Research Article
a
January
2018
Computer Science and Software Engineering
ISSN: 2277-128X (Volume-8, Issue-1)
A Mitigation Technique for DoS Attack in Wireless Network
Based Gradient Matrix and Firefly
1
Jeewanjot Kaur, 2Taranjit Singh Aulakh
1
Bhai Gurdas Institute of Engineering and Technology, Sangrur, Punjab, India 1
[email protected], [email protected]
Abstract— In computing, a denial-of-service attack (DoS attack) is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source. In this research a generalized model for detection has been created by studying the existing models and algorithms on DoS attacks. Internet security is vital to facilitate e-commerce transactions, and there has been continued research effort to provision network traffic monitoring at high speeds. In the proposed technique a threshold is also defined so that any other node id which is greater than that threshold may be prevented. In case of any intrusion IP backtracking and packet logging is used to detect the intruder and mitigate it. From result it may be clear that the QoS parameters are improved using proposed approach and there are improved by approx 15-18% from the existing approach.
Keywords—Long Term Evolution, Quality of service, Firefly, uplink and downlink scheduling,throughput
I. INTRODUCTION
In these years, progresses of wireless technology and increasing popularity of wireless devices, made wireless networks so popular. A wireless network is a network, a local area network (LAN) to be precise, that uses electromagnetic radiation, or radio waves, instead of wires, to transport information. Our mobile devices (cell phones, tablets, laptops, etc.) connect to the Internet and each other using this technology. Ad-Hoc, Cellular and Wireless Sensor Networks are three variations of wireless networks [8].
Fig 1: Wireless network
II. DDOS ATTACK
Distributed denial of service attack aims at hindering the availability of resources in the network. This attack is done by multiple compromised computer systems that are knowingly or unknowingly involved in the attack. Malicious user attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource by flooding the network resources with a large amount of useless traffic. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems and hence malicious traffic gets served but genuine packets starve for services because of packet overflow or congestion.
III. GRADIENT MATRIX AND IP TRACEBACKING
In gradient matrix weights of edges are responsible for making a path to the destination in graph theory. In case of networking node and the link between them are considered as the vertex and edges. From the distance i.e. hop count in the network destination node is determined.
IP traceback is a name given to any method for reliably determining the origin of a packet on the Internet. Due to the trusting nature of the IP protocol, the source IP address of a packet is not authenticated. As a result, the source address in an IP packet can be falsified (IP address spoofing) allowing for denial-of-service attacks (DoS) or one-way attacks (where the response from the victim host is so well known that return packets need not be received to continue
Wireless Sensor Networks Wireless Networks
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
the attack. The problem of finding the source of a packet is called the IP traceback problem. IP traceback is a critical ability for identifying sources of attacks and instituting protection measures for the Internet. Most existing approaches to this problem have been tailored toward DoS attack detection. Such solutions require high numbers of packets to converge on the attack path(s).
IV. FIREFLY ALGORITHM
The primary purpose for a firefly's flash is to act as a signal system to attract other fireflies. Xin-She Yang formulated this firefly technique by assuming:
All fireflies are unisexual, so that any individual firefly will be attracted to all other fireflies;
Attractiveness is proportional to their brightness, and for any two fireflies, the less bright one will be attracted by (and thus move towards) the brighter one; however, the intensity (apparent brightness) decrease as their mutual distance increases;
If there are no fireflies brighter than a given firefly, it will move randomly.
The brightness should be associated with the objective function.
In the proposed research firefly algorithm will provide the most optimal path to make a connection in source and destination. In the proposed algorithm when attacker will consume the resource of a node, which is the communication link between source and destination, the gradient matrix will provide some alternative path to communicate packet from source to destination. From the multiple path that is generated by gradient matrix firefly will provide the most suitable path and share maximum resources to the optimal path.
V. LITERATURE SURVEY
Much work has been done to identify threats and vulnerabilities and new frameworks and strategies were created to address such problems. Furthermore, these security concerns are likely to increase in the coming years due to the progressive migration of companies and individuals to Cloud infrastructures. The following is a review of some of the Cloud security surveys that were recently published.
