Security Enhancement with Removal of Denial of Service Attack in MANET

_______________________________________________________________________________________

Security Enhancement with Removal of Denial of Service Attack in MANET

Pranita Joshi

_{, Gajendra Singh Chandel}

1 _{Research Scholar, Computer Science Department, SSSIST, Sehore, MP, India, pranita.joshi16@gmail.com} 2 _{Assistant Professor, Computer Science Department, SSSIST, Sehore, MP, India, gajendrasingh86@rediffmail.com}

Abstract

The risks to users of wireless technologies have been increased as the service has become more popular. Due to the dynamically changing topology, open environment and lack of centralized security infrastructure, a Mobile Ad-hoc NETwork (MANET) is vulnerable to the presence of malicious nodes and to ad hoc routing attacks. There are a various types of routing attacks that target the weakness of MANETs. Our work focuses on security enhancement for Mobile Ad-hoc Network's routing vulnerability and analyzes the network performance under the various types of attacks especially for Denial of Service Attack. Distributed Denial of Service attack is a coordinated attack, generally performed on a massive scale on the availability of services of a target system or network resources. We have proposed a Modified DSDV protocol against these attacks. Destination Sequence based Distance Vector (DSDV) routing protocol and the effectiveness of the schemes is validated using NS2 simulations.

Keywords: DoS, MANET, ATTACK, DSDV.

---***---1. INTRODUCTION

Denial of service attacks are the collection of fake messages that attacks on resources by misleading services and error prone methods to degrades the performance of networks by overfilling a unit using big number of fake information. The Mobile ad hoc network (MANET) is a dynamic, autonomous multi-hop network. Mobile Networks are not addicted to dedicated infrastructure and can be assembled with dynamism. The Communication between source and destination node in such networks is dependent on participating communicative nodes. Wireless networks are capacitive in terms of many applications run over it, viz. unrestrained conversations, in military battlefields, academics, hospital and tourism etc. In all such applications a dynamic communication is mandatory. Fei Xing et al [1] described, all these applications require mobile, autonomous and dynamic formation of networks in mobile scenario. There may be two flavors of MANET: closed and open network. Liu et al [2] incepted, In case of closed MANET such as military application, all communicating nodes co-operate towards a common desired goal. Next node entry can be done by the authorized nodes. In open MANET, nodes are free to join the application network and leave the network. Their operational goals may be different.

This scene can be compared with the online video conferencing system where one can interact directly with means of conferencing and shared camera. Both the ends the user can communicate and experience a sole user. But this infrastructure also may have many numbers of weaknesses in terms of connection, authentication, information distribution and open end mechanism. The open end mechanism is the phenomenon by which no one can filter the upcoming request or node while communicating with video conferencing. As compared to dedicated wired network there are various

vulnerabilities exists and this represents due to node’s multi-hop nature.

DOS attacks impact connectivity of the network severely. DOS attacks in wired network exist because of vulnerabilities of communication protocols of the network. For example SYN flood attack, where DOS attacks use 3- way handshake protocol of TCP. DOS attacks in case of MANET become multifold as compared to that of wired network. As the communication in MANET is hop by hop through intermediate nodes; internal nodes of network may in turn attacks other neighbouring nodes with in the network. The proposed study presents a classification of DOS attacks in MANETs. This classification will help researchers for the in-depth analysis of attacks in MANETs. A comparison of counter measuring techniques suggested by different researchers is also presented.

2. LITERATURE SURVEY

A wireless Ad-Hoc network [4] is a decentralized type of wireless network. The network is Ad-Hoc because it does not rely on a pre-existing infrastructure, such as routers in wired networks or access points in managed (infrastructure) wireless networks.A Mobile Ad-Hoc network (MANET) [7] is a self-configuring infrastructure less network of mobile devices connected by wireless. Ad-Hoc is Latin and means "for this purpose". Each device in a MANET is free to move independently in any direction, and will therefore change its links to other devices frequently. Each must forward traffic unrelated to its own use, and therefore be a router. The primary challenge in building a MANET is equipping each device to continuously maintain the information required to properly route traffic. Such networks may operate by themselves or may be connected to the larger Internet. MANETs are a kind of wireless Ad-Hoc networks that

_______________________________________________________________________________________

usually has a routable networking environment on top of a Link Layer.

Currently, it seems unfashionable to strictly define attack or virus or any other perfectly good term. It's simpler and more profitable to threaten non-technical people with a attack than it is to address the real problems of a software and hardware monoculture. An attack consists of a process or set of processes that replicates without human intervention by creating an executing copy of itself on another computer via some form of network communication.

Jargon and team [9], a program that propagates itself over a network, reproducing itself as it goes can be formulated as a network attack. Alexander Bartolich [12], an attack is a program that penetrates other running programs. Penetration means to copy the executable code of the attack into the active process image of the host. One has to realize that an attack spreads itself - a user has to ask to download a Java applet, so applets don't count as attacks. Email viruses like Klez or Sir Cam also require human intervention. Before the virus activates, the user has to at least open the email carrying the virus, and possibly even open the attached document that contains virus code. By creating an executing copy of itself via some form of network communication allows us to distinguish between a fork bomb and an attack. A fork bomb consists of many replicating processes on a single machine, without recourse to network communication.

2.1 Denial of Service Attack

In this case, an attacker node receives packet at one location in the network and tunnels them to another location in the network, where these packets are resent into the network. This tunnel between two malicious nodes is called denial. In MANETs, nodes act as both routers and ordinary nodes. Due to dynamic network topology and lack of centralized infrastructure, network security has brought a new challenge to networking communities. Unlike traditional networks, MANETs are more vulnerable to DoS attacks due to limited resources that force nodes to be greedy in resource utilization. When there is no cooperation, activities of even a small number of nodes may significantly decrease the performance of the network. For example, a misbehaving node that discards any packets passing through it can result in repeated retransmissions, which in turn cause network congestions. Also, a wireless link does not provide the same protection for data transmissions as does its wired link counterpart. Hence, any user or receiver within the transmissions range can eavesdrop or interfere with data packets or routing information. Battery power is another critical resource for mobile nodes. If the battery power has been used up due to malicious attacks such as the sleep deprivation attack, the victim will not be able to provide network services.

Since all nodes can be mobile, changes in network connectivity and resource availability also expose a network

to various attacks. This calls for detection and prevention of attacks in the network. Some intrusion prevention measures, such as cryptograph and authentication, can reduce the threats against MANETs. However, these mechanisms either cause greater overhead and latency or cannot defend against malicious internal nodes. The deployment of a Public Key Infrastructure (PKI) requires certification authority, but such an entity must always be available. Most current research on MANET security focuses mainly on secure routing.

2.2 Black Hole Attack

In Black Hole Attack a malicious node advertises itself as having the shortest path to the node whose packets it wants to intercept. A black hole attack is used by a malicious node which makes all the traffic travel through it by claiming to have the shortest route to all other nodes in the network.

2.3 Spoofing Attack

In spoofing attack, the attacker assumes the identity of another node in the network; hence it receives the messages that are meant for that node. Usually, this type of attack is launched in order to gain access to the network so that further attacks can be launched, which could seriously cripple the network. This type of attack can be launched by any malicious node that has enough information of the network to forge a false ID of one its member nodes and utilizing that ID and a lucrative incentive, the node can misguide other nodes to establish routes towards itself rather than towards the original node.

2.4 Non repudiation Attack

Non repudiation ensures that sender and receiver of a message cannot disavow that they have ever sent or received such a message. This is helpful when we need to discriminate if a node with some undesired function is compromised or not.

3. PROPOSED WORK

In this paper the work proposed is based on Ad-hoc routing protocols. Basically a proactive routing protocol DSDV is used to remove the Denial of service attack with a modified version of it. Using MDSDV protocol the DoS attack is removed and packet drop ratio is minimized. For this some simulation parameters are used. This paper includes the various performance metrics required for evaluation of protocol in our scenario we take 20 nodes .The simulation is done using NS-2.34, to analyze the performance of the network by varying the nodes mobility. The protocols parameters used to evaluate the performance are given below:

3.1 Cumulative sum of all the Dropped Packets

Packet drop shows total number of data packets that could not reach destination successfully. The reason for packet drop may arise due to congestion, faulty hardware and queue overflow etc. Packet drop affects the network performance by

_______________________________________________________________________________________

consuming time and more bandwidth to resend a packet. Lower packet drop rate shows higher protocol performance.

