Distributed (P2P) botnets have as of late been received by botmasters for their versatility against take-down
endeavors. Other than being harder to bring down, p2p botnets tend to be stealthier in the way they perform
vindictive exercises, making current discovery approaches ineffectual. In this paper, we simulate our proposal
by detecting a gray hole attack in an Ad Hoc network using NS2.The detected malicious node is listed in a black
hole list and notices all other nodes in the network to stop communicating with them. Our botnet location
framework has been equipped for identifying stealthy P2P botnets (Gray Hole nodes) and can reduce packet loss
caused by malicious nodes and have a better packet delivery ratio (PDR) within less period of time.
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.
Abstract: Forged source IP addresses are used by the attackers to hide the locations. For finding the locations of the attackers IP Traceback Mechanism have been used. IP Traceback approaches can be classified in to Packet Marking, ICMP Traceback, Logging on the Router, Link Testing, Overlay and Hybrid Tracing, Based on the captured backscatter messages spoofing activities are still frequently observed. The IP Traceback system on the internet contain with two critical challenges. The first one is the cost to adopt a traceback mechanism in the routing system. It introduces considerable overhead to the routers generation, packet logging, especially in the high performance networks. The second one is the difficulty to make Internet Service Providers(ISP) collobrate. Attackers spread over every corner of the world, single ISPs to deploy its own traceback system is meaningless. ISPs are generally lack of explicit incentive to help clients of the others to trace attackers in their managed system. There are lot of IP traceback mechanisms and large number of spoofing activities observed , but the real locations of spoofers still remain mystery. Due to the some of the drawbacks it has not been widely used to trace the IP traceback solution. Finally, it was not used to find the locations of the attackers. To overcome the drawback of IP traceback mechanism we propose a Passive IP Traceback Mechanism(PIT). The router may generate an ICMP error message and send the message to the spoofed source addresses. The routers can be close to the attackers, the path backscatter messages may disclose the locations of the attackers. PIT can work in a number of spoofing activities. This technique uses the ICMP features and find the attackers by applying PIT on the ICMP dataset, a number of locations of attackers are captured and presented. As a result, these technique reveal IP spoofing, but it was not well understood. In future, it may be the most suitable mechanism for tracing the attackers on the Internet Level Traceback System.
Keywords: IP Traceback, packet logging, path backscatter, hybrid tracing, link testing.
Title: REVEALING THE LOCATIONS OF IP SPOOFERS FROM ICMP
Author: J Saranya, Dr. A J Deepa
ISSN 2350-1022
International Journal of Recent Research in Mathematics Computer Science and Information Technology
Paper Publications
Optimal remote access trojans detection based on network behaviorIJECEIAES
RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.
Abstract: Forged source IP addresses are used by the attackers to hide the locations. For finding the locations of the attackers IP Traceback Mechanism have been used. IP Traceback approaches can be classified in to Packet Marking, ICMP Traceback, Logging on the Router, Link Testing, Overlay and Hybrid Tracing, Based on the captured backscatter messages spoofing activities are still frequently observed. The IP Traceback system on the internet contain with two critical challenges. The first one is the cost to adopt a traceback mechanism in the routing system. It introduces considerable overhead to the routers generation, packet logging, especially in the high performance networks. The second one is the difficulty to make Internet Service Providers(ISP) collobrate. Attackers spread over every corner of the world, single ISPs to deploy its own traceback system is meaningless. ISPs are generally lack of explicit incentive to help clients of the others to trace attackers in their managed system. There are lot of IP traceback mechanisms and large number of spoofing activities observed , but the real locations of spoofers still remain mystery. Due to the some of the drawbacks it has not been widely used to trace the IP traceback solution. Finally, it was not used to find the locations of the attackers. To overcome the drawback of IP traceback mechanism we propose a Passive IP Traceback Mechanism(PIT). The router may generate an ICMP error message and send the message to the spoofed source addresses. The routers can be close to the attackers, the path backscatter messages may disclose the locations of the attackers. PIT can work in a number of spoofing activities. This technique uses the ICMP features and find the attackers by applying PIT on the ICMP dataset, a number of locations of attackers are captured and presented. As a result, these technique reveal IP spoofing, but it was not well understood. In future, it may be the most suitable mechanism for tracing the attackers on the Internet Level Traceback System.
Keywords: IP Traceback, packet logging, path backscatter, hybrid tracing, link testing.
Title: REVEALING THE LOCATIONS OF IP SPOOFERS FROM ICMP
Author: J Saranya, Dr. A J Deepa
ISSN 2350-1022
International Journal of Recent Research in Mathematics Computer Science and Information Technology
Paper Publications
Optimal remote access trojans detection based on network behaviorIJECEIAES
RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...Ijripublishers Ijri
There is a necessity to think over IP traceback technique that help us to track or predict IP address details of malicious
attackers and reveal their actual locations. In spite of lot of research over IP traceback solutions, still there is a necessity
to find an optimal solution that could be implemented at the level of Internet. Real identity of spoofers couldn’t be
revealed by conventional techniques used until today. Through this paper we emphasize primarily on traceback of passive
IP (PIPT) that avoid the procedural risks involved in implementing IP traceback solutions. Path Backscatter (Internet
Control Message Protocol (ICMP) error messages) is probed by PIPT. Spoofing traffic fires these Backscatter, in order to
find the details of spoofer’s topological physical identity and bypasses procedural risks.
Impacts of normal mode and complication mode over Router topological structure are visualized. Nodal info tracker
over parameter i.e Bandwidth, digital sign, source IP, Dest IP and attack status on three network parameters. Spoofing
has been performed on IP addresses, packet data and bandwidth .These three parameter i.e IP addresses, packet data,
bandwidth status and topological nature are been demonstrated through technical stimulation. From the study made
we are able to assure optimized technique of traceback system through PIPT, in order to face the challenges of deployment
at internet level.
