Proc. Int. Conf. on Computational Intelligence and Information Technology, CIIT Measuring the Impact of JellyFish Attack on the Performance of Mobile Ad Hoc Networks using AODV Protocol Mohammad Wazid 1, Roshan Singh Sachan 2, R H Goudar 3 Department of CSE, Graphic Era University, Dehradun, India 1 wazidkec2005@gmail.com, 2 rsachan28@gmail.com 3 rhgoudar@gmail.com Abstract. MANETs are susceptible to various attacks. Out of which denial of service (DoS) are most dangerous and very difficult to detect and defend. Jellyfish is a new DoS attack categorized as JF Reorder Attack, JF Periodic Dropping Attack, JF Delay Variance Attack. In JF delay variance attack, a JF attacker node intrudes into forwarding group and delays data packets for some amount of time before forwarding. Due to this attack, high end- to- end delay is introduced in the network resulting in low performance (i.e. throughput).in this paper the effect of JF Delay Variance attack on MANET using AODV as a routing protocol has been calculated and the performance analysis is done with respect to some network parameters like throughput, end- to- end delay etc. using OPNET modeler. It is observed that MANET is resilient up to 10% of JellyFish (JF) attackers. They do not make any hard impact on the performance of network. For attackers above 10% and below 20% performance is affected with an average rate but for 20% or above 20% performance of network becomes worse. Keywords: MANET, JF Delay Variance Attack, End-to-end Delay, Throughput. 1 Introduction MANET is a collection of mobile nodes communicating in a multi hop manner without any fixed infrastructure such as access points. MANET is not immune to attack making it easy for the attackers to easily access this kind of network. Section 2 includes literature review of work done by various authors in the field of JellyFish attack. In section 3 we have defined the exact problem and ways to solve it. Section 4 has a brief introduction to JellyFish attack. The simulation scenario of JF attack is represented in section 5. Section 6 has key findings. The paper concludes in section 7. Elsevier, 2012 293
2 Literature Review Paper [1] includes the techniques for resilience of denial of service attacks, discussing two kinds of attacks JellyFish and Black hole attack. It introduces three kinds of JellyFish (JF) attacks i.e. JF Reorder Attack, JF Periodic Dropping Attack and JF Delay Variance Attack. Throughput of network under these attacks is also calculated followed by the introduction of some techniques to protect MANET like Flow-Based Route Access Control (FRAC), Multi-Path Routing Source-Initiated Flow Routing and Sequence Numbers etc. In [2] authors calculate the performance of MANET under black hole attack using AODV routing protocol with HTTP traffic load. In [3] authors explain various attacks on a mobile ad hoc network corresponding to different MANET layers and they also discuss some available attack detection techniques. A brief idea about JellyFish attack is also given this paper. The proposed scheme in [4] secures the AODV using sequential aggregate signatures (SAS) based on RSA and also securely generates the session key for the MANET nodes to secure the TCP. In [5] an algorithm that detects the Jellyfish attack at a single node and that can be effectively deployed at all other nodes is developed. In [6] the impact of various attacks (i.e. Black Hole, Flooding etc) on network performance is analyzed. In paper [7] authors design and study DoS attacks (i.e. JellyFish attack etc) in order to assess the damage that done by the attackers. In [8] the most common types of attacks on MANET, namely Rushing attack, Blackhole attack, Neighbor attack and JellyFish attack are discussed. Along with that simulation of these attacks and calculation of parameters such as Average end-to-end delay, Average throughput etc is done. Paper [9] also discusses about JellyFish and Black hole attacks. Authors calculate the impact of JF on the system performance i.e. Throughput etc. 3 Problem Definition and Novelty Many papers have discussed about JellyFish attacks and its impact on a mobile ad hoc network along with the calculation of performance parameters like throughput under JF attackers. But there is no work done until now about the percentage of JF attackers a system can bear. In this paper work is done in this direction along with the calculation of MANET related parameters like Number of Hops per Route, Retransmission Attempts (packets), End-to-end delay, Throughput etc. Again very less amount of research work has been done on the analysis of performance of mobile ad hoc network in presence of varying number of JF attackers. 4 Study of JellyFish Attack JellyFish attack is related to transport layer of MANET. The JF attacker disrupts the TCP connection which is established for communication. JellyFish attacker intrudes into forwarding group and delays data packets unnecessarily for some amount of time before forwarding them. Due to JF attack, high end to end delay is introduced in the 294
