Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

557 562


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

557 562

  1. 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 Scheme of security in Mobile Ad Hoc Networks using Route Blacklist Limit Mechanism Hemant Kamle, Geetika Dubey Computer Science And Engg. ,SATI , Vidisha,RGPV M.Tech (Student)Abstract. Routing protocols play an bandwidth conversation are the two keyimportant role for communications in Mobile elements presenting re- search challenges.Ad Hoc Network Mobile Ad hoc Networks Limited bandwidth makes a network easily(MANET) has various types of Denial of congested by control signals of the routingService Attacks (DoS) are possible because of protocol. Routing schemes developed forthe inherent limitations of its routing wired networks seldom consider restrictions ofprotocols. Denial-of-Service (DoS) and this type. Instead, they assume that theDistributed Denial-of Service (DDoS) are network is mostly stable and the overhead forwidely known security attacks which attempt routing messages is negli- gible. Consideringto make computer resources unavailable to its these differences between wired and wirelessintended users. Considering the Ad hoc On network, it is necessary to develop a wirelessDemand Vector routing protocol as the base routing protocol that restricts congestion in theprotocol it is possible to find a suitable network [1][2][3].solution to over- come the attack of initiating / This paper proposes minor modifications toforwarding fake Route Requests (RREQs) that the existing AODV routing protocol (RFClead to hogging of network resources and 3561) in order to restrict congestion[4][5] inhence denial of service to genuine nodes. In the network during a particular type of DoSthis paper, a proactive scheme is proposed that attack[6]. In addition to this it incurscould prevent a specific kind of DoS attack absolutely no extra overhead [7]. The rest ofand identify the misbehaving node. Since the this paper is organized as follows. In section 2,proposed scheme is distributed in nature it has we describe the DoS attack caused due tothe capability to prevent Distributed DoS as RREQ flooding and its implications on thewell. DoS attacks consume the resources of a existing AODV driven MANET [8][9]. Toremote host or network that would otherwise combat this DoS attack a pro- active [10]be used for serving legitimate users. The scheme is proposed in section 3. Section 4performance of the proposed algorithm in a presents an illustration to describe theseries of simulations reveal that the proposed implications of RREQ flooding on purescheme provides a better solution than existing AODV and the modified AODV. To quantifyapproaches with no extra overhead. the effectiveness of the proposed scheme, aAccording to our proposal we apply RREQ DoS [11] attack was simulated in the mobilelimit and check through that limit and prevent environment and its performance results areour network. reported in section 5.Keyword :- 2. Related WorkRREQ_Accept_limit, AODV, Radio range, The security difference between wiredMANET, DOS. infrastructure networks and mobile ad hoc networks [12] motivated researchers to model1. Introduction an IDS that can handle the new security challenges such as securing routing protocols.In an ad hoc wireless network where wired A cooperative intrusion detection model hasinfrastructures are not feasible, energy and been proposed in [13], where every node 557 All Rights Reserved © 2012 IJARCET
  2. 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012participates in running its IDS in order to interaction between intruders and IDS in wiredcollect and identify possible intrusions. If an infrastructure networks. In [14], the authorsanomaly is detected with weak evidence, a aimed at demonstrating the suitability of gameglobal detection process is initiated for further theory for development of various decision,investigation about the intrusion through a analysis, and control algorithms in intrusionsecure channel. This model suffers from detection. They accomplished this byperformance penalties and false alarm rates. addressing some of the basic network securityAn extension of this model was proposed in tradeoffs, and giving illustrative examples in[14], where a set of intrusions can be different platforms. They proposed twoidentified with their corresponding source. different schemes, based on