Grobauer et al. [5] exposes vulnerabilities associated with Cloud Computing. For example, the vulnerabilities are (1) VM escape; (2) session riding and hijacking; (3) insecure or obsolete cryptography; (4) unauthorized access to management interface; (5) Internet protocol vulnerabilities and (6) data recovery vulnerability. The authors specify that the current security metrics are not adapted to Cloud infrastructures, so that new metrics standards must be developed for greater security. Although they clarify indicators of Cloud-specific vulnerabilities, no solutions are presented to solve them. Gonzalez et al. [2] identify, classify, organize and quantify the security taxonomy-architecture: network configuration, hosts and virtualization issues, applications and services, data security and storage, security management as well as identities and access to Cloud Computing. In addition, the authors present security concerns and solutions using pie charts in order to show the representativeness of each group with identified references. They identify that the security problems associated with virtualization are the most seriously evaluated at 12%, but the research on solutions for this aspect is only 3%. They propose developing new mechanisms to isolate VMs, since proper isolation between VM must be implemented to avoid cross-VM attacks due to the sharing of hardware (CPU, storage, memory, etc.). Firewalls protect the provider’s internal Cloud infrastructure against insiders and outsiders, while enabling VM isolation and fine-grained filtering of addresses and ports, thus preventing DoS and DDoS attacks.
Khorshed et al. [6] organized Cloud Computing security into three sections: security categories (Cloud providers or Cloud customers), security in service delivery models : SaaS, PaaS, IaaS and security dimensions. They present a survey on the top threats for Cloud Computing and an attack detection for Cloud Computing using machine learning techniques. Hashizume et al. [1] identify, classify, analyze and list a number of vulnerabilities, threats, mechanisms, security standards, data security, trust, security requirements for the SaaS, PaaS and IaaS delivery models of Cloud Computing. The paper enumerates the threats in detail: service hijacking, stolen data, DoS (and DDoS) and VM related issues.
Khalil et al. [7] classify Cloud security threats into five categories: Security Standards, Network, Access Control, Cloud Infrastructure and Data. They compare and analyse only countermeasures such as Intrusion Detection System (IDS) and Identity Management Systems (IMS).
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
Osanaiye et al. [10] survey DDoS attacks targeting cloud computing. They categorize attacks into application-bug level and infrastructural level and present the various tools to conduct these attacks. The features of Cloud Computing (large scale, direct access to Cloud infrastructures, resource sharing, etc.) need new and innovative solutions to protect both the users and the provider. Depending on the Cloud model, security relies on the provider or on the user.
MalleshamDasari (2017) [11]proposeda real time detection of Medium Access Control (MAC) layer attacks in IEEE 802.11 wireless networks. There can be different kinds of Denial of Service (DoS) attacks observed at the MAC layer such as misbehaviour and selfish attacks. The malicious nodes manipulate the MAC protocol parameters such as back-off time, network allocation vector value and short inter frame space, or flood the network with huge volume of dummy packets. With this, the attacker nodes capture entire network bandwidth causing legitimate nodes not communicate with other nodes, consequently decreasing the throughput of the nodes significantly. This paper gives an effective real time detection of these attacks with minimal detection delay. Results collect the delay and throughput data and apply a change point detection algorithm to observe the change of distribution
Adrien Bonguet et.al (2017) [12] Cloud Computing is a computing model that allows ubiquitous, convenient and on-demandaccess to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain.
VI. FLOWCHART
No
Yes
Fig 1: Flow chart
Start
Deploy Network
Generate Traffic
Provide id to each node
Attacker analyse network
Make attack on most busy node
Consume network resources
Apply Packet Logging and tracebacking
Trace attacker using packet tracebacking
Apply Gradient matrix to find path for destination in case of attack
Generate and validate results
End Id > Threshold
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
1. First of all the nodes will be deployed in network over a specified area.
2. After deployment process the traffic is introduced in the network when nodes generate traffic in network.
3. Now the attack is simulated in the network in form of DDOS attack which will be responsible for denial of services. DDOS attack generates bogus packets in the network so that the resources can be occupied and services may not be delivered.