DDoS attacks have become one of the most dangerous issues in the Internet today. Because of these attacks, legitimate users can not access the resources they need. In [1] authors proposed a combined method for tracing and blocking the sources of DDoS-attacks. The essence of the method is that each router marks the network packet that passes through it using a random hash function from the set. At the receiving side this information is stored and used to filter unwanted traffic and traceback the source of distributed attack. This article describes the simulation and its results of the combined method.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Passive ip traceback disclosing the locations of ip spoofers from path backscShakas Technologies
It is long known attackers may use forged source IP address to conceal their real locations. To capture the spoofers, a number of IP traceback mechanisms have been proposed. However, due to the challenges of deployment, there has been not a widely adopted IP traceback solution, at least at the Internet level.
Review on Detection & Prevention Methods for Black Hole Attack on AODV based ...IJERD Editor
Dynamic nature of Mobile Ad-hoc networks (MANET) challenges the quality of service (QoS)
because route failure probability is increased in MANET due to the mobility of nodes. Lack of fixed
infrastructure, wireless shared medium and dynamic topology makes MANET prone to different types of
attacks. Ad-hoc On-Demand Distance Vector (AODV) routing protocol in MANETs which is vulnerable to a
variety of security threats in ad-hoc networks. Black hole attack is an attack that drop considerable number of
packet by performing packet forwarding misbehaviour and violate the security to cause Denial-of-Service
(DoS) in Mobile Ad-hoc networks (MANET). In this paper we investigate different mechanism to detect and
prevent black hole attack in AODV protocol. We also discuss about advantages and disadvantages of the
methods.
AN ENERGY EFFICIENT COUNTERMEASURE AGAINST MULTIPLE ATTACKS OF THE FALSE DATA...ijcsity
Nodes are easily exposed from generated attacks on various layers because they compose simple functions in sensor networks. The false data injection attack drains finite energy resource in a compromised node,and the false HELLO flood attack threatens constructed routing paths in an adversary node. A localized encryption and authentication protocol (LEAP) was developed to prevent the aforementioned attacks through the use of four keys. However, when these attacks occur simultaneously, LEAP may not prevent damage from spreading rapidly throughout the network. In this paper, we propose a method that addresses these attacks through the use of four types of keys, including two new keys. We also improve energy consumption while maintaining a suitable security level. The effectiveness of the proposed method was evaluated relative to that of LEAP when multiple attacks occur. The experimental results reveal that the proposed method enhances energy saving by up to 12% while maintaining sufficient detection power
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
Now a day frequency of attacks on network is increased. In this, denial of services (DOS) and IP spoofing are more common. It is very difficult to find out these attacks. Denial of services (DOS) and its type Distributed denial of services (DDOS) are significant problem because it is very hard to detect it. Its main aim to shut resource from internet, and make resource unavailable to legitimate users. IP source address forgery, or “spoofing,” is a long-recognized consequence of the Internet’s lack of packet-level authenticity. IP spoofing is very powerful when it implemented with Distributed denial of services (DDOS). In this paper we deal with the information gathering process to do attacks. The information gathering about the weaknesses of the target system and helps to do attack. Lastly we proposed a new model to protect from attacks.
S IMULATION B ASED S TUDY OF C OOPERATIVE B LACK H OLE A TTACK R ESOLU...pijans
An Ad hoc Network is a pool of wireless mobile node
s energetically forming a network without the use o
f
any pre-accessible network infrastructure or centra
lized administrator. These nodes communicate with
each other by hop-to-hop communication. This dynami
c topology of mobile ad-hoc networks (MANETs)
allows nodes to get attached and leave the network
at any second of time. Thus MANET can be used in a
variety of fields. Current MANETs are designed prim
ary for military utility. This generic characterist
ic of
MANET has rendered its vulnerability to security at
tacks. Due to which unprotected attacks of the
malicious nodes can occur at any time. This paper f
ocuses on one such attack known as “Black hole
attack” and the routing protocol being used here is
AODV
MANET is a dynamic network with large number of mobile nodes .As the traffic increases over the manet it will leads to number of problems i.e congestion and packet loss .This congestion and packet loss problems occurs due to the attack in manet .one of attack is black hole attack .As a result some packet loss over the network and slows the communication process.In this paper we are providing the solution against black hole attack which is based on fuzzy rule .fuzzy rule based solution identify the infected node as well as provide the solution to reduce data loss over network.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
Today different types of malware exist in the Internet. Among them one of the
malware is known as botnet which is frequently used for many cyber attacks and crimes in
the Internet. Currently botnets are the main rootcause for several illegal activities like
spamming, DDoS, click fraud etc. Botnets operate under the command and control(C&C)
infrastructure which makes its functioning unique. As long as the Internet exists botnet also
will exist. It can be used to perpetrate many Internet crimes. So fighting against them is a
challenging problem. The P2P-decentralized based botnets are more dangerous than
centralized botnets. In this paper a novel approach for the detection of P2P based botnet is
presented. The proposed approach for the detection of botnet in the network stream
analysis has been done in three phases. The first phase begins with the identification of P2P
node and the second phase deals with the clustering of the suspicious P2P node. Finally
botnet detection procedure has been applied which is based on stability of bots.
Experimental results show that the proposed approach detects more number of bots with
high accuracy.
Detection of Peer-to-Peer Botnets using Graph MiningIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against detection. This paper proposes a method that uses a network communication graph from network flow data to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's final result is obtained by applying an ensemble algorithm to the results of the three graph-mining techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the method is evaluated using a publicly available dataset. Experimental results show that the method performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than existing methods.
Ijricit 01-001 pipt - path backscatter mechanism for unveiling real location ...Ijripublishers Ijri
There is a necessity to think over IP traceback technique that help us to track or predict IP address details of malicious
attackers and reveal their actual locations. In spite of lot of research over IP traceback solutions, still there is a necessity
to find an optimal solution that could be implemented at the level of Internet. Real identity of spoofers couldn’t be
revealed by conventional techniques used until today. Through this paper we emphasize primarily on traceback of passive
IP (PIPT) that avoid the procedural risks involved in implementing IP traceback solutions. Path Backscatter (Internet
Control Message Protocol (ICMP) error messages) is probed by PIPT. Spoofing traffic fires these Backscatter, in order to
find the details of spoofer’s topological physical identity and bypasses procedural risks.
