Detection and Prevention of Network from Networks Attacks using EAODV
Vaibhav Suhane
Research Scholar CSE, LNCTS, Bhopal
Mahesh Gour
Department of CSE LNCTS, Bhopal
Sadhna K Mishra
Department of CSE LNCTS, Bhopal
Abstract:
The mobile ad hoc network (MANET) which has no centralized administration and no fix topology without infrastructure. In MANET nodes are communicated with own mutual trust. In MANET there are three types of protocol. these are Reactive, proactive and hybrid protocol .in MANET there are many network attacks like black hole, wormhole, Dos Attack etc. They dispute the network performance. Security is prime concern in MANET.
In this paper we proposed new protocol EAODV.which is an enhanced AODV. Which will detect and prevent the network from wormhole, Black hole , DOS ,Man in middle, Eavesdropping and data modification. The performance of the EAODV protocol is compared with the existing AODV routing protocol with variation in Pause time and Node speed. Simulation is done in QualNet 5.0. simulator. The performances matrices are throughput, End to End delay and total packet loss.
Keywords: AODV,QualNet5.0, Mobile Ad hoc
Network.
1. Introduction:
An Ad hoc Network is a
temporary network. Which has no infrastructure and fix topology? In this network are free to join and leave the network. Ad hoc Network is three types these are SANET, MANETs, and VANET.
Static ad hoc network(SANET):
In static Ad-Hoc networks the geographic location of the nodes or the stations are fixed. There is no mobility in the nodes of the networks, that’s why they are known as static Ad-Hoc networks.
Mobile Ad hoc Network (MANET):
Mobile Ad-Hoc network is an autonomous system, where nodes/stations are connected with each other through wireless links. It is the collection of mobile node that dynamically forms of the network without infrastructure. There is no restriction on the nodes to join or leave the network, therefore the nodes join or leave freely.
Vehicular Ad hoc Network (VANET):
by connecting vehicle aiming to improve safety and traffic management with internet access by drivers.
2. MANETs Routing Protocols:
In MANETs mobility in the node so MANETs routing protocols give the facility to communication between mobile node. in MANET there are three types of protocols Reactive, Proactive and Hybrid protocol.
Reactive Protocol:
Reactive protocol is
also known as on-demand driven routing protocol. These protocols do not try to keeps correct routing information on the node at all time. In this protocol routing information is collected only when it is required and routing discovery base on sending routing queries throughout the network. Many types of reactive protocol like AODV, DSR etc.
Proactive Protocol:
Proactive protocol is
also known as table-driven routing protocol. In this protocol every node has the information of all other nodes in the network. All node information stores in the routing table that’s why is called table-driven. These protocols constantly maintain the updated topology of the network. Whenever there is any change in the network topology routing table are updated according to the change. Many types of proactive protocols like OLSR, DSDV, and OSPF etc.
Hybrid Protocol:
Hybrid protocols have
the strength of both reactive and proactive protocols. it is combination of both so it give better result. In this protocol network divided into zones and different protocols use in different zone. One is used within the zone and other is used between the zones. In this protocols proactive mechanism use for route establishment and reactive protocol use for communication amongst the neighborhood node. Many types of hybrid protocols like ZRP etc.
3. Ad Hoc on Demand Distance Vector
Protocol (AODV):
table .if there is not route for destination then intermediate node again rebroadcast RREQ message. When destination receive the RREQ message then destination node unicast
the route reply message(RREP) from that route RREQ message is receive. Source node receive may be more than one RREP message. So how they select which route is shortest route so source node check which RREP message has the highest sequence number .those RREP message have a highest sequence number that route is the shortest route .if two or more RREP message have a same sequence number then check the Hop count. Which has a minimum hop count value that route is the shortest route. If intermediate node has the route of the destination then compare destination sequence number which is in intermediate routing table to RREQ message if RREQ have greater number then intermediate node rebroadcast the RREQ message if RREQ destination sequence number is less then .then intermediate node unicast the RREP message. AODV has two phase route discovery and route maintenance.
