Revisiting the experiment on detecting of replay and message modification


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Revisiting the experiment on detecting of replay and message modification

  1. 1. International Journal of Computer Engineering (IJCET), ISSN 0976 – 6367(Print), International Journal of Computer Engineering and Technology ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEand Technology (IJCET), ISSN 0976 – 6367(Print)ISSN 0976 – 6375(Online) Volume 1 IJCETNumber 2, Sep - Oct (2010), pp. 118- 132 ©IAEME© IAEME, REVISITING THE EXPERIMENT ON DETECTING OF REPLAY AND MESSAGE MODIFICATION Prof.D.P.Gaikwad Assist. Prof. in Computer Engineering Department AISSM S’s COE, Pune E-Mail: Dr. J V Aghav Associate Professor in Computer Department College of Engineering, and Pune ABSTRACT The wireless networks and mobile computing applications are rapidly changing the landscape of network security. These technologies create new vulnerabilities that do not exist in wired network. Some of the techniques and methods of network securities are ineffective. The traditional way of protecting networks with firewalls and encryption software are not sufficient for detecting new types of attack in wireless environment. So, we need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. Many network security systems available in market are capable to secure networks from various kinds of attacks. These techniques are rule dependent and some are rule independent and they are playing important role in information security. The modern network security systems are too complex and time- consuming. These are not affordable on the basis of its cost as well as performance. Many network security systems are not platform independent. In this paper, we demonstrate and revisit experimental standalone methodologies that detect the message modification, replay attacks, an identification of unauthorized users in ad-hoc networks. The proposed system is simple, economical, and platform independent. Keywords: Opponent, Intrusion, NIDS, Anomaly, Misuse, Ad-hoc Network, Digital Signature, Wormhole. 118
  2. 2. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEI INTORDUCTION The network in which the physical connection is not exits is called as Wirelessnetwork. The communication is done without physical communication media betweentwo wireless device or hosts. Due to this the speed of wireless communication is slowerthan wired network. The mobility is the main feature of wireless network, so we canmove it from one place to another. Due to dynamic topology nature of the wirelessnetwork, there are many possibilities to attack wireless devices. Now days, there aremany mobile computing applications in market. We need to develop and deploy intrusiondetection and response techniques to secure mobile computing applications. We canbroadly categorize the attacks in three groups as follows. First of all, the passive eavesdropping to active interfering can be done byopponent in wireless network. In wired network the opponent must gain the physicalaccess to the network and pass through the several lines of defense at firewall, router andgateways level to connect with other device or host. So the opponent can not easilyattack any node in the network. But in wireless network, the attacks can come from alldirections and target at any node. The different attacks such as leaking secret information,message modification, and node impersonation can be possible in wireless network. Secondly, all mobile nodes are autonomous units in network that canindependently roam in entire network. The wireless nodes can be captured, compromised,and hijacked easily with inadequate physical protection. It is difficult to detectcompromised node in global scale network. The attacks by a compromised node fromwithin the network may far more damaging and much harder. Therefore, mobile nodesand the infrastructure must be prepared to operate in trusted network. We have used thedigital signature approach to build the trusted wireless network environment. Third, the decision-making system in wireless network or mobile computingenvironment is decentralized. The most wireless network algorithms depend on thecooperative participation of all nodes and the infrastructure. In the decentralized authoritynetwork, the opponent can exploit the new types of attacks that can break the cooperativealgorithms. In summarization, the wireless network has not a clear line of defense. It isvulnerable due to its features of open medium, dynamic network topological change, 119
