Cross Layer Detection of Wormhole In MANET Using FIS P. Revathi, M. M. Sahana & Vydeki Dharmar Department of ECE, Easwari Engineering College, Chennai, India. E-mail : revathipancha@yahoo.com, sahanapandian@yahoo.com & dvydeki@yahoo.co.in Abstract - MANETs are vulnerable to various attacks, wormhole is one such attack which causes severe threat to ad hoc networks and disrupts the entire communication process. This paper deals with a cross layer detection of wormhole which is done using the Fuzzy Inference System (FIS). This system successfully detects the wormhole present in the MANET using network and physical layer parameters. The various network parameters such as throughput, average end-to-end delay, packets dequeued are used to detect the presence of wormhole in the network. In addition, the physical layer parameters such as signals transmitted and signals received and forwarded to MAC layer are considered in the detection process. Various MANETs are simulated using the Qualnet 5. network simulator. The various characteristics of the network are extracted and used by the fuzzy inference system to detect the wormholes present in the above simulated networks. Key words: FIS, MANET, Qualnet, Wormhole. I. INTRODUCTION MANET is a collection of mobile hosts with wireless network interfaces forming a temporary network without the aid of any fixed infrastructure or centralized administration. These Nodes, such as laptop computers and wireless phones, have a limited transmission range. Hence, each node has the ability to communicate directly with another node and forward messages to neighbours. Security of such network is a major concern. Intrusion detection for MANETs is a complex and difficult task mainly due to the dynamic nature of MANETs, their highly constrained nodes, and the lack of central monitoring points. Conventional Intrusion Detection Systems (IDS) are not easily applied to them. New approaches need to be developed or else existing approaches need to be adapted for MANETs. Section 2 presents the existing systems to detect wormhole attack. Section 3 gives the description of the proposed cross layer detection mechanism. Section 4 explains about the MANET and its simulation using the Qualnet simulator. Section 5 explains the data collection and feature extraction process. Section 6 deals with the implementation of fuzzy logic in the MATLAB software. The final section shows the detection of wormhole. II. EXISTING SYSTEM Over the last few years various research works have been conducted toward securing ad hoc wireless networks. Most of such efforts have been put on mechanisms to detect attacks in these networks. Many IDSs have been proposed in the literature for wired networks but MANETs characteristics make direct application of these approaches to MANETs impossible. The prevailing technique is anomaly-based intrusion detection which makes use of symptoms of normal behaviours of the system such as usage frequency of commands, CPU usage for programs, etc. It detects intrusions as deviations or anomalies from the normal behaviours. Various techniques have been applied for anomaly detection, e.g. statistical approaches and artificial intelligence techniques like data mining and neural networks. Another technique is specificationbased intrusion detection. In this approach, a set of constraints on a program or a protocol are specified and intrusions are detected as runtime violations of these specifications. III. PROPOSED SYSTEM The proposed method detects the wormhole attack without disturbing any nodes in the network and interfering with the route establishment process. This ISSN (PRINT) : 232 8945, Volume -1, Issue -3, 213 75
technique works without any modification of protocol or without any special environment assumptions. It makes use of specific network parameters which reflect the presence of wormhole. The proposed work is simulated using Qualnet and the various network parameters are analysed and fed to the FIS in MATLAB. The output of FIS shows the presence of wormhole in the network and it also finds out the attacker node with more accurate detection and less false alarm rate. The block diagram of the proposed system is shown in Figure1. 4. The properties of the nodes are set after the network is simulated. The MANETs are configured with AODV as routing protocol. 5. The MANETs are tested with both static and mobile scenarios. 6. Wormholes are simulated in appropriate places. 7. When the simulator is run with the above configurations, the required networks are simulated. A sample scenario is given in figure 2 in which 3 nodes are simulated with 6 wormhole nodes. Figure 1: Block diagram of the proposed system The various processes illustrated in Figure 1 are explained in the following sections. IV. MANET SIMULATION Mobile ad hoc Network is a group of wireless mobile nodes connected to each other without any central access point. The nodes can leave or join the network at any time. Due to the movement of nodes the topology of the network changes rapidly. The nodes which are near to each other or within each other s range can communicate directly. But nodes which are far away use intermediate nodes to send data. This is used in various applications like Military applications, Collaborative and distributed computing, Emergency operations. In this work, various networks are simulated with and without wormholes. The MANETs are simulated using the Qualnet 5. network simulator as: 1. The required type of node is selected and placed in the desired location in the Qualnet work space. 2. A wireless subnet cloud is placed and the nodes are connected to the network cloud by linking. 3. The Constant bit Rate (CBR) traffic is then generated within the network with the help of the available traffic generators. Figure 2: MANET with 3 nodes V. DATA COLLECTION AND FEATURE EXTRACTION All the parameters obtained from the simulation are collected. More than 6 parameters are collected and the ones specific to the wormhole attack are selected. The analysis of various network performance parameters shows that the throughput decreases and average end to end delay for each network increases drastically in the presence of wormhole. The two important performance metrics considered here are: Packet Delivery Ratio: Packet delivery ratio is given by Throughput= Total number of bytes received Total number of Average End-to-End Delay: Average end-to-end delay is the average time it takes a data packet to reach to destination in seconds. It is calculated by subtracting time at which first packet was transmitted by source from time at which first data packet arrived to destination. 76 ISSN (PRINT) : 232 8945, Volume -1, Issue -3, 213