A.
Route discovery:
Basically AODV find the
destination route for use three control massage. These are describing below.
Route request message (RREQ): when source
wish to communicate the other node in the
network then source node broadcast the RREQ message to it’s neighboring node using expending ring technique.RREQ have a unique broadcast id and broadcast id is incremented when source node broadcast new RREQ message. RREQ message packet format RREQ message packet format
Route reply message (RREP): it is the
route reply control of AODV. When destination route find then that node unicast the RREP message. Destination node unicast RREP message form that path those path destination receive the RREQ message and destination node may be unicast more than one RREP message.
Sourc e_ addre ss
Destinati on_ Address
Destinati on_ sequence
Hop_co unt
Lifeti me
RREP massage packet format
Route Error Message : every node in the network keeps monitoring the link status to its neighbor’s node during active route. When the node detects a link crack in an active route then RERR message automatically generate and send back to the source node and source node update own routing table and delete that route in own routing table.
B.
Route maintenance:
MANET is refresh every 10sec approximately and there is
Sour ce_ addr ess
Sourc e_ sequ ence
Broadc ast_id
Destina tion_ address
Destina tion_ sequen ce
node is mobile so they are no stable at any position after every 10sec routing table is updated because when network is refresh this time node may be leave the network and some nodes are may be join the network that’s why routing table must be updated. When network is refresh then every node broadcast the HELLO message to its neighbors node and when node receive the HELLO message then they reply also by HELLO message then nodes are updated own routing table.
4. Attacks In MANET:
In MANET there are
basically two types of Attacks Active attack and Passive attack . passive attack, the attacker listen to network communication and try to understand what’s going on in the network. That type to attacker before launch an attack in the network. The attacker has enough information about the network that it can easily hijack and inject attack in the network. And active attack ,Attacker involve the communication in the network so attacker disrupts the performance of the network. Mostly attacks are active attacks like black hole, wormhole , DOS ,man in middle, Eavesdropping and data modification etc.
4.1Blackhole Attack:
Black hole attack is the denial of service attack .in this attack destination is unreachable .black hole means that a malicious node utilizes the routing protocol to claim itself to being the shortest path to the destination node but it drop the packets and does not forward to its
neighbors. in this attack when malicious node receive the RREQ message it immediately send a wrong reply message with higher sequence number and minimum Hop count without checking its routing table .basically two purpose in that attack in the network .first is not forwarding the packets and second is adding and changing some parameters of the routing message like sequence number and hop count.
4.2Wormhole Attack:
the attacker disrupts
routing by short circuiting that usual flow of routing packet. An attacker creates a tunnel between two point in the network and creates direct connection between them .
Basically Three way to create wormhole in MANETs . These are
Tunneling of packets above the network layer.
Long-range tunnel using high power transmitters.
Tunnel creation via external wired infrastructure.
4.3Dos Attack:
In Denial of service(Dos) Attack,
the attacker attempts to prevent the authorized users from accessing the services. A malicious node can override the restriction put by RREQ_RATELIMIT by increasing it or disabling it. An malicious node may choose to set the value of the parameter RREQ_RATELIMIT to a very higher number. which allows it to flood the network with fake RREQs and lead to kind of Dos attacks. For that effect the network entire service could be crippled.
4.4Data Modification Attack:
Modification is a type
of attack when an unauthorized party not only gains access to but tampers with an asset. For example a malicious node can redirect the network traffic and conduct DoS attacks by modifying message fields or by forwarding routing message with false values. In fig. 3.2, M is a malicious node which can keep traffic from reaching X by continuously advertising to B a shorter route to X than the route to X that C advertises. In this way, malicious nodes can easily cause traffic subversion and denial of service by simply altering protocol fields: such attacks compromise the integrity of routing computations. Through modification, an attacker can cause network traffic to be dropped, redirected to a different destination or to a longer route to reach to destination that causes unnecessary communication delay.