  3. 3. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEcooperative algorithms, lack of centralized monitoring and management point and lack ofa clear line of defense. Every wireless node must be prepared for encounters with anopponent directly or indirectly. The opponent can not exploit any vulnerability innetwork because the wireless network management is centralized in our system. In thispaper, we have focused on ad-hoc networks and propose a new model for detectingmessage replay, modification attack and response.II LITERATURE SURVEYA. Attacks in Wireless Environment We can define the wireless network in many ways as mobile ad-hoc networkwhich is a collection of wireless PCs or mobile phones that can be rapidly deployed as amulti hop packet radio network without the aid of any infrastructure or any centralizedadministration [2]. In other words or a mobile Ad-hoc network is a collection of nodesthat is connected through a wireless medium forming rapidly changing topologies.Following are the special properties of mobile ad-hoc network which are essential for theflexibility of a mobile ad-hoc network.1. The communication media is wireless.2. There is no consistency in network topology and membership in the evolvingenvironment.3. There does not exist trust in the communication between two nodes.4. There are limitations on bandwidth, battery lifetime, and computation power. Thisprohibits the deployment of complex routing protocols or encryption algorithms [1]. The dynamic topology changing characteristic of Ad-hoc network allows node tojoin and leave the connection to network at any point of time. So it can not secure thenetwork from vulnerabilities of attack. There are many Security threats in wireless network. The data sends over the airin Wireless LAN. So, the may be accessible outside the physical boundary of anorganization. The wireless traffic can be intercepted and monitored by unauthorized person.The wireless traffic should be encrypted for secure communication. If the traffic is notencrypted properly, the packets can be viewed by anyone using adaptor. The some 120
  4. 4. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEprogram can receive, view, and store all packets circulating on a given Wireless LAN.The transmitter jamming is also possible in wireless network. [5]. The Denial of Service,Reduction of Service and Man in Middle are common attack in Wireless LAN. In theseattacks, the attacker sends malicious traffic in the network [6]. The Denial OF Serviceattack is caused by flooding other wireless clients by duplicating IP or MAC address andby sending bogus packets to target client. In Denial of Service attack, one user or a groupof user send too much information or requests to server. Due to large requests fromdifferent clients, the server’s system resources such as memory, routing services,application software, and operating system, processing bandwidth, queue position etc.becomes busy. That is why the server cannot handle normal, valid requests made fromlegitimate user [6]. The Cache Poisoning is attacks which can occur in network. In this attack, theinformation stored in routing tables is deleted, injected or modified, with falseinformation. We need to observe and analyze these anomaly activities to protect network.Black hole attack in which all traffic is redirected to a specific node only and may notforward to any traffic. Routing Loop attack in which the loop is introduced in a routepath. Network Partition attack in which whole network is partitioned into sub- networks.Due to partition, the nodes in different sub networks cannot communicate to each othereven though a route between them actually does exist. In Selfishness attack a node is notserving as a relay to other nodes. In Fabricated Route Messages attack the Routemessages is modified with malicious information. An incorrect route is advertised intothe network or the opponent can modify the sequence number held in control messages tothe maximal allowed value. Rushing attack is same as route message attack. It can beused to improve Fabricated Route Messages. In several routing protocols, some routemessage types have the property that only the message that arrives first is accepted by arecipient. The attacker simply disseminates a malicious control message quickly to blocklegitimate messages that arrive later. Wormhole creates a tunnel between two nodes thatcan be utilized to transmit packets secretly. In Packet dropping attack opponent nodedrops data packets (conditionally or randomly) in network. Spoofing inject data orcontrol packets with modified source addresses. Malicious Flooding is same as DOS 121
