An Improvement to Mobile Network using Data Mining Approach

Transcription

1 An Improvement to Mobile Network using Data Mining Approach Sumiti Dahiya M.Phil (CS) MM University, Mulana, Ambala, Haryana (India) Abstract Secure communication is always the major requirement of any network. In case of public and mobile network, there are higher chances of inclusion of new nodes over the network. Because of this, the network suffers from some security issues. These issues are defined in terms of internal and external communication attacks. There are number existing detection and prevention based approach defined by different researchers to identify various attacks over the mobile network. In this work, a data mining based analysis approach is defined to identify the attack over the network. The work is defined to analyze the communication based association between the network nodes under the communication density and time stamp based approach. Based on these parameters, the detection of intruder node will be performed over the network. The aim of this paper is to explore the usage of data mining to identify the attack over the network. Keywords: MANET, Attack, Mining, Association Analysis, Detection Based. I. Introduction A mobile network is considered as the dense network with lot of communication over the network. This network is defined as the dynamic as well as public network. It means, the inclusion of a new node is very easy in such network instead of other network type. The mobile network suffers from different kind of security threats and attacks. The attack probability in mobile network is higher than wired network. As there is no centralized controller, each node itself is responsible to identify the attack. Some of the specialized network types includes the case of centralized device involvement. In such network, the security system is applied to the controller node. This controller node works as a firewall and monitor the communication over the network. Based on this analysis, the intrusion detection can be identified by the network node. Other type of detection approach in mobile network is applied on gateway of the network. In such approach, the network gateway is configured to identify the attacker node. This kind of detection approach is applied where lot of external nodes enter to the network system dynamically. This detection approach is implemented specific to the external node. Such detection algorithm is not able to identify the internal attacks[1][2][3]. Figure 1: Mobile Network Architecture The mobile network is defined as an extensive network with inclusion of different kind of nodes as well as the application. Here figure 1 is showing such dynamic network type with inclusion of different nodes and technologies. This kind of network also suffers from different security attacks over the network. In this section, different threats to mobile networks are defined A. Vulnerabilities of Mobile Wireless Networks A mobile network suffers from different kind of malicious attacks. These attacks include active as well as passive attacks. These active and passive attacks are identified as the interference to the communication system that increases with the involvement of external users to the 24

2 network. The attack in wired network can be performed only if the node is physically available but if in case of wireless network, the interference analysis can be performed over the network. These attacks can be identified using firewalls, gateways etc. To identify the attack, it is required to identify the damage estimation performed by the attack. This kind of attack includes the information leakage analysis, message contamination analysis and node impersonation analysis[4][5][6]. Another issue in mobile network is identified as the autonomous unit to move the node randomly and independently over the public network. These kind of network are defined as the system that can affect the network system and provide the effective communication over the network. This kind of attacks is performed on compromised nodes so that the effective communication will be drawn over the network. Node tracking is the major requirement of such network to generate the effective and reliable communication over the mobile network[7][8]. A mobile network suffers from different kind of attacks because of lack of decision power respective to the environment. The nodes in mobile network are defined under the defined scenario and topological specification so that the hybrid environment specification is not done. There are number of associated protocols that defines the network communication under the specification of topological and network architecture. The lack of central unit also increases the chances of different attacks over the network. B. Requirement for Intrusion Detection Intrusion is the attack that can be applied by some internal and external node to damage the network information or the extract the information contents. To provide the safe data communication over this public domain there are number of authentication based, detection based and preventive algorithmic approaches. These approaches include the cryptographic mechanism to provide the encoded data communication so that the communication threats will be reduced. The authentication is performed to identify the valid user so that the reliable and effective communication will be obtained. This cryptography mechanism reduces the intrusion over the network. The cryptography approaches also increases the integrity of data communication along with validation. The preventive approach identifies the safer alternate path through which data can be performed effectively. The detection approaches identify the attacker node and block it so that safe data communication will be performed from other nodes[9][10]. 25 In this paper, a data mining based approach is defined to detect the intrusion over the mobile network. In this section, the mobile network is defined along with attack analysis and the intrusion detection approaches. In section II, the work defined by earlier researchers is discussed. In section III, the proposed work is explored along with algorithmic approach. In section IV, the conclusion associated with work is defined. II. Literature Review In this section, Lot of work defined by earlier researchers is defined on mobile network and the detection approaches adapted by different researchers. S. Marti et al. [1] proposed to trace malicious nodes by using watchdog/pathrater. In watchdog when a node forwards a packet, the node s watchdog verifies that the next node in the path also forwards the packet by promiscuously listening to the next node s transmissions. If the watchdog finds the next node does not forward the packet during a predefined threshold time, the watchdog will accuse the next node as a malicious node to the source node. In pathrater algorithm each node uses the watchdog s monitored results to rate its one-hop neighbors. Further the nodes exchange their ratings, so that the pathrater can rate the paths and choose a path with highest rating for routing. H. Deng et al. [2] proposed a solution to avoid the solution to avoid the black hole attack in MANETs. According to their solution, each intermediate node should include the information of the next hop to destination in its route reply (RREP) packet when the intermediate node replies to the route request (RREQ) packet. When the source node receives the RREP packet from the intermediate node it sends a FurtherRequest to the next hop node to check whether that next hop node has a valid route to the destination. Then the next hop node replies back FurtherReply with yes if it has a valid route to destination. Then the source node transmits the data by checking the trustworthiness of the next hope node. However this method has a drawback when the next hop node cooperates with the malicious node and forges the FurtherReply packet. D. B. Johnson et al. [3] proposed packet leashes, a technique to prevent worm hole attacks in mobile ad hoc networks. Packet Leash is one of the first and foremost techniques of wormhole attack prevention in literature. In Geographical Leashes, a node before sending a packet adds its position and a time stamp to it. When other node receives the packet, it checks the time stamp of sending node and current time and thus calculates distance between them. If this exceeds threshold distance, the packet is discarded. Whereas, in Temporal Leashes (where nodes require tight time

3 synchronization), a node appends time stamp while sending the packet which is compared by present time when received by other node and expiration time is calculated which if exceeded, results in discarding of the packet. This method requires additional hardware to fulfill GPS requirements and/or accurate time synchronization. Ketan Nadkarni et al. [4] proposed misuse detectionbased IDS for MANETS. The proposed IDS is based on principle of misuse detection, which can accurately match signatures of known attacks and has a low rate of false alarms. A counter for each type of attack is incremented the moment a mis-incident is observed. For example, Denial-of-Service attack could be launched by flooding the network with broadcast packets, in which case, a misincident would be an incoming broadcast packet. It updates the status of that node to 'suspicious' and continues to monitor the node. An attack would logically involve a recurrence of suspicious activity and a corresponding increase in mis-incidents. When a predefined threshold is crossed, the mobile node is determined as an intruder. Based on the misuse detection technique, our IDS for MANETs accurately and efficiently detects signature attacks such as DOS, replay attack and compromised nodes. Experimental validation has provided significant results about robustness of the scheme non-degradability of network performance upon induction of this security scheme. Factors such as node density, node mobility, traffic load and percentage of malicious nodes does not affect it. Moreover, performance metrics such as end-to-end delay and packet delivery ratio are only marginally affected (about 1% decrease in performance). In future, the scheme can be more robust by analyzing the effect of node density, traffic load and varying percentage of malicious nodes. S. Desilva et al. [5] proposed an adaptive statistical packet dropping mechanism to defend against malicious control packet floods like RREQ flooding attack. Each node maintains a count of RREQs received for each RREQ sender during a preset time period. The RREQs from a sender whose smoothed average rate is above the rate limit will be dropped without forwarding. The mechanism has some drawbacks. Dropping RREQ will lead to the reduction of throughput of the network. And also some normal nodes with higher rate will be treated as malicious nodes. Y. Zhong et al. [6] used a priority system to determine the transmission priority of RREQs. In RREQ flooding attack, any malicious node floods too many RREQ to the victim node to make it completely unavailable for network services. So when the malicious node broadcast excessive RREQs, the priorities of its RREQs are reduced. When the priority of malicious node is reduced, then the packets sent by it are dropped by the normal nodes or forward them later after forwarding the packets coming from higher priority nodes. But this method does not distinguish between genuine and forged RREQs from the malicious or victim nodes. Satish Saleem Ramaswami et al. [7] provided a framework for avoiding and eliminating colluding black hole attacks in the Ad hoc on demand Distance Vector (AODV) routing protocol. The authors designed a lightweight acknowledgment mechanism that will ensure the proper data packet transmission and reception between the source and destination. The destination will relay the acknowledgement packets to the source through multiple paths only on the reception of a set of special packets. The transmission of the special packets by the source will be a random process so that the malicious node cannot detect the scheme even by eavesdropping. The implementation has been further simplified by the fact that the ACK packets assume the same structure as that of the RREP packets in the original version. Hence updating the original protocol with the proposed solution will be easy and inexpensive for vendors. It can be optimized further by developing a mathematical model that can compute the number of acknowledgement sets as a direct function using the number of misbehaving nodes in the network. This optimization would further enhance the functionality of the protocol thereby making it a smarter one. III. Proposed Work In this paper, a data mining based approach is defined to detect the intrusion over the network. In this work, the analysis on the communication analysis between the nodes is performed to identify the abnormal communication over the network. The data mining based approach is the statistical method to detect the intrusion over the network. To detect the intrusion, the host based analysis scheme is defined under different parameters and relative association between the node pair. This analysis is analyzed in terms of communication and transmission analysis. The work is defined as an intelligent system to monitor the communication over the network nodes and this analysis is maintained in the form of communication dataset. As the dataset is obtained, the next work is to identify the abnormal node pair. The analysis on each host is defined in figure 2. 26

