarding the information, therefore the lost beacon allows a higher level node to forward data again to another neighbor.
The working of proposed RAEED model for detecting and preventing black hole attack in our project as follows:
2. The nodes to detect locally if a neighboring node has forwarded data to a legitimate 2- hop node.
3. The neighbor nodes are then ranked based on their performance and the nodes not performing well are ignored.
4. In the case of a node not being able to forward data or not per- forming well then neighbor node informs its Cluster node by sending a lost message. (This can be identified by using SYN, FIN, URG flag packet dropped attack, same message can be delivered more than once and also Black hole node can‟t share his information to the neighboring nodes.)
5. The Cluster node informs to its Base Station send same lost message after that Base Station detect black hole node and blocked them and prevent that node after some time.
IV. PERFORMANCE ANALYSIS
Our work is detecting the black hole in the network. We used NS2 (Network Simulator 2) as a tool to simulate the proposed work as it provides an easy to use interface and wide range of functions which can be used directly. The statistics used for simulation of WSN are used in table 1 below.
TABLE 1: PARAMETERS CONSIDER FOR SIMULATION
Sr. No. Parameters Values
1 Antenna Model Omni Antenna
2 Geographical area 2612*100
3 Base Station 1
4 Packet size 50 bytes
5 Routing Protocol AODV
6 Radio Propagation Two Ray Ground
7 Number of Nodes 33
8 Number of Attackers 3
9 Channel type Wireless Channel
10 Traffic Model CBR
A. Proposed Implementation
Phase 1: Create a wireless sensor network of N nodes Phase 2: Explain the member or agent nodes of one BS (Base station) according to given range.
Phase 3: Select the neighbor member of nodes which is neighbor to the base station.
Phase 4: Choosing the Cluster Node (s).
Phase 5: Send the packets from one node to another node. Phase 6: Analysis the parameter such as packet delivery ratio, total energy consumption, Throughput under the black hole or without black hole.
Phase 7: Apply RAEED Model to do detect under the network black hole attack or not.
Phase 8: Remove the attack.
Figure 2: Proposed Flow Diagram
B. Result
Figure 3 shows, 33 nodes in which sender node broadcast the alarm message to the Base station node 0 by using intermediate node. Sender node is in yellow color.
Figure 3: Data Transmission from Sender node to Base Station node
Figure 4: Data Transmission from Base Station to Other nodes
Figure 5 shows, packets are not reaching the destination instead they are dropped by the Black hole nodes. This can be identified by using SYN, FIN, URG flag packet dropped attack, same message can be delivered more than once and also Black hole node can‟t share his information to the neighboring nodes.
Figure 5: Packets Dropped by Black hole node
For detecting malicious node which are affected by Black hole attack we have purposed RAEED (Robust formally Analyzed protocol for Wireless Sensor Networks Deployment) model, which uses a neighbor‟s watch approach where each node observes the performance of its neighbor after forwarding it the data. This eavesdropping enables the nodes to detect
locally if a neighboring node has forwarded data to a legitimate 2- hop node. The neighbor nodes are then ranked based on their performance and the nodes not performing well are ignored. In the case of a node not being able to forward data further it informs its predecessor by sending a lost message. Figure 6 shows, attacker nodes are detected by using RAEED model.
Figure 6: Detected Black hole nodes
After detecting the malicious node, we can blocked that the node which are affected by Black hole attack. And start the secure trans- mission by using Robust TCP Congestion Recovery algorithm. It is used for retransmit those packets which are dropped during at- tack. Figure 7 shows, secure transmission after blocked the malicious node.
C. Result Analysis
1. Packet Delivery Ratio:
The performance parameter packet delivery ratio provides information about the performance of any routing protocols by the successfully delivered packets to the destination, where packet delivery ratio can be estimated using the formula given:
Packet Delivery Ratio=Total Delivered Packets/Total Sent Packets.
