Detection of IDS Based on Game Theory Pay off with Cluster Formation using DSR Protocol

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 4, Issue 7, July 2014)

873

Detection of IDS Based on Game Theory Pay off with Cluster

Formation using DSR Protocol

V. Vinoba

1

, P. Hema

2

1

K.N.Government ArtsCollege.,Tamil Nadu, India.

2_{Assistant professor, RMKCET}

Abstract— Wireless sensor networks has grown a lot in recent years and offers excellent opportunities in defense related applications such as monitoring environment and collecting data related to anti- social activities. So there is a need to develop new techniques or modify the current security mechanisms to transfer data from source to base station. Game theory is a mathematical method that describes the phenomenon of conflict and co - operation between intelligent and rational decision- makers. In particular, the theory has been proven very useful in the design of WSN. A new method for detection of IDS based on cluster and game theory is proposed in this paper. When a target occurs in sensing field of WSN, the sensor node begin to form cluster dynamically and they start to negotiate with game theory. In this paper we formulate, non zero sum and non cooperative game between IDS and attacker with dynamic information depend upon the DSR routing protocol. And also it we used pay off calculation of the entire network with the threshold condition achieved while cluster formation into the WSN. Here we proposed Distributed packet forwarding algorithm. The aim of that algorithm is to find the best network of cluster ranked through pay off.

Keywords—clusters, distributed with packet forwarding algorithm, Dynamic source routing protocol, game theory, pay off, threshold.

I. INTRODUCTION

Wireless Sensor Networks is a new technology which is used in a huge majority of applications. This network is a graph which consists of a large number of sense nodes. These nodes are able to gather the information and process it and send it to the relevant destinations. The sensors have some individual characteristics such as small dimension

and low power consumption. Because of these

characteristics, they could be used in different fields such as military, agricultural, industrial, and biomedical applications. Furthermore, they could easily be used in different environments such as unreachable or dangerous regions. Since there is no need to use a large amount of wire and complicated configuration and installation for these sensors in the network, we could use them with lower cost in comparison with traditional networks.

(2)

International Journal of Emerging Technology and Advanced Engineering

874 Essential network operations can be jeopardized by nodes that do not properly execute their share of the operation like routing, forwarding, etc. Nodes misbehavior that affects these operations could be due to selfishness or lack of collaboration due to the power. In this paper, we propose two novel approaches for prevention of denial of service attack. We would like to achieve that only good behavior pay off in terms of service and power consumption. In order to detect malicious nodes we introduce a scheme based on a foundation of game theory, where we define a game between an attacker and the wireless sensor and cluster node. In this game each player tries to maximize its own payoff. Attacker as a player tries to gain malicious behavior by performing two types of denial of service attack: (i) not forwarding of control messages or data, or (ii) falsifying route error messages by issuing route error messages to a normal node and thus misdirecting the path. Wireless sensor and cluster networks must defend nodes from such intrusions, we formulate the attack-defense game as a two player, nonzero-sum, non-cooperative game. We show that this game achieves Nash Equilibrium, thus leading to a defense strategy for the network. Then in order to choose the most reliable route we propose two different approaches. In the first approach we include the total utility of each route in data packets. In the second approach we incorporate a watch-list, where misbehavior results in bad reputation, which propagates to other nodes too.

II. RELATED WORKS

Different security protocols have been proposed for sensor networks. The SNEP protocol [12] has low communication overhead (only 8 extra bytes per message),

providing baseline security primitives like data

confidentiality, two-party data authentication, reply protection and message freshness. It achieves semantic security, i.e., the same message is encrypted differently each time, thus preventing eavesdroppers from inferring the

content from the encrypted message. The μ TESLA

protocol [11] uses a symmetric key mechanism. To generate one-way key chain, the sender chooses the last key randomly and generates the remaining values by successively applying a one way function. The protocol discloses the key once per time interval (rather than one key per packet), and restricts the number of authenticated

senders. To bootstrap, each receiver needs one

authentication key of one-way function key chain. The base station can also broadcast disclosed key and perform initial bootstrapping for new receivers to conserve energy.

The periodic key disclosure of μ TESLA ensures

compromising a single sensor does not reveal the keys of all the sensors in the network. Authors in [4] proposed CONFIDANT protocol, which consists of the following components: (i) monitor, (ii) reputation system, (iii) path manager and (iv) trust manager. In this approach neighborhood watch is proposed and nodes locally look for deviating nodes. As a component within each node, the monitor registers these deviations from normal behavior. Reputation system provides a quality rating of participants of transactions. Path manager ranks paths according to security metric. A trust table managing trust levels for nodes to determine the trustworthiness of paths will be managed by the trust manager. It is obvious that this approach would not fit sensor networks due to their limited memory. The user cooperation in ad hoc networks has been studied in [15], in which an acceptance algorithm that each node uses, to decide whether to accept or reject a relay request is proposed. The system is proved to converge to an equilibrium point. The authors assume each user has sufficient information about the system, like number of users in each energy class, and hence users exchange their view of the system. However, they do not consider malicious users. A framework to study the existence of cooperation in packet forwarding in a wireless network is proposed in [7], in which a model is defined and the conditions under which cooperative strategies can form an equilibrium are identified. This approach does not require each node to keep track of the behavior of other nodes, but it is assumed all routes are static. Authors in [10] proposed

two mechanisms called watchdog and path rater. The

watchdog identifies misbehaving nodes while the path rater selects routes that avoid the identified misbehaving nodes. Under their framework, selfish nodes are not discouraged and well behaving nodes may be unfairly made busier.

III. PROPOSED FRAME WORK

(3)

International Journal of Emerging Technology and Advanced Engineering

875 After first cluster head is chosen and sub nodes formed, then second cluster head is chosen and again forms the sub nodes. This process continued up to 5 cluster heads formed. Generally, non-cooperative game approach between attacker and wireless sensor cluster network. So co-operation that contains the measuring of the energy levels and reputation having number of packets forwarded to the neighbor nodes at a time. Attackers are not covered into the network region. Those nodes can be available outside of the network.

Now, every sub nodes send the data with energy to the relevant cluster heads. In this time, outside of the attacker node hacked the data from any one of the sending node and that node acts as the normal node. Now that normal node includes the error message and send to the neighbor node and that to the Cluster head. Cluster head receives the energy level from their sub nodes and send that energy level to the sink nodes then detect the attacker and malicious node location from the sink easily while using UDSR Protocol. Because, Route-Request message sending to sink node from each clusters. So we can easily detect the attacks. This is falsifying error route message attack or active attack. This attack can broke the link or path of the route in the cluster group and also discard from the cluster. If Attacker sends error message of data to any node then detected and dropped from that sub node itself. That is called the black hole attack or passive attack. So every cycling of the process rescheduling the cluster head based on the highest energy level with the reply message to the new cluster head form from the sink node or base station. This approach is based on the Utility Dynamic source routing protocol. And another important approach of the protocol is the threshold value with the pay off calculation. That can be 0 or 1 that is 0 - pay off decreases depends upon the threshold value and 1 - pay off increase depends upon the threshold value. Based on the threshold condition with pay off using to send the data with energy, avoid the maximizing attacker in the entire network compare to the previous UDSR protocol. So, it can be cluster efficiency with the network performance increasing using Game Theory approaches.

IV. OUR PROPOSED MODEL

Throughout this paper we refer to IDS. IDS are an intrusion detection system, where its task is protecting sensor nodes against intrusions. IDS is able to monitor all sensor nodes, but due to system limitations it can protect only one sensor node at each time slot, and based on game theoretic frame work it will choose such sensor node for protection. Further we refer to such nodes as cluster heads. We define one non cooperative non zero sum between two players the attacker and sensor nodes.

V. PROPOSED PROTOCOL

(4)

International Journal of Emerging Technology and Advanced Engineering

876 DSR allows the network to be completely self-organizing and self-configuring, without the need for any existing network infrastructure or administration.DSR has been implemented by numerous groups, and deployed on several test beds. Networks using the DSR protocol have been connected to the Internet. DSR can interoperate with Mobile IP, and nodes using Mobile IP and DSR have seamlessly migrated between WLANs, cellular data services, and DSR mobile ad hoc networks.

The protocol is composed of the two main mechanisms of "Route Discovery" and "Route Maintenance", which work together to allow nodes to discover and maintain routes to arbitrary destinations in the ad hoc network. All aspects of the protocol operate entirely on-demand, allowing the routing packet overhead of DSR to scale automatically to only that needed to react to changes in the routes currently in use. The protocol allows multiple routes to any destination and allows each sender to select and control the routes used in routing its packets, for example for use in load balancing or for increased robustness. Other advantages of the DSR protocol include easily guaranteed loop-free routing, support for use in networks containing unidirectional links, use of only "soft state" in routing, and very rapid recovery when routes in the network change. The DSR protocol is designed mainly for mobile ad hoc networks of up to about two hundred nodes, and is designed to work well with even very high rates of mobility

VI. PACKET FORWARDING SCHEME ALGORITHM

Trust based packet forwarding scheme and we introduce the scheme for the purpose of data security. We calculate the trust index using the Algorithm 1 and the Route are selected based on the trust Index of all nodes.

Let Z = {N1,N2,….Nn} be the network of nodes.

Ti be the trust index of node Ni

Tinc be the value of trust increment, Trust Based Packet

Forwarding Scheme for Data Security in Mobile Ad Hoc Networks

Tdec be the value of trust decrement,

Tth be the trust threshold value.

Nk be the node which forwards a data packet Pk.

p be positive constant for trust increment and decrement.

Algorithm 1

1. Initially, each node maintains a lookup table, which includes sequence numbers, source and destination IP addresses and port numbers, and the address of the next hop.

2. Node Ni receives the data packet Pk.

3. If Pk is a retransmitted packet, then Node i decrements

trust index of Nk by

Tdec = Tdec – 2*p

Compare Ti-1 with Tth.

If T0 < Ti-1 < Tth,

Packet is dropped.

Else

Packet is forwarded to node Ni+1.

Ni updates the lookup table with current trust values.

End if

Else

If Pk is an acknowledgement packet, then

If Nk originally forwarded Pk, then

Ni increments trust index of Nk by

Tinc= Tinc + p

End if

VII. PACKET FORWARDING PROCESS:

(5)

International Journal of Emerging Technology and Advanced Engineering

877

VIII. SIMULATION SCENARIO

(6)

International Journal of Emerging Technology and Advanced Engineering

878

IX. SIMULATION TABLE RESULT

Simulation Setup

Parameters Value

Transmission Range

250 m

Network Area 1900X1000

No of nodes & CH 94 & 5

Packet rate 0.9 pkt/sec

Packet size 1000 bytes

Bandwidth &

Energy

5 Mbps & 100 Joule

Routing Protocol DSR

X. PERFORMANCE EVALUATION

We use the following metrics in order to evaluate the performance of proposed protocol

Transmission Delay (end to end delay): Delay of individual packet is the difference between times a packet takes to reach the final destination node from originating time of a packet from source node. Therefore transmission delay (or end to end delay) is the ratio of sum of all such delays of each packet to the number of packets transmitted from source to destination.