4. Implement DDOS detection technique i.e. localization of nodes in mobile networks.
5. In the last step the results and generated and validated by comparing it with existing technique.
VII. RESULTS AND DISCUSSION
In this research various performance metrics are improved by using the optimization schemes that is Fireflies optimization. The effect on various QoS parameters such as Packet Delivery Ratio, Overheads, Average End-to-End Delay, Throughput, Average Energy Consumption have been observed by varying the no. of nodes i.e. 20,40,60,80 and 100 nodes by taking same number of rounds. Firstly by taking the 20 number of nodes the values are plotted against packet delivery ratio. Then the average mean of ten values are taken and we get one value. The whole process is repeated for 40,60,80,100 no. of nodes. Similarly the values are plotted against throughput, overhead, average energy consumption and average end-to-end delay. The values are plotted by Fireflies optimization technique.
During preliminary study it has been studied that, there are a number of parameters that are to be assumed before the simulation like Frame Duration, frequency Bandwidth, Mode of transmission, network size etc. The area taken into consideration is 100*100m. For the implementation of coverage techniques in MOBILE NETWORK, simulation parameters used are shown in Table 3.1.
Table 1 Simulation Parameters for Detection Technique Protocol
Simulation parameters Value
Frame duration 1ms
Frequency bandwidth 25MHZ
Mode of transmission TDD
Packet size 5kb
Simulation grid size 100m*100m
Rounds 3000
Initial Energy 0.5J
Energy for transmission 50*0.000000001J
Energy for reception 50*0.000000001J
Energy for Amplification 0.0013*0.000000000001J
Energy for Data Aggregation 5*0.000000001J
Performance metrics are the parameters on the basis of which we analyse the performance of the network. The performance metrics that are to be used are packet delivery ratio, average end-to-end delay, overheads, throughput, average energy consumption which are discussed below.
1. Packet Delivery Ratio: The first metric is PDR, which is defined as the number of packets successfully received Prx, to the number of packets transmitted Ptx.
PDR = Prx/Ptx.
Where Prx is packets received and Ptx is packets transmitted
2. Average End-to-end Delay: It is the average time between a packet being created and being delivered to the sink. The average delay in a TDMA multi-hop based protocol depends greatly on the order of the allocated time slots of the forwarding nodes.
3. Throughput: Throughput is defined as the number of data bits successfully delivered to the sink in predefined time.
4. Average Energy Consumption: It is the energy consumed in transmitting and receiving the message packets in a mobile wireless sensor network.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143 Average Energy Consumption
Figure 3 shows that there is less energy consumption in Optimized-Detection Technique. From the graph it may be defined that value of Average Energy consumption in Detection Technique is most i.e. 0.02 joule whereas in case of Optimized-Detection Technique it is less than that of Detection Technique i.e. 0.015 joule.
Figure 3 Comparison of Avg. Energy Consumption in Detection Technique and Detection Technique with firefly Optimization
According to this figure the proposed results shows improvement in average energy consumption. As more no of resources are allocated where the intensity (load) is more which reduces the wastage of resources so the packet drop is less; the re-transmission attempts for sending the message to receiver are less. So as a result of which there is less energy dissipation and hence there is less energy consumption in optimized scheme as compared to the existing protocol.
Throughput Performance Comparison
Throughput is defined as the total number of the data packets deleivered over the total simulation time. It is used to defined the performance of the network and measured in bits per second within run time.
Throughput = Total Data bits / Simulation Runtime
Fig. 4Comparision of Throughput
Figure 4 represents the analysisation of Throughput between Detection Technique and Optimized Detection Technique. Optimized Detection Technique shows better results as compared to the existing protocol. Where intensity is more allocation of resources is more so network load reduces as a result delay also reduces which causes the throughput to increase.
AVERAGE End-To-End Delay Comparision
It is average time which is utilized in receiving a packet from source to destination (delay generated in route procedure + delay in data communication queue). The following formula represent the end to end delay:
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
Fig 5: Comparison of End to End delay
Figure 5 shows the graphical results of the existing Detection Technique protocol and Optimized Detection Technique protocol. The values are plotted against the varying nodes. From the graph it may be seen that the average value of Average End-to-End Delay in Detection Technique is most i.e. 0.5 sec whereas in case of Optimized-Detection Technique it is slightly less than that of Detection Technique i.e. 0.4 sec. As more no of resources are allocated where the intensity (load) is more which reduces the wastage of resources so the packet drop is less; the re-transmission attempts for sending the message to receiver are less. As a result delay is less in optimized scheme as compared to the existing protocol.