  5. 5. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEattack which deliver unusually large amount of data or control packets to the wholenetwork or some target nodes. Identifying the types of attacks and providing the solution to these attacks can bedone. Identifying the real time attacks also can be done in real-time by forming multiplenumbers of wireless nodes in the cluster. By implementing the Dynamic Source Routingprotocol we can detect and prevent the different attacks in wireless network.B. Security Techniques in Wireless Environment We have described some important security technique in very short. To providedata confidentiality in wireless network as wired network the IEEE 802.11 StandardWired Equivalent Privacy encryption mechanism is used [8, 9]. Equivalent Privacyencryption mechanism uses the RC4 stream ciphering encryption algorithm. WiredEquivalent Privacy encryption mechanism is used to protect wireless communicationfrom eavesdropping and to prevent unauthorized access to network. Wired EquivalentPrivacy encryption mechanism uses a single, static shared key which is strong weaknessof it [9]. The Virtual Private Network technology is another solution for securing thewireless data. It is used to secure communications between remote locations via theInternet. The client of Wireless Network uses a Virtual Private Network tunnel in whichcommunication data remain encrypted until it reaches the gateway of Virtual PrivateNetwork or Access Point (AP). The Virtual Private Network is not self-managingtechnology. The alternative solution is Wi-Fi Protected Access. The Wi-Fi ProtectedAccess eliminates most 802.11 security issues because it adopts a Temporal KeyIntegrity Protocol for data confidentiality and authentication mechanisms. The Wi-FiProtected Access is capable to fix only known attack by using Wired EquivalentPrivacy encryption mechanism. It is not used to detect denial-of-service attacks. The802.1X port based network access control and the Extensible Authentication Protocolare used for strong authentication for each connection [10]. The new IEEE 802.11istandard provides authentication and privacy. 802.11is confidentiality service is builton top of AES strong encryption algorithm. The IEEE 802.11i also can not detect theDenial Of Service attack [9, 10, 11, 12, and 14]. 122
  6. 6. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEC. Types of Intrusion/Attacks Detection Systems Using Intrusion detection system we can ensure integrity and authenticity ofdata. Intrusion Detection system also and can protect wired and wireless network fromunauthorized users. An Intrusion Detection System is a System that is used to identifyintrusions, which may be unauthorized users, misuse or abuses of computer systems byeither authorized users or external opponent. It is very challenging job to identify andprevent intrusion malicious activities or any attack in network for it’s security.Intrusion Detection Software is used to detect computer network from unauthorizeduser and prevent malicious activities. The intrusion detection learning task is to build aclassifier capable of distinguishing between attack, intrusion, and bad connections,normal or good connections [3]. There are many types of Intrusion Detection softwaretechnologies. They are divided into the following four groups based on the type ofevents that they monitor and the ways in which they are deployed. 1. Network Based system monitors network traffic for particular networksegments or devices. It analyses the network and application protocol activity toidentify suspicious activity. It can identify many different types of events of interest. Itis most commonly deployed at a boundary between networks, such as in firewalls orrouters, virtual private network (VPN) servers, remote access servers etc.. 2. Wireless Intrusion detection System monitors wireless network traffic ofdata. It analyses wireless networking protocols to identify suspicious activity involvingthe protocols. It can identify suspicious activity in the application or higher-layernetwork protocols such as TCP, UDP. It is most commonly deployed within range of anorganization’s wireless network to monitor it, but can also be deployed to locationswhere unauthorized wireless networking could be occurring. These are developed forWireless LANs to response to the threats against Wireless LANs and Wireless LANclients. The figure 1 shows the general architecture of the wireless intrusion detectionSystem. 123
