• No results found



Academic year: 2021


Show more ( Page)

Full text


_____________________________________________________________________________________ www.jrret.com


M.Yasodha1, S.Umarani2, D.Sharmila3


PG Scholar, Maharaja Engineering College, Avinashi, India.


Assistant Professor, Maharaja Engineering College, Avinashi, India.


Professor & Head, Bannari Amman Institute of Technology, Sathyamangalam, India. ______________________________________________________________________________ Abstract:

Mobile Ad hoc Network (MANET) is the sort of wireless networks that use multi- hop relaying and is an infrastructure less Network because of its potential of operating without the aid of any fixed network. Because of open nature of the system, it is vulnerable against several attacks. The key security risk on MANET is a Distributed Denial of Service (DDoS) attack. DDoS attack has the potential to create a huge measure of undesirable traffic. It is hard to identify and control the DDoS attack because of large scale and complex system environments. In this paper, an analytical technique that utilizes Reactive Defense Mechanism to mitigate the DDoS attack has been proposed. The proposed approach enhances network performance in terms of low delay and less packet drop. Further the simulation result shows the efficiency of the proposed methodology.

Keywords: Mobile Ad Hoc Network (MANET), Distributed Denial of Service (DDoS), Reactive Defense mechanism.


I. Introduction

Ad-hoc network is the network consisting of wireless nodes. It is essentially infrastructure less network which is self-organized i.e. the connections are created without any centralized management [1],[2].A Mobile Ad hoc Network (MANET) is a unstructured network that can be made without fixed infrastructure. This implies that all its nodes act as routers and participate in its discovery and maintenance of routes to different nodes in the network i.e. nodes inside one another's radio extent communicate directly through wireless links, while those that are further

separated use different nodes as relays. Its routing protocol must have the capacity to adapt to the new challenges that a MANET makes, for example, nodes versatility, security support, and quality of service, limited power supply and bandwidth.

These challenges set demands on routing protocols. There are distinctive key issues and sub- issues , for example, routing, multicasting/broadcasting, clustering, location service, mobility management, IP addressing, multiple access, radio interface,


_____________________________________________________________________________________ www.jrret.com

TCP/UDP, power and bandwidth management, security, QoS/multimedia and fault tolerance.

Recent wireless research shows that the MANET presents a major security issue than traditional wired and wireless networks. DDoS attacks are accounted for as one of the greatly occurring attack over a recent decade. Numerous service providers and legitimated users have experienced an terrible experience from these attacks. A DDoS attack is large scale, facilitated attack on the availability of services at the target system or network asset. The DDoS attack is propelled by sending large measure of packets to the target node through the co-ordination of vast measure of nodes which are circulated all over the network. At the target side this traffic consumes the bandwidth and does not permit other critical packet to reach the system.

Though different security measures have been adopted broadly in wired networks, they cannot be utilized in MANETs. It is extremely challenging in MANETs to meet the regular security requirements, for example, data privacy, information trustworthiness, and service availability. Research has been directed in past decades that attempt to incorporate security arrangements on top of secure routing protocols. To date, on the other hand, it is still a continuous research on techniques to defend against DDoS attack. In this paper, we propose a novel a analytical method that uses Reactive Defense Mechanism to mitigate the DDoS attack in MANET.

II. Related Work

Several research works has been carried out to defend against DDoS attack in MANET [3], [4], [5].In [6], the authors proposed a defense approach which contains flow monitoring table (FMT) at every node. FMT consists of flow id, source and destination id and packet sending rate. Data transfer rate is computed for each flow at intermediate nodes. With each one flow, the upgraded FMT is sent to the destination. After monitoring the MAC (Media Access Control)layer, the target node sends the Explicit Congestion Notification (ECN) bit to caution the sender nodes about the congestion. After receiving ECN, the sender reduces their sending rate. In the event that the channel gets to be congested persistently because of some sender nodes don't decrease their sending rate, it can be found by the target node utilizing the upgraded FMT. It checks current sending rate with the past sending rate of a stream. At the point when both the rates are same, the corresponding sender of the flow is considered as an attacker. Once the DDoS attackers are discovered, all the packets from those nodes will be rejected. Advantage of this approach is to enhance the performance of the Ad hoc system in terms of bandwidth, packet delivery ratio, and packet drop.