Impacts of normal mode and complication mode over Router topological structure are visualized. Nodal info tracker
over parameter i.e Bandwidth, digital sign, source IP, Dest IP and attack status on three network parameters. Spoofing
has been performed on IP addresses, packet data and bandwidth .These three parameter i.e IP addresses, packet data,
bandwidth status and topological nature are been demonstrated through technical stimulation. From the study made
we are able to assure optimized technique of traceback system through PIPT, in order to face the challenges of deployment
at internet level.
DDoS attacks have become one of the most dangerous issues in the Internet today. Because of these attacks, legitimate users can not access the resources they need. In [1] authors proposed a combined method for tracing and blocking the sources of DDoS-attacks. The essence of the method is that each router marks the network packet that passes through it using a random hash function from the set. At the receiving side this information is stored and used to filter unwanted traffic and traceback the source of distributed attack. This article describes the simulation and its results of the combined method.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Passive ip traceback disclosing the locations of ip spoofers from path backscShakas Technologies
It is long known attackers may use forged source IP address to conceal their real locations. To capture the spoofers, a number of IP traceback mechanisms have been proposed. However, due to the challenges of deployment, there has been not a widely adopted IP traceback solution, at least at the Internet level.
Review on Detection & Prevention Methods for Black Hole Attack on AODV based ...IJERD Editor
Dynamic nature of Mobile Ad-hoc networks (MANET) challenges the quality of service (QoS)
because route failure probability is increased in MANET due to the mobility of nodes. Lack of fixed
infrastructure, wireless shared medium and dynamic topology makes MANET prone to different types of
attacks. Ad-hoc On-Demand Distance Vector (AODV) routing protocol in MANETs which is vulnerable to a
variety of security threats in ad-hoc networks. Black hole attack is an attack that drop considerable number of
packet by performing packet forwarding misbehaviour and violate the security to cause Denial-of-Service
(DoS) in Mobile Ad-hoc networks (MANET). In this paper we investigate different mechanism to detect and
prevent black hole attack in AODV protocol. We also discuss about advantages and disadvantages of the
methods.
AN ENERGY EFFICIENT COUNTERMEASURE AGAINST MULTIPLE ATTACKS OF THE FALSE DATA...ijcsity
Nodes are easily exposed from generated attacks on various layers because they compose simple functions in sensor networks. The false data injection attack drains finite energy resource in a compromised node,and the false HELLO flood attack threatens constructed routing paths in an adversary node. A localized encryption and authentication protocol (LEAP) was developed to prevent the aforementioned attacks through the use of four keys. However, when these attacks occur simultaneously, LEAP may not prevent damage from spreading rapidly throughout the network. In this paper, we propose a method that addresses these attacks through the use of four types of keys, including two new keys. We also improve energy consumption while maintaining a suitable security level. The effectiveness of the proposed method was evaluated relative to that of LEAP when multiple attacks occur. The experimental results reveal that the proposed method enhances energy saving by up to 12% while maintaining sufficient detection power
COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITYIJNSA Journal
Now a day frequency of attacks on network is increased. In this, denial of services (DOS) and IP spoofing are more common. It is very difficult to find out these attacks. Denial of services (DOS) and its type Distributed denial of services (DDOS) are significant problem because it is very hard to detect it. Its main aim to shut resource from internet, and make resource unavailable to legitimate users. IP source address forgery, or “spoofing,” is a long-recognized consequence of the Internet’s lack of packet-level authenticity. IP spoofing is very powerful when it implemented with Distributed denial of services (DDOS). In this paper we deal with the information gathering process to do attacks. The information gathering about the weaknesses of the target system and helps to do attack. Lastly we proposed a new model to protect from attacks.
S IMULATION B ASED S TUDY OF C OOPERATIVE B LACK H OLE A TTACK R ESOLU...pijans
An Ad hoc Network is a pool of wireless mobile node
s energetically forming a network without the use o
f
any pre-accessible network infrastructure or centra
lized administrator. These nodes communicate with
each other by hop-to-hop communication. This dynami
c topology of mobile ad-hoc networks (MANETs)
allows nodes to get attached and leave the network
at any second of time. Thus MANET can be used in a
variety of fields. Current MANETs are designed prim
ary for military utility. This generic characterist
ic of
MANET has rendered its vulnerability to security at
tacks. Due to which unprotected attacks of the
malicious nodes can occur at any time. This paper f
ocuses on one such attack known as “Black hole
attack” and the routing protocol being used here is
AODV
MANET is a dynamic network with large number of mobile nodes .As the traffic increases over the manet it will leads to number of problems i.e congestion and packet loss .This congestion and packet loss problems occurs due to the attack in manet .one of attack is black hole attack .As a result some packet loss over the network and slows the communication process.In this paper we are providing the solution against black hole attack which is based on fuzzy rule .fuzzy rule based solution identify the infected node as well as provide the solution to reduce data loss over network.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
Today different types of malware exist in the Internet. Among them one of the
malware is known as botnet which is frequently used for many cyber attacks and crimes in
the Internet. Currently botnets are the main rootcause for several illegal activities like
spamming, DDoS, click fraud etc. Botnets operate under the command and control(C&C)
infrastructure which makes its functioning unique. As long as the Internet exists botnet also
will exist. It can be used to perpetrate many Internet crimes. So fighting against them is a
challenging problem. The P2P-decentralized based botnets are more dangerous than
centralized botnets. In this paper a novel approach for the detection of P2P based botnet is
presented. The proposed approach for the detection of botnet in the network stream
analysis has been done in three phases. The first phase begins with the identification of P2P
node and the second phase deals with the clustering of the suspicious P2P node. Finally
botnet detection procedure has been applied which is based on stability of bots.
Experimental results show that the proposed approach detects more number of bots with
high accuracy.