Figure 8 shows, packet delivery ratio graph. Here X axis shows time and Y axis shows number of packets. In graph, red line shows packet delivery ratio before the attack, green line shows packet delivery ratio after the attack and blue line shows packet delivery ratio after mitigating the attack. Before attack the packet delivery ratio is more as compare to after the attack. And after removing the attack packet delivery ratio will be increasing because of after prevent the attack we can retransmit those packet which can be drop by the attack.
Figure 8: Packet Delivery Ratio
2. Energy Consumption:
Energy Consumption maintain total energy at each node in wireless network. Figure 9 shows, Energy Consumption graph. Here X axis shows the number of the nodes and Y axis shows energy of the node. In graph, red line shows energy of the node before the attack, green line shows energy of the node after the attack and blue line shows energy of the node after mitigating the attack. Before attack energy
of the node is more as compare to after the attack. And after removing the attack energy of the node will be increasing because of after prevent the attack we can retransmit those packet which can be drop by the attack and therefore energy of the node can be increased.
Figure 9: Energy Consumption
3. Throughput:
Throughput is that the amount of data transferred from one place to a different or processed in a specified amount of your time. This data could also be delivered over a physical or logical link, or go through a certain network node. The throughput is typically measured in bits per second (bit/s or bps), and typically in data packets per second or data packets per interval.
Figure 10: Throughput
V. CONCLUSION
The main objective of the proposed work is to detect of malicious node by Black Hole attack in Wireless Sensor Network by using RAEED model. RAEED model used to reduce packet drop attacks and enhance the network performance. The formal modelling approach is a useful verification process and should be performed at an early development stage (design phase) so that any hidden error present in the design can be rectified and removed. RAEED model is robust, works well in noisy conditions as well as in deferent sizes of networks with varying density. Measure the
energy efficiency of RAEED using both formal modelling and simulation. In the future, this work can also be improved by implementing all DoS attacks. RAEED has been veried empirically using practical implementations (a few attacks).
REFERENCES
[1] Mohammad Wazid, Avita Katal, Roshan Singh Sachan, R H Goudar, D P Singh, “Detection and Prevention Mechanism for Blackhole Attack in Wireless Sensor Network,” in Proceeding of International conference on Communication and Signal Pro- cessings (ICCSP), 2013 International Conference, pp. 576-581.
[2] Binod Kumar Mishra and Mohan C. Nikam, “Security against blackhole attack in wireless sensor network – A Review,” in Proceedings of Communication System and Network technolo- gies (CSNT), 2014 Fourth International Conference, pp.-615- 620.
[3] Satyajayant Misra and Guoliang Xue , “BAMBi: Blackhole At- tacks Mitigation with Multiple Base Stations in Wireless Sensor Networks,” in Proceedings of communication (ICC),IEEE 2011 International conference, pp. 1-5.
[4] Bajwa Shahid Shehzad, and Muhammad Khalid Khan, “Grouped Black hole Attacks Security Model (GBHASM) for Wireless Ad- Hoc Networks,” in Proceedings of Computer and Automation Engineering (ICCAE), 2010 The 2nd International Conference, vol. 1, pp. 756-760. [5] Taylor, Vincent F., and Daniel T. Fokum, “Mitigating black hole attacks
in wireless sensor networks using node-resident ex- pert systems,” in Proceedings of Wireless Telecommunications Symposium (WTS), 2014, pp. 1-7.
[6] Saghar Kashif, David Kendall, and Ahmed Bouridane, “Appli- cation of formal modeling to detect black hole attacks in wireless sensor network routing protocols,” in Proceedings ofApplied Sci- ences and Technology (IBCAST), 2014 11th International Bhur- ban Conference, pp. 191-194. [7] Raza Muhammad, and Syed Irfan Hyder, “A forced routing in-
formation modification model for preventing black hole attacks in wireless Ad Hoc network,” In Proceedings of Applied Sci- ences and Technology (IBCAST), 2012 9th International Bhur- ban Conference, pp. 418-422.