game theoreticMoreover, authors addressed the problem of techniques. They considered a generic modelrun-time resource constraint by IDS through of a distributed IDS with a network of sensors.modeling a repeatable and random head Finally, one can conclude that game theory iscluster election framework. Watchdog and a strong candidate to provide the much-neededpathrater were proposed in [15] to improve the mathematical framework for analyzing thethroughput in MANET in the presence of interaction between the IDSs in MANET tomisbehaving nodes. Watchdog goal is to reduce false positives.identify the compromised nodes in thenetwork while pathrater goal is to notify the In AODV, a malicious node can override therouting protocols from using misbehaving restriction put by RREQ_RATELIMIT [12]nodes. This model did not propose any (limit of initiating / forwarding RREQs) bypunishment procedure that could motivate increas- ing it or disabling it. A node can do sonodes to behave normally. Hence, because of its self-control over its parameters.misbehaving nodes can continue operating in The default value for the RREQ_RATELIMITthe network and benefiting from others’ is 10 as proposed by RFC 3561. Aservices. CORE [16] is a cooperative compromised node may choose to set theenforcement mechanism based on a value of parameter RREQ_RATELIMIT to amonitoring and reputation systems. The goal very high number. This allows it to flood theof this model is to detect selfish nodes and net- work with fake RREQs [12] and lead to aenforce them to cooperate. Each node keeps kind of DoS attack. In this type of DoS attacktrack of other nodes’ cooperation using a non-malicious node cannot fairly serve otherreputation as the cooperation metric. CORE nodes due to the network-load imposed by theensures that misbehaving nodes are punished fake RREQs. This leads to the followingby gradually stopping communication services problems:and provides incentives for nodes, in the form ••Wastage of nodes’ processing time (moreof reputation, to cooperate. Note that, overhead)reputation is calculated based on data Wastage of bandwidthmonitored by local node and information .Exhaustion of the network resources likeprovided by other nodes involved in each memory (routing table en- tries)operation. •Exhaustion of the node’s battery powerGame theory [20] was successfully used in This further results in degraded throughput.many disciplines including economics, Most of the network resources are wasted inpolitical science and computer science. trying to generate routes to destinations that doCurrently, it has been used to address not exist or routes that are not going to be usedproblems where multiple players with for any communication. This implies that thedifferent objectives can compete and interact existing version of AODV is vulnerable towith each other. To predicate the optimal such type of malicious behav- ior from anstrategy used by intruders to attack a network, internal node (which is then termed as athe authors of [17] modeled a non-cooperative compromised node).game theoretic model to analyze the 558 All Rights Reserved © 2012 IJARCET
  3. 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 20123. Proposed Scheme: RREQs originated/forwarded by a neighboring node per unit time is tracked.According to malicious node criteria, If this count exceeds the value ofmalicious node increase RREQ (Route RREQ_BLACKLIST_LIMIT, one can safelyrequest) limit from 10 to greater value per assumesecond and flooding it to neighbor nodes , ifneighbor node work without checking thisparameter so that neighbor node not fairly 3.3 Algorithm Route Deploymentserve another packets, that means node work Figure 1 illustrates the working procedure inwithout checking RREQ_Limit and congested the proposed AODV scheme.itself and to others. As shown in the figure, malicious nodeSo in our proposal we create a module for (depicted by the black node) floods RREQs inchecking RREQ packet limit and forward to the network and two genuine nodes (depictedactual destination nodes, here we divide our by purple nodes) want to communicate withproposal into two parts. each other. In this scheme, the no. of RREQs that can be accepted from a neighbor is1) RREQ Accept Limit limited. Hence, the neighbors of the malicious node, will only accept and forward three2) RREQ Blacklist Limit RREQ packets received from it within a time interval of one sec. This rate limit of