Detection of Peer-to-Peer Botnets using Graph MiningIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against detection. This paper proposes a method that uses a network communication graph from network flow data to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's final result is obtained by applying an ensemble algorithm to the results of the three graph-mining techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the method is evaluated using a publicly available dataset. Experimental results show that the method performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than existing methods.
DETECTION OF PEER-TO-PEER BOTNETS USING GRAPH MININGIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly
every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious
activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and
government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against
detection. This paper proposes a method that uses a network communication graph from network flow data
to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's
final result is obtained by applying an ensemble algorithm to the results of the three graph-mining
techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the
method is evaluated using a publicly available dataset. Experimental results show that the method
performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than
existing methods.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
Review on Grey- Hole Attack Detection and PreventionIJARIIT
These Grey Hole attacks poses a serious security threat to the routing services by attacking the reactive routing protocols resulting in drastic drop of data packets. AODV (Ad hoc on demand Distance Vector) routing being one of the many protocols often becomes an easy victim to such attacks. The survey also gives up-to-date information of all the works that have been done in this area. Besides the security issues they also described the layered architecture of MANET, their applications and a brief summary of the proposed works that have been done in this area to secure the network from Grey Hole attacks
TRIDNT: THE TRUST-BASED ROUTING PROTOCOL WITH CONTROLLED DEGREE OF NODE SELFI...IJNSA Journal
In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Node misbehaviour due to selfish or malicious intention could significantly degrade the performance of MANET because most existing routing protocols in MANET are aiming at finding most efficiency path. In this paper, we propose a Two node-disjoint Routes protocol for Isolating Dropper Node in MANET (TRIDNT) to deal with misbehaviour in MANET. TRIDNT allows some degree of selfishness to give an incentive to the selfish nodes to declare itself to its neighbours, which reduce the misbehaving nodes searching time. In TRIDNT two node-disjoint routes between the source and destination are selected based on their trust values. We use both DLL-ACK and end-to-end TCP-ACK to monitor the behaviour of routing path nodes: if a malicious behaviour is detected then the path searching tool starts to identify the malicious nodes and isolate them. Finally by using a mathematical analysis we find that our proposed protocol reduces the searching time of malicious nodes comparing to the route expected life time, and avoids the isolated misbehaving node from sharing in all future routes, which improve the overall network throughput.
Performance measurement of MANET routing protocols under Blackhole security a...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Analysis of threats and security issues evaluation in mobile P2P networks IJECEIAES
Technically, mobile P2P network system architecture can consider as a distributed architecture system (like a community), where the nodes or users can share all or some of their own software and hardware resources such as (applications store, processing time, storage, network bandwidth) with the other nodes (users) through Internet, and these resources can be accessible directly by the nodes in that system without the need of a central coordination node. The main structure of our proposed network architecture is that all the nodes are symmetric in their functions. In this work, the security issues of mobile P2P network system architecture such as (web threats, attacks and encryption) will be discussed deeply and then we propose different approaches and we analysis and evaluation of these mobile P2P network security issues and submit some proposal solutions to resolve the related problems with threats and other different attacks since these threats and attacks will be serious issue as networks are growing up especially with mobility attribute in current P2P networks.
A survey on Stack Path Identification and Encryption Adopted as Spoofing Defe...IOSR Journals
Abstract: Spoofing attacks are a constant nag in the information world, so many methodologies have been
invented to reduce on its effects but still there is a lot left to be desired. The kind of impact that this attacks have
on Electronic Payment Systems is so detrimental to the economic world given that this systems are viewed as
performance enhancers on payments. This study elaborates two methodologies a combination of StackPi and
Encryption as spoofing defense methodologies. Billions of shillings are lost in this rollercoaster thus giving rise
to a situation that deserves undivided attention and should be researched on. A profound argument on the
methodologies that have been used in this mission to eradicate spoofing attacks, the limitations that they posses
and other methodologies that have been brought in play to succeed them elicits an interesting he strategy of
integrating or combining methodologies and the benefits that this strategy contributes to curbing spoofing
attacks. With that knowledge underhand, it can be justified why the combination of Stack Pi and Encryption is a
recommended solution against spoofing attacks.
Keywords: Electronic Payment Systems, Encryption, Security, Spoofing attacks, Stack Pi
Mobile Ad-hoc Network is group of wireless mobile device with restricted broadcast range and no use of base Infrastructure. The secure routing model helps for reduced honest elicitation and free riding problem. The term honest elicitation means it forward high recommendation for malicious node in order to avoid itself. It means the high recommendation for colludingmalicious node. When operating in hostile or suspicious setting, MANETs require privacy and ,communication security in routing protocol. In this paper we present the type of attacks and operation on network layer with routing protocol technique i.e. based on an on-demand locationbased anonymous MANET routing protocol called SMRT (secure MANET routing technique ,with trust model) that achieves security and privacy against insider and outsider adversaries.
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.
Botnet detection using ensemble classifiers of network flow IJECEIAES
Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.
IPv6 flood attack detection based on epsilon greedy optimized Q learning in s...IJECEIAES
Internet of things is a technology that allows communication between devices within a network. Since this technology depends on a network to communicate, the vulnerability of the exposed devices increased significantly. Furthermore, the use of internet protocol version 6 (IPv6) as the successor to internet protocol version 4 (IPv4) as a communication protocol constituted a significant problem for the network. Hence, this protocol was exploitable for flooding attacks in the IPv6 network. As a countermeasure against the flood, this study designed an IPv6 flood attack detection by using epsilon greedy optimized Q learning algorithm. According to the evaluation, the agent with epsilon 0.1 could reach 98% of accuracy and 11,550 rewards compared to the other agents. When compared to control models, the agent is also the most accurate compared to other algorithms followed by neural network (NN), K-nearest neighbors (KNN), decision tree (DT), naive Bayes (NB), and support vector machine (SVM). Besides that, the agent used more than 99% of a single central processing unit (CPU). Hence, the agent will not hinder internet of things (IoT) devices with multiple processors. Thus, we concluded that the proposed agent has high accuracy and feasibility in a single board computer (SBC).