In [7], the authors introduced a system for determining misbehave or intrusion in MANET utilizing intrusion detection system and secure the network from Distributed Denial of Service (DDOS) and examined the result on the basis of real TCP flow routing,


_____________________________________________________________________________________ www.jrret.com

packet delivery ratio and average end-to-end delay in typical DDoS attack and IDS time. This defense mechanism comprises of a Flow Monitoring Table (FMT) of every mobile node. It consists of sender_id, time, receiver_id, transport_info, protocol_type, node coordinate axis and event_type. They capture the data of all nodes till specific time. The normal and abnormal behavior of the network is watched. If network contamination was recognized, they identify the attacker node and it will be obstructed from the network.

In [8] a confidence based filtering method (CBF) has been proposed to identify the DDoS attack in cloud. Here, anomaly detection is utilized and the normal profile of the network is created during non-attack period and CBF is employed to identify the attacker in attacker period. In [9] DDoS flooding attack detection is done by a step-by-step investigation approach in which entropy based detection technique to defend against DDoS attack, to prevent flooding of abnormal traffic and ensure the transmission of normal traffic.

In [10], the authors introduced a quantitative model to describe the DDoS flooding attack and its traffic detail. They likewise proposed an anaytical model for searching for particular patterns of the attack traffic, targeting to attain: Decide if there is aberrance in the activity and whether the peculiarity is the DDoS attack. Decide the time when the attack is dispatched. Network forensics is the procedure of capturing, recording, and analysis of network actions to

find the source of security attacks.The flooding attack is considered in this work. It plans to incapacitate the whole network, instead of any specific node, by infusing overwhelming attack traffic (e.g. RREQ broadcast) into the MANET. Since all or the majority of key assets of mobile nodes are pointlessly expended on handling and transmitting the attack activity, real users traffic is denied.

In [11] a novel defense mechanism has been presented that utilizes the medium access control (MAC) layer information in order to identify the attackers. This defense mechanism comprises distributed rate control and bandwidth reservation. Once the attackers have been identified, the packets from those nodes are blocked.

III. Proposed DDoS Mitigation Technique This section present an analytical approach to identify the number of malicious packets and a modified hop count inspection technique to alleviate the malicious packets being sent that causes serious threat to the network performance.

A. Probabilistic Approach to Compute Malicious Packet Count

Let us consider that the packets arrive at a node with a Poisson distribution λ and let n be the number of malicious packets, r be the number of legitimate packets, N is the total number of packets arrived with λ and p be the probability that the packet is malicious and (1-p) be the probability that the packet is legitimate.


_____________________________________________________________________________________ www.jrret.com

The conditional probability that the packet being malicious is given by

( ) ( ) ( )

(1) Here ( ) is the probability that n occurrences are success and can be expressed in binomial form as given below ( ) ( )

(2) ( ) ( ) ⁄( )


The Poisson distribution of ( ) is given by

( ) ( )⁄( )

(4) Then using eq (3) and (4) , eq (1) becomes

( ) ( ) ⁄( ) ( ) ( ) ⁄ (5) ( ) ( )⁄( ) (6) ( ) ( ( ) ⁄( ) ) (7) ( )⁄ ( )( ) ⁄ (8) The probability of malicious packets in the traffic is given as

( ) ∑ ( )⁄ (9) By using the above equation, the number of malicious packets can be found with packet arrival rate λ and the joint probability p (p=1). After obtaining the number of malicious packets modified hop count approach is used to alleviate these malicious packets.

B. Modified Hop Count Approach

The modified hop count approach defends against DDoS attack based on the value stored in the TTL field. The algorithm first initializes a counter to one and for the number of malicious packets found it extracts the final and initial time to live value for every packet and computes the hop count value from the extracted value. If the computed hop count of the packet is not equal to the retrieved hop count then the packets are considered as malicious and discarded, otherwise packets are considered legitimate.