3.2 Throughput

Throughput is the average number of successfully delivered data packets on a communication network or network node. Throughput is calculated in bytes/sec.

Throughput = Total number of received packets at destination _____________________ Total Simulation Time

3.3 End to End Delay

It can be defined as the time a packet takes to travel from Source to destination.

For this work, different parameter are used in this simulator as shown in Table 1.

Table - 1: Simulation Parameters SIMULATION

PARAMETERS

VALUES

Examined protocols DSDV and MDSDV

Simulation time 200 seconds

Simulation area (m x m) 600 x 800

Number of Nodes 21

Traffic Type TCP

Mobility Model Random waypoint

Antenna type Omni directional

The environment of Ad-hoc routing protocols with their summery is also explained here.

3.4 Ad-Hoc Routing Protocols

An Ad-Hoc[1] routing protocol is a convention, or standard,

that controls how nodes decide which way

to route packets between computing devices in a mobile Ad-Hoc network .In Ad-Ad-Hoc networks, nodes are not familiar with the topology of their networks. Instead, they have to discover it. The basic idea is that a new node may announce its presence and should listen for announcements broadcast by its neighbors. Each node learns about nodes nearby and how to reach them, and may announce that it, too, can reach them. The key factor in the development of infrastructure-less network is routing protocol that determines how to transfer data from the source to its destination. To solve these problems, different routing protocols were introduced. The

two categories of these protocols are reactive (on-demand) and proactive (table-driven).

3.5 Reactive (on-demand) Routing Protocols

Reactive routing protocols dramatically decrease routing overhead as they do not need to discover or maintain the routes, so there would be no data traffic. This advantage would be very attractive to the resource-limited environment. However, it has its weakness of generating too many packets for route discovery as it frequently sends data. AODV, introduced below, is the famous protocols of reactive routing category.

3.6 AODV Routing Protocol

The AODV routing protocol depicted in [11]J.K creswell which typically minimizes the number of required broadcasts by creating routes only when needed, as opposed to DSDV algorithm which maintains a complete list of routes. The authors of AODV categorize it as a pure on-demand route acquisition system because nodes do not store the routing information or exchange routing tables when they are not on the path.

3.7 Proactive Routing Protocols

Proactive routing protocols [2] maintain routes to all destinations even if they are not needed. To update the correct route information consistently, a node must periodically End control packets. As a result, proactive routing protocols use unnecessary bandwidth as control packets are sent out needlessly when there is no data traffic. The advantage of this protocol, on the other hand, is that the nodes can send data with lower delay. DSDV introduced below is a famous proactive routing protocol.

3.8 DSDV Routing Protocol

Destination-Sequenced Distance-Vector Routing (DSDV) [5] is a table-driven routing scheme for Mobile Ad-Hoc Networks based on the Bellman-Ford algorithm. It was developed by C. Perkins and P. Bhagwat in 1994. The main contribution of the algorithm was to solve the routing loop problem. Each entry in the routing table contains a sequence number, the sequence numbers are generally even if a link is present; else, an odd number is used. The number is generated by the destination, and the emitter needs to send out the next update with this number. Route Discovery process of DSDV as shown below.

4. IMPLEMENTATION

The Implementation phase involves demonstration of Denial of Service Attack in a NS-2.33 simulator. For our simulations, we used CBR (Constant Bit Rate) application, TCP/IP, IEEE 802.11 MAC and physical channel based on statistical propagation model. The simulated network consists of 21 randomly allocated wireless nodes in a 800 by 600 square meter flat space. The node transmission range is 250 m power range. Random waypoint model is used for

_______________________________________________________________________________________

scenarios with node mobility. The selected pause time is 500 sec. A traffic generator was developed to simulate CBR sources. The size of data payload is 512 bytes. In our scenario we took 21 nodes in which nodes 0-20 are mobile nodes and node 20 is a malicious node or denial node. The simulation is done using NS-2, to analyze the performance of the network by varying the nodes mobility. We have used basic routing parameters for performance evaluation which are given below:

DSDV Implementation and analysis scenario:

4.1Cumulative sum of all dropped packets:

4.1.1Without Denial of Service Attack Scenario

The below graph shows the Simulation result between no. of dropped packets under DSDV protocol. If the numbers of dropped packets are more, then the packet delivery ratio is less. Because packet delivery ratio is calculated by dividing sum of all no. of received packets by sum of all no. of sent packets. The simulation time is given in seconds. In this scenario DSDV dropped less data and performed accurately as shown in the graph. The graph traced time /cumulative sum of number of dropped packet.

Fig - 4.1: Graph for sending and receiving Packets on DSDV without Denial of Service attack

4.1.2 Cumulative sum of all dropped packets in Denial of Service attack scenario

The graph shows the Simulation result between no. of dropped packets under DSDV protocol in attack scenario. Cumulative sum of all number of sent and received packets are analyzed because its ratio provides the packet delivery

ratio for attack scenario. The simulation time is in seconds. In this scenario DSDV dropped more data and not performed up to the mark as shown in the graph. The graph traced time /cumulative sum of number of dropped packet.

Fig - 4.2: Cumulative sum of all the sent and received packets while attack

4.1.3 Cumulative sum of all dropped packets after securing the scenario from DoS attack

The graph shows the Simulation result between the prevention of packets drops under DSDV protocol. The simulation time is in seconds. In this scenario DSDV dropped less data and performed accurately as shown in the graph. The graph traced time /cumulative sum of number of dropped packet.

_______________________________________________________________________________________

Fig - 4.3: Cumulative sum of all the sent and received packets after preventing DoS attack

Table - 2: Shows the PDR values at different time intervals in without attack scenario

Time Sum of Sent packets Sum of Received packets Packet Delivery Ratio 10 1300 1000 0.7 20 2500 2600 1.04 30 3250 3229 0.9 40 3250 3230 0.9 50 3250 3230 0.9 60 3250 3231 0.9 70 3250 3231 0.9 80 3250 3231 0.9 90 3250 3232 0.9

Table - 3: Shows the PDR values at different time intervals in Attack scenario

Time Sum of Sent

packets Sum of Received packets Packet Delivery Ratio 10 733 452 0.6 20 1612 1118 0.6 30 2492 1755 0.7 40 3140 2115 0.6 50 4008 2710 0.6 60 4838 3185 0.6 70 5938 3961 0.6 80 7012 4750 0.6 90 8160 5682 0.6

Table - 5: Shows the PDR values at different time intervals in Prevented scenario

Time Sum of Sent

packets Sum of Received packets Packet Delivery Ratio 10 1313 1293 0.9 20 2930 2908 0.9 30 3188 3174 0.9 40 3190 3174 0.9 50 3526 3490 0.9 60 4300 4215 0.9 70 5106 5012 0.9 80 5935 5838 0.9 90 7236 7143 0.9

Above analysis shows that after preventing the network the Packet Delivery Ratio is maintained like as without attack scenario.

4.2 THROUGHPUT OF DROPPED PACKETS IN

DSDV:

4.2.1 Without denial of Service attack Scenario:

The graph shows the Throughput of sending packet. In this the graph shows ups and downs according to time at 10 sec the throughput is maximum and when time increases than the throughput is decreases and become constant as shown in the figure.

_______________________________________________________________________________________

Fig - 4.4: Throughput of dropped packets in without attack scenario using DSDV

4.2.2 Denial of Service Attack Scenario:

The graph shows the Throughput of sending packet. In this the graph shows ups and downs according to time at 10 sec. after attack the throughput is minimum and when time increases than the throughput is decreases and increases vice versa become constant as shown below:

Fig - 4.5: Throughput of dropped packets in attack scenario using DSDV

4.2.3 Prevention of Denial of Service attack using MDSDV:

The graph shows the Throughput of sending packet. In this the graph shows ups and downs according to time at 10 sec. after prevention the throughput is maximum and when time increases than the throughput is decreases and increases vice versa as shown in the figure:

Fig - 4.6: Throuput of Dropped Packet with Prevention in DSDV

4.3 End to End delay:

4.3.1Without denial of service scenario:

The graph shows Simulation result between End to End delay and packet send time under DSDV protocol. The end to end delay is very small during the data transmission and it shows the delay in packets which are destined to any node.

_______________________________________________________________________________________

Fig - 4.7: End to End delay without attack 4.3.1The DoS attack scenario:

The graph shows the Simulation result between End to End delay and packet send time under DSDV protocol. The end to end delay is very small delay in during the data transmission and it is very affected factor.

Fig -4.8: End to End delay with attack

4.3.1 Prevention using MDSDV from DoS attack: The graph shows the Simulation result between End to End delay and packet send time under DSDV protocol. The end to end delay is very small delay in during the data transmission.

Fig - 4.9: End to End delay with prevention of attack

5. CONCLUSION

In our work, we have used modified dsdv protocol for detecting and preventing DoS attacks in MANETs. A clustering architecture was proposed in MDSDV for performing data management in a localized and distributed manner. DoS attacks were detected through collaborative monitoring and information exchange. Efficient rating was carried out using neighborhood and cluster level information with more weight given to a node’s own observation. A load balancing mechanism was used to reduce traffic on heavily used cooperative nodes. In this mechanism, selections are made probabilistically among the eligible nodes that are on the path to the destination.

We used the simulation technique to evaluate network performance in the presence of misbehaving nodes. Our simulation results indicated that the modified incentive mechanism is effective in tackling DoS attacks that occur due to selfish and malicious nodes. The misbehaving node detection rate was higher when the aggregated trust rating, as opposed to just neighbourhood information, was used. Future work includes the investigation of Distributed Denial of Services (DDoS) in MANET and integrated wireless networks.

_______________________________________________________________________________________

6. REFERENCES

[1]. Charu Wahi , Sanjay Kumar Sonbhadra. “Mobile Ad-Hoc Network Routing Protocols, A Comparative study’’ International journal of Ad-Hoc, Sensor & Ubiquitous Computing (IJASUC) vol.3.Page(s) 21-30.

[2]. M.K. jeya Kumar and R.S. Rajesh “Performance Analysis of MANET Routing Protocol in Different Mobility Models’’ IJCSNS, vol.9 feb 2009.

[3]. Paul J. Criscuolo. “Distributed Denial of Service Trin00, Tribe Flood Network, Tribe Flood Network 2000, And Stacheldraht CIAC-2319”. Department of Energy Computer Incident Advisory Capability (CIAC), UCRL-ID-136939, Rev. 1., Lawrence Livermore National Laboratory, February 14, 2000.

[4]. Kevin J. Houle. “Trends in Denial of Service Attack Technology”. CERT Coordination Center, Carnegie Mellon

Software Engineering Institute. October 2001

[5]. J. W. Creswell, Research Design: Qualitative, Quantitative and Mixed Methods

Approach, 2nd Ed, Sage Publications Inc, California, July 2002.

[6]. Reference documentation of ns from a simple simulation script, resources like Marc Greis’s tutorial web pages

(originally at his web site, now at

http://www.isi.edu/nsnam/ns/tutorial/).

[7]. John Ousterhout. Scripting: Higher-level programming for the 21st century. IEEE Computer, 31(3):23–30,March 1998.

[8]. David Karig and Ruby Lee, “Remote Denial of Service Attacks and Countermeasures,” Princeton University

Department of Electrical Engineering Technical Report CE-L2001-002, October 2001

[9]. Latha Tamilselvan, V. Sankaranarayanan “Prevention of co-operative Black hole Attack in MANET”, Journal o0f Networks Vol. 3, No. 5 May 2008.

[10]. Y. Hu, A. Perrig, D. Johnson, Packet Leashes: A defence against wormhole attacks in wireless networks in IEEE Annual Conference on computer communication (INFOCOM) 2012.

[11]. Mahdi Taheri, Dr. Majid naderi, Mohammad Bagher Barekatain, “New approach for detection and Defending the warmhole attacks in wireless Ad-Hoc Networks” in proc. Of 18th _{Iranian Conference on Electrical Engineering (ICEE)}

2010, pp 331-335.

[12]. Rizwan R. Rangara, Rupika S. Jaipuria, Gauri N. Yenugwar, “Intelligent Secure Routing model for MANET” in proc. Of IEEE international conference on Computer Science and Information Technology (ICCSIT 2010).