Using recycled concrete aggregates (RCA) for pavements is crucial to achieving sustainability. Implementing RCA for new pavement can minimize carbon footprint, conserve natural resources, reduce harmful emissions, and lower life cycle costs. Compared to natural aggregate (NA), RCA pavement has fewer comprehensive studies and sustainability assessments.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
A review on techniques and modelling methodologies used for checking electrom...nooriasukmaningtyas
The proper function of the integrated circuit (IC) in an inhibiting electromagnetic environment has always been a serious concern throughout the decades of revolution in the world of electronics, from disjunct devices to today’s integrated circuit technology, where billions of transistors are combined on a single chip. The automotive industry and smart vehicles in particular, are confronting design issues such as being prone to electromagnetic interference (EMI). Electronic control devices calculate incorrect outputs because of EMI and sensors give misleading values which can prove fatal in case of automotives. In this paper, the authors have non exhaustively tried to review research work concerned with the investigation of EMI in ICs and prediction of this EMI using various modelling methodologies and measurement setups.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
Online aptitude test management system project report.pdfKamal Acharya
The purpose of on-line aptitude test system is to take online test in an efficient manner and no time wasting for checking the paper. The main objective of on-line aptitude test system is to efficiently evaluate the candidate thoroughly through a fully automated system that not only saves lot of time but also gives fast results. For students they give papers according to their convenience and time and there is no need of using extra thing like paper, pen etc. This can be used in educational institutions as well as in corporate world. Can be used anywhere any time as it is a web based application (user Location doesn’t matter). No restriction that examiner has to be present when the candidate takes the test.
Every time when lecturers/professors need to conduct examinations they have to sit down think about the questions and then create a whole new set of questions for each and every exam. In some cases the professor may want to give an open book online exam that is the student can take the exam any time anywhere, but the student might have to answer the questions in a limited time period. The professor may want to change the sequence of questions for every student. The problem that a student has is whenever a date for the exam is declared the student has to take it and there is no way he can take it at some other time. This project will create an interface for the examiner to create and store questions in a repository. It will also create an interface for the student to take examinations at his convenience and the questions and/or exams may be timed. Thereby creating an application which can be used by examiners and examinee’s simultaneously.
Examination System is very useful for Teachers/Professors. As in the teaching profession, you are responsible for writing question papers. In the conventional method, you write the question paper on paper, keep question papers separate from answers and all this information you have to keep in a locker to avoid unauthorized access. Using the Examination System you can create a question paper and everything will be written to a single exam file in encrypted format. You can set the General and Administrator password to avoid unauthorized access to your question paper. Every time you start the examination, the program shuffles all the questions and selects them randomly from the database, which reduces the chances of memorizing the questions.
Public Key Cryptosystem Approach for P2P Botnet Detection and Prevention
1. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 7 | P a g e
Public Key Cryptosystem Approach for P2P Botnet Detection and
Prevention
Anas Aliyu Usman1
, A Arokiaraj Jovith2
1
Department of Information Technology, SRM University, Kattankulathur-603203
2
Department of Information Technology, SRM University, India
ABSTRACT
Distributed (P2P) botnets have as of late been received by botmasters for their versatility against take-down
endeavors. Other than being harder to bring down, p2p botnets tend to be stealthier in the way they perform
vindictive exercises, making current discovery approaches ineffectual. In this paper, we simulate our proposal
by detecting a gray hole attack in an Ad Hoc network using NS2.The detected malicious node is listed in a black
hole list and notices all other nodes in the network to stop communicating with them. Our botnet location
framework has been equipped for identifying stealthy P2P botnets (Gray Hole nodes) and can reduce packet loss
caused by malicious nodes and have a better packet delivery ratio (PDR) within less period of time.
Keywords - Peer-to-Peer (P2P), bot, Botnet, Bot-master
I. INTRODUCTION
A BOTNET is a collection of compromised
hosts that are remotely controlled by a malicious user
usually called an attacker or a botmaster through a
Command and Control (C&C) channel [1]. People
with malicious intent make use of the botnet as a tool
for various cybercrimes such as Distributed Denial of
Service (DDoS) attack, Generation of spam emails,
Click Fraud and so on. The C&C is used for issuing
command to the bots and receiving information from
them. For more than a decades there is an immense
rise of the peer-to-peer computing paradigm [10].
This is due to the fact that traditional botnet represent
a single point of failure [1]. Most of the security
researches focuses on bringing down the central
control because it is like taking the whole botnet
down. Botnet Bot usually refers to software robots,
which are used to automate tasks. Nowadays bot
refers to an infected/compromised computer which
can accept commands from remote controller (bot
master). Botnet is a network of infected systems
under the control of a bot master. The bot master can
perform coordinated activities with these bots by
issuing commands. In recent times, use of bots for
nefarious activities pose serious threat. In P2P bots,
commands are communicated through push/pull
mechanism. Bot master publishes a command file
over the P2P network. The bots then use the pull
mechanism to obtain the command file [5]. P2P bots
have to constantly communicate with its neighbours
for commands and has to send KEEP ALIVE
messages to other bots in the network. P2P botnets do
not suffer from single point of failure but
coordination of bots is difficult compared to the
centralized architecture [10]. The advantages of P2P
botnet over the centralised structure includes non-
existence of C&C which reduced the dependency on
the C&C server but it does not mean it is completely
gone, bot may still decide to contact a C&C server
under specific conditions. Example when there is
stolen data to communicate back to the attacker. If
they managed to completely remove the server then
this can be considered a step to strengthening the
botnet. If it only operates through P2P then it
becomes nearly impossible to track the Guys behind
it. P2P bot’s life cycle consists of the following steps
[10]:
Figure 1: P2P Botnet structure
First Stage (Infection stage)
The p2p bot’s life cycle begins with the infection
stage. The victim computer can be exploitation due to
any one of the following reasons:
Unpatched vulnerabilities
Backdoors
left by Trojans
Password guessing and brute force attacks.
During infection period the bot spreads (this
might happen through drive-by downloads, a
malicious software being installed by end-user,
and/or infected USB sticks, etc.).