4.5Eavesdropping Attack:
Eavesdropping is the
reading of messages and conversations by unintended receivers. The nodes in MANET share a wireless medium and the wireless communication use the RF spectrum and broadcast by nature which can be easily intercepted with receivers tuned to the proper frequency. As a result transmitted message can be overheard as well as fake message can be injected into the network.
5.Literature Survey:
Su and Boppana [16] (distance bounding
approach) proposed a distributed technique to detect in-band wormhole attacks in mobile ad hoc networks. The protocol is based on the propagation speeds of requests and statistical profiling. They do not require the clocks to be synchronized network-wide and no additional control packets are needed. The protocol is supposed to be complementary to the existing source routing protocols.
Poovendran and Lazos[17] (centralized and
Qian et al. [18] (centralized and connectivity information approach) presented a scheme to detect wormhole attacks based on statistical analysis. The values of routing and connectivity statistics before the attack (when the system is normal) are compared with the corresponding values after the attack. This assumes that the wormhole does not exist at the time they gather the statistics and that the statistics do not change due to other causes.
Khalil et al.[19] have developed two
protocols to defend against wormholes: LITEWORP and MOBIWORP . LITEWORP (time-based and neighbor information approach) works with a static network and assumes that there is a guard node within the transmission range of any two neighboring nodes. At the beginning, each node will discover it neighbors and then broadcast its neighbors list to all of its neighbors. This will be done only once in the lifetime of each node. As a result each node will know all its direct neighbors and all the neighbors of all its direct neighbors. Also the second hop neighbor information is needed for the detection process.
6.Proposed Method:
In this paper, a new
protocol “EAODV” which is an enhanced AODV is proposed, yet simple protocol to effectively detect and prevent network attacks. This protocol will employ routing discrepancies between neighboring nodes along a path from a source to the destination to detect network attacks. The protocol is
straightforward and localized, can be applied on demand. It needs no special hardware, localization, or synchronization.
During the attack a malicious node captures packets from one location in the network, and tunnels them to another malicious node at a distant point, which replays them locally. The scheme relies on the idea that usually the malicious nodes participate in the routing in a repeated way as they attract most of the traffic. Therefore, each node will be assigned a cost depending from its participation in routing. The cost function is chosen to be exponential in powers of two such that to rapidly increase the cost of already used nodes. Besides preventing the network from the various attacks, the scheme provides a load balance among nodes to avoid exhausting nodes that are always cooperative in routing.
6.1Prevention Scheme:
c(i)new = n+c(i)old
where,
c(i) is the cost of a node i initially c(i)=0.
n is the number of times a node has contributed in routing to a certain destination initially n = 0.
This function takes into consideration the number of times a node has participated in routing for a certain source and the node’s cost will be increased accordingly.
6.2 Algorithm:
I. A Packet is received by node (D) from Node (S) observing for a route for destination. II. Node (D) extracts object
(Source/Destination) from packet (If the packet is a Route Request then the object is the source, if the packet is a Route Replay, then the object is the Destination).
III. Node (D) examines in routing table for other node (X) having a fresh path to the Destination.
IV. If the node (X) is not found or if the route is not different, an entry for the Destination node is added to the routing table of node (D).
V. If the node (D) is found in the routing table, and has a route to the destination the following should be verified:
A. How many times node (D) has used node (X) as a next hop (R1).
a)
b) B. How many times node (D) has used node (S) as a next hop (R2).
c)
d) C. Compare R1 and R2. e)
f) D. Update the routing table. g)
h) E. Add node (D)’s cost to the packet and forward it to the destination node.
i)
j) Destination node (Source/Destination) accepts the coming packet determines the final cost and compares with its routing table to select the path with minimum cost.
7. Simulation Analysis and Result:
In this paper we provides analysis and result of maximum throughput, End-to-End delay, total packet received that are used in EAODV and AODV routing protocol which are change by changing the values of pause time and node speed in wormhole Attack.
