4724
Performance Of Reinforcement Learning Model
With Boltzmann Machine For Improving The
Intrusion Detection System In Manet
Dr.P.Bharathisindhu, Dr. Manjaiah D.H
Abstract: In network communication, the data moving from one place to another place is become easy. The security is also main issue in networks. Various researchers were proposed to overcome the drawbacks of networking in MANET. MANET is a Mobile Ad hoc Network where nodes are connected without any infrastructure. Due to independency of mobile nodes in the MANET the intrusion many play a role in attacking the nodes behavior and make the node as malicious. There are various techniques for intrusion detection in MANET. In our study learning model is used to improve the detection of intrusion with improved QOS. The positive prediction rate is increased with detection accuracy and the false positive rate is decreased. The learning model which employed in MANET with Reinforcement learning system. The applied machine learning model which increases the intrusion detection accuracy level and the reinforcement learning model employed with Boltzmann parameters. The result is compared with genetic algorithm and Naïve Bayes algorithm which are used to identify the malicious node and anomalies in the network data transmission.
Index Terms: Boltzmann machine, IDS, Reinforcement learning.
————————————————————
1 INTRODUCTION
MANET is Mobile Ad hoc Network that connect wirelessly with various networks. Each and every node in the network act as a host and router. The mobile Ad hoc network is taking up the major role in commercial purpose because of its properties [1]. The transmission power of the nodes and the location of the mobile nodes are never fixed for the period of time [2]. In wireless or wired network, MANET does not require a central station or pre- installed infrastructure. The nodes in the network free to move anywhere in the network [3]. The important functions of routing protocol are data forwarding and routing. Data forwarding function helps to forward the data packets towards destination, Routing function concern with route discovery and route maintenance. MANETs are vulnerable to various attacks by misbehavior nodes in the network [4]. The attacks are in two types namely Active attacks and Passive attacks. The examples of passive attacks are eaves dropping, traffic analysis and monitoring. The examples of active attacks include injecting packets to invalid destination, deleting packets, modifying the content of the data packets etc [5]. Intrusion Detection System (IDS) act as a defense layer to the mobile nodes. IDS help the MANET to analyze the malicious nodes and generate reports. It deals with confidentiality, integrity and availability of the resources of the computer system [6]. Learning model helps to improve the Intrusion detection with the improvement of quality of service (QOS) in transmission of data from one place to another place. In this paper, Back propagation model helps to improve the positive prediction
rate. The reinforcement learning in the machine learning model which improves the accuracy of intrusion detection and decrease the false positive rate.
2 RELATED WORKS
In this section of related work we provide the brief overview of the background information and previous research that helps the researchers to understand our proposed work.
2.1 Intrusion Detection System in MANET
There are various research related to IDS in MANETs. In this section we examine various techniques such that TwoACK, AACK, EAACK. We compared the various related machine learning techniques such as Naïve Bayes model, Genetic model with our proposed Learning model. Marti et al [7] proposed the Watch dog and Path rater that improves the throughput with the selfish misbehaving nodes. Watch dog serves as an Intrusion Detection System, that detects the misbehaving nodes and Path rater helps to avoid those misbehaving nodes from the network. The Watch dog mechanism fails to detect the malicious node in the presence of ambiguous collision, limited transmission power, false misbehaving report and partial dropping.Liu et al [8] proposed the TWOACK scheme to enhance the Watch dog mechanism by solving the problem of collision and limited power supply. The TWOACK scheme solves the problem of detecting misbehaving nodes in the presence of collision and limited transmission power. Nan Kang [9] proposed Enhanced Adaptive Acknowledgement (EAACK) scheme aims to overcome the weakness of traditional Watch dog mechanism. EAACK able to detect the malicious node with the presence of false misbehaving report with the introduction of MRA scheme.