RESEARCH ARTICLE OPEN ACCESS
2. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 8 | P a g e
Second Stage (Rally stage)
This is where the bot connects with a peer list in
order to join the P2P networks.
Third Stage (Waiting stage)
During this stage, bots waits for the bot-master’s
command
Fourth Stage (Execution stage)
This is the final stage in which it actually carries
out a command, such as:
Denial of-service (DoS) attack
Generate spam emails
Click fraud, etc.
The rest of the paper is organized as follows [4].
Section II discusses some related work on various
approaches for detecting and prevention of P2P
botnet. Section III discusses working principle of Ad
hoc on Demand Distance Vector (AODV). Section
IV discusses Secured AODV (SAODV). Section V
discussed the proposed mechanism used the paper.
Section VI the simulation result and finally section
VII discusses the conclusion and future work.
II. RELATED WORK
Yao Zhaoy proposed [8] has described a plan
and execute a framework called Botgraph to
distinguish the Web-record ill-use assault at a huge
scale. We make two vital commitments. They first
commitment is to propose a novel graph based
methodology to distinguish the new Web-record
misuse assault. This methodology uncovered the
underlying associations among client login exercises
by developing an extensive user diagram. Yao
Zhaoy’s methodology is focused around the
perception that bot-clients offer IP addresses when
they log in and send messages.
Ms. Meenakshi et al [3] has simulate a gray hole
attack as a malicious activity in ad hoc network using
NS2.
Junjie Zhang et al presented [9] one of the most
efficient method for detecting P2P botnet. Primarily
their system identifies all host that are likely engaged
in P2P communications and then derive a statistical
fingerprints of the P2P communications to do the
following task: Firstly, to Maintain and Monitor
Profile of P2P traffic and further differentiate
between P2P botnet traffic and legitimate P2P traffic.
Shalini Jain et al has presented [11] where a
novel algorithm for detecting and prevention of
cooperative black and gray hole attacks in a Mobile
ad hoc networks.
Pratik Narang et al presented [10]. Peer shark is
a novel methodology designed to detect p2p botnet
traffic and differentiate it from benign p2p traffic in a
network. It uses 2-tuple “conversation based”
approach and it does not require deep packet
inspection and can classify different p2p application
with accuracy greater than ninety percent. Peer shark
has the advantage of lack of single point-of failure
and can categorize exact p2p application running on a
host inside a network. Peer shark is limited to
independent on deep packet inspection or a signature-
based mechanism (uses by botnets/ application using
encryption).
Jay dip et al [4] has proposed a mechanism for
detecting a gray hole attack in a mobile ad hoc
network.
III. AD HOC ON-DEMAND DISTANCE
VECTOR (AODV)
The Ad-hoc On-demand Distance Vector
(AODV) routing protocol allows mobile nodes to
quickly obtain routes for a new destinations, and it
does not require nodes to maintain routes to the
destinations that are in not in active communication
[6]. It is classified under reactive protocol [3]. The
main function of AODV is route discovery and route
maintenance. The route discovery process begins
with the creation of route request (RREQ) packet. To
find a route to a particular destination node, the
source node broadcast a RREQ to its immediate
neighbors [12]. If one of these neighbors has a route
to the destination, then it replies back with route
reply (RREP) packet. Otherwise the neighbors in turn
rebroadcast the request. This continues until the
RREQ hits the final destination or a node with a route
to the destination. In AODV, the routing protocol
uses a destination sequence number for each route
entry. The destination sequence is generated by the
destination when a connection is requested to it [5].
The principle of this protocol is the greater the
destination sequence number the fresher the route
[14].In addition to the source node's IP address,
current sequence number, and broadcast ID, the
RREQ also contains the most recent sequence
number for the destination of which the source node
is aware. A node receiving the RREQ may send a
route reply (RREP) if it is either the destination or if
it has a route to the destination with corresponding
sequence number greater than or equal to that
contained in the RREQ. If this is the case, it unicasts
a RREP back to the source. Otherwise, it
rebroadcasts the RREQ. Nodes keep track of the
RREQ's source IP address and broadcast ID. If they
receive a RREQ which they have already processed,
they discard the RREQ and do not forward it. As the
RREP propagates back to the source, nodes set up
forward pointers to the destination. Once the source
node receives the RREP, it may begin to forward data
packets to the destination. If the source later receives
a RREP containing a greater sequence number or
contains the same sequence number with a smaller
hop count, it may update its routing information for
that destination and begin using the better route. As
long as the route remains active, it will continue to be
3. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 9 | P a g e
maintained. A route is considered active as long as
there are data packets periodically travelling from the
source to the destination along that path. Once the
source stops sending data packets, the links will time
out and eventually be deleted from the intermediate
node routing tables. If a link break occurs while the
route is active, the node upstream of the break
propagates a route error (RERR) message to the
source node to inform it of the now unreachable
destination(s). After receiving the RERR, if the
source node still desires the route, it can reinitiate
route discovery.
Figure 2: AODV Route Discovery Process
IV. SECURE AD HOC ON DEMAND
DISTANCE VECTOR (SAODV)
SAODV is an extension of the AODV routing
protocol that protects the route discovery mechanism
providing security features like integrity and
authentication. It uses digital signatures to
authenticate the non-mutable fields of the messages,
and hash chains to secure the hop count information
(the only mutable information in the
messages).SAODV can use the Simple Ad hoc Key
Management (SAKM) as a key management system.
The Secure Ad hoc On-Demand Distance Vector
Routing Protocol (SAODV) is an extension of the
AODV routing protocol that can be used to protect
the route discovery mechanism providing security
features like integrity, authentication and non-
repudiation. SAODV assumes that each ad hoc node
has a signature key pair from a suitable asymmetric
cryptosystem. Further, each ad hoc node is capable of
securely verifying the association between the
address of a given ad hoc node and the public key of
that node. Achieving this is the job of the key
management scheme. Two mechanisms are used to
secure the AODV messages: digital signatures to
authenticate the non-mutable fields of the messages,
and hash chains to secure the hop count information
(the only mutable information in the messages). This
is because for the non-mutable information,
authentication can be performed in a point-to-point
manner, but the same kind of techniques cannot be
applied to the mutable information. Route error
messages are protected in a different manner because
they have a big amount of mutable information. In
addition, it is not relevant which node started the
route error and which nodes are just forwarding it.