1)
Variation of pause time:
a) Analysis of Throughput for EAODV
The above figure shows that the performance of the EAODV and AODV with the Wormhole attack when the pause time varies and the node speed is constant. The throughput of EAODV is better than the throughput of the AODV under the Wormhole attack when the pause time is increased from 10s to 60s.
b) Analysis of End-to-End delay for
EAODV and AODV with variations in Pause Time.
Above figure reflects that the Average End-to-End Delay of AODV is higher than the EAODV when the pause time is increased from 10s to 60s here the node speed is constant, the effect of Wormhole attacks detrimental so average end to end delay increases more in AODV as compared to EAODV.
c) Analysis of Total Packets Received for
EAODV and AODV with variation in Pause Time:
The above figure shows that the rate of total packet received by the EAODV protocol is higher than the AODV protocol when the pause time varies and the node speed is constant, this reflects that the proposed method of EAODV is performing better as compared to the trivial AODV.
10 20 30 40 50 60
EAODV 20 20 21 20 19 19 AODV 17 18 18 18 17 17
0 500 1000 1500 2000 2500
Th
ro
u
gh
p
u
t
Pause time Vs
Throughput
10 20 30 40 50 60
EAODV 0.0 0.0 0.0 0.0 0.0 0.0 AODV 0.0 0.0 0.0 0.0 0.0 0.0
0 0.0050.01 0.0150.02
A
ve
ra
ge
En
d
-to
-E
n
d
D
e
la
y
(s
)
Pause time Vs Average
End-to-End Delay (s)
10 20 30 40 50 60
EAODV 86 90 91 90 93 85 AODV 67 82 76 83 81 78
0 50 100
To
ta
l P
ac
ket
s
R
ec
ei
ved
d)
Variation in Node Speed:
I. Analysis of Throughput for EAODV and
AODV with variation in node speed:
The above figure shows that the performance of the EAODV and AODV with the Wormhole attack when the pause time is constant and the node speed varies. The throughput of EAODV is better than the throughput of the AODV under the Wormhole attack when the node speed is increased from 10s to 60s.
II. Analysis of End-to-End Delay for EAODV
and AODV with variation in node speed:
Above figure reflects that the Average End-to-End Delay of AODV is higher than the EAODV when the node speed is increased from 10s to 60s here the pause time is constant, the effect of Wormhole attacks detrimental so average end to end delay increases more in AODV as compared to EAODV.
III. Analysis of Maximum Packets Received
EAODV and AODV with variation in node speed:
The above figure shows that the rate of total packet received by the EAODV protocol is higher than the AODV protocol when the pause time is constant and the node speed
10 20 30 40 50 60
EAODV 190 186 202 208 208 208 AODV 180 182 185 198 198 198
1600 1800 2000 2200
Th
rou
gh
p
u
t
Node Speed Vs
Throughput
10 20 30 40 50 60
EAODV 0.0 0.0 0.0 0.0 0.0 0.0 0
0.05
A
ver
a
ge
En
d
-to
-E
n
d
D
el
ay
(
s)
Node Speed Vs
Average End-to-End
Delay (s)
10 20 30 40 50 60
EAODV 95 101 108 109 109 109 AODV 91 95 95 95 95 98
80 90 100 110 120
To
ta
l P
ac
ke
ts
R
e
ce
iv
e
d
Node Speed Vs Total
varies, this reflects that the proposed method of EAODV is performing better as compared to the trivial AODV.
8. Conclusion:
This paper presents detection and prevention analysis with different network attacks by using a new scheme and a new protocol EAODV routing protocol in different scenario with the comparison of AODV. This analysis is performed in wireless ad hoc network. Some protocol work well for such network attack environment. In this paper, wireless node in wireless network transmitting some packet to other node which is member of a same network. Some malicious nodes which are able to drop packets or create tunnel or any other activity to reduce performance of protocol are also introduced in network, they perform various network attack. After creation of network attacks scenario of wireless network, EAODV and AODV protocol is simulated on QualNet 5.0. Simulation carries on variation of pause time of nodes and speed of node. After completion of all simulation, results were analyzed in graph. It is observed in graph that NAODV with attack gives better result in all situations in the comparison with AODV routing protocol. Future work, this work focused only on the network throughput, delay, maximum
packets received and avg. jitter effect. It would be significant to consider other metrics like power consumption, the number of hops to route the packet, fault tolerance, minimizing the number of control packets etc.