These performance parameters for a sample case of network with 1 nodes and two wormhole nodes are plotted in Figures 3, 4, 5, 6 and 7. The x-axis for all the Figures indicates the node id. Figure 3 shows the throughput in the y-axis. It is seen that throughput decreases in the presence of wormholes. 6 5 4 packets dequeued (without attack) packets dequeued (with attack) 1 8 6 4 WITHOUT 3 2 1 1 2 3 4 5 6 7 8 9 1 11 12 2 Figure 3: Throughput Figure 4 shows the delay in the y-axis. It is seen that delay increases in the presence of wormholes..35.3.25.2.15.1.5 Figure 4: Delay After analyzing the graphs, 3 main parameters which showed large variations in the presence and absence of wormhole attack are selected. They are: Packets dequeued Signals transmitted NODE 1-6NODE7-3 NODE 1-6 NODE7-3 WITHOUT ATTACK Signals received and forwarded to MAC Among the three, the first parameter is derived from network layer and the other two from physical layer. Figure 5 shows the packets dequeued in y-axis. It is seen that the number of packets dequeued is very high for the wormhole nodes. Figure 5: Packets dequeued Figure 6 shows the signals transmitted in y-axis. It is seen that the number of signals transmitted is higher for the wormhole nodes than any other node. 6 5 4 3 2 1 signals txd (without attack) signals txd (with attack) 1 2 3 4 5 6 7 8 9 1 11 12 Figure 6: Signals transmitted Figure 7 shows the signals received and forwarded to MAC in y-axis. This parameter also is very high for the wormhole nodes. 77 ISSN (PRINT) : 232 8945, Volume -1, Issue -3, 213
9 8 7 6 5 4 3 2 1 signals rxd and fwded to MAC (without attack) signals rxd and fwded to MAC (with attack) 1 2 3 4 5 6 7 8 9 1 11 12 Figure 7: Signals received and forward to MAC VI. FIS This Fuzzy in MATLAB involves an intermediate step called the Clustering. Cluster analysis or clustering is the task of grouping a set of objects in such a way that objects in the same group (called cluster) are more similar to each other than to those in other groups (clusters).the fuzzy logic maps the input space to output space using a list of if-then statements called rules. It takes in a crisp input and performs the following steps: FUZZIFICATION Converts the crisp input to a linguistic variable using the membership functions stored in the fuzzy knowledge base. FUZZY INFERENCE SYSTEM Using If-Then type fuzzy rules converts the fuzzy input to the fuzzy output. DE-FUZZIFICATION Converts the fuzzy output of the inference engine to crisp value using membership functions analogous to the ones used by the fuzzifier. There are three main types of fuzzy models, namely Mamdani Fuzzy models Sugeno Fuzzy Models Tsukamoto Fuzzy models The Sugeno model is been used in this scheme, as it computationally efficient and is well suited for mathematical analysis. MATLAB is a high-performance language for technical computing. It integrates computation, visualization, and programming in an easy-to-use environment where problems and solutions are expressed in familiar mathematical notation. In this work, FIS is generated in MATLAB. It takes input from the parameters. This data set is conditioned using clustering. The FIS applies appropriate rules on the data set and gives de-fuzzified output values. These values are an indication of the nodes from which the wormhole nodes can be detected. VII. DETECTION OF WORMHOLE From the various outputs obtained from the Qualnet simulation and the FIS system constructed using MATLAB. The following detection and analysis has been made. The output of the MATLAB is shown below: Figure 8: Block diagram of an FIS system Figure 9: Wormhole detection in MATLAB 78 ISSN (PRINT) : 232 8945, Volume -1, Issue -3, 213
From the above output graph, it has been clearly shown that the nodes 9, 1, 19 and 2 are detected correctly as wormholes by their low FIS output values. On analysing the performance, few important parameters are needed to be taken care of: FALSE ALARM RATE: In order to provide accurate reports for target detection and tracking in realistic environments, false alarm is an important phenomenon. It is the rate at which the system makes an incorrect decision while detecting a wormhole.for a proper network the false alarm rate should be low in order to have high detection rate. In this system, false alarm rate is low, as most of the wormholes present in the network are detected accurately, which proves that the proposed system is every efficient in detecting the wormhole present in the MANET. No. of nodes Static Mobile 1 1% 1% 2 1% 1% 3 33.33% 33.33% DETECTION TIME: Detection time is the time taken by the system to detect the presence of wormhole in the network. For an efficient system this time has to be low in order to increase the computational speed. The detection time for the various wormhole scenarios are shown below: No. of nodes Static Mobile 1.14972.12537 2.11117.14926 3.316783.93985 VIII. CONCLUSION AND FUTURE WORK From the simulation results it is concluded that under the wormhole attack the performance of the network is decreased. So to avoid this, the wormholes are also detected with a good detection ratio using FIS and with lesser detection time. So the future work is to increase the accuracy of the system with 1% detection ratio and to improve the security of the network to avoid wormhole attacks in MANET. IX. REFERENCES [1] Reshmi Maulik and Nabendu Chaki, A Study on Wormhole Attacks in MANET, International Journal of Computer Information Systems and Industrial Management Applications ISSN 215-7988 Volume 3 (211) pp. 271-279 [2] Ajay Prakash Rai, Vineet Srivastava, Rinkoo Bhatia, Wormhole Attack Detection in Mobile Ad Hoc Networks, International Journal of Engineering and Innovative Technology (IJEIT) Volume 2, Issue 2, August 212 [3] Sevil Şen, John A. Clark, INTRUSION DETECTION IN MOBILE AD HOC NETWORKS, Department of Computer Science, University of York, York, UK, YO1 5DD [4] Viren Mahajan, Maitreya Natu, and Adarshpal Sethi, ANALYSIS OF WORMHOLE INTRUSION ATTACKS IN MANETS, University of Delaware 79 ISSN (PRINT) : 232 8945, Volume -1, Issue -3, 213