threeThe proposed scheme shifts the responsibility packets is to ensure fair share of a node’sto monitor this parameter on the node’s resources to all the neighbors. Moreover,neighbor, thus ensuring the compliance of this whenever the malicious node crosses therestriction. This solves all of the problems RREQ_BLACKLIST_LIMIT of 10 RREQ(mentioned in section 2) caused due to packets within a time interval of one sec, itsflooding of RREQs from a compromised node. neighbors will blacklist it. Thus, in addition toThus instead of self-control, the control limiting the clogging up of resources in theexercised by a node’s neighbor results in network, the proposed scheme also, isolatespreventing the flooding of RREQs. the malicious node. The route established in3.1 RREQ_ACCEPT_LIMIT this scheme is expected to be the optimumRREQ_ACCEPT_LIMIT denotes the number route, which consists of minimum number ofof RREQs that can be accepted and processed intermediate nodes. Thus, no DoS attack isper unit time by a node. The purpose of this experienced in the developed scheme.parameter is to specify a value that ensures Figure:1 Route Request Flooding with Blacklisteduniform usage of a nodes resources by its Nodeneighbors. RREQs exceeding this limit aredropped, but their timestamps are recorded.This information will aid in monitoring theneighbors activities. In the simulations carriedout, the value of this parameter was kept asthree (i.e. three RREQs can be accepted perunit time). This value can be made adaptive,depending upon node metrics such as itmemory, processing power, battery, etc3.2 RREQ_BLACKLIST_LIMITThe RREQ_BLACKLIST_LIMIT parameter isused to specify a value that aids indetermining whether a node is actingmalicious or not. To do so, the number of 559 All Rights Reserved © 2012 IJARCET
  4. 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 20124. Simulation Details Simulation time 50 (seconds)The simulation described in this paper was Traffic type CBR Packet size (bytes) 1000tested using the ns-2 test-bed that allows users Number of traffic 10to create arbitrary network topologies [22]. By connectionschanging the logical topology of the network, Maximum Speed 30ns-2 users can conduct tests in an ad hoc (m/s)network without having to physically movethe nodes. ns-2 controls the test scenariosthrough a wired interface, while the ad hoc We get Simulator Parameter like Number ofnodes communicate through a wireless nodes, Dimension, Routing protocol, trafficinterface. etc.The AODV protocol incorporated in NS-2 by According to below table 1 we simulate ourUppsala University, Sweden, was used as the baseprotocol. Modifications were made to this version network.of AODV protocol that confirms to RFC 3561. 4.2 UDP Comparison of 25 nodes withTCP was used as the transport protocol Radio random movementtransmission range is set as 250 meters. Trafficsources used are Constant-Bit-Rate (CBR) and the Figure 3 show UDP packet transmissionsfield configuration is 800 x 800m with 40 nodes. which includes packet receive, packet lost and total packet transmission and comparison normal case. Graph shows that the packet received is much more than the packet loss.Figure: 2 A sample topology generated by ns-24.1 Simulation ParameterHere we create the simulation parameter table,according to that given table we simulate the Figure 3 UDP packets Normal Caseour result and analyze them. we use routing 4.3 UDP Comparison after Blacklist Nodeprotocol as AODV with uni-casting Figure 4 show UDP packet transmissionsmechanism and take the simulation time as 50 which includes packet receive, packet lost andsec. Table-1 total packet transmission and comparison after blacklist node enter in our network. GraphMetrics ParameterNumber of nodes 40 shows that the packet loss is much more thanDimension of 800×800 the packet received.simulated areaRouting Protocol AODV 560 All Rights Reserved © 2012 IJARCET