network resulting in poor performance of the network. Many applications such as file transfer, messaging, and web require reliable, congestion controlled delivery as provided by protocols such as TCP. JF attacker disrupts the whole functionality of TCP. As a result of which performance of real time applications becomes worse. JF attack is further divided into three categories i.e. JF Reorder Attack, JF Periodic Dropping Attack, JF Delay Variance Attack [1]. JF Delay Variance Attack High delay variation can cause TCP to send traffic in bursts due to self-clocking, which leads to increase collisions and loss. It also causes mis-estimations of available bandwidth. High delay variation leads to an excessively high RTO value. Packets delayed by the JF attacker have the potential to significantly reduce throughput of network. Malicious JF nodes therefore wait for a variable amount of time before servicing each packet. They maintain FIFO order of packets, but significantly increase delay variance. We have simulated our paper under JF delay variance attack [1]. 5 Simulation Scenario of JF Attack 5.1 Simulation Scenarios To verify our work we simulate a mobile ad hoc network under delay variance JF attack using Opnet modeler. We are using the following three simulation scenarios in our paper: Fig. 1. Normal flow Fig. 2. Two JF Attacker Fig. 3. Four JF Attacker In figure 1 we use 20 mobile nodes and build a scenario without any JF attacker shows normal flow of traffic. In figure 2 we use 20 mobile nodes and build a scenario with two JF attackers. JF attackers are shown in red label i.e. attacker1, attacker2. In figure 3 we use 20 mobile nodes and build a scenario with four JF attackers. JF attackers are shown in red label i.e. attacker1, attacker2 etc. 295
5.2 Experiment Design Parameters Common Parameters Table 1. Common Parameters used in Simulation Platform Parameter Value Windows XP SP2 Simulator Opnet modeler 14.5 Area Network Size Mobility Model Traffic Type Simulation Time Address Mode Ad Hoc Routing Protocol AODV Parameters TCP Parameters JellyFish Forwarding rate 5x5 KM (Fix) 20 nodes (Fix) Random HTTP 30 Minutes IPv4 AODV Default Default Zero for normal flow (Scenario 1) Two (Scenario 2) Four (Scenario 3) 400000 packets/sec for honest nodes 5000 packets/sec for JF nodes Implementations of JF Delay Variance Attack The normal packet forwarding rate for honest nodes is 400000 packets per second. To simulate JF delay variance attack we reduce this packet forwarding rate to 5000 packets per second on each JF attacker node. For the first scenario, a normal flow is there without any JF attacker in the system. For the second scenario two JF attackers are introduced and for the third scenario four JF attackers are introduced in the system. 5.3 Results In simulation we take following statistics of the network: Number of Hops per Route, Total Packets Dropped, Traffic Received (bits/sec), Retransmission Attempts (packets), End-to-end Delay (msec), Throughput (bits/sec). 296
Table 2. Number of Hops per Route, Total Packets Dropped and Traffic Received (bits/sec) Number of Hops per Route Total Packets Dropped Traffic Received (bits/sec) Normal Flow 3.3 74.57 32516.22 02 3.3 72.09 32505.03 04 3.4 73.27 32433.99 Fig. 4. Number of Hops per Route Fig. 5. Total Packets Dropped Fig. 6. Traffic Received Figure 4, 5 and 6 show number of hops per route, total packets dropped and traffic received (bps) with normal flow and also in the presence JF attackers respectively. Table 3. Retransmission Attempts, End-to- end Delay and Throughput Retransmission Attempts (packets) End-to- end Delay (msec) Throughput (bits/sec) Normal Flow 0.496041 67.54 572369.55 02 0.498990 69.83 572220.43 04 0.499159 77.35 528859.37 Fig. 7. Retransmission Attempt Fig. 8. End-to-end Delay Fig. 9. Throughput Figure 7, 8 and 9 show retransmission attempts (packets) End-to-end Delay (msec) and Throughput (bps) with normal flow and also in the presence JF attackers respectively. 297
