A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks

Similar documents
Lecture 13: Routing in multihop wireless networks. Mythili Vutukuru CS 653 Spring 2014 March 3, Monday

Content. 1. Introduction. 2. The Ad-hoc On-Demand Distance Vector Algorithm. 3. Simulation and Results. 4. Future Work. 5.

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Webpage: Volume 4, Issue VI, June 2016 ISSN

AODV-PA: AODV with Path Accumulation

Outline. CS5984 Mobile Computing. Taxonomy of Routing Protocols AODV 1/2. Dr. Ayman Abdel-Hamid. Routing Protocols in MANETs Part I

Mobile Ad-hoc and Sensor Networks Lesson 04 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 1

Packet Estimation with CBDS Approach to secure MANET

Kapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types

Experiment and Evaluation of a Mobile Ad Hoc Network with AODV Routing Protocol

3. Evaluation of Selected Tree and Mesh based Routing Protocols

On Demand secure routing protocol resilient to Byzantine failures

Simulation & Performance Analysis of Mobile Ad-Hoc Network Routing Protocol

A Review on Black Hole Attack in MANET

Performance Comparison of DSDV, AODV, DSR, Routing protocols for MANETs

An Efficient Scheme for Detecting Malicious Nodes in Mobile ad Hoc Networks

A Comparative study of On-Demand Data Delivery with Tables Driven and On-Demand Protocols for Mobile Ad-Hoc Network

6367(Print), ISSN (Online) Volume 4, Issue 2, March April (2013), IAEME & TECHNOLOGY (IJCET)

Performance Analysis of AODV Routing Protocol with and without Malicious Attack in Mobile Adhoc Networks

Secure Routing and Transmission Protocols for Ad Hoc Networks

Measure of Impact of Node Misbehavior in Ad Hoc Routing: A Comparative Approach

CS551 Ad-hoc Routing

Considerable Detection of Black Hole Attack and Analyzing its Performance on AODV Routing Protocol in MANET (Mobile Ad Hoc Network)

Performance Analysis of DSR Routing Protocol With and Without the Presence of Various Attacks in MANET

Secure Enhanced Authenticated Routing Protocol for Mobile Ad Hoc Networks

Performance Evaluation of AODV and DSR routing protocols in MANET

Performance Analysis of AODV using HTTP traffic under Black Hole Attack in MANET

A STUDY ON AODV AND DSR MANET ROUTING PROTOCOLS

Performance of Ad-Hoc Network Routing Protocols in Different Network Sizes

PERFORMANCE EVALUATION OF DSR USING A NOVEL APPROACH

MANET TECHNOLOGY. Keywords: MANET, Wireless Nodes, Ad-Hoc Network, Mobile Nodes, Routes Protocols.

Performance Analysis of Three Routing Protocols for Varying MANET Size

Improving the Performance of Wireless Ad-hoc Networks: Accounting for the Behavior of Selfish Nodes

SECURE ROUTING PROTOCOLS IN AD HOC NETWORKS

Wireless Mesh Networks

Routing in Ad Hoc Wireless Networks PROF. MICHAEL TSAI / DR. KATE LIN 2014/05/14

A Review of Reactive, Proactive & Hybrid Routing Protocols for Mobile Ad Hoc Network

Performance Evaluation of Route Failure Detection in Mobile Ad Hoc Networks

Routing Protocols in Mobile Ad-Hoc Network

Routing in Variable Topology Networks

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks

Effect of Variable Bit Rate Traffic Models on the Energy Consumption in MANET Routing Protocols

Performance Analysis of Aodv Protocol under Black Hole Attack

Wireless Network Security Spring 2016

Implementation: Detection of Blackhole Mechanism on MANET

ENERGY EFFICIENT MULTIPATH ROUTING FOR MOBILE AD HOC NETWORKS

Wireless Networking & Mobile Computing

Optimizing Performance of Routing against Black Hole Attack in MANET using AODV Protocol Prerana A. Chaudhari 1 Vanaraj B.

AN EVOLUTIONARY APPROACH TO DISTANCE VECTOR ROUTING

CMPE 257: Wireless and Mobile Networking

[Nitnaware *, 5(11): November 2018] ISSN DOI /zenodo Impact Factor

Performance Evaluation of MANET through NS2 Simulation

ComparisonofPacketDeliveryforblackholeattackinadhocnetwork. Comparison of Packet Delivery for Black Hole Attack in ad hoc Network

CHAPTER 4 SINGLE LAYER BLACK HOLE ATTACK DETECTION

Detection of Vampire Attack in Wireless Adhoc

Expected Path Bandwidth Based Efficient Routing Mechanism in Wireless Mesh Network