4 UML DIAGRAM Start Send Packet Transaction Receive Packet Close Transaction View Intruder Figure 2: Analysis on Individual Host This host information is End analyzed to take the statistical decision regarding the intrusion detection over the mobile network. This kind of analysis can be performed to identify the communication and to detect the abnormality so that the bad communication will be identified. The algorithmic approach defined for the work is shown here under A) Algorithm a. Define the Mobile network with Random placement of nodes over the network. b. Define the multiple source nodes N and destination nodes M c. Perform the communication with each pair of source node and destination node called S(i)=>D(j) d. Define the threshold in terms of adaptive support and confidence value under different parameters such as throughput, lossrate etc. e. For i=1 to n f. { g. For j=1 to m h. { i. Generate the Communicating node pair S(i) and D(j) j. Perform the communication between node pair for effective session. k. Identify the intermediate nodes between this node pair S(i) and D(j) l. Perform the association mining between each intermediate pair nodes under communication parameters throughput, delay and communication rate. m. If(Throughput(Node(i))>EffectiveSupport Delay(Node(i))<supportdelay) n. { o. If (Throughput(Node(i))> Throughput(Node(i+1) And IdleRate(Node(i))> IdleRate(Node(i+1)) p. { q. If(Throughput(Node(i))>EffectiveConfidence And Delay(Node(i))<confidencedelay) r. { s. Set Node(i) as Valid Path Node t. } u. Else if(throughput(node(i))>effectiveconfidence) v. { w. Set Node(i) as Valid Path Node x. } y. Else z. { aa. Reconsider Node(i) if No node is under confidence level bb. } cc. } dd. Else ee. { ff. Avoid Node (i) from path gg. } hh. } ii. } jj. } kk. } ll. } IV. Conclusion In this paper, an effective data mining approach is defined to perform the reliable communication over the mobile network. The work is here defined to perform the statistical analysis between each node pair and identify the intermediate nodes between them. The work is here defined for multiple sources and multiple destination. The work will be able to improve the network efficiency and integrity. References [1] S. Marti, T. J. Giuli, K. Lai, and M. Baker, Mitigating Routing misbehavior in Mobile Ad Hoc Networks In Proceedings of the 2003 International Conference on Mobile Computing and Networking (MOBICOM), United States, 2000, pp [2] H. Deng, W. Li, and D. P. Agrawal, Routing Security in Wireless Ad Hoc Networks In IEEE Communications Magazine, 2002, pp

5 [3] D. B. Johnson, Y. C. Hu, A. Perrig, Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks In IEEE INFOCOM, 2003 [4] Ketan Nadkarni, Amitabh Mishra, Intrusion Detection in MANETs-The Second Wall of Defense In 2003 IEEE, pp [5] S. Desilva and R. V. Boppana, Mitigating Malicious Control packet Floods in Ad Hoc Networks In Proceedings of 2005 IEEE Wireless Communications and Networking Conference (WCNC05), 2005, pp [6] Y. Zhong, P. Yi, Z. Dai, and S. Zhang, Resisting Flooding Attacks in Ad Hoc Networks In Proceedings of International Conference on Information Technology: Coding and Computing (ITCC 05), 2005, pp [7] Satish Salem Ramaswami, Shambhu Upadhyaya, Smart Handling of Colluding Black Hole Attacks in MANETs and Wireless Sensor Networks using Multipath Routing In proceedings of the 2006 IEEE Workshop on Information Assurance, United States Military Academy, West Point, NY, 2006 [8] Vankateasan Balakrishan, Vijay Varadharajan, Udaya Kiran Tupakula, Fellowship: Defense against Flooding and Packet Drop Attacks in MANET In 2006 IEEE [9] Boundpadith Kannhavong, Hidehisa Nakayama, Abbas Jamalipour, A Collusion Attack Against OLSR-based Mobile Ad Hoc Networks, In 2006 IEEE [10] Jian-Hua Song, Fan Hong, Yu Zhang, Effective Filtering Scheme against RREQ Flooding Attack in Mobile Ad Hoc Networks In proceedings of the 7 th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), 2006 IEEE 28