Table 4. Impact of Percentage of JF on End-to-end Delay and Throughput No of 02 04 % JF % Increment in End-to-end Delay % Decrement in Throughput 10 3.38 0.03 20 10.76 7.58 Fig. 10. Impact of Percentage of JF attackers on End-to-end Delay Fig. 11. Impact of Percentage of JF attackers on Throughput Figure 10 shows the impact of increasing percentage of JF attackers on End-to-end delay. Figure 11 shows the impact of increasing percentage of JF attackers on throughput of the network. 6 Key Findings Here, we try to evaluate the performance of a mobile ad hoc network under the presence of different number of JF attackers. Some of the observations are: Number of hops increases because of the presence of attackers. This does not get much affected in the presence of two attackers but with introduction of four attackers nodes have to go for different hops to transmit the same traffic load (Refer Table 2). Because of the delay in the packet delivery due to presence of JF attackers, the number of packets being delivered at node decreases resulting in less packet dropping also (Refer Table 2). Traffic received (bps) is reduced by the delay produced in packet delivery in the presence of increasing JF attackers. (Refer Table 2). TCP being a reliable protocol retransmits the packets being delayed by the JF attackers present in the network as TCP is not getting an ACK packet from the recipient node within certain duration of time (Refer Table 3). End-to-end delay of the network is increased with increase in number of JF attackers due to the delay produced in the delivery of packets which route through JF nodes (Refer Table 3). 298
Increase in number of JF attackers cause throughput to become worse (reduced to 7.58% in presence of four attackers). It is because in the presence of JF attackers the number of delivered packets per second decrease due to high end-to-end delay (Refer Table 3 and 4). 7 Conclusion In our simulation we observed out that when percentage of JF attackers is 10% the throughput decreases only upto 0.03% which is very less. But if we increase percentage of attackers to 20% the throughput decreases to 7.58% which is very high as compared to 0.03%. End-to-end delay increases to 3.38% for 10% attackers and 10.76% for 20% attackers (Refer Table 4). So, from the performance point of view we can say that the network performance is less affected upto 10% of JF attackers but for 20% of JF attacker the performance becomes worse. In future this work can be extended with variation in mobility, node density and system size which in this work are taken to be constant. References 1. Syed Atiya Begum, L.Mohan, B.Ranjitha, Techniques for Resilience of Denial of Service Attacks in Mobile Ad Hoc Networks, Proceedings published by International Journal of Electronics Communication and Computer Engineering Volume 3, Issue (1) NCRTCST, ISSN 2249 071X National Conference on Research Trends in Computer Science and Technology 2012. 2. Ekta Barkhodia, Parulpreet Singh, Gurleen Kaur Walia, Performance Analysis of AODV using HTTP traffic under Black Hole Attack in MANET, Computer Science & Engineering: An International Journal (CSEIJ), Vol.2, No.3, June 2012. 3. Mohammad Wazid, Rajesh Kumar Singh, R. H. Goudar, A Survey of Attacks Happened at Different Layers of Mobile Ad-Hoc Network & Some Available Detection Techniques, Proceedings published by International Journal of Computer Applications (IJCA) International Conference on Computer Communication and Networks CSI- COMNET- Dec 2011. 4. Uttam Ghosh, Raja Datta, Identity based Secure AODV and TCP for Mobile Ad Hoc Networks, Proceedings of ACM ACWR 11, December 18-21 2011. 5. B. B. Jayasingh, B. Swathi, A Novel Metric For Detection of Jellyfish Reorder Attack on Ad Hoc Network, BVICAM S International Journal of Information Technology (BIJIT) Vol. 2 No. 1, ISSN 0973 5658 Year 2010. 6. Peter Ebinger, Malcolm Parsons, Measuring the Impact of Attacks on the Performance of Mobile Ad hoc Networks, Proceedings of ACM PE-WASUN 09, October 28 29, 2009. 7. Imad Aad, Jean-Pierre Hubaux, Impact of Denial of Service Attacks on Ad Hoc Networks, IEEE/ACM Transaction on Networking, Vol. 16, No. 4, Aug 2008. 8. Hoang Lan Nguyen, Uyen Trang Nguyen A study of different types of attacks on multicast in mobile ad hoc networks, Elsevier Journal of Ad Hoc Networks 6 (2008) 32 46. 9. Imad Aad, JeanPierre Hubaux, Edward W. Knightly, Denial of Service Resilience in Ad Hoc Networks, In Proceedings of ACM MobiCom 04, Sept. 26 Oct.1, 2004. 299