• No results found

Detection of Misbehaving Nodes in Ad Hoc Routing

N/A
N/A
Protected

Academic year: 2020

Share "Detection of Misbehaving Nodes in Ad Hoc Routing"

Copied!
6
0
0

Loading.... (view fulltext now)

Full text

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

6

Detection of Misbehaving Nodes in Ad Hoc Routing

Isha V. Hatware

1

, Atul B. Kathole

2

, Mahesh D. Bompilwar

3

1,2,3 Jawaharlal Darda Institute of Engineering & Technology,

Yavatmal, India

1isha2hatware@gmail.com 2atul_kathole@jdiet.ac.in 3mahesh_bompilwar@yahoo.com

Abstract: The dynamic nature is the major challenge to design and deployment of mobile ad hoc networks (MANETs), which consist of a set of security measures to be resolved. In this paper, we compare the behavior of three routing protocols DSDV, DSR and AODV, with the consideration of the node misbehavior. This problem of node misbehavior can be detected and controlled by different techniques such as Intrusion Detection System (IDS), Cooperative Intrusion Detection, watchdog and path rater discussed in this paper which are more efficient than other general techniques.

Keywords:Ad hoc routing detection techniques, IDS, MANET, misbehaving nodes.

I. INTRODUCTION

A group of wireless nodes communicating in a localized wireless environment in the absence of any centralized administration and any fixed infrastructure, is known as a mobile ad hoc network (MANET) [1]. Dynamic nature of MANETs requires performance of proper routing protocols, which should be compliant to frequent changes in network topology and the nodes should be able to exchange information regarding topology changes to establish routes. Such frequent changes very often bring about the security issues in ad hoc networks. Traditional routing protocols cannot be useful to determine these security issues in ad hoc networks due to its recurrently changing network dynamics. As a result of recurrent topology changes, packets exchanged between a pair of wireless nodes may track different routes at different instants of time, and thereby may be exposed to attacks. At the same time, unlike in wired networks, it is difficult to substantiate the node of a MANET in the absence of on line servers [1,2]. The group of commonly encountered attacks may include replay attack, Denial of Service (DoS) adjustment, camouflaged, routing table overflow, imitation, energy utilization etc[1,2]. A number of solutions have been proposed to protect routing message from being modified by the attackers or harmful messages being injected to the network [1,2,4,6 and 7].

The Dynamic Source Routing (DSR) Protocol[1,10] lists three types of node misbehavior in routing as experienced by MANETs.

It is suggested that network operation and maintenance can be easily jeopardized and network performance will be severely affected as a result. In this paper, it is intended to compare the performance of DSR under security attacks with that of DSDV (Destination Sequenced Distance Vector)[1,8] and AODV (Ad hoc On-demand Distance Vector)[9] protocols. The performance of above three protocols, have been broadly studied in the absence of any security threat prior to the above mentioned comparison. The rest of the paper is organized as follows. Discussion of the above three protocols is included with two types of node misbehavior being taken into consideration.

II. AD HOC ROUTINGPROTOCOLS AND

MISBEHAVING NODES

RoutingProtocols

:

(2)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

7

Reactive routing protocol DSR comprises two mechanisms: route discovery and route maintenance. It enables the mobile nodes in an ad hoc network to discover routes to arbitrary destinations as per requirement.

In the beginning, the source node initiates a Route Discovery mechanism comprising two phases: Route Request and Route Reply.

On successful completion of these two phases, a route is established between the source and destination following which the source node appends the destination address to its data packets and sends them along the route. The intermediate nodes act as routers of the packets and do not maintain any up-to-date routing information. Reactive routing protocol AODV is an enhancement of DSDV, which significantly minimizes the number of broadcasts required during route establishment by creating routes on-demand basis. It does not need to maintain all possible routes unlike DSDV, which convincingly reduces the required storage capacity at a node in the MANET. As suggested by authors of AODV, it is a perfect on-demand routing protocol, since nodes not belonging to a route, do not necessarily participate in route discovery, neither maintain up-to-date routing information. A source node needs to initiate a route discovery mechanism, when it has to send to a required destination.

III. NODEMISBEHAVIORS

Identification of misbehaving nodes in ad hoc networks is critically important to detect security attack in the network. Two types of misbehaving nodes such as selfish and malicious nodes are taken into consideration in [1,2]. Selfish nodes do not intend to directly damage other nodes, but however, do not cooperate, saving battery life for their own communications. But malicious nodes do not give priority to saving battery life, and aim at damaging other nodes. It is introduced that two different types of selfish nodes. As the nodes in MANETs are battery powered, energy becomes a precious resource, and thus, role of selfish nodes draws more attention. Thus, it is introduced altogether three routing behaviors of nodes in a MANET.