References:
[1] M. Frodigh, P. Johansson, and P. Larsson.“Wireless ad hoc networking: the art of networking without a network”, Ericsson Review, No.4, 2000, pp. 248-263.
[2] N. Sastry, U. Shankar, and D. Wagner, “Secure verification of location claims," in Proceedings of the 2nd ACM workshop on Wireless security. San Diego, CA, SA:ACM, 2003, 941313 1-10.
[3] Qualnet Simulator Documentation. “Qualnet 5.0 User`s Guide”, Scalable Network Technologies, Inc., Los Angeles, CA 90045, 2006.
[4] S. Kumar, V. S. Raghavan, and J. Deng, “Medium access control protocols for ad-hoc wireless networks: a survey." Ad-Hoc Networks, vol. 4, no. 3, pp. 326{358, May 2006.
Network Protocols. IEEE Computer Society, 2002, 656326 78-89.
[6] Y.-C. Hu, A. Perrig, and D. B. Johnson, “Rushing attacks and defense in wireless ad hoc network routing protocols," in WiSe '03: Proceedings of the 2nd ACM workshop on Wireless security. New York, NY, USA: ACM, 2003, pp. 30-40.
[7] M. Abolhasan, T. Wysocki, and E. Dutkiewicz, “A review of routing protocols for mobile ad hoc networks," Ad Hoc Networks, vol. 2, no. 1, pp. 1-22, 2004.
[8] B. Wu, J. Chen, J. Wu, and M. Cardei, Network Theory and Applications.Springer, 2007, vol. 17, ch.A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks. [9] T. X. Brown, J. E. James, and A. Sethi, “Jamming and sensing of encrypted wireless ad hoc networks," in In Proc. of ACM MobiHoc, 2006.
[10] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, “Security in mobile ad hoc networks: challenges and solutions," IEEE Wireless Communications, vol. 11, no. 1, pp. 38{47, Feb 2004.
[12] S. Radosavac, A. A. C_ardenas, J. S. Baras, and G. V. Moustakides, “Detecting ieee 802.11 mac layer misbehavior in ad hoc networks: Robust strategies against individual and
colluding attackers," J. Comput. Secur., vol. 15, no. 1, pp. 103-128, 2007.
[13] R. Doomun, T. Hayajneh, P. Krishnamurthy, and D. Tipper, “Secloud: Source and destination seclusion using clouds for wireless ad hoc networks," in In Proceedings of the IEEE Symposium on Computer and Communications, 2009.
[14] M. Khabbazian, H. Mercier, and V. K. Bhargava, “Nis02-1: Wormhole attack in wire-less ad hoc networks: Analysis and countermeasure," in Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE, H. Mercier, Ed., 2006, pp. 1-6.
*15+ L. Zhou, Z.J. Haas, Cornell Univ., “Securing ad hoc networks,” IEEE Network, Nov/Dec 1999,Volume: 13, Page(s): 24-30, ISSN: 0890-8044.
[16+ X. Su and R. V. Boppana, “On mitigating in-band wormhole attacks in mobile ad-hoc networks," in Communications, 2007.ICC '07. IEEE International Conference on, R. V. Boppana, Ed., 2007, pp. 1136-1141.
[18+ L. Qian, N. Song, and X. Li, “Detection of wormhole attacks in multi-path routed wireless ad hoc networks: a statistical analysis approach," J. Netw. Comput.Appl.,vol. 30, no. 1, pp. 308-330, 2007.
[19] I. Khalil, S. Bagchi, and N. B. Shro_, “Liteworp: Detection and isolation of the wormhole attack in static multihop wireless networks," Comput. Netw., vol. 51, no. 13, pp.3750-3772, 2007, 1276793.