The only relevant information is that a neighbor node
is informing to another node that it is not going to be
able to route messages to certain destinations
anymore.
V. PROPOSED MECHANISM
In this paper, we proposed a new approach for
malicious detection and secure routing the detected
malicious node is listed in the black hole list and
notices all other nodes in the network to stop any
communication with them. Introducing SAODV to
put additional secure framework to control the
attacks. These contributed in improving security in
MANET there by reducing the packets loss caused by
the malicious nodes and have better Packet Delivery
Ratio (PDR) within less period of time [6].
Figure 3: Architectural Design
The architecture in the fig. 3 above describe the
full picture of how the secure SAODV works by
analyzing the cluster flow and traffic flow in the
Mobile Ad hoc Network (MANET). It first detect the
nodes engaged in communication within the
monitored network and then analyze the cluster of
nodes in the network to determine the number of
nodes communicating with each other in the cluster,
it then determine type of traffic going in and out of
the networks i.e. tcp or udp traffic. It then uses the
information gathered at the first stage to detect or
differentiate between legitimate client nodes and bot
nodes in the monitored network. The secured Ad hoc
on-demand distance vector routing protocol ensures
integrity at the receiving node by calculating the hash
of the packet received and stop communicating with
that malicious node and let other communicating
nodes on the monitored network to stop
communicating with it further there by optimizing the
good packet delivery.
1.1 GRAY HOLE ATTACK
Our concern in this paper is to find the flaws of
the security in the AODV protocol, and then give
4. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 10 | P a g e
some insight explaining distinct types of the gray
hole attack [4].Actually, in the AODV routing
protocol, every mobile node maintains a routing table
that stores the next hop node information for a route
to a destination node. When a node wants to find a
route to another one, it broadcasts a RREQ to all the
network till either the destination is reached or
another node is found with a fresh enough route to
the destination (a fresh enough route is a valid route
entry for destination whose associated sequence
number is at least as great as that contained in the
(RREQs). Then a RREQ is sent back to the source
and the discovered route is made available.
Nodes that are part of an active route may offer
connectivity information by broadcasting periodically
local Hello messages (special RREQ messages) to its
immediate neighbors. If hello messages stop arriving
from a neighbor beyond some given time threshold,
the connection is assumed to be lost.
When a node detects that a route to a neighbor
node is not valid it removes the routing entry and
send a REER message to neighbors that are active
and use the route; this is possible by maintaining
active neighbor lists. This procedure is repeated at
nodes that receive REER messages. A source that
receives an REER can reinitiate a RREQ message.
AODV does not allow handling of unidirectional
links. Now we have to describe the gray hole attack
on MANETS. The gray hole attack has two important
phases [4]:
1. In the first phase, a malicious node exploits the
security flaws of AODV protocol to advertise itself
as having a valid route to a destination node, with the
intention of intercepting packets, even though the
route is spurious.
2. In the second phase, the node drops the intercepted
packets with a certain probability. A gray hole may
exhibit its malicious behavior in different ways. It
may drop packets coming from (or destined to)
certain specific node(s) in the network while
forwarding all the packets for other nodes. Another
type of gray hole node may behave maliciously for
some time duration by dropping packets but may
switch to normal behavior later. A gray hole may also
exhibit a behavior which is a combination of the
above two, thereby making its detection even more
difficult.
1.2 RSA ALGORITHM
In this paper we use the RSA algorithm for node
to node verification. For the detection of malicious
node (bot node), the mentioned algorithm is used in
which each and every legitimate node is expected to
have pairs of key i.e. public and private key. A node
is considered and marked malicious node if it fails to
have these two keys and is removed from the
legitimate communicating node. Below is the detailed
of the algorithm:
Public Key:
n = Product of two primes, p and q (p and q must
remain secret)
e relatively prime to (p - 1)(q - 1)
Private Key:
d e-1
mod ((p - 1)(q - 1))
Encrypting:
c = me mod n
Decrypting:
m = cd mod n
VI. SIMULATION RESULTS
Simulation Environment
For simulation purpose, in this paper we have
used NS-2 version 2.3 simulator on Fedora 8
operating system. The network simulator 2 is widely
used tool in a network research and network industry.
It is discrete event simulation and capable simulating
various types of networks [3]. NS2 consist of two
languages, C++ and Otcl. In the back end C++ which
defines the internal mechanism of the simulation
object, and the front end Otcl set up simulation by
assembling and configuring objects as well as
scheduling discrete events. To simulate NS2, a (.tcl)
script file is required. After simulation it creates two
types of file, one is trace file (tr) and another is
(.nam) file.The trace file is used for calculation and
statistical analysis, and that of .nam file is used to
visualize the simulation process.
The implementation involves a network topology
with 50 nodes in which we have different source
nodes and destination nodes communicate with each
other respectively. Below table shows the simulation
parameters:
TABLE I
SIMULATION PARAMETERS
PARAMETERS VALUES
Simulator NS-2 version 2.3
Total number of Nodes 50
The Traffic model Constant Bit Rate
(CBR)
The routing protocol AODV
Total number of malicious
nodes
3
Number of source nodes 3
Simulation Time 20 sec
In this paper, there is 50 P2P nodes network
depicted in the fig.4. The initial location of the
respected nodes where set in two dimensional system
(the z coordinate is assumed throughout to be 0) [8].
5. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 11 | P a g e
Node communication between source and destination
Figure 4: Scenario for basic topology of 50-nodes
multiple Node communication
From the simulation result node 32 starts sending
a number of packets to node 26 through node 38, 11
and 9 respectively at a speed of 3m/sec. Another
node 27 starts sending a number of packets to node
14 through node 17, 42 and 41 respectively at the
same speed. Lastly, another source node 3 sent
additional 55 packets to the node 6 via 21, 42 and 46.