Relative Performance Analysis of Reactive (on-demand-driven) Routing Protocols

LECTURE 9. Ad hoc Networks and Routing

PERFORMANCE ANALYSIS OF AODV ROUTING PROTOCOL IN MANETS

Behaviour of Routing Protocols of Mobile Adhoc Netwok with Increasing Number of Groups using Group Mobility Model

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing Protocols. Broch et al Presented by Brian Card

Regression-based Link Failure Prediction with Fuzzy-based Hybrid Blackhole/Grayhole Attack Detection Technique

Energy Saving and Survival Routing Protocol for Mobile Ad Hoc Networks

White Paper. Mobile Ad hoc Networking (MANET) with AODV. Revision 1.0

International Journal of Advance Engineering and Research Development

Performance Evaluation of Active Route Time-Out parameter in Ad-hoc On Demand Distance Vector (AODV)

IJRIM Volume 1, Issue 4 (August, 2011) (ISSN ) A SURVEY ON BEHAVIOUR OF BLACKHOLE IN MANETS ABSTRACT

Figure 1: Ad-Hoc routing protocols.

Survey on Attacks in Routing Protocols In Mobile Ad-Hoc Network

Detecting Malicious Nodes For Secure Routing in MANETS Using Reputation Based Mechanism Santhosh Krishna B.V, Mrs.Vallikannu A.L

Mitigating Superfluous Flooding of Control Packets MANET

Quiz 5 Answers. CS 441 Spring 2017

Lecture 9. Quality of Service in ad hoc wireless networks

Evaluation of Routing Protocols for Mobile Ad hoc Networks

Prevention of Black Hole Attack in AODV Routing Algorithm of MANET Using Trust Based Computing

COMPARATIVE ANALYSIS AND STUDY OF DIFFERENT QOS PARAMETERS OF WIRELESS AD-HOC NETWORK

QoS Routing By Ad-Hoc on Demand Vector Routing Protocol for MANET

Evaluating the Performance of Modified DSR in Presence of Noisy Links using QUALNET Network Simulator in MANET

2013, IJARCSSE All Rights Reserved Page 85

CAODV Free Blackhole Attack in Ad Hoc Networks

BYZANTINE ATTACK ON WIRELESS MESH NETWORKS: A SURVEY

Performance Evaluation of Two Reactive and Proactive Mobile Ad Hoc Routing Protocols

Performance Analysis of Wireless Mobile ad Hoc Network with Varying Transmission Power

Energy Efficient Routing Protocols in Mobile Ad hoc Networks

Performance Evaluation of Mesh - Based Multicast Routing Protocols in MANET s

An Efficient Approach against Rushing Attack in MANET

Eradication of Vulnerable host from N2N communication Networks using probabilistic models on historical data

EPARGA: A Resourceful Power Aware Routing Protocol for MANETs

Performance Analysis of Proactive and Reactive Routing Protocols for QOS in MANET through OLSR & AODV

6. Node Disjoint Split Multipath Protocol for Unified. Multicasting through Announcements (NDSM-PUMA)

Performance Comparison of AODV, DSR, DSDV and OLSR MANET Routing Protocols

MMDS: Multilevel Monitoring and Detection System

Lecture 12. Application Layer. Application Layer 1

An Improvement to Mobile Network using Data Mining Approach

Analysis of Routing Protocols in MANETs

1 Multipath Node-Disjoint Routing with Backup List Based on the AODV Protocol

Keywords: Blackhole attack, MANET, Misbehaving Nodes, AODV, RIP, PDR

Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs

A COMPARISON OF REACTIVE ROUTING PROTOCOLS DSR, AODV AND TORA IN MANET

Malicious Node Detection in MANET

Transcription:

A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of Memphis

Introduction Ad-hoc Networks are autonomous and dynamic (No Access points/master-slave relationship exist) network of mobile devices. Ad-hoc Wireless Networks - Nodes act as both data terminals and data transfer equipments. So all nodes are equivalent. The mobile nodes form an arbitrary topology where routers are free to move randomly and arrange themselves.

Dynamic Source Routing Protocol (DSR) Simple and efficient routing protocol designed for multi-hop wireless networks. requires no existing network infrastructure; able to adapt to rapid topological changes. Protocol Specifics Source first discovers the entire path to the destination (Route Discovery); Packets from the source carry this path in their headers and intermediate nodes forward the packets to the nexthop in the path (Source Routing); Source may need to rediscover the path if the current path becomes broken (Route Maintenance).