Routing Overhead Comparison
Routing overhead means the number of routing packets send during simulation. The routing overhead uses the following formula
Routing overhead = ∑Transmission of routing packets(1,n) Table Routing Overhead Data (No. of Packets per second)
Fig 6: Routing Overhead Comparison
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
Figure 7 Comparison of Overheads in Detection Technique and Detection Technique with fireflies Optimization.
Packet Delivery Ratio Comparison
Fig 8:PDR
Figure 8 shows the PDR in existing Detection Technique and Optimized Detection Technique the values are plotted against no. of nodes and packet delivery ratio. Optimized Detection Technique shows better results as compared to Detection Technique. . From the graph shown below it may be defined that the average value of Packet Delivery Ratio in Detection Technique is least i.e. 25% whereas in case of Optimized-Detection Technique it is greater than that of Detection Technique i.e. 62%. According to this figure the proposed results shows improvement in packet delivery ratio. As more no of resources are allocated where the intensity (load) is more which reduces the wastage of resources so the packet drop is less, so the Packet delivery ratio is better in optimized Detection Technique compared to the existing protocol.
VIII.CONCLUSION
In this research a generalized model for detection has been created by studying the existing models and algorithms on DoS attacks. Internet security is vital to facilitate e-commerce transactions, and there has been continued research effort to provision network traffic monitoring at high speeds. In the proposed technique a threshold is also defined so that any other node id which is greater than that threshold may be prevented. In case of any intrusion IP backtracking and packet logging is used to detect the intruder and mitigate it. From result it may be clear that the QoS parameters are improved using proposed approach and there are improved by approx 15-18% from the existing approach.
REFERENCES
ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 136-143
[2] Gonzalez, N.; Miers, C.; Redigolo, F.; Carvalho, T.; Simplicio, M.; de Sousa, G.; Pourzandi, M. A Quantitative Analysis of Current Security Concerns and Solutions for Cloud Computing. In Proceedings of the 2011 IEEE Third International Conference on Cloud Computing Technology and Science (CloudCom), Athens, Greece, 29 November–1 December 2011; pp. 231–238.
[3] KrebsonSecurity. DDoS on Dyn Impacts Twitter, Spotify, Reddit. Available online: https://krebsonsecurity. com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/ (accessed on 3 August 2017).
[4] Khandelwal, Massive DDoS Attacks against Dyn DNS 2016. Available online: http://thehackernews.com/ 2016/10/dyn-dns-ddos.html (accessed on 3 August 2017).
[5] Grobauer, B.; Walloschek, T.; Stocker, E. Understanding Cloud Computing Vulnerabilities. Secur. Priv. IEEE 2011, 9, 50–57.
[6] Khorshed, M.T.; Ali, A.S.; Wasimi, S.A. A Survey on Gaps, Threat Remediation Challenges and Some Thoughts for Proactive Attack Detection in Cloud Computing. Future Gener. Comput. Syst. 2012, 28, 833–851. [7] Khalil, I.M.; Khreishah, A.; Azeem, M. Cloud computing security: A survey. Computers 2014, 3, 1–35.
[8] Ali, M.; Khan, S.U.; Vasilakos, A.V. Security in cloud computing: Opportunities and challenges. Inf. Sci. 2015, 305, 357–383.
[9] Masdari, M.; Jalali, M. A survey and taxonomy of DoS attacks in cloud computing. Secur. Commun. Netw. 2016, 9, 3724–3751; SCN-15-0746.R1.
[10] Osanaiye, O.; Choo, K.K.R.; Dlodlo, M. Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework. J. Netw. Comput. Appl. 2016, 67, 147–165
[11] MalleshamDasari, ―Real Time Detection of MAC Layer DoS Attacks in IEEE 802.11 Wireless Networks‖, 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2017