Initialize count=1 Tf= final value of TTL Ti= Initial value of TTL Hs= Stored hop count Let H= Tf-Ti


_____________________________________________________________________________________ www.jrret.com

for count= 1 to n Begin


Discard the packet Else

Allow the packet End if


Fig 1 Modified Hop Count Algorithm IV. Simulation Study

A. Simulation Setup

Simulations are carried out to evaluate the performance of the proposed approach. NS2 is used a simulation environment consisting of 60 mobile nodes. The nodes move randomly at an average speed m/s. Simulation time is 100secs. The routing protocol utilized is AODV that integrates the proposed mitigation technique. Table 1 shows parameters considered for simulation.

Simulation Parameters Network Area 1500 x 1000 Routing Protocol AODV No. of Mobile Nodes 60 Network Topology Flat Grid IEEE Standard 802.11 Broadcasting Range 550mts Application Type Cbr Application rate 1.0mb Simulation Time 100s Data Transfer Protocol TCP/ UDP Connection Type One-to-one

Table 1 Simulation Parameters Here, three nodes 5, 9, 15 send malicious traffic at the same time. Then node 25 sends malicious traffic after 60 secs. The

destination node for the entire traffic is node 6.

B. Performance Analysis

The proposed approach is evaluated in terms of the performance metrics: delay and drop rate. Fig 2 shows the delay in case of the proposed mitigation strategy. It is shown that the delay is low when compared to that of the normal AODV protocol. Fig 3 shows the drop ratio of the proposed approach. It is shown that only minimum packets are dropped in case of the proposed approach. In conventional AODV when the number of malicious node increases more number of legitimate packets is dropped.


_____________________________________________________________________________________ www.jrret.com

Fig 3 Packet Drop Rate V. Conclusion

MANET is an infrastructure less network because of its potential to operate without the help of fixed infrastructure. These networks are more vulnerable than wired counterpart and security plays a major role because of lack of limited resources and trusted centralized authority. The key security risk is a Distributed Denial of Service (DDoS) attack.It is hard to identify and control the DDoS attack because of large scale and complex system environments. In this paper, an analytical technique that utilizes Reactive Defense Mechanism to mitigate the DDoS attack has been proposed. Simulations are carried to evaluate the performance of the proposed approach and the results shows that this approach enhances network performance in terms of low delay and less packet drop. References

1. Mukesh Kumar, Naresh Kumar “Detection and Prevention of DDOS Attack in MANET’S Using Disable

IP Broadcast Technique”, International Journal of Application or Innovation in Engineering & Management, 2013.

2. Bapuji et al., “Quality of Service for Mobile Ad-Hoc Wireless Networks”, International Journal on Computer Science and Engineering, 2011. 3. A. Nadeem and M. Howarth,

"Adaptive Intrusion Detection & Prevention of Denial of Service Attacks in MANETs," International Conference on Communications and Mobile Computing, Leipzig, Germany, 2009.

4. M. Alicherry, A. D. Keromytis, and A. Stavrou, "Evaluating a Collaborative Defense Architecture for MANETs," IEEE Workshop on Collaborative Security Technologies (CoSec), December 2009.

5. M. Carvalho, "Security in Mobile Ad Hoc Networks," IEEE Security & Privacy, March/April 2008.

6. S.A.Arunmozhi, Y.Venkataramani, DDoS Attack and Defense Scheme in Wireless Ad hoc Networks, International Journal of Network Security & Its Applications, Vol.3, May 2011.

7. Ramratan Ahirwal, Leeladhar Mahour, Analysis of DDoS Attack Effect and Protection Scheme in Wireless Mobile Ad-hoc Network, International Journal on Computer Science and Engineering, 6 June 2012.


_____________________________________________________________________________________ www.jrret.com

8. Qi Chen , Wenmin Lin , Wanchun Dou , Shui Yu ” CBF: A Packet Filtering Method for DDoS Attack Defence in Cloud Environment”, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing.2011.

9. Jae-Hyun Jun, Hyunju Oh, and Sung-Ho Kim “DDoS flooding attack detection through a step-by-step investigation” 2011 IEEE 2nd International Conference on Networked Embedded Systems for Enterprise Applications, 2011. 10. Yinghua Guo, Matthew Simon,

Network forensics in MANET: traffic analysis of source spoofed DoSattacks, Fourth International Conference on Network and System Security, 2010.

11. S. A. Arunmozhi, Y. Venkataramani, “A New Defense Scheme against DDoS Attack in Mobile Ad Hoc Networks”, Communications in Computer and Information Science, 2011.


Related documents

Earth Planets Space, 55, 189?202, 2003 Paleomagnetism of the late Quaternary Ontake Volcano, Japan directions, intensities, and excursions Hidefumi Tanaka1 and Takehiko Kobayashi2 1Faculty

The ZKP is used to ensure non transmission of crucial cryptographic information in the wireless network in order to avoid man-in-the middle (MITM) attack and

In the battle between DDoS attacks and DDoS defense, what the corporation is facing is not a pile of DDoS attack packets, neither DDoS attack tools, but the operators controlling

Initially, these protocols were proposed for mobile ad hoc networks (MANETs), focusing primarily on network connectivity and using the number of hops (or hop

2.5 Venn diagram showing the number of true (T) and false (F) variants in the evaluation set and in the prediction of VerySNP, SNPSVM and VQSR applied to Pinot Noir dataset (TPs =

Interoute’s DDoS Mitigation Service uses Network Collectors and Threat Management Systems located at strategic POPs in our IP backbone, to analyse, identify and discard malicious

BALB/c mice were injected intramuscularly with adenovirus expressing the shed A subunit (TSHR-289), the noncleaving receptor (TSHR-D1NET), the WT TSHR (TSHR-WT), or control

It includes a Medical Benefits Chart that gives a list of your covered services and tells how much you will pay for each covered service as a member of Humana Medicare Employer

• Better coordination of care for mixed household families because applicants complete a single application through the HealthCare.gov website or within the ONE system to receive

The wormhole attack is a severe kind of attack, which consists in recording the traffic from one region of the network and replaying it. It is replayed in

Yet, an increase in attention to primary palliative care (e.g., basic physical and emotional symptom management, advance care planning), provided by primary care and

The role played by the Lucas organisation was crucial in the planting of Ballarat’s Avenue of Honour, the building of its Arch of Victory, the long-term civic management of the

technological change have led to a large set of near‐perfect substitutes available for virtually all 

 shell server if an ‘S’ (0x53) is sent as the first byte, the connection is cached as a bind shell drozer makes use of this server throughout exploitation to host the

To what extent do demographic characteristics such as gender, race, academic level, age, and first-generation status predict deeper life interactions among

The purpose of this report was to provide a narrative of both ‘what is happening’ and ‘how this came about’, when it comes to internationalisation of businesses and

Trial comes about on an information gathered by a realworld ecommerce website(shop.com) demonstrate that it can anticipate a client's subsequent buy conduct at once

This assertion is supported by or needs to take account of (i) the increases in yield of grain and straw, (ii) the changes in the quality of the grain, (iii) the

So, we have developed an algorithm that converts image histogram into eight byte code which will be used as primary key of a large databaseI. Second part of this

Nephrotic syndrome is most common paraneoplastic manifestations in lymphoma, approximately 10% of patients with newly diagnosed Idiopathic nephrotic syndrome, are

In Personalized collaborative environment webDAV assists the intelligent agent tutor to interact with the web servers to collect and produce cognizant knowledge to to the

From the point of view of carrying the secret information, both the EMIVCS and the TiOISSS are computer aided and carry two types of secrets, one is a secret image which can be

Deformable image registration (DIR) is a graphics tool that maps every point in a reference volume to the corresponding point in another image volume. With DIR