Route Discovery Procedure Source S broadcasts a "Route Request" to all nodes within transmission range; Neighbor appends its own address to the route record in the request and broadcasts the packet; The process is repeated until the request reaches the destination; Destination D returns the path in a Route Reply to S; S S S,A S,A,B S,A,B,C A B C D S,A,B,C S,A,B,C S,A,B,C S,A,B,C

Further Illustration of DSR DSR (Dynamic Source Routing) Source Routed On Demand routing protocol Route Discovery (Phase I) Route Maintenance (Phase II)

Conflict Resolution A intermediate node may receive multiple copies of the Route Requests from different neighbors Solution: forward the first one, discard the subsequent ones; Why? the first one carries the shortest path (or the path with the shortest delay); The source may receive multiple paths from the destination; Solution: cache all or some of them; Why? we have a backup when the best path fails.

Misbehaving nodes Route Maintenance Route Error Packet -> fatal transmission problem Acknowledgements -> verify correct route links Security Reasons:» Vulnerabilities - eavesdropping and spoofing of MAC address» Lack of infrastructure so impossible to assign welldefined roles such as trusted third parties.» Lack of dedicated routers Impact performance of packet forwarding and routing operations because of malicious network behavior.

Types of Misbehavior Nodes neither forward route requests nor send the route replies. Nodes do not forward data packets. Simulation setting No. misbehaving nodes: 5, 10 or 20 Misbehavior probability: 0.8 (a misbehaving node behaves badly 80% of the time in the simulation run).

Negative Selection Algorithm (Forrest 94) There exist efficient algorithms that runs on linear time with the size of self (for binary representation). Efficient algorithm to count number of holes. Theoretical analysis based on Information Theory. Non_Self Self Self Given a problem space S, that represents the normal behavior of a system, the characteristic function of S, defined as χ S ( p) S 1, if = 0, if [ ] n 0,1, S N = X, S N = φ p S p N is used to distinguish between self and non-self.

RNS Rule Evolution: Block Diagram Self Data Generate Initial population Choose two parents and cross them Replace closest parent if fitness is better.

RNS Multi-shaped Detectors

Evolving Multi-shaped Detectors Structured GA (sga) The sga interprets the chromosome for evolution as a hierarchical structure, wherein genes at any level can be either active or passive, and high-level genes activate or deactivate sets of low-level genes. Generalized representation of a chromosome with n different gene A single chromosome - high level control and low level parameters for 3 different hyper-shapes;

Objectives in Detector Generation No self space covered Minimize overlap among detectors Make the detectors as large as possible and keep them separate from each other, in order to maximize the non-self covering: This is referred to as the coverage parameter in all our experiments; This helps generalize the unknown or non-self space as closely as possible.

Advantages of Negative Selection From an information theory point of view, to characterize the normal space is equivalent to characterize the abnormal space. Distributed detection: Different set of detectors can be distributed at different location Other possibilities Generalized and specialized detectors Dynamic detector sets Detectors with specific features Artificial attack signatures

Attack/Misbehavior Detection Dasgupta & Forrest (1996) on time series data, based on the previously discussed negative-selection algorithm.

WLAN attacks Study Spoofing and Denial of service (Dos) attacks by examining the MAC layer sequence numbers. The Network traffic subfields, Sequence Number of frame and the Fragment Number which is count of the number of fragments in the frame were analyzed.

Prior experiments on WLAN Table 1. The Detection result for mixed shaped detectors for various self threshold parameters. (D.R. is detection rate, F.A. is False Alarm rate, F.N. is False Negative is expressed as a percentage over the entire data points, F.P. is False Positive) Table 2. The Detection result for mixed shaped detectors for various self threshold parameters. (D.R. is detection rate, F.A. is False Alarm rate, F.N. is False Negative, F.P. is False Positive)

Simulation Environment Tool employed GloMoSim The visualization tool indicates packet transmissions among nodes within the power range. Yellow link indicates links within range, Green indicates successful reception Red line is indicative of unsuccessful reception.

Simulation: Parameter settings Simulation System parameters Parameter Default value(s) Detection System Parameters Parameter Routing protocol DSR Upper limit for Events sequence sets of a Monitored Node for learning Simulation time 60 mins Number of subsequences in a sequence set 4 Simulation area in metres 800x1000 Upper limit for the number of events in a sequence set. 40 Number of nodes 40 Upper limit for a sequence set collection 10s Radio range 380 m Misbehavior probability 0.8 Default value(s) Propagation Pathloss model Two-ray Learning data threshold 0.001-0.1 Mobility model Random way point Threshold for detection (% of Detection rate) 0.25 Mobility speed (no pauses) 1m/s Mutation probability 0.05-0.1 Misbehaving nodes 5, 10, 20 Crossover probability 0.6 Traffic type telnet, CBR Normalized space range [0.0, 1.0] Payload size 512 bytes Number of dimensions 4, 2 500 Frequency/rate 0.2-1s Radio-Bandwidth/link speed 2Mbps