  7. 7. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEME Wireless Data Capturing Module Data Preprocessing Module Detector Trainer (Ann, G Module A, F.Logic) Decision Making Module Figure 1 Wireless Intrusion Detection System 3. Network Behaviour Analysis (NBA) system which examines network traffic toidentify threats that generate unusual traffic flows, such as Distributed Denial Of Serviceattacks, certain forms of malware such as worms, backdoors and policy violations.Network Behaviour Analysis systems are most often deployed to monitor flows on anorganization’s internal networks and are also sometimes deployed where they canmonitor flows between an organization’s networks and external networks such as Internetor business partners’ networks. 4. Host-Based system which monitors the characteristics of a single host and theevents occurring within that host for suspicious activity. Examples of characteristics aresystem logs, running processes, application activity, file access and modification, systemand application configuration changes. Host-based Intrusion Detection System is mostcommonly deployed on critical hosts such as publicly accessible servers and serverscontaining sensitive information. Network-based Intrusion Detection System and someforms of host-based Intrusion Detection System have been commercially available forover ten years. Network behaviour analysis software is a somewhat newer form ofIntrusion Detection System that evolved in part from products created primarily to detectDistribute Denial Of Service attacks and in part from products developed to monitortraffic flows on internal networks [3]. 124
  8. 8. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMED. Related work in Wireless Network The many researchers have developed and trying develope to develop the systemwhich could protect the wired as well as wireless network from different attacks. Wehave surveyed different paper of researchers as a study. In this paper, we are discussingsome selected paper to explain their contribution and methods or methodologies used todevelop their own system as follows. P.C.KISHORE RAJA, M.SUGANTHI, SUNDER [16] have described a novelidea of wireless intrusion detection using Media Access Control layer feature set. Inwireless network Media Access Control layer do communication and maintain it to shareradio channel. The protocol is used to enhance communication in wireless media. Theproactive mechanism used in Media Access Control is used to detect intrusion andanomaly behavior, but cannot give perfect prevention. Authors have proposed their workto offer new approach to defense intrusion in wireless network. They have used MediaAccess Control layer feature set to characterize wireless node behavior. The BehaviorBased Intrusion Detection technique is used which is contrast to signature basedtechnique. The signature based technique may be impractical for wireless networkbecause it is very difficult to specify, update and distribute the signature attack inwireless network. The Genetic Algorithm is used on feature set of Maida Access Controlto learn normal behavior and profile it. The past behavior is used to pre direct the currentwireless node behavior. JEYANTHI HALL, MICHEL BARBEAU AND EVANGELOS KRANAKIS[17] has demonstrated novel approach for detecting the Media access control addressspoofing attack in their paper. This novel approach incorporates Radio FrequencyFingerprinting into wireless intrusion detection system. Radio Frequency Fingerprintingtechnique that is used to identify a transceiver based on the transient portion of the signalit generates. They have used feasible Bayesian filter and Radio Frequency Fingerprintingto improve the success rate of Wireless Intrusion Detection System to detect Mediaaccess control address spoofing attack LEON REZNIK AND CARLL HOFFMAN [4] describes the development of theSensor Network Anomaly Detection System (SNADS). SNADS support signal change 125
  9. 9. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEdetection in sensor networks. The SNADS provides a cross-platform management of coresensor network operation. They have used neural network approach to define and fix therules for detection of anomaly in network.. SNADS was designed for heterogeneoussystem. The system is written in Java. MOFREH SALEM, AMANY SARHAN, MOSTAFA ABU-BAKR[5] describedin their paper the technique to detect the DOS attacks in WLANs(Wireless LAN) Theirsystem also is capable for preventing the detected attackers in future The intruders’database (IDB) is used in system which creates and modifies each time an intruder isdetected. This database is used by the technique to inhibit intruders from bringing thenetwork down by a DOS attack. DOUGLAS MADORY [6] has proposed a method of spoof detection using signalstrength analysis in his paper. Due to low-quality wireless networking cards, it is verydifficult to detect wireless spoofs. He proposed his work for detecting wireless spoofusing signal strengthening technique using Discrete Fourier Transformation algorithm. H.BELLAAJ, R.KETATA, A.HSINI [7] have proposed a new fuzzy logicapproach to perform analysis and detection of intrusion in 802.11wireless networks. Thealgorithms construct the networks and generate many cases of daily traffic and intrusion.It catches different values of system and network parameters. The system generate fuzzyrules from numerical data .The