  5. 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012 network through various routing attack effect like worm hole , selfish node and etc. and prevention mechanism for that type of attack so that no any intrusive process comes to our network, and network safe through unwanted activity, we also apply IDS mechanism with DSR , DSDV and other type of mobile ad-hoc routing and simulate our result. References [1] Peng Yang, Biao Huang,Multi-path Routing Protocols for Mobile Ad Hoc Networks, International conference onFigure 4 UDP packets after Blacklisted Node computer science & software engineering4.4 TCP Comparison 2008.Figure show TCP packet transmission which [2] Dan Galatchi, Roxana Zoican, On-includes packet receives and total packet Demand Multicaste Routing Protocols intransmission and comparison before and after Dynamic Ad Hoc Networks,TELSIKSblacklisted node in network. Graph shows that Serbia,Nis, October 7-9,2009.the packet received is much large before [3] Broch J., Maltz D.A., Johnson D.B., Hublacklist node comes to our network than the Y.C., and Jetcheva J., A performanceentering blacklist node in our network. comparison of multi-hop wireless ad hoc network routing protocols. In 4th International Conference on Mobile Computing and Networking (ACM MOBICOM’ 98), pages 85–97, Oct 1998 [4] Rahman A., Security issues in mobile systems, docs /sec-in-ob.html, 1995 (accessed on May 03, 2004).5. Conclusion and Future Work: [5] Royer E.M. and Toh C.K., A review of current routing protocols for ad hoc mobile wireless networks. IEEE PersonalAccording to our result we find out if blacklist Communications, vol. 6:46–55, Apr 1999.node comes to our network so network has [6] Perkins C.E. and Royer E., Ad-hoc on-been heavily congested and actual data packet demand distance vector routing. In 2nd IEEEsends percentage decreases that conclude Workshop on Mobile Computing Systems andblacklist node sense less bandwidth consume Applications, pages 90– 100, 1999.through mobile nodes, also drop rate has been [7] Perkins C.E., Das S.R. and Royer E.. Ad-increases. The malicious nodes identified are hoc on-demand distance vector (aodv) routing.blacklisted and none of the genuine nodes in http:// network are wrongly accused of manet-aodv-misbehaving. In the proposed scheme, there is 05.txt, 2000 (accessed on May 03, 2004).an enhancement in the per- formance of the [8] Karpijoki V., Signaling and routingnetwork in presence of compromised nodes. security in mobile and ad-hoc networks., 2000Here we simulate our result through AODV (accessed on May 03, 2004).routing protocol with a Blacklist node andanalyze our results, in future we simulate our 561 All Rights Reserved © 2012 IJARCET
  6. 6. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology Volume 1, Issue 4, June 2012[9] Jacquetand P., Viennot L., Overhead in Networks”, IEEEWireless Communications,Mobile Ad-hoc network Protocols, INRIA IEEE press, pp:48-60, 2004.Research Project RR-3965, 2000. [20] S. Marti, T. Giuli, K. Lai, and M. Baker,[10] Y. Zhang andW. Lee, “Intrusion “Mitigating Routing Misbehavior in MobileDetection inWireless Ad-Hoc Networks”, Ad Hoc Networks”, Proc. 6th annualProc. MOBICOM 2000, Boston, ACM press, international conference on Mobile computingpp:275-283, 2000. and networking, Boston, USA, ACM press, pp:255 - 265, 2005. [21] G. Owen, “Game Theory”, 3rd ed. New[11]http// York, NY: Academic Press, 2001.aksmi%20thesis.pdf (accessed on May 03, [22] Nidhi S Kulkarni, Balasubramanian2004) Raman and Indra Gupta, On Demand Routing Protocols for mobile Ad Hoc Networks; A[12] Routing Security in Ad Hoc Networks, Review,2009 IEEE International AdvanceJanne Lundberg, Helsinki University of Computing conference,Patiala,India,6-7Technology. March 2009.[13] Perkins C.E., Terminology for Ad-HocNetworking, Draft-IETF-MANET terms-00.txt, November 1997.[14] A. Agah, S. Das, and K. Basu, “IntrusionDetection in Sensor Networks: A Non-cooperative Game Approach”, Proc. 3rd IEEEInternational Symposium on NetworkComputing and Applications, IEEE press,2004.[15] T. Alpcan and T. Basar, “A GameTheoretic Approach to Decision and Analysisin Network Intrusion Detection”, Proc. of 43rdIEEE Conference on Decision and Control(CDC), Paradise Island, Bahamas, 2004.[16] Y. Huang and W. Lee, “A CooperativeIntrusion Detection System for Ad HocNetworks”, Proc. 1st ACM Workshop Securityof Ad Hoc and Sensor Networks, Virginia, ACMpress, pp:135-147, 2003.[17] M. Mehrandish., H. Otrok, M. Debbabi,C. Assi and P. Bhattacharya, “A GameTheoretic Approach to Detect NetworkIntrusions: The Cooperative IntrudersScenario”, Proc. 49th annual of IEEEGLOBECOM, San Francisco, IEEE press,2006.[18] P. Michiardi and R. Molva, “Analysis ofCoalition Formation and CooperationStrategies in Mobile Ad hoc Networks”,Journal of Ad hoc Networks, Elsevier, pp:193-219, 2005.[19] A. Mishra, K. Nadkarni, and A. Patcha,“Intrusion Detection inWireless Ad Hoc 562 All Rights Reserved © 2012 IJARCET