Type-0: well-behaved node: A well behaved node cooperates in the communication well, performs as required by the routing protocol, and equally participates in the communication activities like route discovery, maintenance, packet forwarding and receiving etc.

Type-1: active selfish node: Such a node does not participate in packet forwarding, and drops every received packet.

It disables the packet forwarding mechanism for the packets which have a destination address, other than this selfish node. In fact, it helps the selfish node to save its own energy, thereby still contributing to network maintenance.

Type 2: passive selfish node: Such a node practically does nothing and stays idle in the network. It does not contribute to any of the activities like packet forwarding, receiving, route discovery, network maintenance. With respect to above mentioned misbehaving nodes, we evaluate the performance of DSDV, DSR and AODV routing protocols through extensive simulations, where a certain percentage of nodes behave as active and/or passive selfish nodes with the remaining nodes being well-behaved.

IV. THE SELFISHAND MALICIOUS NODES

The selfish node is based on one of Darwin’s theories of evolution within birds, where birds are divided into suckers (always helping others); cheats (never helping, always receiving help) and grudgers (help those that help them). The theory states that eventually the suckers die first, and then the cheats (since the grudgers won’t help them) and the grudgers will reign. This concept is moved to the open environment ad hoc networks in order to help avoid maliciously behaving nodes. [12] The open environment poses quite a few new threats to ad-hoc networks. Among others, it is very difficult to recognize a malicious node using certificates since the idea of this kind of environment is that different devices, presumably from very different locations and owners, cooperate to create a functioning network.

(3)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

8

V. MISBEHAVIOR DETECTIONFORADHOC

NETWORKS

When it comes to the discussion of misbehavior detection, we should first clearly understand the term

misbehavior itself. Note that the term misbehavior

generally refers to abnormal behavior that deviates from the set of behaviors that each node is supposed to conduct in MANETs [12]. There are four types of misbehaviors in ad hoc networks, namely failed node behaviors, badly failed node behaviors, selfish attacks, and malicious attacks. These four types of node misbehaviors are classified with respect to the node’s intent and action. More specifically, selfish attacks are intentional passive misbehaviors, where nodes choose not to fully participate in the packet forwarding functionality to conserve their resources, such as battery power; malicious attacks are intentional active misbehaviors, where the malicious node aims to purposely interrupt network operations. The existence of selfishness and malicious behaviors has remarkably motivated research in the area of misbehavior detection for mobile ad hoc networks.

[image:3.612.55.282.415.547.2]

A. Intrusion Detection System (IDS):

Fig 1. Intrusion detection System (IDS) [15]

The above figure shows the general Intrusion detection System (IDS) is a type of security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions and misuse.

Intrusion Detection System (IDS) is normally regarded as an important solution for detecting various node misbehaviors in MANETs. Several approaches have been proposed to build IDS probes on each individual peer due to the lack of a fixed infrastructure, such as.

In these approaches, there is one IDS probe installed on each node, and each IDS probe is assumed to be always monitoring the network traffic, which is obviously not energy efficient given the limited battery power that each node has in MANETs [12].

In contrast, it is proposed that a cooperative intrusion detection framework in which clusters are formed and the nodes in each cluster will fulfill the intrusion detection task in turn. This cluster-based approach can noticeably reduce the power consumption for each node.

B. Framework for Cooperative Intrusion Detection

In this section we discuss principles for a cooperative intrusion detection system framework, where information sharing takes place both between distinct domains and within domains. Domains may have varying or even conflicting policies, and will not necessarily have the same mechanisms in place to identify system misuse. We have found it useful to consider these principles with respect to the relation between participant pairs, and have identified the following primary relationships [13]:

Peer: a relationship of equals between hosts, typically in different policy domains. Neither host controls the other, although they may send requests or information between themselves. Peers do not necessarily trust one another, and the level of trust is not necessarily identical.

Manager: a manager is a host that provides instructions regarding which data is to be collected, when warnings should be issued, etc. to a set of dependent hosts. Managers set a central policy for a group of hosts, generally within the same policy domain. Managers need not trust their subordinate hosts.

Subordinate/Managed Host: a host that receives some or all of its data collection and transmission policy from outside. Managed hosts may modify or add to this policy, and may themselves manage other hosts. Managed hosts must fully trust their managers, and will usually be within the same policy domain.

Slave Host: a host that receives all of its data collection and transmission policy from outside. Slave hosts may not modify or add to this policy, although they may themselves manage other hosts. Slave hosts must fully trust their managers, and will always be within the same policy domain.

(4)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

9

Friends always trust one another, and the level of trust is identical. Friends should be within the same domain.