system also implement a new rule base on each computerand start system. The system seems auto rule generator for detecting new attack.III PROPOSED SET UP FOR DETECTION OF ATTACKS The different systems currently in markets are capable to secure networks fromvarious kinds of attacks. Some of them are rule dependant and some are rule independentand they are playing important role in information security. The security system we arepresenting is a stand-alone system. It is an intelligent attempt to secure networks fromvarious combined attacks namely message modification and replay attacks in wirelessnetwork. As well as it secure from unauthorized users. We are presenting a distributed intrusion detection system. The system will beinstalled on each node that is authorized users. Security is provided by giving them ausername and a password. These nodes cooperate to each other while deciding the attack 126
  10. 10. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEtype and finding the intruder. In the presented system we are introducing an intrusiondetection system that is capable to detect intruders who modifies and do replay attack.The first thing is that we are providing valid username and password to the each user innetwork. Using that it can login and can run the system. Now further more a digitalsignature is generated and distributed between valid users only. If someone is logged inand have no the digital signature then it will be traced as intruder. The digital signature isused to inspect the user for giving authorization. . All authorized user are allowed to usethe network. So, this system is used to form the network of trusted user. The system is implemented to create replay and message modification attacks byintruder. The figure 2 shows the overall architecture of our system. We show how oursystem reacts to this kind of active attacks and how analyze the situation so that we getexact intruder. In actual intruder hikes the packet and unpack it. Then he modifies thecontents and just broad cast to all other nodes in the network, causing replay attack that issending same message again and again. At the same time message modification activeattack is being caused. Now the system is here that detects such attacks and find out whois behind it and display the details like IP address of the intruder and the messagecontents and corresponding changes made in that. Figure 2 The Architecture for Wireless Network The Authentication and data integrity also can achieve using this system. Theimplementation language java has given wide portability and simplicity [13, 15]. It isvery simple to install and operate. Not more manual energy is required. Security isprovided to system itself by maintaining valid usernames and password. 127
  11. 11. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEFunctions of System 1. This proposed solution provides the authentication. In this system, Digitalsignatures is generated and distributed to the trusted persons only. And whilecommunicating with them the Unique distributed digital signatures are validated. Ifvalidation fails the corresponding person is blacklisted and further watch is kept on hisactivities. 2. This system also provides data integrity by identifying the messagemodification done by intruder. For the purpose the actual data and data size is validated atthe time of reception of messages against original one and looked for any variations. Ifany such mismatch found the intruder is detected and his IP address and his modificationin original message is displayed. System Description: The user can interact with the system through the userinterface. There are different screens are available for the users to enter the details.Following figures are the main snapshots of the system. Figure 3 is showing the DigitalSignature generated by software. Figure 3 Digital Signature Generated by System This Digital Signature is distributed among the user in entire network. The userwho does not have a Digital Signature is defined as intrusion. His message is not shownin Message Inbox window. It is shown in intrusion’s list with his IP address. Figure 4 is showing the message which is broadcasted by sender. This mainMessage Box which receive the message those are sent by Authorized person only. If themodified message is sent by authorized or unauthorized person who do not have DigitalSignature will not put in this message inbox. 128