Figure 5: Snapshot of simulation in network
animator (NAM)
Attack after detection of the bot
A bots was detected and broadcast a message to
all other legitimate nodes to stop communicating with
that node which was identified as node 36, 24 and 21.
Figure 6: Snapshot of simulation in network
animator (NAM)
Malicious bot identification with Packet Delivery
Ratio (PDR)
Figure 7: Snapshot of simulation in network
animator (NAM)
Figure 8: Snapshot of simulation in terminal
In this paper, packet delivery ratio is considered
as a measurement of improving network security or
network performance [2].In the simulation above the
packet delivery ratio (PDR) is found to be 72% which
means more than 25% of packet data were lost as a
result of the malicious node between the source and
the destination node.
TABLE II
Source node 27, 32, 3
Destination node 14, 26, 6
Malicious node ( Bot node) 36, 24 and 21
Algorithm used RSA
Packet Delivery Ratio 72%
Figure 9: Simulation in network animator (NAM)
From the result in the Fig. 9 above source node
i.e. node 3, 32 and 27 sent 55 packets at different
time to the destination node 6, 26 and14 respectively
but 28 packets were dropped by the bot nodes
identified in red colored node. Hence only 40 packets
were received by the receiving nodes.
6. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 12 | P a g e
Identifying malicious node and preventing the attack
using RSA key exchange-(SAODV) implementation.
IDS-After Attack detection and sending in
different path with packet verification using RSA key
exchange-(SAODV) implementation. After certain
period of time the bot i.e. node 36, 24 and 21 was
identified intercepting the communicating traffic
between legitimate source/destination nodes.
Figure 10: Simulation in network animator (NAM)
Figure 11: Simulation in terminal
From the simulation result obtain under Constant
Bit rate (CBR) we have an improved secured network
after implementing the RSA public key crypto-
systems in the network. The table below indicate that
an improve security were achieved.
TABLE III
Source node 27, 32, 3
Destination node 14, 26, 6
Malicious node (Bot
node)
36,24 and 21
Algorithm used RSA
Packet Delivery Ratio 90%
VII. CONCLUSION
In this paper a technique is proposed and applied
to detect a malicious (Gary Hole) node in the ad hoc
network. Our technique works well in detecting a bot
node (Gray Hole node) and ensuring secured routing.
This is ensured by measuring the network
performance using packet delivery ratio (PDR).
From the result of the simulation obtained, it shows
that a lot of packets lost before securing the network
resulting in loss of more than 25% of the packet
being sent as a result of the malicious node. When the
security was implemented it shows an improved
secured network by having more than 90% of packets
received at the receiving node resulted in high packet
delivery ratio as shown in the Table III above. The
simulation results using NS-2 shows that in a
moderately changing network, most of the malicious
nodes could be detected, the routing packet overhead
was low, and the packet delivery ratio has been
improved.
REFERENCES
[1] Junjie Zhang, Roberto Perdisci, Wenke Lee,
Xiapu Luo, and Unum Sarfaz, “Building a
Scalable System for Stealthy P2P-Botnet
Detection”, IEEE TRANSACTIONS ON
INFORMATION FORENSICS AND
SECURITY, VOL. 9, NO. 1, JANUARY
2014
[2] J. K. Mandal and KhondekarLutful Hassan,
“A Novel Technique to Detect Intrusion in
MANET”, International Journal of Network
Security & Its Applications (IJNSA), Vol.5,
No.5, September 2013
[3] Ms. Meenakshi et al, “Simulation of Gray
Hole Attack in Ad hoc Network Using NS2”,
International Journal of Computer Science
& Engineering Technology (IJCSET)
[4] Jaydip Sen, M. Girish Chandra, Harihara
S.G., Harish Reddy, P. Balamuralidhar, “A
Mechanism for Detection of Gray Hole
Attack in Mobile Ad Hoc Networks”
[5] Nitesh Funde#1, P. R. Pardhi, “Analysis of
Possible Attack on AODV Protocol in
MANET”, International Journal of
Engineering Trends and Technology
(IJETT) – Volume 11 Number 6 – May
2014
[6] Patil V.P, “Efficient AODV Routing
Protocol for MANET with enhanced packet
delivery ratio and minimized end to end
delay”.
[7] David Dittrich, and Sven Dietrich “P2P as
botnet command and control: a deeper
insight”
[8] Yao Zhaoy, YinglianXie, Fang Yu, QifaKe,
Yuan Yu, Yan Cheny, and Eliot Gillum,
“BotGraph: Large Scale Spamming Botnet
Detection”
[9] Junjie Zhang, Xiapu Luo, Roberto Perdisci,
GuofeiGu, Wenke Leeand Nick Feamster ,
“Boosting the Scalability of Botnet
Detection Using Adaptive Traffic Sampling”
7. Anas Aliyu Usman Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 5, Issue 4, ( Part -4) April 2015, pp.07-13
www.ijera.com 13 | P a g e
[10] Pratik Narang et al PeerShark: “Detecting
Peer-to-Peer Botnets by Tracking
Conversations”, IEEE Security and Privacy
Workshops 2014.
[11] Shalini Jain et al, “Advanced algorithm for
Detection and Prevention of Cooperative
Black and Gray Hole Attacks in Mobile Ad
Hoc Nteworks”, International Journal of
Computer Applications, 2010
[12] G. Acs, L. Buttyan, and I. Vajda, “Provably
Secure On-Demand Source Routing in
Mobile Ad Hoc Networks,” IEEE Trans.
Mobile Computing, vol. 5, no. 11, pp. 1533-
1546, Nov. 2006.
[13] Aad, J.-P. Hubaux, and E.W. Knightly,
“Denial of Service Resilience in Ad Hoc
Networks,” Proc. ACM MobiCom, 2004.
[14] C. Perkins. “(RFC) request for Comments-
3561”, Category:Experimental, Network,
Working Group, July 2003