Symbiote: a relationship of interdependent hosts. Neither host controls the other, although they may send requests or information between themselves. Hosts with this relationship are expected to be `identical' in terms of policies and security labels. Since space does not permit a detailed discussion of the rules for each relationship, we have chosen to focus on the peer relationship. The peer relationship is appropriate between domains having different policies, or where domains do not fully trust one another, or a controlling relationship between them is undesirable. We have identified the following principles as important in the development of a framework for cooperation between domains [13]:

1. Local control over policy decisions must be maintained. 2. Data collection should be autonomous but cooperative. 3. Actions based on data obtained elsewhere should include a local trust factor, since incoming data may not be reliable. 4. The enforcement of policy and the identification of policy violations should be separate issues.

5. Transactions should be validated.

6. Structure information is shared both horizontally and vertically.

7. Data collectors should be layered, overlapping, and provide both data reduction and sanitization.

8. Audit tool management and visualization systems should be integrated.

Local Policy Control: We believe that local control over policy decisions is one of the most important facets of cooperative intrusion detection systems. Cooperating domains may not fully trust one another and will be highly unlikely to grant any outsider the right to change their internal methods of misuse data collection or information own. The local host should always determine whether a given interaction should take place based on its own local policies. Even for hierarchical relationships such as master/slave, the slaved host should have facilities for checking its own policies before reacting to the incoming message.

Autonomous, but cooperative data collection: Although the data collected & shared is determined locally, hosts and domains should share relevant information. This may involve collecting and sharing data which is irrelevant to the source host's own security policy but is needed by a peer or manager.

However, even when hosts are obtaining data needed to identify policy violations for external domains, the decision regarding whether to collect and transmit this data is local, and should include the realization that the recipient will `own' the data once transmitted and may decide to disseminate it further.

Data reliability: Actions based on data obtained elsewhere should include a local trust factor, since incoming data may not be reliable. For example, the source host may have been compromised and be unknowingly transmitting misleading data. Thus, the intrusion detection system using data obtained via the cooperative framework should employ a method which takes into account the local host's trust in the authenticity and the integrity of the data.

Policy enforcement and identification: The enforcement of policy and the identification of policy violations should be separate issues. Hosts may be identifying policy violations for another domain than their own, but they should not be responsible for enforcing those policies.

Validated Transactions: It will be necessary to perform authentication of some kind between cooperating hosts. This authentication might involve digitally signed messages, for instance.

Structure of sharing: Information sharing may be both horizontal and vertical. For example, a manager and its subordinates may perform vertical sharing, where subordinates transmit data \upwards" to the manager and managers transmit commands \downwards." The trust relationships between participants are likely to be strong in the downward direction (subordinates trust their manager) and weaker in the opposite direction (managers may not fully trust their subordinates). Between peers, sharing should be horizontal, due to the more collaborative nature of their relationship.

Data collectors: Data collectors should be overlapping and provide both data reduction and sanitization. Overlapping data collectors are needed whenever one data collector might be subverted or become unavailable. Data reduction is important to reduce the extraneous data transmitted between sharing partners. Data sanitization is needed to eliminate host and network specific attributes of the data. This is important since such data might cause a security risk to the transmitting host.

(5)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

10

Further, examination of voluminous textual information for potential violations is di_cult; humans are far better at processing and identifying oddities in graphical forms while systems produce faster initial response. Thus, any data management system should include methods for managing sets of audit tools and providing graphical views of examining such data.

C. Watchdog and pathrater

Routing misbehaviors are another major security threats that have been extensively studied in ad hoc networks. In addition to externally intruding into MANETs, an adversary may also choose to compromise some nodes in ad hoc networks, and make use of them to disturb the routing services so as to make part of or the entire network unreachable. It is introduced that the two related techniques, namely watchdog and path rater, to detect and isolate misbehaving nodes, which are nodes that do not forward packets. There are also some other solutions that aim to cope with various routing misbehaviors [12].

The watchdog [14] method allows detecting misbehaving nodes. When a node forwards a packet, the watchdog set in the node ensures that the next node in the path also forwards the packet. The watchdog does this by listening to all nodes within transmission range promiscuously. If the next node does not forward the packet then it is tagged as misbehaved. A match confirms that the packet has been successfully forwarded, causing the neighbor's trustworthiness to be increased. If a packet is not forwarded within a timeout period, then a failure tally for the node responsible for forwarding the packet is incremented. If this tally exceeds a predetermined threshold, then the node is termed as malicious. Due to the effectiveness of the watchdog and its relative easy implementation, several proposals use it as the basis of their IDS solutions Therefore; we can find in the literature several approaches that are watchdog-based.

In the Path rater approach [14], each node uses the information provided by watchdogs to rate Neighbors. The Route guard mechanism [14] combines the watchdog and Path rater solutions to classify each neighbor node as Fresh, Member, Unstable, Suspect or Malicious. As can be seen, watchdogs are at the core of the most important types of IDS solutions for ad hoc networks. The main advantage of the watchdog is to over a node the possibility of detecting an attacker only using local information, thus avoiding that a malicious node affects the decisions made by the mechanism. In contrast, the watchdog has a well known vulnerability:

it is vulnerable to the attack of two consecutive malicious nodes, where the watchdog can only monitor the first one while the second malicious node performs an attack. Some previous works [14] define techniques for avoiding the problem of cooperative blackholing in MANETs, but they also have some limitations. For example all of the described methodologies are based on the AODV protocol and require a change in the implementation of AODV. Thus, we would need to implement a specific IDS for each routing protocol used.

VI. CONCLUSION

The dynamic nature of the MANET is major challenge to tackle the problem related the frequently changing topology. It is important to resolve the problem related to the attacks and node misbehavior which is carried out by the intrusion detection technique and also the advanced system which is framework cooperative intrusion detection system is used to solve such problem.

References

[1] Manoj Kumar Mishra, Binod Kumar Pattanayak, Alok Kumar Jagadev, Manojranjan Nayak. Measure of Impact of Node Misbehavior in Ad Hoc Routing: A Comparative Approach. In IJCSI International Journal of Computer Science Issues, Vol. 7, Issue 4, No 8, July 2010.

[2] H. Li and M. Singhal. A secure routing protocol for wireless ad hoc networks. In HICSS’06: Proceedings of the 39th Annual Hawaii

International Conference on System Sciences, page 225.1,

Washington, DC, USA, 2006. IEEE Computer Society.

[3] H. Deng, W. Li, and D. P. Agrawal. Routing security wireless ad hoc networks. IEEE Communications Magazine, 2(1), 2002.

[4] C. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and K. Levitt. A specification-based intrusion detection system for AODV. In SASN ’03: Proceedings of the 1st ACM workshop on

Security of ad hoc and sensor networks, pages 125–134, New York,

NY, USA, 2003. ACM Press.

[5] P. Michiardi and R. Molva. Simulation-based analysis of security exposures in mobile ad hoc networks. In Proceedings of European

Wireless Conference, 2002.

[6] K. Paul and D. Westhoff. Context aware detection of selfish nodes in DSR based ad-hoc networks. In IEEE GLOBECOM 2002, Taipei,

Taiwan, November 2002.

[7] P. Papadimitratos and Z. J. Haas. Securing routing for mobile ad hoc networks. In Proceedings SCS (CNDS2002), 2002.

[8] C. E. Perkins and P. Bhagwat. Highly dynamic destination-sequenced distance-vector routing (DSDV) for mobile computers. In

ACM SIGCOMM’94, pages 234–244, London, England, August

1994.

(6)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, Volume 2, Issue 2, February 2012)

11

[10] D. B. Johnson. Routing in ad hoc networks of mobile hosts. In

IEEE Workshop on Mobile Computing Systems and

Applications, pages 158–163, December 1994.

[11] J. Broch, D. A.Maltz, D. B. Johnson, Y. Hu, and J. Jetcheva. A performance comparison of multi-hop wireless ad hoc network routing protocols. In MobiCom ’98: Proceedings of the 4th annual ACM/IEEE international conference on Mobile computing and

networking, pages 85–97, New York, NY, USA, 1998. ACM Press.

[12] Wenjia Li, Anupam Joshi (IEEE Senior Member), and Tim Finin. Coping with Node Misbehaviors in Ad Hoc Networks: A Multi-Dimensional Trust Management Approach. Eleventh International Conference on Mobile Data Management, IEEE 2010.

[13] Deborah Frincke, Don Tobin, Jesse McConnell, Jamie Marconi, Dean Polla. A Framework for Cooperative Intrusion Detection. Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010

[14] Jorge Hortelano, Juan-Carlos Cano, Carlos T. Calafate and Pietro Manzoni. Watchdog Intrusion Detection Systems. Universidad Politécnia de Valencia Camino de Vera, S/N - 46022 Valencia, Spain.

Figure

Fig 1. Intrusion detection System (IDS) [15]

References

Related documents

In addition to being implicated in norm creation and gaining of social control, we find that the use of accounting concepts such as transparency, accountability and value for money

This was calculated by determining the geometric mean amount (in micrograms) of total IgA or IgG antibody present in 5-ml culture supernatants of duplicate biopsy specimens (taken

But on the fifth day, the incidence of VAP was significantly lower in the study group, compared to control, which reveals the effect of conducting three simultaneous airway care

These results show that within the Muslim-majority world, the Arab League’s democratic de…cit is shared by countries that were conquered by Arab armies.. In column (8) I show that

In conclusion, better treatment strategies for high risk pati- ents with acute cholecystitis are evaluation of surgical risk with ASA classification at first, and if ASA

SHORT REPORT Open Access Gene Expression Profiles are Altered in Human Papillomavirus 16 E6 D25E Expressing Cell Lines Mi Jang?, Jee Eun Rhee?, Dai Ho Jang and Sung Soon Kim*