2.2 IDS with Data mining Approaches
The probability model for Intrusion detection system provides the improved capacity for detecting the malicious nodes in the network [10]. The model provides the generalized solution for detecting the various attacks in the malicious node in MANET. The supervised learning based classifier is used and the relationship between the data
————————————————
Dr.P.Bharathisindhu is currently working as an Assistant Professor, Department of Computer Applications in Vellalar College for Women, Erode E-mail : [email protected]
Dr. Manjaiah D.H,Chairman and Professor, Department of Computer
science, Mangalore University, Mangalore. E-mail :
values is calculated. The thresholding is applied and the malicious nodes are detected with comparison of other data values of the nodes. The probability model ensures that identification of malicious nodes from the network and the malicious node is isolated from the network. The Naïve Bayes classifier is applied to detect the intrusions [11]. Ketan et al [12] proposed Genetic algorithm based on mathematical intersection principle detect the malicious node of the network. The result has shown that growth in accuracy of Naïve Bayes classifier with reduced time. The Genetic algorithm optimization model detects the malicious node based on trust values are calculated [13]. The trust value is calculated for each node, the packet related parameters such as packet generation rate, packet loss rate, packet delay and behavior of packet with node such as false packet generation rate, false packet mixing rate are calculated. The network related parameters as deviation in RSS, deviation in location and transmission time deviation are calculated for trust estimation. After Genetic algorithm optimization process the selected nodes are declared as malicious node.
3 PROPOSED WORK
The proposed system is designed by using the reinforcement learning in the machine learning model which significantly improves the accuracy of the intrusion and anomaly detection system by employing the learning process using the Boltzmann learning parameters. During the data transmission, packet drop ping and packet delaying can be occurred due to congestion and the collision along with the unavailability of the channel because of hidden terminal and exposed terminal problem. This will lead to false detection of the normal behavior as malicious behavior in the environment. In order to handle this network dynamics, the learning system is employed based on Reinforcement learning system.
3.1 Components of the Proposed work
IDS- The device which performs the intrusion and anomaly detection process by validating the behavior of the MANET devices using the Learning system.
Malicious device – the device which performing the dropping of data packets, content modifier, packet delayer to decrease the QOS of the network communication.
Input layer- The behavioral aspects are collected by the devices in terms of input parameters.
Output layer: The identified behavioral pattern and the characteristics of the node recognized by the IDS system.
Hidden layer- The collaboration between the input and output layer using state-action-reward –penalty system with Boltzmann machine.
3.1.1 Working mechanism of proposed system MANETs are vulnerable to intrusion and intrusion detection policy is performed in order to detect the attacks in the network environment. The working mechanisms of the proposed system is follows, MANETs are deployed with the set of packet intruder, packet dropper and DOS attacker to generate fake data packets. The data transmission is initiated by the source node and the route discovery
process is executed. Route request forwarding and receiving procedure is completed by all nodes in the network. Route reply is generated by intended destination node and forwarded by the intermediate nodes and forwarded by the intermediate nodes until reaching the source node. Once route is established data packet forwarding is handled by the source and intermediate node. Node monitoring is done by all IDS nodes, during request & reply and physical layer overhearing to monitor the data Packet reception count and forwarding count. The fake packets generated by the nodes are monitored by validating the packet size. The IDS nodes initiate the detection process with the reinforcement learning using Boltzmann input structure.
3.1.2 Intrusion Detection System process
The following node related additional parameters are collected by the IDS system along with various parameters that was collected such as packet generation rate, packet drop rate, packet delay [10].
A. Average energy loss for each data transmission.
B. Energy loss deviation C. Signal strength deviation D. Data forwarding ratio
E. Control message forwarding ratio
F. Integrity between original packet and dummy packets
From the node related parameters, the channel related aspects are calculated to differentiate the congestion and malicious behavior.
A. Channel occupancy ratio
B. Successful transmission probability of the channel
C. No. of collision and error rate of the channel
The behavioral prediction and decision making system is operated from the collected input during the learning process. The collaborated view of the hidden layer is formed by using the dynamic Bayesian network with Boltzmann structure.
( )
* +, ( ( )
∑ (
( ( ))
( ) ( ( )) )--- (1)
The dynamic Bayesian network is constructed in three ways are explained such that Inference model, parameter model and structured model.
3.1.3 Reinforcement learning
The dynamic Bayesian network is invoked as the process of the dynamic programming with Boltzmann parameters to perform the reinforcement learning process.
( ) ∑ ( ( ))---(2)
4726 i. Setup phase
ii. Detection phase
iii. Learning and Adaptation phase
Setup phase
Each node in the MANET maintains the timer for broadcasting the message periodically. The timer in the neighbor node validates the expire time of the neighbor and removes from the table. After the neighbor table process gets completed, the data transmission starts from the source node. The data packet is routed to the dropper nodes which drop the packets without forwarding it. The data forwarder device performs the channel overhearing to compute the packet drop count of the nodes. These nodes perform the monitoring to check the number of request and reply messages forwarded by the information of the packet transmission delay.
Detection phase
In the detection phase, the parameter for validating the characteristics of nodes is identified with the variation between the parameter learning. The structured learning process is applied based on Boltzmann input handling using the joint probability distribution. The structure merges all parameters and directly computes the trust vector of the node [13]. In the first structure, energy loss deviation, RSS deviation and channel occupancy ratio must be low where DFR, CFR and packet integrity must be high. In the second structure, the unit state probability is formulated by merging the energy. The relationship of DFR or RGR is high then the energy consumption must be high. In the third structure the RSS deviation is high and energy deviation is also high. In the fourth structure, if the DFR, CFR, COR is high then the energy is also high. In the final structure if the COR is low then DFR, CFR, RGR and energy is low.
Learning and Adaptation phase
Based on the information collected in detection phase, Reinforcement learning is applied with adaptation to detect the accurate behavior of the nodes.The learning predicts the reason for packet drop and delay to differentiate the network congestion and the malicious behavior. The prediction is applied based on sate-action policy validation. Learning timer is used to update the information collected and the policy for state-action during the monitoring process. Once the inference are identified in the learning system, the decision tree model is applied to integrate the adaption in the detection process.
4. EXPERIMENTAL SETUP AND RESULTS
In the experimentation process of contribution one, for simulation, network simulator (NS2.33) is used. A simulation location is created by network simulator for Mobile Adhoc Networks. The main feature of NS2 is of providing support for multi hop wireless networks.The comparative results are taken by varying the number of nodes as 50 to 250 with the difference of 50 nodes in each simulation. Second set of result has been taken by varying the packet generation interval as 0.1 to 0.5. And third set of results taken by varying the simulation time as 50, 75, 100,125, 150, 175 and 200. Results are compared with the existing schemes [10] [13] based on detection approach. The simulation parameters are depicted inTable.6.1.
Table.1 Simulation setup
SIMULATION ENVIRONMENT PARAMETERS
Number of nodes 50, 100, 150, 200, 250
Maximum Speed 4m/sec
MAC Type MAC 802.11 DCF
Antenna Type Omni Directional Antenna
Network Type 1000 X 1000 m2
Transmission Range 250 Meter Type of Connection
UDP Traffic Type
CBR & FTP Traffic Interval
0.1,0.2,0.3,0.4,0.5 Sec Packet Size
1024 Bytes Connection Bandwidth 2 MB
Mobility Model Random way point Simulation Time
200 Sec
Fig.1. Nodes versus number of packets received
The BRC is on the rise even though the number of nodes
increases.The proposed model out performs Gaussian
Naïve Bayes classifier and Genetic approach with an
increased rate.
Fig.2. Nodes versus packet delivery ratio
Fig.3. Nodes versus network rollout
The delay of Gaussian Naïve Bayes classifier and The
NRO is reduced in the proposed model. The proposed
model outperforms Gaussian Naïve Bayes classifier and
Genetic approach.
.
Fig.4. Nodes versus delay
4728
5. CONCLUSION
In Mobile ad hoc network (MANET) environment the nodes can transmit freely and communicated with each other. This unconditional movement of nodes in the network, the routes engaged to perfume data transmission the packets data are not stable. Thus, to propose a model for real time protocol for MANET environment is a major challenge. Reinforcement learning algorithm is applied in the proposed method to select the optimized neighboring node for transmitting the packet in the network. The experimentation results provided through NS2 demonstrates the advantage of this proposed contribution for MANET routing environment. Thus, the main focus of this proposed contribution in selecting optimized reliable and trusted node for transmission, by identifying the between malicious node and normal nodes for a secured network is attained successfully.
A
CKNOWLEDGMENTFirst and foremost, I would like to thank GOD for his showers to complete the work. Second I would like to thank Co-Author who encourages me towards the work and supported for implementing the work and for documentation. This research paper is made possible through the help and support from supervisor, parents, and friends of Vellalar College for women, Erode who supported me to complete my research successfully.
REFERENCES
[1] Sheenu Sharma and Roopam Gupta, ― Simulation study of Black hole attack in Mobile Ad hoc Networks,‖ Engineering science and Technology , pp.243-250, 2009.
[2] M.I.M. Saad and Z.A.Zukarnain, ― Performance analysis of random-based mobility models in MANET routing protocol,‖ European Journal of scientific Research, vol.32, no.4, pp.444-454,2009.
[3] Jayakumar.G and Gopinath.G, ― Ad hoc Mobile wireless network routing protocol-A Review,‖ International journal of computer science, 3(8), pp.574-562.
[4] Buttyan,L. and Hubaux J.P, ―Security and cooperation in wireless networks,‖ Cambridge university press,Aug.2007.
[5] Wu,B., Chen, J.,Wu,J and Cardei,M, ― A survey of attacks and counter measures in mobile ad hoc networks,‖ Wireless network security, 2007.
[6] S. Sharma, ―An Effective Intrusion Detection System for Detection and Correction of Gray Hole Attack in MANETs,‖ Internantional Journal of Computer Appllications, vol. 68, no. 12, pp. 1–5, 2013.
[7] S. Marti, T. J. Giuli, K. Lai, and M. Baker, ―Mitigating routing misbehavior in mobile ad hoc networks,‖ Proc. 6th Annu. Int. Conf. Mob. Comput. Netw. - MobiCom ’00, vol. 7, pp. 255–265, 2000.
[8] D. J. Liu K, ―An Acknowledgement Based Approach for the detection of Routing misbehaviour in MANETs,‖ Mob. Comput. IEEE Trans, vol. 6, no. 5, pp. 536–550, 2007.
[9] Nan Kang, Elhadi M.Shakshuki, Tarak R.Sheltami, ―
Detecting Misbehaving nodes in MANETs‖, iiWAS2010 proceedings security issues, pp.216-222,2010.
[10]Bharathisindhu.p., and Selva Brunda.S. ―Probability Model for Intrusion detection in Mobile Adhoc Network.‖ International journal of Engineering and technology, Inderscience Publishers, 7(2.20) pp.302-305, July 2018. [11]ShubhangiS.Gujar and B.M.Patil, ― Intrusion detection
using Naïve Bayes for real time Data,‖ International journal of advances in engineering and technology, vol.7, Iss.2,pp.568-574,May 2004.
[12]R. Desale, Ketan Sanjay and Ade, ―Genetic Algorithm based Feature Selection Approach for Effective Intrusion Detection System,‖ 2015 Int. Conf. Comput. Commun. Informatics, 2015.
[13]Bharathisindhu.p., and Selva Brunda.S. ―An improved model based on genetic algorithm for detecting intrusion in mobile ad hoc network.‖ Cluster Computing, January 2018. Springer International Publishing. DOI: 10.1007/s10586-018-1745-7.