  12. 12. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEME Figure 4 Message in Message box showing IP address and path Figure 5 is showing the Search window which gives the status of incomingmessage. The message indicating false is original message which broadcasted by othertrusted station. If this message modified and sent by unauthorized person, then it will beindicate as true. Figure 5 Message Broad casted by Authorised Persons in Network Figure 6 is showing the Message Inbox which indicates the message sent byintruder. The message “intruder Message“ is modified by unauthorized user in network.We can easily identify the intruder in network by checking the path through which themessage is broadcasted to the destination. 129
  13. 13. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEIV. FUTURE WORK Due to the inability of NIDS to see all the traffic on switched Ethernet, manycompanies are now turning to Host-based IDS (second generation). These products canuse far more efficient intrusion detection techniques such as heuristic rules and analysis.Depending on the sophistication of the sensor, it may also learn and establish userprofiles as part of its behavior database. Figure 6 Message Broad casted by Intruders in Network A strong IDS Security Policy is the HEART of commercial IDS. It shouldProvides worthwhile information about malicious network traffic and can be programmedto minimize damage. It should be help to identify the source of the incoming probes orattacks and could be used to identify intruders. The good IDS should alert securityperson. But our system does not give any burglar alarm. Our further intension is tointroduce the very strong alert system for security manger’s alertness. Right now wehave focus on only certain attacks but it can be make to find work under different passiveand active attacks. And can produce more accurate and explanatory results can bedisplayed.CONCLUSION In the presented work we have revisited the various experiments that result indetection of message modification, replay attacks and also finds answers on unauthorizedusers. This standalone experiment is robust and functioning as the set objectives. The 130
  14. 14. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEMEJava implementation is virtually portable and platform independent. The set up is simple,economical and demonstrates the results on alterations by intruders.REFERENCES[1] “Trusted Routing and Intruder Identification in Mobile Ad Hoc Net works”. Bharat Bhargava, Michael Zoltowsk, Pascal MeunierPurdue. University, West Lafayette, IN 47907, USA.[2] “A distributed routing algorithm for mobile radio networks” M. Corson and A. Ephremides . MILCOM 89, 1989.[3] “Recent Trends in IDS: Approaches and Tools”. D.P.Gaikwad, M.A.Pradhan”. Department of Computer Engineering, AISSM”S College Of Engg., Pune -1, 2010.[4] “Development of the Intelligent Sensor Network Anomaly Detection System: Problems and Solutions”. Leon Reznik and Carll Hoffman[5] “A DOS Attack Intrusion Detection and Inhibition Technique for Wireless Computer Networks “.Mofreh Salem, Amany Sarhan, Mostafa Abu-Bakr. Computers and System Dept, Faculty of Engineering,Mansoura Univ., Egypt.[6] “New Methods of Spoof Detection in 802.11b Wireless Networking”. Douglas Madory. Thesis Submitted to the Faculty in partial fulfillment of the requirements for the degree of Master of Science.[7] “Fuzzy approach for 802.11 wireless intrusion detection”. H.BELLAAJ,, R.KETATA, A.HSINI . Military Academy of Fondouk Jedid Nabeul Tunisia[8] “An Efficient Collision-Free MAC Protocols for Ad Hoc Wireless Network”. Tiantong You, Chi-Hsiang Yeh, Hossam Hassanein: BROADEN .In proceedings of the 3rd International, Workshop on Wireless Local Networks, LCN 2003, October 2003.[9] “Security Issues in IEEE 802.11 Wireless Local-Area Networks: A Survey”. Arunesh Mishra, Nick L. Petroni, and William A. Arbaugh.. Wireless Communications and Mobile Computing Journal, vol. 4, no. 8, pp. 821-833, 2004.[10] “Wi-Fi Alliance. Securing Wi-Fi Wireless Networks with Today’s Technologies”. White paper, February 2003.[11] “Distributed monitoring of Wi-Fi Channel”. Aime M and Calandriello G (2005). 131
  15. 15. International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 – 6367(Print),ISSN 0976 – 6375(Online) Volume 1, Number 2, Sep - Oct (2010), © IAEME[12] “802.11 denial of service attacks: real Vulnerabilities and practical solutions”. Bellardo J and Savage S (2003). In proceedings of the 11th USENIX security symposium, pages15-18, Washington D.C, USA.[13] “Java 2 the Complete Reference”. Herbert Schildt .Tata Mc Grwa Hill[14] “A system to Detect greedy behavior In IEEE 802.11”. Shannon C.E. and W. Weaver[15] “The Java 2 Black Book”. Steven Holzner[16] “Wireless Node Misbehavior Detection Using Genetic Algorithm”, P.C.Kishore Raja, M.Suganthi, Sunder. Information Technology Journal 7(1):143-148, 2008.[17] “Enhancing Intrusion Detection In Wireless Networks Using Radio Frequency Fingerprinting”. Jeyanthi Hall, Michel Barbeau and Evangelos Kranakis. School of Computer Science Carleton University 1125 Colonel By Drive Ottawa, Ontario, Canada. 132