Node Energy Consumption: The node energy consumption measures the average energy dissipated by the node in order to transmit a data packet from the source to the sink. The same metric is used in [5] to determine the energy efficiency level of WSNs. It is calculated as

(7)

International Journal of Emerging Technology and Advanced Engineering

879

XI. CONCLUSION

Our scheme was to measure the effectiveness of this application in detecting malicious behavior. In this paper, we proposed of two protocols: UDSR and watch-list protocol for the utility value and also cope with the problem of false labeling. We would also like to investigate how to set threshold values and also by defining an acceptable threshold for cooperation and reputation of sensor nodes, We can observe behavior of sensor nodes and isolate suspicious nodes. Finally, the experimental results show that by including the utility value of each route which is based on cooperation and reputation of en-route nodes, we can guarantee a more reliable delivery.

In enhancement, nodes mobility with prevention of attackers the network security performance will be improved based on multi hop routing selection algorithm.

REFERENCES

[1] I. F. Akyldiz, W. Su, Y. Sankarasubramaniam and E. Cayirci,

―Wireless sensor networks: a survey,‖ Computer Networks, vol.38, pp:393-422

[2] I. F. Akyildiz and I. H. Kasimoglu, ―Wireless sensor and actor networks:research challenges,‖ to be published Ad Hoc Networks, 2004.

[3] T. Basar and G. T. Olsder, Dynamic Non cooperative Game Theory,

2nd_{Ed., Society of Industrial and Applied Mathematics, 1999.}

[4] S. Buchegger and J. L. Boudec, ―Performance Analysis of the

CONFIDANT Protocol Cooperation Of Nodes-Fairness In Dynamic Ad-hoc NeTworks,‖ MobiHoc, 2002.

[5] N. Bulusu, D. Estrin, L. Girod and J. Heidemann, ―Scalable

coordination for wireless sensor networks: self-configuring localization systems,‖International Symposium on Communication Theory and Applications

[6] Dan Li, Kerry D. Wong, Yu Hen Hu, Akbar M. Sayeed."Detection,

Classification, and Tracking of Targets,"IEEE Signal Processing Magazine, Volume 19, pp: 17-19, (2002).

[7] M. Felegyhazi, L. Buttyan and J. P. Hubaux, ―Equilibrium Analysis

of Packet Forwarding Strategies in Wireless Ad Hoc Networks the Static Case,‖ Proceedings of Personal Wireless Communications (PWC ‗03),

[8] Wei-Peng Chen, Hou, J.C, Lui Sha. "Dynamicclustering for acoustic target tracking in wireless sensornetworks", IEEE Transactions on Mobile Computing,Volume 3, pp: 258 - 271, (2004).

[9] L. Buttyan and J.P. Hubaux, ―Nuglets: AVirtual Currency to

Stimulate Cooperation in Self organized Mobile Ad-Hoc Networks,‖Technical Report DSC/2001/001,Swiss Fed. Inst. Of Technology, Jan. 2001

[10] S. Marti, T. Giuli, K. Lai and M. Baker, ―Mitigating routing misbehavior in mobile ad hoc networks,‖ Proceedings of Mobicom 2000, Boston, MA,USA, August 2000.

[11] A. Perrig, R. Canetti, J. Tygar and D. Song, ―Efficient

Authentication and Signing for Multicast,‖ NDSS, 2001.

[12] A. Perrig, R. Szewczyk, V. Wen, D. Culler and J. D. Tygar, ―SPINS:

Security Protocols for Sensor Networks,‖ MobiCom, pp: 189-199, July 2001.

[13] V. Srinivasan, P. Nuggehalli, C. Chiasserini, and R. ao,―Cooperation in Wireless Ad Hoc Networks,‖ Proc. IEEEINFOCOM, vol. 2, pp. 808-817, Apr. 2003

[14] E. Shih, S. Cho, N. Ickes, R. Min, A. Sinha, A. Wang and A.Chandrakasan, ―Physical layer driven protocol and algorithm design for energy-efficient wireless sensor networks,‖ Proceedings of ACMMobiCom, Italy, pp:272-286, July 2001

[15] Nuggehalli, C. F. Chiasserini and R. R. Rao, ―Cooperation in Wireless Ad Hoc Networks,‖ INFOCOM, 20