Experimentation - Data Collection and Preprocessing Packets Transmitted Packets Received Label Event Type Label Event Type A RREQ E RREQ B RREP F RREP C RERR G RERR D DATA sent and IP address not of monitored node H DATA received and IP destination address is not of monitored node Collected Sequence example T: (EAFBHHEDEBHDHDHHDHD) Subsequences through the following expressions Expression1:- number of E in sequence (T); #E Expression2:-number of E with 1or no event followed by either an A or a B in sequence (T); #(EX(A B)). Expression3:- number of H in sequence (T); #H Expression4:- number of H with one or none event followed by a D in sequence (T); #(H?D) Subsequences evaluation through the expressions to yield a 4 dimensional vector as shown: S = (3 2 7 6). This series of vectors are used both for training as well as detection cases.

A simplified scenario of a multi-hop ad-hoc wireless network nodes (a single node enlarged showing the basic elements for consideration in a wireless network for attack detection).

Experimentation Network Event Profile Shows a snapshot of a profile (logical) collected during the simulation run. S denotes an event sequence creation while - denotes an absence of any sequence. t is used for sampling.

Experimentation - Objectives Using All 4 Event types (all 4 parameters): - This analysis involves the misbehavior detection for the nodes that are neither replying from its route cache nor forwarding route requests as well as non forwarding data packets. Using more prominent event types (last 2 parameters):- This analysis is more significant and pronounced if the initial route set up for the monitored node is not taken into account for misbehavior. It concerns more those misbehaviors that happen during the data packets transfer among the nodes. This is more crucial for detecting those misbehaving nodes that do not forward data packets. Unless this assumption is made in the simulation, this analysis will fail.

Experiment - Performance Metrics Average detection rates for the misbehaving nodes; defined as detection rate (D.R.) = (true positives)/ (true positives + false negatives). Average False Alarm rates for misclassifying the well behaving nodes; defined as false alarm rate (F.A.R) = (false positives)/(false positives + true negatives).

Experimental Results Average Detection Rates for all misbehaving nodes - 5, 10 and 25 with learning thresholds of 0.002, 0.01. The Learning Threshold parameter has a significant effect on the detection rate in all three cases. Using all 4 Parameters Average misclassification (false alarm rates) for well behaving nodes - 20, 30 and 35 with learning thresholds of, 0.002, 0.01. The false positives are within the upper limit of 0.03 in most cases.

Experiment Results Average Detection Rates using partial parameters for learning (ignoring the routing setup data) misbehaving nodes - 5, 10 and 25 with learning thresholds of 0.002, 0.01. The Learning Threshold parameter has a significant effect in each of the cases. Using Final 2 Parameters The average misclassification or false alarm rates for the partial events sequence are within an upper limit of 0.02 in most cases

Ad-hoc WLAN M&R Apply Cellular automata Concepts: neighborhood topology. Local interaction React to changes in their neighbors. Challenging Issues: Secure communication. Synchronization. Remote execution.

Conclusion Experiments are performed in simulated environment to detecting the misbehaving nodes by examining the entire network profile. successfully identify faulty nodes that, from time to time, suffer from node misbehavior (due to faulty software, hardware/firmware or does not forward packets or are disastrously infected with Internet worms and viruses that maliciously attempt to bring the network down.) Behavior-based approach was used that could detect new/unforeseen vulnerabilities and can even contribute to the (partially) automatic discovery of new behaviors. Results demonstrated that the our approach were able to detect routing misbehavior

Intelligent Security Systems Research Lab (ISSRL) (http://issrl.cs.memphis.edu) At Center for Information Assurance The University of Memphis - Offering security-related courses - Developing distributed security agent software (using various Intelligent Techniques) for automated intrusions/anomaly detection and response.

An Administrative Tool for Distributed Security Task Scheduling.In Third Annual International Systems Security Engineering Association Conference, March, 2002. ISSRL SECURITY PAPERS An Immunogenetic Approach to Intrusion Detection. In IEEE Evolutionary Computation, June 2002. Evolving Fuzzy Rules for Intrusion Detection. In Proceedings of Information Assurance Workshop, June 2002. An Intelligent Decision Support System for Intrusion Detection and Response. Lecture Notes in Computer Science (publisher: Springer-Verlag) May 2001.

ISSRL SECURITY PAPERS (Continued) Mobile Security Agents for Network Traffic Analysis. In the proceedings of the second DARPA Information Survivability Conference and Exposition II (DISCEX- II), 13-14 June 2001 in Anaheim, California. Immunity-Based Intrusion Detection Systems: A General Framework. In the proceedings of the 22nd National Information Systems Security Conference (NISSC), October, 1999. Cougaar based Intrusion Detection System (CIDS). CS Technical Report No. CS- 02-001 February 4 2002.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback