• No results found

Analysis of Denial of Service Attack Using Proposed Model

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Analysis of Denial of Service Attack Using Proposed Model"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

43

Chapter 5

Analysis of Denial of Service Attack Using

Proposed Model

5.0 Introduction

An Adhoc network is a collection of nodes that are capable of forming dynamically a temporary network without the support of any centralized fixed infrastructure. Since there is no central controller to determine the secure and reliable communication paths in the mobile Adhoc network. Each node in the Adhoc network has to believe on other nodes in order to forward packets. Thus highly cooperative nodes are required to ensure that the initiated data transmission process does not fail. In a mobile Adhoc network where security is a critical issue and they are forced to rely on the neighbor node, trust plays an important role that could increase the number of successful data transmission. The larger number of trusted nodes results enhances the successful data communication process rate.

In this chapter, denial of service (DoS) attack is applied in the network. Evidences are collected to design an intrusion detection engine for MANET intrusion detection system (IDS). The flow diagram of this chapter is given in the Figure 5.1.

5.1

Problem Definition for Denial of Service Attack for MANET

Problem Definition 1: Simulation without DoS Attack

There are 21 MANET workstations with random mobility of (0-20) m/Sec, following a random way point trajectory (predefined trajectory 5 for Adhoc network in Opnet). Simulation area is (1000*1000) meter. This simulation area is considered because most of

(2)

44

the researchers are using this area and it will be easy to compare the results more accurately. But this is not a constraint one can consider any area with varying density of mobile nodes. All nodes are AODV enabled, sending the route request for mobile node 21. Figure 5.2 shows the environment of simulation. Simulation parameters are given in Table 5.1. For the problem definition 1, AODV parameters are given in Table 5.2 and MANET traffic generated parameters are given in Table 5.3.

(3)

45

Figure 5.2: Simulation environment

Table 5.1: Simulation parameters at a glance

Parameters Value

Simulation Area 1000*1000 (in meters) Simulation Time 1200 Sec

Nodes 21

Mobility (0-20)m/sec (Random) Distribution Random

Trajectory Trajectory-5 Routing Protocol AODV

Table 5.2: AODV Parameters

Parameters Value

Route Discovery Parameters Default Route Request Retries 5 Route Request Rate Limit

(Packets/Sec)

10 Active Route Timeout 3

Hello Interval Uniform (1,1.1) Net Diameter 35

Table 5.3: MANET traffic Parameters

Parameters Value

Start Time 10 Packet Inter Arrival Time Exponential(1)

Packet Size Exponential(1024) bits Destination IP Address Mobile Node 20

(4)

46

a) Problem Definition 2: With one Malicious Node

Problem definition is the same as in problem definition 1, except in this case, one node is malicious and attempting to create a DoS attack for destination node 21. For simulation environment the parameters are same as in shown in the Table 5.1 for normal nodes. AODV and MANET traffic parameters are the same as in Table 5.2 and Table 5.3. Routing parameters for malicious node are shown in Table 5.4. MANET traffic generation parameters are given in Table 5.5.

Table 5.4: AODV Routing parameters (malicious node)

Parameters Value

Route Discovery Parameters Malicious Route Request Retries 100 Route Request Rate Limit

(Packets/Sec)

1000 Active Route Timeout 3

Hello Interval Uniform (1,1.1) Net Diameter 100

Table 5.5: MANET Traffic parameters (malicious node)

Parameters Value

Start Time 10 Packet Inter Arrival Time Exponential(1)

Packet Size Exponential(65535000) bits Destination IP Address Mobile Node 20

5.2

Comparison With and Without Malicious Node

The performance of the system with and without malicious node are given in Figure 5.3 to Figure 5.10. After comparing with the result of without denial of service attack, it can be concluded that the performance of the system degrades in the presence of the malicious node. More than one malicious node can be assumed and a total number of nodes in the network may be scalable. But the aim of this research is to extract the data from simulation to design the detection engine for denial of service attack, whatever the number of nodes trusted is large enough or fewer malicious nodes.

(5)

47

Figure 5.3: Total routing traffic received

Figure 5.4: Total routing traffic sent

(6)

48

Figure 5.6: Total MANET traffic sent

Figure 5.7: Total packet drop

(7)

49

Figure 5.9: Target node delay

Figure 5.10: Target node packet queue size

5.3

Feature Extraction for Denial of Service Attack

The following features are extracted for DoS attack on the basis of above simulation.

Total Delay (MDelay);

MANET Traffic Sent Ratio (MTSR) =

(MANET Traffic Sent by Malicious Node / Total MANET Traffic Sent) *100;

MANET Traffic Received Ratio (MTRR) =

(MANET Traffic Received by Malicious Node / Total MANET Traffic Received) *100;

Routing Traffic Sent Ratio (RTSR) =

(Routing Traffic Sent by Malicious Node / Total Routing Traffic Sent) *100;

Routing Traffic Received Ratio (RTRR) =

(Routing Traffic Received by Malicious Node / Total Routing Traffic Received) *100;

(8)

50

Route Request Ratio (RRReq) = (Route Request Generated by Malicious Node / Total Route Request) * 100;

Route Reply Ratio (RRRep) = (Route Reply Received by malicious node / Total Route Reply sent by the Destination node);

5.4

Rules Set for DoS Attack

Following rule sets are generated. But these rule sets and their threshold value may be changed according to the need and the environment of the network. We may use an incremental approach to build up the rule sets dictionary.

If ((MDelay > 0.014 Sec) ˅ If (PDR > 25%) ˅If (MTSR > 50% ^ MTRR < 5%) ˅ If (RTSR >10 % ^ RTRR < 5%) ˅ If (RRReq > 20% ^ RRRep > 5%))

Then {Not A Friend};

5.5

Training Data Set for Denial of Service Attack

Table 5.6: Training data set for DoS attack

Input Features Train Data Set Function Parameters (C,γ)

CPU Run Time (in Sec) Mis Classified Support Vector 8 1190 Linear Default 146.27 166 337 8 1190 Linear (0.5,0.5) 1265.7 151 345 8 1190 Linear (1,0.5) 701 156 335 8 1190 Linear (1,1) 700.7 156 335 8 1190 Linear (2,1) 129.94 156 329 8 1190 Radial Default 1.36 123 407 8 1190 Radial (0.5,0.5) 2.59 124 379 8 1190 Radial (1,0.5) 0.80 120 374 8 1190 Radial (1,1) 1.10 111 394 8 1190 Radial (2,1) 1.40 110 395 8 1190 Sigmoid Default 0.24 414 828 8 1190 Sigmoid (0.5,0.5) 0.21 414 828 8 1190 Sigmoid (1,0.5) 0.22 414 828 8 1190 Sigmoid (1,1) 0.22 414 828 8 1190 Sigmoid (2,1) 0.24 414 828

(9)

51

5.6

Testing Data Set for DoS Attack

Table 5.7: Test data set for DoS attack Input

Features

Test Data Set

Function Correct Incorrect Accuracy (%) Precision/Recall 8 1190 Linear 1024 166 86.05 90.45% / 87.89% 8 1190 Linear 1039 151 87.31 89.41% / 91.37% 8 1190 Linear 1034 156 86.89 89.64% / 90.34% 8 1190 Linear 1034 156 86.89 89.64% / 90.34% 8 1190 Linear 1034 156 86.89 89.64% / 90.34% 8 1190 Radial 1067 123 89.66 88.19%/97.16% 8 1190 Radial 1066 124 89.58 88.26%/96.91% 8 1190 Radial 1070 120 89.92 88.77%/96.78% 8 1190 Radial 1079 111 90.67 89.26%/97.42% 8 1190 Radial 1080 110 90.76 89.45%/97.29% 8 1190 Sigmoid 776 414 65.21 65.21%/100% 8 1190 Sigmoid 776 414 65.21 65.21%/100% 8 1190 Sigmoid 776 414 65.21 65.21%/100% 8 1190 Sigmoid 776 414 65.21 65.21%/100% 8 1190 Sigmoid 776 414 65.21 65.21%/100%

A model file generated after training on the training data set is the confidence value generated by SVM LIGHT, which is the value used to test the given test data set of prediction. The accuracy shows the true positive and true negative generated by detection engine. Table 5.6 and Table 5.7 shows the result of training and testing. The accuracy depends upon the nature of input features and their classifications.

5.7

Results and Validation

For the given test data set the accuracy of detection engine is the best in case of radial function and observed to be more than 90%, which is satisfactory for an Adhoc environment. The obtained results are observed to be better than the previous work done by the researchers given in Table 5.8.

(10)

52

Table 5.8: Result comparison with previous models for DoS Attack

S.No. Model Accuracy

1. Hongmei Deng et. Al [81] (1-SVMDM) 89.95% 2. Hongmei Deng et. Al [81] (2-SVMDM) 90.45% 3. Aleksandar L. et. Al [82], (LOF approach) 68.4% 4. Aleksandar L. et. Al [82], NN approach 73.7% 5. Aleksandar L. et. Al [82], Mahalanobis-based

approach

57.9%

6. Aleksandar L. et. Al [82], Unsupervised SVM approach

84.2%

7. Proposed Approach 90.76%

5.8

Conclusion

In this chapter, denial of service (DoS) attack is applied in the network using reactive protocol AODV. Evidences are collected, features are extracted and rules are applied to detect the intruder. SVMLIGHT is used to train the data set and then the test data set is used to check the accuracy of the system. Linear, radial and sigmoid functions are used to train and test the data set. Improved accuracy is achieved and which is observed to be more than 90% which is better than previous models. A model file generated for DoS attack will be deployed in an appropriate layer for detection.

References

Download now ( PDF - 10 Page - 1.01 MB )

Related documents

The Role of Learning and Performance Orientation Practices in Predicting the Employees’ Psychological Empowerment of an Industrial Organization

It is argued that the effect of Learning orientation practices and Performance orientation practices are manifest in Psychological empowerment as having either a positive or

Mating Incidence of Feral Heliothis virescens (Lepidoptera: Noctuidae) Males Confined with Laboratory-Reared Females

The USDA-Agricultural Research Service (ARS) at Stoneville, Mississippi, in collaboration with multiple research institutions in North America, received males of H.

Optimization of Sheet Thickness for CRCA Sheet Metal Panel in a Storage Rack by Experimental Analysis of Deflection under Static Load

The results obtained through the structural analysis of CAD models using ANSYS gives an idea about selection of optimum thickness and selection of folding arrangement

Nutrition Education Practices Are Associated With Selected Operational Characteristics In A Sample Of Northwest North Carolina Food Pantries

The presence of nutrition education offerings (including Healthy Food Bank Hub resources, dietary guidelines, nutrition education materials, interactive nutrition workshops,

Discrimination in the U.S Mortgage Market: A Historic Overview of Discriminatory Practices and How the Rapid Expansion of the Secondary Market has Reshaped them and the Incentives Behind Them

rapid expansion of the secondary market, gave rise to new discriminatory practices (predatory lending, algorithmic based discrimination).. My project analyzesthe

4. Impurities and dopants

increases with increasing oxygen activity. Depending on the impurity content, oxygen activity and temperature, p may become larger than n. In a situation like this the oxide

Long Term Effects of Mindfulness on Quality of life in Irritable Bowel Syndrome

As can be observed in the table, the results of covariance analysis revealed that due to the effect of the post-test at follow-up and controlling the same,

Women's experiences of ovulation testing: A qualitative analysis

Results: Data saturation was reached after 36 interviews. The use of the OT appeared to elicit 10 key themes, which could be described within the context of three overarching issues: