destination deviation using routing bmisbehavior and prevention mechanism in manet
DESCRIPTION
Destination Deviation Using Routing Misbehavior and Prevention Mechanism in MANETTRANSCRIPT
2
1.1 INRODUCTION TO WIRELESS AD HOC NETWORK
Wireless Adhoc networks have been a hot research topic within the wireless research
community. Basically these are networks that do not have an underlying permanent
infrastructure. Mobile hosts “join” on the fly and generate a network on their own. With the
network topology changing dynamically and the lack of a centralized network management
functionality, these networks tend to be susceptible to a number of attacks. Mobile nodes
within one another’s radio range can communicate through wireless links and thus
dynamically form a network. Wireless devices that are not in direct range communicate via
intermediate devices; this is known as multihop communication. Thus, an ad hoc network is a
collection of autonomous nodes that form a dynamic function specific multihop radio
network in a decentralized fashion. The standard nature of a fixed support infrastructure such
as mobile switching centers, base stations, access points, and other centralized machinery
seen in traditional wireless networks. The network topology is constantly changing as a result
of nodes joining in and moving out. Packet forwarding, routing, and other network operations
are passed out by the individual nodes themselves.
Figure 1.1: Ad hoc network example
Figure 1.1 illustrates an example of ad hoc network.Wireless ad hoc networks get application in
military operations so that planes, tanks, and moving personnel can communicate. salvage
missions and urgent situation situations also find use for such networks. Other examples
include virtual classrooms and conferences wherein people can set up a network on the spot
through their laptops, personal development applications (PDAs), and other mobile devices,
assuming they share the same physical medium such as direct series spread spectrum (DSSS)
or frequency hopped spread spectrum (FHSS) [29]. Mobile ad hoc networks (MANETs)
present a number of unique problems for Intrusion Detection Systems (IDS). Network traffic
3
can be monitored on a wired network segment, but ad hoc nodes can only supervise network
traffic within their observable radio transmission range. A wired network under a single
administrative domain allows for finding, renovate, response, and forensics of suspicious
nodes. A MANET is most likely not under a single administrative domain, making it
complicated to perform any kind of centralized management or control. In an ad hoc network,
malicious nodes may enter and leave the immediate radio transmission range at random
intervals, may collude with other malicious nodes to interrupt network activity and avoid
detection, or behave maliciously only intermittently, additional complicating there
detection[1]. MANET’s have come into distinction due to potentially rapid infrastructure-less
deployment in military and emergency situations. However, the unreliability of wireless links
between nodes, possibility of mobile nodes being captured or compromised, break down of
cooperative algorithms, all lead to increased vulnerability [29]. Unrelenting attackers will
eventually infiltrate any system. It is important to monitor what is taking place in a system
and look for intrusions. Intrusion Detection Systems (IDS) do precisely that. An IDS forms
the second wall of defense in a high-survivability network. Intrusion prevention measures
such as authentication and encryption are not guaranteed to work all the time, which brings
out the need to complement them with efficient intrusion detection and response. If an
intrusion is detected quickly enough, the intruder can be ejected before any damage is done or
any data is compromised. Effective IDS can not only serve as a deterrent acting to prevent
intrusions but also provide information about intrusions to strengthen intrusion prevention
actions.
1.2 ISSUES AND CHALLENGES IN WIRELESS AD HOC
NETWORK SECURITY PROVISIONING
Designing a perfect security protocol for ad hoc wireless is a very challenging duty. A
detailed discussion on how each characteristics of ad hoc network means it’s a reason for
difficulty in providing security in ad hoc wireless networks is given below.
Shared broadcast radio channel: Unlike in wired network where a separate
dedicated transmission line can be provided between a pair of end users, the radio
channel used for communication in ad hoc wireless networks is broadcast in nature
and is shared by all nodes in the network. Data transmitted by a node is received by
all nodes within its direct transmission range. So a malicious node could without any
4
problems obtain data being transmitted in the network. This problem can be
minimized to a definite extent using directional antennas.
Insecure operational environment: The operating environments where ad hoc
wireless networks are used may not always be secure. One important application of
such networks is in battlefields. In such applications, nodes can move in and out of
hostile and insecure enemy territory, where they would be highly vulnerable for the
security attacks.
Lack of central authority: In wired networks and infrastructure based wireless
networks; it would be possible to monitor the traffic on the network through certain
important central points (such as routers, base stations, and access points) and execute
security mechanisms at such points. Since ad hoc wireless networks do not have any
such central points, these mechanisms cannot be applied in ad hoc wireless networks.
Lack of association: Since these networks are dynamic in nature, a node can join or
leave the network at any point of the time. If no proper authentication mechanism is
used for organization nodes with a network, an intruder would be able to join into the
network quite easily and carry out his/her attacks.
Limited resource availability: Resources such as bandwidth, battery power, and
computational power are scarce in ad hoc wireless networks. Hence, it is difficult to
implement complex cryptography based security mechanisms in such networks.
Physical vulnerability: Nodes in these networks are usually compact and handheld in
nature. They could get damaged easily and are also vulnerable to theft.
1.3 AD HOC NETWORK SECURITY REQUIREMENTS
A security protocol for ad hoc network should satisfy the following requirements. The
requirements listed below should in fact be met by security protocol for other types of
network also.
Confidentiality: The data sent by the sender (source node) must be comprehensible
only to the intended receiver (destination node). Though an intruder might get hold of
the data being sent, he/she must not be able to derive any useful information out of the
data. One of the popular techniques used for ensuring confidentiality is data
encryption.
5
Integrity: The data sent by the source node should reach the destination node as it
was sent: unchanged. In other words, it should not be possible for any malicious node
in the network to interfere with the data during transmission.
Availability: The network should remain operational all the time. It must be robust
enough to tolerate link failures and also be capable of surviving various attacks
mounted on it. It should be able to provide the guaranteed services whenever an
authorized user requires them.
Non-repudiation: Non-repudiation is a mechanism to guarantee that the sender of a
message cannot later deny having sent the message and that the recipient cannot reject
having received the message. Digital signatures, which function as unique identifiers
for each user, much like a written signature, are used commonly for this purpose.
1.4 ATTACKS ON WIRELESS AD HOC NETWORK
Attacks on ad hoc networks can be classified into two broad categories, namely passive and
active attacks. A passive attack does not interrupt the operation of the network; the adversary
snoops the data exchange in the network without changing it. Here the requirement of
confidentiality can be violated if an adversary is also able to interpret the data gathered
through snooping. Detection of passive attack is very difficult since the operation of the
network itself get affected.
One way of overcoming such problem is to use powerful encryption mechanism to encrypt
the data being transmitted, thus making it impossible for eavesdropper to get any useful
information from the data overheard. An active attacks attempts to alter or destroy the data
being exchange in the network, there why disrupting the normal functioning of the network.
Active attacks can be classified further into two categories, namely, external and internal
attacks. External attacks are carried out by nodes that do not belong to the network. These
attacks can be prevented by using standard security mechanism such as encryption techniques
and firewalls. Internal attacks are from compromised nodes that are actually part of the
network. Since the adversaries are already part of the network as authorized nodes, internal
attacks are more strict and complex to notice when compare to external attacks.
6
Figure 1.2: Classifications of attacks
1.4.1. NETWORK LAYER ATTACKS
This section gives brief descriptions of the attacks pertaining to the network layer.
1.4.1.1 Wormhole attack: In this attack, an attacker receives packets at one location in the
network and tunnels them (possibly selectively) to a different location in the network, where
the packets are resent into the network [15]. This tunnel between two colluding attackers is
consult to as a wormhole. It could be established during a single long range wireless link or
even through a wired link between the two colluding two attackers. Due to the broadcast
nature of the radio channel, the attackers can generate a wormhole even for packets not
address to itself. Though no damage is done if the wormhole is used properly for efficient
relaying of packets, it puts the attacker in a powerful position compare to other node in the
SECURITY ATTACKS
PASSIVE ATTACKS ACTIVE ATTACKS
MAC
LAYER
ATTACKS
TRANSPORT
LAYER
ATTACKS
NETWORK
LAYER
ATTACKS
APPLICATION
LAYER
ATTACKS
OTHER
ATTACKS
SNOOPING
Jamming
Warm hole attack
Black hole attack
Session
hijacking
Routing attacks
Resource consumption
attack
Byzantine attack
Repudiation Denial of
Services
7
network, which the attacker could use in a manner that could compromise the security of the
network. If proper mechanisms are not employed to defend the network against wormhole
attacks, most of the existing routing protocols for ad hoc wireless networks may fail to find
valid routes.
1.4.1.2 Black hole attack: In this attack, a malicious node untruly advertises good path (eg,
shortest path or most steady path) to the destination node during the path finding process (in
on-demand routing protocols) or in the route update messages (in table-driven routing
protocols) [24]. The intension of the malicious node could be to hinder the path-finding
process or to intercept all data packets being sent to the destination node concerned.
1.4.1.3 Byzantine attack: Here, a compromised intermediate node or a set of compromised
intermediate nodes work in collusion and carries out attacks such as creating routing loops,
routing packets or non best possible path, and selectively dropping packets [25]. Byzantine
failure is hard to discover. The network would seem to be operating normally in the view
point of the nodes, though it may actually be exhibiting Byzantine behavior.
1.4.1.4 Information disclosure: A compromised node can leak confidential or important
information to unauthorized nodes in the networks. Such information may include
information concerning the network topology, geographic location of nodes, or optimal
routes to authorized nodes in the network [26].
1.4.1.5 Resource consumption attack: In this attack a malicious node tries to
consume/waste away resources of other nodes present in the network. The resources that are
targeted are battery power, bandwidth, and computational power which are only limitedly
available in ad hoc wireless networks [27]. The attacks could be in the form of pointless
request could be in the form of pointless requests for routes, very frequent generation of
beacon packets, or forwarding of stale packets to nodes. Using up the battery power of
another node by keeping that node always busy by continuously pumping packets to that
node is known as a sleep deprivation attack.
1.4.1.6 Routing attack: There are several types attacks mounted on the routing protocol
which are aimed at disrupting the operation of the network. In what follows, the various on
the routing protocol are described temporarily.
8
Routing table overflow: In this type of attack, an adversary node advertises routes to
non - existent nodes, to the authorized node present in the network. The main
objective of such an attack is to cause an overflow of the routing tables, which would
in turn present the creation of entries corresponding to new routes to authorized
nodes. Proactive routing protocols are more vulnerable to this attack compare to
reacting routing protocol.
Routing table poisoning : : Here , the compromised nodes in the network send
fictitious routing updates or modified genuine route update packets sent to other
uncompromised nodes . Routing table poisoning may result in suboptimal routing,
congestion in portion of the network, or even make some part of the network
inaccessible.
Packet replication: In this attack, an adversary node replicates stale packets. This
consumes additional bandwidth and battery power resources available to the nodes
and also causes unnecessary confusion in the routing process.
Routing cache poisoning: In the case of on demand routing protocol such as the
AODV protocol [21], each node maintains a route cache which holds information
regarding routes that have become known to the node in the recent past. Similar to
routing table poisoning, an adversary can also poison the route cache to achieve
similar objectives.
Rushing Attack: On demand routing protocols that use duplicate suppression during
the route discovery process are vulnerable to this attack [28]. An adversary node
which receives a Route Request packet from the source node floods the packet
quickly during the network before other node which also receives the same Route
Request packet can reply. Node that receives the legitimate Route Request packets
(RREQ) assumes those packets to the duplicates of the packet already received
through the opponent node and hence rejects those packets. Any route discovered by
the source node would contain the opponent node as when of the intermediate nodes.
Hence, the source node would not be able to find secure routes, that is routes that do
not include the opponent node . It is extremely difficult to detect such attacks in ad-
hoc wireless network.
9
1.4.2 TRANSPORT LAYER ATTACK
This section gives brief descriptions of the attacks refer to the transport layer.
Session hijack: Here an adversary takes control over a session between two nodes.
Since most authentication processes are carried out only at the start of a session, once
the session between two nodes gets established, the adversary node masquerades as
one of the end node of the session and hijacks the session.
1.4.3 APPLICATION LAYER ATTACK
This section gives brief descriptions of the attacks relate to the application layer.
Repudiation: In simple terms repudiation refers to the denial or attempted denial by a
node involved in communication of having participated in all or part of the
communication. Non repudiation is one of the important requirements for a security
protocol in any communication network.
1.4.4 OTHER ATTACKS
This section gives brief descriptions of the attacks relate to other attacks.
1.4.4.1 Multi-layer Attack: Multi layer attacks are those that could take place in any layer of
the network protocol stack. Denial of service and impersonation are some of the common
multi-layer attacks. this section discusses some of the multilayer attacks in ad-hoc wireless
networks.
1.4.4.2 Denial of service: In this type of attack an adversary attempts to prevent legitimate &
authorized users of services offered by the network from accessing those services. A denial of
service (DoS) attack can be carried out in many ways. The classic way is to flood packets to
any centralized resource (e.g., an access point) unused in the network so that the resource is
no longer available to nodes in the network, resulting in the network no longer operating in
the manner it was designed to operate. This may lead to a failure in the delivery of guaranteed
services to the end users. Due to the unique characteristics of ad-hoc wireless networks, there
exist many more ways to initiate the DoS attack in such a network, which would not be
Possible in wired networks DoS attacks can be launched against any layer in the network
protocol stack [28]. On the physical and MAC layer , an opponent could employ jamming
signals which disrupt the on going transmissions on the wireless channel. On the network
10
layer an opponent could take part in the routing process and exploit the routing protocol to
interrupt the normal functioning of the network. For e.g., an adversary node could participate
in a session but simply drop a certain no of packets, which may lead to degradation in the
quality of services (Qos) being offered by the network. On the higher layers, an adversary
could bring down critical services such as the key management services. Some of the DoS
attacks are described below.
1.4.4.3 Jamming: In this form of attack the adversary initially keeps monitoring the wireless
medium in order to determine the frequency at which the receiver nodes is receiving signal
from the sender. It then x-mitts signals on that frequency show that error free reception at the
receiver is hindered. Frequency hopping spread spectrum (FHSS) and direct sequence spread
spectrum (DSSS) (described in detail in the first chapter) are two commonly used techniques
that overcome jamming attacks.
1.4.4.4 SYN flooding: Here an adversary sends a large no of SYN packets to a victim node,
spoofing the return address of the SYN packets. On receiving the SYN packets, the victim
node sends back acknowledgement (SYN-ACK) packets to nodes whose addresses have been
specified in the received SYN packets. However, the victim node would not receive any ACK
packets in return. In effect, a half open connection gets created. The victim node builds up a
table/data structure for holding information regarding all pending connections. Since the
maximum possible size of the table is limited the increasing no of half open connection
results in an overflow in the table. Hence, even if a connection requests comes from a
legitimate node at a later point of time, because of the table over flow, the victim node would
be forced to reject the call request.
1.4.4.5 Distributed DoS Attack: A more severe form of the DoS attack is the distributed
DoS (DDoS) attack. In this attack, several adversaries that are distributed throughout the
network collude and prevent legitimate users from accessing the services offered by the
network.
1.4.4.6 Impersonation: In impersonation attacks, an adversary assumes the identity and
privileges of an authorized node, either to make use of network resources that may not be
available to it under normal circumstances, or to disrupt the normal functional of the network
by injecting false routing information in to the network. An adversary node could masquerade
11
as an authorized node using several methods [29]. It could by chance guess the identity an
authentication details of the authorized node (target node ) , or it could snoop for information
regarding the identity an authentication of the target node from a previous communication or
it could circumvent or disable the authentication mechanism at the target node. A man-in the-
middle attack is another type of impersonation attack. Here an adversary reads an possibly
modifies, message between two end nodes without letting either of them know that they have
been attacked. Suppose two nodes X & Y are communicating with each other ; the adversary
impersonates node Y with respect to node X and impersonates node X with respect to node Y
, exploiting the lack of third party authentication of the communication between node X & Y.
1.4.4.7 Device Tampering: Unlike nodes in a wired network, nodes in ad-hoc wireless
networks are usually compact, soft, and hand-held in nature. They could get damaged or
stolen easily.
1.5 MOTIVATION
A wired network under a single administrative domain allows for discovery, repair, response,
and forensics of suspicious nodes. A MANET is most possible not under a single
administrative domain, making it difficult to perform any kind of centralized management or
control. In an ad hoc network, malicious nodes may enter and leave the immediate radio
transmission range at random intervals, might collude with other malicious nodes to disrupt
network activity and evade detection, or behave maliciously only intermittently, further
complicating their detection. A node that sends out fake routing information could be a
compromised node, or merely a node that has a temporarily stale routing table due to volatile
physical conditions. Packets may be dropped due to network congestion or because a
malicious node is not faithfully executing a routing algorithm.
1.6 LIMITATIONS
The topology of mobile Ad-hoc network changes continuously so sometimes it can take large
amount of time to find the Intrusion.
12
1.7 PROBLEM DESCRIPTION
The problem involves a method for determining dangerous path (dangerous path is a path
whose failure or malicious behavior disconnects or significantly degrades the performance of
the network.), the infection propagated by malicious node on critical path and then use the
distributed security scheme to find out the malicious node, nodes they share critical link will
find out the malicious node using distributed security scheme and inform all the nodes about
malicious node. And also describe the details of a serious path test Simulation, present
experimental result.
Challenges
In mobile Ad-hoc network Infrastructure is not fixed
Trace the path from which heavy traffic flows
To fix the testing node
To find the serious path
Continuous check for the routing table
Detect the Intruder node in the network
Network topology is changes dynamically
Poor physical security
1.8 SUMMARY
This chapter gives basic ideas about the various parameters of mobile adhoc network. As a
routing protocol required for detection of malicious nodes in wireless network, that matter is
also kept in mind.
12
CHAPTER 2
BASIC CONCEPT OF
WIRELESS NETWORK
13
In this section present the current literature and work in the related areas of networks, attacks,
security, devices and simulations. Through searching of various online resources, journals,
and texts, it has collected the necessary information for the rest of this system.
2.1 WIRELESS NETWORK
Wireless networks serve as the transport method between devices and among devices and the
traditional wired networks (enterprise networks and the Internet) [30]. Wireless networks are
numerous and different but are frequently categorized into three groups based on their
coverage range: Wireless Wide Area Networks (WWAN), WLAN, and Wireless Personal
Area Networks (WPAN). WWAN includes wide coverage area technologies such as 2G
cellular, Cellular Digital Packet Data (CDPD) and Global System for Mobile
Communications (GSM), and Mobitex. WLAN, signifying wireless local area networks,
includes 802.11, HiperLAN, and several others. WPAN signify wireless personal area
network technologies such as Bluetooth and IR. All of these technologies are “tether less”—
they receive and transmit information using electromagnetic (EM) waves. Wireless
technologies use wavelengths ranging from the radio frequency (RF) band up to and above
the IR band.2 The frequencies in the RF band cover a significant section of the EM radiation
spectrum, extending from 9 kilohertz (kHz), the lowest allocated wireless communications
frequency, to thousands of gigahertz (GHz). As the frequency is increased away from the RF
spectrum, EM energy moves into the IR and then the visible spectrum.
2.2 WIRELESS LAN
WLAN allow greater flexibility and portability than do traditional wired local area networks
(LAN) [30]. Unlike a traditional LAN, which requires a wire to connect a user’s computer to
the network, a WLAN connects computers and other components to the network using an
access point device. An access point communicates with devices equipped with wireless
network adaptors; it connects to a wired Ethernet LAN via an RJ- 45 port. Access point
devices typically have coverage areas of up to 300 feet (approximately 100 meters). This
coverage area is called a cell or range. Users move liberally within the cell with their laptop
or other network device. Access point cells can be linked together to allow users to even
“roam” within a building or between buildings.
14
2.3 AD HOC NETWORK
In intentional operations, there may be conditions where radio network units, or nodes, move
in terrain where line-of-sight communication rarely is possible between all nodes and where
pre-deployed infrastructure cannot be assured [30]. Mobile ad hoc networks have attractive
properties for scenarios of this kind. One method to connect network nodes is to relay
messages through one or several intermediate nodes. This requires a routing method which
for each session or message determines the route the traffic will follow from source to
destination. Networks with this property are called multi-hop networks. A mobile ad hoc
network is a system of wireless mobile nodes with routing capabilities, any group of them
capable of forming an autonomous network that requires no infrastructure and is capable of
organizing itself into arbitrary changeable topologies. A mobile ad hoc network has three
important properties: the multi-hop, self-organizing and autonomous property.
By independent network, mean a network that is not dependent on any fixed infrastructure,
such as centralized base-stations. The autonomous property can be achieved either by using
distributed algorithms in the ad hoc network or by permitting any group of nodes to
automatically agree on one of them to take care of some centralized functionality when
needed. For large networks, permitting the nodes to merge dynamically into hierarchies might
improve traffic capacity. The ad hoc configuration is well suited for building self-forming,
and self-maintaining networks that are fast deployable in many environments. Securing
mobile ad hoc networks is a challenge. A mobile ad hoc network consists of wireless nodes
that form a radio network without any pre-existing infrastructure or centralized servers. One
main challenge to these networks results from their vulnerability to security attacks in a
hostile environment. Mobile ad hoc networks are predominantly susceptible due to their
features of open architecture, cooperative distributed algorithms, limited physical protection,
and self-organizing network. These features also result in that many existing security
solutions for wired networks and traditional planned radio networks are not applicable to
mobile ad hoc networks. Additionally, the unique characteristics of mobile ad hoc networks,
such as resource constraints and dynamic network topology, result in a number of challenges
to security design. Ad hoc networks such as Bluetooth are networks designed to dynamically
connect remote devices such as laptops, cell phones and PDA.
15
These networks are termed “ad hoc” because of their shifting network topologies. Whereas
WLAN use a fixed network communications, ad hoc networks maintain random network
configurations, relying on a master-slave organization connected by wireless links to enable
devices to communicate. In a Bluetooth network, the master of the Pico net controls the
changing network topologies of these networks. It also controls the flow of data between
devices that are skilled of supporting direct links to each other. As devices move about in an
unpredictable fashion, these networks must be reconfigured on the fly to handle the dynamic
topology. The routing that protocol Bluetooth employs allows the master to establish and
maintain these shifting networks.
2.4 PROPERTY OF ADHOC NETWORK
As already mentioned, ad hoc networks do not rely on pre-existing infrastructure and this
may be their most distinguishing attribute. Instead ad hoc networks are formed by individual
nodes when they come to close proximity and need to communicate with each other. This
implies that there is no need for stationary components such as routers, bridges and cables
and of course central administration is not required.
Due to the lack of stationary infrastructure, the participating nodes in the ad hoc network
have to forward traffic on behalf of other nodes that are not in close proximity to the
destination node. If they deny participating in the routing process, the connectivity between
nodes may be lost and the network could be segmented. Therefore, the functionality of an ad
hoc network heavily depends on the forwarding behavior of the participating nodes.
Ad hoc networks can be characterized as autonomous in the sense that most commonly they
offer connectivity between the participating nodes and not connectivity to external LANs or
internets. However in theory it is possible that some of the ad hoc nodes are multi-homed
with connections in both the ad hoc network and one or more external networks. Nothing
prevents these nodes from acting as gateways between these networks but is not a common
element.
Another very important property of ad hoc networks is their dynamic topology(shown in
figure 1.2). Since the topology arbitrarily changes due to node mobility and changes of the
surrounding environment, the utilized routing protocols have to be able to adapt to the
16
dynamic topology. Traditional wired routing protocols like OSPF do not incorporate in their
normal operation support for frequent network topology changes. Thus, the routing protocols
that are currently utilized in ad hoc environments have specifically been designed to handle
node mobility and rapidly changing topologies.
Figure 2.1: Dynamic Topology
The devices that are usually employed in the ad hoc networks have their own limitations.
Since, the only hardware component that is required to connect a device in an ad hoc network
is a wireless interface, PDAs and mobile telephones can be utilized. Furthermore, differences
in the radio transmission ranges and reception equipment sensitivities may lead to
unidirectional links which could complicate routing in the ad hoc networks. Apart from the
communication differences between the nodes, ad hoc networks suffer from limited hardware
resources like limited battery, constrained CPUs and small memory capacity.
2.5 WIRELESS STANDARDS
Wireless technologies match to a variety of standards and offer varying levels of security
features. The principal advantages of standards are to encourage mass production and to
allow products from multiple vendors to interoperate. For here, the discussion of wireless
standards is limited to the IEEE 802.11 and the Bluetooth standard. WLAN follow the IEEE
802.11 standards. Ad hoc networks follow proprietary techniques or are based on the
Bluetooth standard, which was developed by a consortium of commercial companies making
up the Bluetooth Special Interest Group (SIG). These standards are described below.
17
2.5.1 IEEE 802.11
WLAN are based on the IEEE 802.11 standard, which the IEEE first developed in 1997. The
IEEE designed 802.11 to maintain medium-range, higher data rate applications, such as
Ethernet networks, and to address mobile and portable stations. 802.11 is the original WLAN
standard, designed for 1 Mbps to 2 Mbps wireless transmissions. It was followed in 1999 by
802.11a, which recognized a high-speed WLAN standard for the 5 GHz band and supported
54 Mbps. Also completed in 1999 was the 802.11b standard, which operates in the 2.4 - 2.48
GHz band and supports 11 Mbps. The 802.11b standard is currently the dominant standard
for WLAN, providing sufficient speeds for most of today’s applications. Because the 802.11b
standard has been so widely adopted, the security weaknesses in the standard have been
exposed. Another standard, 802.11g, still in draft, operates in the 2.4 GHz waveband, where
current WLAN products based on the 802.11b standard operate.
2.6 SECURITY ISSUES IN FOCUS
Authentication and integrity (communication security)
Key management
Secure routing
Distributed firewalls
Location/identity separation
Intrusion detection and response
Access control
The report also discusses the following areas briefly:
Code signing
User authentication
Storage encryption
Confidentiality of data
Management
18
2.7 PRODUCED SERVICES
The services produced by the security system for a planned mobile ad hoc network aim to
protect the system from different types of IT attacks [31]. Dissimilar kinds of attacks are
listed table 2.1 along with the corresponding security services.
Type of threats Security service
Jamming spread spectrum method
eavesdropping of data Encryption at data link layer, network layer,
transport layer or application layer.
eavesdropping of header data encryption at data link layer
An intermediate node can eavesdrop. encryption at application layer, transport
layer or network layer
Traffic analysis Encryption of header information partly
protects against traffic analysis but as far as .
They don’t know the solution protects against
the all types of traffic analysis.
Active attack against data link layer (1)One
example is an evil node sending many
packets in order to consume resources
(computer capacity, memory, battery,
bandwidth)at the target node
fast lightweight authentication which is
designed to quickly exclude external packets.
Available Active attack against data link
layer (2): One example is an evil node
sending false MAC information in order to
disturb part of network
Intrusion detection system.
Unauthorized node added to the network e.g.
evil node sends packets that is accepted and
forwarded by additional node
Spread spectrum method (if good enough) or
encryption at data link layer or
(authentication at data link layer)
An intermediate node can modify a
message/packet. A node impersonate an
additional node
Authentication and integrity protection at
application layer, transport layer or network
layer
19
Routing attacks Routing security
A mobile node has bad physical protection.
A mobile node can be stolen or hijacked. The
possibility of compromised malicious nodes
performing internal attacks is an important
threat. Someone can also manage to infiltrate
the system by exploring software or design
errors.
(1) Intrusion detection systems (2) Firewalls
partly protects against some internal attacks,
but it depends on how the firewall is
configured and which type of firewall it is.
(3) Authentication and integrity protects
against some internal attacks.
Table 2.1 Different type of attack and corresponding security services
2.8 WIRELESS SECURITY THREATS AND RISK
MITIGATION
The Computer Security generically classifies security threats in nine categories ranging from
errors and omissions to threats to personal privacy. All of these represent probable threats in
wireless networks as well. However, the more immediate concerns for wireless
communications are device theft, denial of service, malicious hackers, malicious code, theft
of service, and industrial and foreign espionage. Theft is likely to occur with wireless devices
because of their portability. Authorized and unauthorized users of the system may commit
fraud and theft; however, certified users are more likely to carry out such acts. Since users of
a system may know what resources a system has and the system’s security flaws, it is easier
for them to commit fraud and theft. Malicious hackers, sometimes called crackers, are
individuals who break into a system without authorization, generally for personal gain or to
do harm.
Malicious hackers are generally individuals from outside of an agency or organization. Such
hackers may expand access to the wireless network access point by eavesdropping on
wireless device communications. Malicious code involves viruses, worms, Trojan horses,
logic bombs, or other unwanted software that is designed to damage files or bring down a
system. Theft of service happens when an unauthorized user gains access to the network and
consumes network resources. Industrial and foreign espionage involves gathering proprietary
data from corporations or intelligence information from governments through eavesdropping.
20
In wireless networks, the espionage threat stems from the relative ease with which
eavesdropping can occur on radio transmissions. Attacks resulting from these threats, if
successful, place an agency’s systems—and, more importantly, its data—at risk. Ensuring
confidentiality, integrity, authenticity, and availability are the prime objectives of all
government security policies and practices. Security Self- Estimation Guide for Information
Technology Systems, states that information must be protected from unauthorized,
unanticipated, or unintentional modification. Security requirements include the following:
1) Authenticity— A third party must be able to verify that the content of a message has not
been changed in transit.
2) Non repudiation—The origin or the receipt of a specific message must be verifiable by a
third party.
3) Accountability—The actions of an entity must be traceable uniquely to that entity.
Network availability is “the property of being accessible and usable upon demand by an
authorized entity.” Risks in wireless networks are equal to the sum of the risk of operating a
wired network (as in operating a network in general) plus the new risks introduced by
weaknesses in wireless protocols. To alleviate these risks, agencies need to approve security
measures and practices that help bring their risks to a manageable level. They need, for
example, to perform security assessments prior to implementation to determine the specific
threats and vulnerabilities that wireless networks will introduce in their environments. In
performing the assessment, they should judge existing security policies, known threats and
vulnerabilities, legislation and regulations, safety, reliability, system performance, the life-
cycle costs of security actions, and technical requirements. Once the risk assessment is
complete, the agency can begin planning and implementing the measures that it will put in
place to safeguard its systems and lower its security risks to a convenient level.
2.9 INTRUSION DETECTION SYSTEM (IDS): A BRIEF
OVERVIEW
Intrusion detection can be defined as the automated detection and successive generation of an
alarm to alert the security equipment at a location if intrusions have taken place or are taking
place. An IDS is a protection system that detects hostile activities in a network and then
attempt to possibly stop such activities that may compromise system security. IDSs achieve
detection by continuously monitoring the network for abnormal activity. The prevention part
may involve issuing alerts as well as taking direct protective measures such as blocking a
21
suspected connection. In other words, intrusion detection is a method of identifying and
responding to malicious action targeted at computing and networking resources. In addition,
IDS tools are capable of distinguishing between insider attacks originating from inside the
network and external ones. Unlike firewalls which are the first line of defense, IDSs come
into the picture simply after an intrusion has occurred and a node or network has been
compromised. That is why IDSs are called the second line of defense.
Generally speaking, IDS:
Is NOT an antivirus program designed to detect malicious software’s such as virus,
Trojans and worms
Is NOT a network logging system used, for example, to detect complete vulnerability
to any DoS attack across a congested network. These are network monitoring systems.
Is NOT a vulnerability measurement tool that checks for bugs and flaws in operating
systems and network services. Such an activity would fall under the preview of
security scanners. A basic model of IDS is likely to include moderately a few
elements. Primarily, Intrusion detection decisions are based on collected audit data.
Sources of data can include keyboard input, command based logs, and application
based logs. Audit data is stored moreover indefinitely, for later reference or
temporarily, waiting processing. The whopping volume of data makes this a crucial
element in an IDS. One or many algorithms are executed to find proof in the audit
trail of suspicious behavior. An IDS is generally controlled by the configuration
settings that would specify how and where to collect audit data, how to response to
intrusions, and so on. Access to these configuration settings would give a potential
intruder vital information on which avenues of attack are likely to go undetected.
Reference data stores information about known intrusion signatures (for miss use
systems) or profiles for common performance (for anomaly systems). The processing
elements must frequently store intermediary result, an example of which might be
information about partially fulfilled intrusion signatures. The space needed to store
this active data can grow relatively large too. And finally, the alarm part of the system
handles all output from the system. Examples included automated response to
suspicious activity and notification of the user. Intrusion detection can be classified
into three broad categories: Anomaly detection, Signature of misuse detection,
specification based detection. We discuss each of these activity and notification of the
user.
22
2.9.1 ANOMALY DETECTION:
In an anomaly detection system a baseline profile of normal system activities is created. Any
system a baseline profile of normal system activities is created. Any system activity that
deviates from the baseline is treated as a possible intrusion. The problems with strict anomaly
detection are the:
Anomalous behaviors that are not intrusive are flagged as intrusive.
Intrusive activities that are not anomalous result in fake negative.
One disadvantage of anomaly detection for mobile computing is that the common profile
must be periodically updated and the deviations from the normal profile computed. The
periodic calculations can impose a heavy load on some source constant mobile device;
perhaps a light weight approach that involves comparatively less computation might be
superior suited.
2.9.2 MISUSE DETECTION:
In misuse detection, decision are prepared on the basis of knowledge of a model of the
intrusive procedure and what traces it have to leave in the observe system. Legal or illegal
behavior can be defined and observed behavior compared accordingly. Such a system tries to
detect verification of intrusive activities irrespective of any knowledge regarding the
background traffic (i.e., the normal behavior of the system).
2.9.3 SPECIFICATION BASED DETECTION:
Specification-based detection defines a set of constraints that describe the correct operation of
a program or protocol, and monitors the execution of the program with respect to the defined
constraints. This technique may provide the capability to detect previously unknown attacks,
while exhibit a low false positive rate. An offshoot to misuse and anomaly detection is
compound detection, which is basically the background of the normal traffic in the system.
These detectors have a much better a misuse inspired system that forms a compound decision
in view of a model of both the normal behavior of the intruder. The detector operates by
detecting the intrusion against chance of correctly detecting truly interesting events in the
supervised system, since they both know the patterns of intrusive behavior and can relate
them to the common behavior of the system. They would at very slightest be feature their
decisions superior.
23
2.9.4 INTRUSION RESPONSE:
The type of intrusion response for wireless ad hoc networks depends on the kind of intrusion,
the network protocols and applications in use, and the assurance (or certainty) in the
evidence. A few likely responses contain:
Reinitializing communication channels between nodes (e.g., force rekey).
Identifying the compromised nodes and reorganizing the network to preclude the
compromised node.
The IDS agent informing the end user, who may in turn do his/her own investigation
and take appropriate action.
2.10 PROPERTIES OF IDS FOR AD HOC NETWORK
There are two key requirements that any IDS must fulfill [21]. These are effectiveness how to
make the intrusion detection system classify malign and benign activity correctly and
efficiency how to run the IDS in a cost effective manner as far as possible. In other words,
these two requirements in essence suggest that IDS should detect a substantial percentage of
intrusions into the supervised system, while keeping the false alarm rate at an acceptable
level at a lower cost. It is expected that an ideal IDS is likely to support several of the
following requirements:
The IDS should not introduce a new weakness in the MANET.
IDS should run continuously and remain transparent to the system and users.
The IDS should use as little system resources as possible to detect and prevent
intrusions. IDS that require excessive communication among nodes or run compound
algorithms are not desirable.
It must be fault-tolerant in the sense that it must be able to recover from system
crashes, hopefully make progress to the previous state, and resume the operations
before the crash
Apart from detecting and responding to intrusions, IDS should also resist subversion.
It should monitor itself and detect if it has been compromised by an attacker.
IDS should have a suitable response. In other words, IDS should not only detect but
also respond to detected intrusions, preferably without human intervention.
Accuracy of the IDS is another major factor in MANETs. Less false positives and
false negatives are desired.
24
It must interoperate with other intrusion detection systems to collaboratively detect
intrusions.
2.11 IDS ARCHITECTURE
An intrusion detection system (IDS) can be classified as network-based or host-based
according to the audit data that is used.
A network-based IDS runs on a gateway of a network and captures and examines the
network traffic that flows through it. Obviously this approach is not suitable for ad hoc
networks since there is no central point that allows monitoring of the whole network.
A host-based IDS relies on capturing local network traffic to the specific host. This data is
analyzed and processed locally to the host and is used either to secure the activities of this
host, or to notify another participating node for the malicious action of the node that performs
the attack.
2.11.1 STAND ALONE IDS
In this architecture, each host has a IDS and detect attacks independently. There is no
cooperation between nodes and all decision is based on local nodes(Figure 2.2). This
architecture is not effective enough but can be utilized in an environment where not all nodes
are capable of running IDS
Figure 2.2 Stand Alone Architecture
25
2.11.2 DISTRIBUTED AND COOPERATIVE IDS
Intrusion detection and response systems should be both distributed and cooperative to suite
the needs of mobile Adhoc networks. In our proposed architecture (Figure 2.3), every node in
the mobile Adhoc network participates in intrusion detection and response. Each node is
responsible for detecting signs of intrusion locally and independently, but neighboring nodes
can collaboratively investigate in a broader range.
Figure 2.3. Distributed and cooperative Architecture
In the systems aspect, individual IDS agents are placed on each and every node. Each IDS
agent runs independently and monitors local activities (including user and systems activities,
and communication activities within the radio range). It detects intrusion from local traces
and initiates response. If anomaly is detected in the local data, or if the evidence is
inconclusive and a broader search is warranted, neighboring IDS agents will cooperatively
participate in global intrusion detection actions. These individual IDS agent collectively form
the IDS system to defend the mobile Adhoc network.
2.11.3 IDS GENERAL ARCHITECTURE
Intrusion Detection System Continually monitors activities (packet traffic or host behavior).
If any misbehavouring is detected it automatically recognize suspicious, malicious, or
inappropriate activities and Trigger alarms to system administrator.
26
Figure 2.4 IDS General Architecture
2.12 SUMMARY
Various concepts of wireless network are discussed in this chapter. Description of intrusion
detection system is also given. Brief concept of attack on wireless network is also explained.
26
CHAPTER 3
LITERATURE SURVEY
27
3.1 Introduction
This chapter is the study of existing wireless network and issues regarding the existing
system & there method of approach. In this detailed description of existing technique have
described like what is wireless network security, how it’s working, advantage and
disadvantage and more important thing security of information over public network.
Moreover it described the performance parameter of information security in public network
and how can we improve them. Approach of the already discovered research work and many
more.
3.2 Literature
Here it has taken numerous researches under consideration. This literature review looks at the
research that has been published in the area of wireless network as it relates to network data
and global communications security. It compares and contrasts the research pointing out
overall trends in what has already been published on this subject. It analyzes the role that
wireless network has played and will play in the future relative to security. This review
addresses wireless network around the central theme of the security that it provides or should
provide individuals, corporations, and others in the modern age of computing technology,
networking, and web-based ecommerce. By reviewing both scholarly and non-scholarly
works, It is our objective to make a better approach that is continuing research into the use
of wireless network in preserving the future of electronic data security and privacy worldwide
to be conducted over the internet.
3.3 Literature Inspection
Few literatures describe the work that already done in the wireless network & related fields
are explored are as follows:
[1]Sumitra Menaria1, Sharada Valiveti, Dr Ketan Kotecha “Attack Generating and Its
Implication on Ad Hoc Networks”
Interest in the area of Mobile Ad-hoc Network (MANET) is increasing since last few years
because of its practical applications and requirement of communication in mobile devices.
However, in comparison to wired network or infrastructure-based wireless network, MANET
28
is particularly susceptible to security attacks due to its fundamental characteristics, e.g., the
open medium, dynamic network topology, autonomous terminal, lack of centralized Ad Hoc
Networks are in demand in some crucial applications due to their open architecture and the
mobility feature. Here, nodes cooperate with each other for communication. This very
characteristic poses an immense problem in Ad Hoc Networks from the Security Point of
view. Also due to the lack of Central Administration, Ad Hoc Networks fall prey to the
Insider Attacks. Implementation of good Intrusion Detection Systems are ideal for insider
attacks. For developing highly efficient intrusion detection system, it is mandatory to
understand the effect of attacks on performance of Ad Hoc networks. In this paper discuss
about the general overview of wireless ad hoc networks, survey of various attacks and
analysis of effects of black hole attack, dropping route request attack and Route [1]
[2] Yuan-Xi Jiang, Bao-Hua Zhao “A Secure Routing Protocol with Malicious Nodes
Detecting and Diagnosing Mechanism for Wireless Sensor Networks”
Routing protocol security is the key element in the research of secure wireless sensor
networks. Due to its unique characteristic, designing security routing protocol is a challenge
in these networks. A secure routing protocol with malicious nodes detecting and diagnosing
mechanism is used to reduce the malicious nodes’ threat to the WSNs.
[3] Alper T. M_Zrak, Stefan Savage, Keith Marzullo “Detecting Malicious Packet
Losses”
In this paper, it considers the problem of detecting whether a compromised router is
maliciously manipulating its stream of packets. In particular, they are concerned with a
simple yet efficient attack in which a router selectively drops packets destined for some
victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious
action because normal network congestion can produce the same effect. Modern networks
routinely drop packets when the load temporarily exceeds their buffering capacities. Previous
detection protocols have tried to address this problem with a user-defined threshold: too
many dropped packets imply malicious intent. However, this heuristic is fundamentally
unsound; setting this threshold is, at best, an art and will certainly create unnecessary false
positives or mask highly focused attacks. It has designed to developed, and implemented a
compromised router detection protocol that dynamically infers, based on measured traffic
29
rates and buffer sizes, the number of congestive packet losses that will occur. Once the
ambiguity from congestion is removed, subsequent packet losses can be attributed to
malicious actions. It has to be tested our protocol in Emu lab and have studied its
effectiveness in differentiating attacks from legitimate network performance.
[4] Wei Gong, Zhiyang You1, Danning Chen, Xibin Zhao, Ming Gu, Kwok-Yan Lam
“Trust Based Malicious Nodes Detection In Manet”
Node misbehavior due to selfish or malicious intention could significantly degrade the
performance of MANET because most existing routing protocols in MANET are aiming at
finding most efficiency path. To deal with misbehavior in MANET, an incentive mechanism
should be integrated into routing result making. In this paper firstly review existing
techniques for secure routing, and then propose to use trust vector model based routing
protocols. Each node would estimate its own belief vector parameters about neighbors
through monitoring neighbors’ pattern of traffic in network. At the same time, trust dynamics
is included in term of robustness. The appraise the performance of the planned mechanism by
modifying Dynamic Source Routing (DSR) so that each node has a dynamic changing “trust
vector” for its neighbors’ behaviors. It also compares the simulation results of with and
without the proposed mechanism. The simulation results demonstrate that the proposed
mechanisms can effectively detect malicious nodes and mitigate black hole attacks.
[5] Yibeltal Fantahun Alem and Zhao Cheng Xuan “Preventing Black Hole Attack in
Mobile Ad-Hoc Networks Using Anomaly Detection”.
Mobile ad-hoc networks are prone to a number of security threats. The fact that mobile ad-
hoc networks lack fixed infrastructure and use wireless link for communication makes them
very susceptible to an adversary’s malicious attacks. Black hole attack is one of the severe
security threats in ad-hoc networks which can be easily employed by exploiting vulnerability
of on-demand routing protocols such as AODV. In this paper, it proposed a solution based on
Intrusion Detection using Anomaly Detection (IDAD) to prevent black hole attacks imposed
by both single and multiple black hole nodes. Result of a simulation study proves the
particular solution maximizes network performance by minimizing generation of control
(routing) packets as well as effectively preventing black hole attacks against mobile ad-hoc
networks.
30
[6] Hyejin Son, Hwangnam Kim and Eun-Chan Park “Enabling Secure Resource
Sharing In Wireless Mesh Networks”
Wireless Mesh Network (WMN) is a self configuring, self-organizing and self-healing
communications network in a mesh topology. Every node work together on establishing
routing path to communicate with each other or use the Internet services. Even though WMN
increases reliability and provides high bandwidth, selfish or malicious nodes may disrupt the
network-wide association and abuse the available network bandwidth; some selfish nodes
may not forward other traffic to save their own resource while letting other nodes to forward
their traffic, and some malicious nodes may discard, forge and modify packets in transit in
order to maximize their own interest. On the other hand, considering that a fraction of nodes
in WMN can access to the Internet gateways, here expect that the nodes in the proximity of
the gateways suffer from excessive overload of forwarding traffic since most outgoing traffic
passes through such the nodes to reach the gateways. In order to address these two problems,
it proposes a smart and secure resource sharing scheme based on the identity-based
encryption and a load balancing routing. The scheme allocates the network resource to the
nodes according to their contribution to the network-wide collaboration. Also, the scheme can
detect malicious or selfish nodes and penalize them. This scheme consequently enhances the
network utilization and the load-balancing in WMN.
[7] Sunilkumar S. Manvia, Lokesh B. Bhajantrib, and Vittalkumar K. Vagga “Routing
Misbehavior Detection in Manets Using 2ACK”
This paper recommends routing misbehavior detection in MANETs using 2ACK scheme.
Routing protocols for MANETs are designed based on the assumption that all participating
nodes are fully cooperative. However, due to the open structure and scarcely available
battery-based energy, node misbehavior may exist. In the accessible system, there is a
possibility that when a sender chooses an intermediate link to send some message to a
destination, the intermediate link may pose problems such as, the intermediate node may not
forward the packets to destination, it may take very long time to send packets or it may
modify the contents of the packet. In MANETs, as there is no retransmission of packets once
it is sent, care must be taken not to lose packets. It has analyzed and evaluated a technique,
termed 2ACK scheme to identify and alleviate the effect of such routing misbehavior in
31
MANETs environment. It is based on a simple 2-hop acknowledgment packet that is sent
back by the receiver of the next-hop link. 2ACK transmission takes place for only a part of
data packets, but not for all. Such a selective acknowledgment is intended to reduce the
additional routing overhead caused by the 2ACK scheme. Our contribution in this paper is
that, It embedded some security features with 2ACK to check confidentiality of the message
by verifying the original hash code with the hash code generated at the destination. If 2ACK
is not received within the wait time or the hash code of the message is changed then the node
to next hop link of sender is acknowledged as the misbehaving link. It simulated the routing
misbehavior detection using 2ACK scheme to test the operation scheme in terms of
presentation parameters.
[8] Santhosh Krishna B.V, Mrs.Vallikannu A.L “Detecting Malicious Nodes For Secure
Routing In Manets Using Reputation”
Mobile ad-hoc networks (MANETS) are flat to a number of security threats that integrate
distributed reputation protocol within DSR and execute extensive simulations using a number
of scenarios characterized by high node mobility. Short gap time and highly sparse network
in order to evaluate each of the design choices of our system. It focus on single and multiple
black hole attacks but our design principles and results are applicable to a wider range of
attacks such as gray hole, flooding attacks. Our implementation of black hole encompasses
active routing misbehavior and forwarding misbehavior. It design and construct our prototype
over DSR and test it in NS-2 in the presence of variable active black hole attacks in highly
mobile and sparse networks.
[9] Manikandan and Sathyasheela K B “Detection Of Malicious Nodes In Manets”
The proposed model in this paper is the intrusion detection techniques for mobile ad-hoc
networks, which use collaborative efforts of nodes in a neighborhood to detect a malevolent
node in that neighborhood. The technique is designed for detection of malicious nodes in a
neighborhood of nodes in which each pair of nodes in the neighborhood are within radio
range of each other. Such a neighborhood of nodes is known as a clique. The technique uses
message passing between the nodes. A node called the monitor node begins the detection
process. Based on the messages that it receives during the detection process, each node
determines the nodes it suspects to be malicious and send votes to the monitor node. The
32
monitor node upon inspecting the votes determines the malicious nodes from among the
suspected nodes. The proposed intrusion detection system is independent of any routing
protocol.
[10] Shi-Hong Cho, Chi-Chun Lo And Chun-Chieh Huang “Mitigating Routing
Misbehavior In Dynamic Source Routing Protocol Using Trust-Based Reputation
Mechanism For Wireless Ad-Hoc Networks”
Routing is a key factor in the design of modern communication networks, especially in
wireless ad-hoc networks (WANs). In WANs, both selfish and malicious nodes are the
misbehaving nodes and are significant routing and security problems. The proposed
mechanism presents a trust model to detect selfish and malicious nodes to avoid these nodes
becoming routing nodes. In addition, the proposed paper provides a way to detect and prevent
false accusation and false recommendation. The second-hand reputation information is
calculated from its route cache of the interested nodes to reduce traffic overhead. The
proposed mechanism is based on the Dynamic Source Routing (DSR) protocol that compares
the performance of the proposed scheme with that of Cooperation of Nodes: Fairness in
Dynamic Ad-Hoc Networks (CONFIDANT) in terms of two performance metrics:
throughput and reputation computation overheads under selfish and malicious attacks. By
comparison and notice that the proposed mechanism outperforms CONFIDANT in all two
categories. The simulation results also indicate that the proposed mechanism can stimulate
nodes to cooperate with each other and improve the performance of WANs.
Literature
paper no.
specific overview scientific general
33
1
2
3
4
5
6
7
8
9
10
Table 3.1 Literature Categorization.
3.4 SUMMARY
Base paper is considered and elaborated to justify the work. Other reference papers are
highlighted and concept of each paper is explained in simpler way. For purpose of security in
wireless network to detect malicious nodes many protocols are available out of this protocol
is consider by referring this reference paper.
33
CHAPTER 4
DATA ANALYSIS AND
DESIGN
34
4.1 FEASIBILITY STUDY
The feasibility studies are useful for both users and analyst. The feasibility studies decide the
constraints and the assumed attitudes in the system development. The two key feasibility
considerations in the development of our project are: -
Technical Feasibility: As various project management systems have been developed so far
and as well as available today so this project is technically feasible.
Time Feasibility: Considering the total design and coding of the project which includes
implementation of complex tasks such as the graphical representation and tree structure, the
total time required for the development of this system is approximately 4 months
4.2 REQUIREMENT SPECIFICATION
Hardware Requirements: -
Pentium 4 computer
128 MB RAM
Software Requirements: -
Windows 9x/ Windows 2000/ Windows XP/Linux.
Ns-2 simulator(AWK utility, Tcl/tk )
Cygwin software.
4.3 DESIGN ISSUES
4.3.1 Architecture of intrusion detection system
Here show our intrusion detection system model, it first generate the test traffic using tcl
script and find out the critical link in the network and block the path after that worm
propagation model can be injected in ad-hoc network through critical link and find out type
of attack and udp comparison before intruder, after intruder and after intrusion detection.
IDS
Worm information
35
Figure 4.1: Architecture of intrusion detection system
4.4 REGULAR NODE MODEL
A regular node must be slightly modified to accommodate operations of the regular node.
When a regular node receives an alarm message from prevention node, it checks route cache
information and removes all paths that contain a malicious node. Additionally, it forwards the
packet back to a source node, which will respond by finding a new path not passing through
the malicious node. The source node has to be alerted in order to update the source route
information for the next data packets to be sent. At the receiving of an alarm message, a
regular node creates a bad node table to record a malicious node's address. A regular node
will ignore any routing information exchange with all malicious nodes listed in the table.
Start
36
Figure 4.2 Flowchart of Regular Node Diagram
No
yes
No
Sender broadcast RREQ message
Sender Receives
RREP?
Destination receives data packets
Initialization of sender and receiver
Send data packets to that node
Yes
Data packets= TCP
Send acknowledgement to sender
End
37
4.5 MALICIOUS NODE MODEL
One of the functions of a malicious node is regular routing information exchange with its
neighbors to set up a route to a destination. Another main function is to drop all data packets
that pass through it. In addition, it will also drop all alarm messages in order to protect itself
from other nodes. The malicious node model is shown in Figure 4.4.
Figure 4.3: Flowchart of Malicious Node Diagram
Yes
and deceiver
Listen
Drop the packet quietly
Process routing packet normally
Data packet?
Routing packets?
Received packet?
No No
Yes
No
Yes
End
Initialization of sender
and receiver
Start
38
4.6 Proposed Algorithm
//detecting and preventing through black hole attack (Sender S, Receiver D)
RREQ-Route Request Message
PRREQ-Previous Route Request Message
FRREQ-Fake Route Request Message
RREP-Route Reply Message
PRREP-Previous Route Reply Message
FRREP-Fake Route Reply Message
Step1-Start
Step2- Broadcast RREQ packet
Step3-If RREP packet received
Step4-send data packets
Step5-Else
Step6-Reinitiates a new RREQ packet
Step7-End If
Step8-If RREP packet received from intermediate node
Step9-If no. of non forwarding packet is over Maximum threshold
Step10-Buffer the RREP packet
Step11-Initiates a route to next node
Step12-send FRREQ packet to next node
Step13-If FRREP packet received
Step14-Extract FRREP packet information
Step15-If next node has a route to (destination & intermediate nodes)
Step16-Discard FRREP packet
Step17-Unicast RREP to source node
Step18-Else
Step19-Discard both RREP and FRREP packets
Step20-Broadcast alarm message
Step21-End If
Step22-End If
Step23-End If
39
4.7 Watchdog
The watchdog and pathrater scheme consists of two extensions to the AODV routing protocol
that attempt to detect and mitigate the effects of nodes that do not forward packets although
they have agreed to do so . This misbehavior may be due to malicious or selfish intent, or
simply the result of resource overload. Although the specific methods proposed build on top
of AODV, the authors suggest that the basic concepts can be applied to other source routing
protocols for ad hoc networks. The watchdog extension is responsible for monitoring that the
next node in the path forwards data packets by listening in promiscuous mode. It identifies as
misbehavior nodes the ones that fail to do so. Every node that participates in the ad hoc
network employs the watchdog functionality in order to verify that its neighbors correctly
forward packets. When a node transmits a packet to the next node in the path, it tries to
promiscuously listen if the next node will also transmit it. Furthermore, if there is no link
encryption utilized in the network, the listening node can also verify that the next node did
not modify the packet before transmitting it .
The watchdog of a node maintains copies of recently forwarded packets and compares them
with the packet transmissions overheard by the neighboring nodes. Positive comparisons
result in the deletion of the buffered packet and the freeing of the related memory. If a node
that was supposed to forward a packet fails to do so within a certain timeout period, the
watchdog of an overhearing node increments a failure rating for the specific node.
This effectively means that every node in the ad hoc network maintains a rating assessing the
reliability of every other node that it can overhear packet transmissions from. A node is
identified as misbehaving when the failure rating exceeds a certain threshold bandwidth. The
source node of the route that contains the offending node is notified by a message send by the
identifying watchdog. As the authors of the scheme note, the main problem with this
approach is its vulnerability to blackmail attacks.
A basic Passive Acknowledgement (PACK) detection mechanism, called watchdog,. In the
watchdog mechanism, all nodes are required to implement watchdog algorithm for malicious
node detection. After finished the transmission, each sender or forwarder continues listening
to the wireless channel to check whether its next hop neighbor forwards the packets onward
40
to the next node or not. If its neighbor does not forward the received packet within a time-out
period and the number of non-forwarding packets is over a maximum threshold, it will send
an alarm message to a source node. After receiving an alarm message, a source node will
send a new route which does not pass through the malicious node. Note that each node only
keeps track of its own packets from its neighbors. The algorithm is changed by adding a timer
check for the detection function to work as it is designed. When the detection function is off,
all nodes simply perform regular node functions. When the detection function is on, all nodes
detect their neighbor activities for a malicious node. This mechanism can save the energy but
it could increase the detection time to detect a malicious node.
4.8 PATHRATER
The pathrater assesses the results of the watchdog and selects the most reliable path for
packet delivery. One of the base assumptions of this scheme is that malicious nodes do not
collude in order to circumvent it and perform sophisticated attacks against the routing
protocol.
The pathrater extension to AODV selects routes for packet forwarding based on the reliability
rating assigned by the watchdog mechanism. Specifically, a metric for each path is calculated
by the pathrater by averaging the reliability ratings of the nodes that participate in the path.
This path metric allows the pathrater to compare the reliability of the available paths, or to
emulate the shortest path algorithm when no reliability ratings have been collected. The
pathrater selects the path with the highest metric when there are multiple paths for the same
destination node. The algorithm followed by the pathrater mechanism initially assigns a
rating of 1.0 to itself and 0.5 to each node that it knows through the route discovery function.
The nodes that participate on the active paths have their ratings increased by 0.01 at periodic
intervals of 200 milliseconds to a maximum rating of 0.8. A rating is decremented by 0.05
when a link breakage is detected during the packet forwarding process to a minimum of 0.0.
The rating of –100 is assigned by the watchdog to nodes that have been identified as
misbehaving. When the pathrater calculates a path value as negative this means that the
specific path has a participating misbehaving node. The authors suggest that negative node
ratings should be slowly incremented in order to avoid permanent isolation of nodes that
41
suffer from malfunctions or overloads; however such a mechanism has not been
implemented.
The watchdog and pathrater extensions facilitate the identification and avoidance of
misbehaving nodes that participate in the routing function. The identification is based on
overheard transmissions and the selection of reliable routes is based on the calculated
reliability of the paths.
4.9 SUMMARY
This chapter is concluded with diagrams regular node diagram and malicious node diagram is
shown to compare function of nodes. Two methods are also proposed with proper algorithm
to detect malicious nodes.
41
CHAPTER 5
CONCEPTS OF
SIMULATION TOOL
42
5.1 INTRODUCTION
In our project “Intrusion detection in wireless ad hoc network” first, it present a technique
for determining critical path (critical path is a path whose failure or malicious performance
disconnects or significantly degrades the performance of the network.) using C++ after that
the infection propagated by malicious node on critical path and then use the distributed
security scheme to find out the malicious node, nodes they share critical link will find out the
malicious node using dispersed security scheme and inform all the nodes about malicious
node. And also describe the details of a critical path test Simulation, presents experimental
result.
5.2 SIMULATION ENVIRONMENT
In our project “Intrusion detection System” it use ns-2 as the basic tool for simulation. In our
project for detecting critical nodes in MANET it have used the utilities given in the ns-2 such
as AWK, XGRAPH, TCL and it have also used C++. During the simulation two files are
generated namely trace file and NAM file. Trace file is used for getting information about the
network. Trace file has the following fields; event, time, from node, to node, pkt type, pkt
size, flags, fid, source address, destination address, sequence number and pkt id. Each field
has its own significance which is discussed below:-
Event: - This field gives event type. It is given by four symbols r, +, -, d, which
correspond respectively to receive, enqueued, dequeued, and dropped.
Time:-Time at which the event occurs.
From Node: - Input node of the link at which the incident appears.
To Node: - Output node of the link at which the event appears.
Pkt Type: - Packet type such as TCP, UDP, CBR.
Pkt Size: - Gives the packet size.
Flags: - Some flags.
Flow id: - This flow id (fid) of IPv6 that a user can set for each at the input Otcl
Script. One can further use this field for analysis purposes; it is also used when
Specifying stream color for the NAM display.
Source Address: - This is the source address given in the form of node port.
43
Destination Address: - This is the destination address given in the same form.
Sequence Number: - This is the network layer protocol‟s packet sequence number,
Even though UDP implementation in a real network do not use sequence number, ns
keep track of UDP packet sequence number for analysis purpose.
Pkt id: - Unique id of the packet. The trace file fields are given in Fig 5.1
Event Time From
node
To
node
Packet
type
Packet
size
Flag Fid Src
address
Dst
address
Seq
no
Packet
id
Figure 5.1: Field in trace file
5.2.1 NAM File
NAM File is used for revelation of the simulation, entry„s in the NAM file are color of the
node, shape of the node, color of the link, add and removing marks, adding label‟s, adding
text, queue size monitoring, and also includes trace file entry‟s. Description of field‟s is
Color node: gives node color.
Shape of the node: shape of the node by default round (box, hexagon)
Color of link: color of the link.
Add and removing mark‟s: it can mark a node at a specified time.
Adding label: a label appears on the screen after a specified time.
Adding text: At the bottom frame of the NAM window one can make text
appear at a specified time. This can be used to describe some event that is
scheduled at that time.
Queue size monitor: add a monitor of the queue size.
5.2.2 AWK
The Awk text-processing language is useful for such tasks as:
Tallying information from text files and creating reports from the results.
Adding additional functions to text editors like "vi".
Translating files from one format to another.
Creating small databases.
Performing mathematical operations on files of numeric data.
Awk has two faces: it is a utility for performing simple text-processing works, and it is a
programming language for performing complex text-processing works. The two faces are
44
really the same, however. Awk uses the same mechanisms for handling any text-processing
work , but these mechanisms are flexible enough to allow useful Awk programs to be entered
on the command line, or to implement complicated programs containing dozens of lines of
Awk statements. Awk statements consist of a programming language. In fact, Awk is helpful
for simple, quick-and-dirty computational programming. Anybody who can write a BASIC
program can use Awk, although Awk's syntax is different from that of BASIC. Anybody who
can write a C program can use Awk with little difficulty, and those who would like to learn C
may find Awk a useful stepping stone, with the caution that Awk and C have significant
differences beyond their many similarities. There are, however, things that Awk is not. It is
not really well suited for tremendously large, complicated tasks. It is also an "interpreted"
language -- that is, an Awk program cannot run on its own, it must be executed by the Awk
utility itself. That means that it is relatively slow, though it is efficient as interpretive
languages go, and that the program can only be used on systems that have Awk. There are
translators available that can exchange Awk programs into C code for compilation as stand-
alone programs, but such translators have to be purchased separately. What does the name
"Awk" mean? Awk actually stands for the names of its authors: "Aho, Weinberger, &
Kernighan". Kernighan later noted: "Naming a language after its authors ... shows a certain
poverty of imagination." The name is suggestive of that of an oceanic bird known as an
"auk", and so the picture of an auk often shows up on the cover of books on Awk.
5.2.3 XGRAPH
Xgraph is graph plotting utility, it takes two parameter and plot graph between them, in our
project it use Xgraph for plotting TCP, UDP and CBR comparison.
5.2.4 TCL
TCL (Tool command language) it is a language with a very simple syntax and it allow a very
easy integration with other language. Tcl was created by jhon ousterout. The characteristics
of this language are:
It allows a fast development.
It provides a graphique interface.
It is compatible with many platforms.
It is flexible for integration.
It is easy to use.
It is free.
45
5.3 SIMULATION DETAILS
The simulation described in this project was tested using the ns-2 test-bed that allows users to
produce arbitrary network topologies [14]. By changing the logical topology of the network,
ns-2 users can conduct tests in an ad hoc network without having to physically move the
nodes. ns-2 controls the test scenarios through a wired interface, while the ad hoc nodes
communicate through a wireless interface .
5.3.1 Trace format for wireless network
NS-2 simulator generate the trace file and NAM file according to requirement it use the trace
file or NAM file for further processing or valuable information retrieving. Figure 5.2 show‟s
new mobile network simulation trace file and recover the Hs and Hd filed from trace file or
source s and destination d from NAM file and find out the maximum flow path and set
critical path.
Event type General
tag
Next hope
information
Node
property
Packet info
MAC level
Packet info
IP level
Packet info
application
level
Figure 5.2: Trace file format for wireless ad-hoc network
s -t 0.267662078 -Hs 0 -Hd -1 -Ni 0 -Nx 5.00 -Ny 2.00 -Nz 0.00 -Ne -1.000000 -Nl RTR
-Nw --- -Ma 0 -Md 0 -Ms 0 -Mt 0 -Is 0.255 -Id -1.255 -It message -Il 32 -If 0 -Ii 0 -Iv 32
s -t 1.511681090 -Hs 1 -Hd -1 -Ni 1 -Nx 390.00 -Ny 385.00 -Nz 0.00 -Ne -1.000000 -Nl
RTR -Nw --- -Ma 0 -Md 0 -Ms 0 -Mt 0 -Is 1.255 -Id -1.255 -It message -Il 32 -If 0 -Ii 1 -
Iv 32
s -t 10.000000000 -Hs 0 -Hd -2 -Ni 0 -Nx 5.00 -Ny 2.00 -Nz 0.00 –Ne 1.000000 -Nl
AGT -Nw --- -Ma 0 -Md 0 -Ms 0 -Mt 0 -Is 0.0 -Id 1.0 -It tcp -Il 1000 –If 2 -Ii 2 -Iv 32 -
Pn tcp -Ps 0 -Pa 0 -Pf 0 -Po 0
5.3.2 Explanation of trace format
The new trace format as seen above can be can be divided into the following fields:
46
5.3.2.1Event type
In the traces above, the first field (as in the older trace format) describes the type of event
taking place at the node and can be one of the four types:
s send
r receive
d drop
f forward
5.3.2.2 General tag
The second field starting with "-t" may stand for time or global setting.
-t time
-t * (global setting)
5.3.2.3 Node property tags
This field denotes the node properties like node-id, the level at which tracing is being done
like agent, router or MAC. The tags start with a leading "-N" and are listed as below:
-Ni: node id
-Nx: node‟s x-coordinate
-Ny: node‟s y-coordinate
-Nz: node‟s z-coordinate
-Ne: node energy level
-Nl: trace level, such as AGT, RTR, MAC
-Nw: reason for the event. The different reasons for dropping a packet
are given below:
"END" DROP_END_OF_SIMULATION
"COL" DROP_MAC_COLLISION
"DUP" DROP_MAC_DUPLICATE
"ERR" DROP_MAC_PACKET_ERROR
"RET" DROP_MAC_RETRY_COUNT_EXCEEDED
"STA" DROP_MAC_INVALID_STATE
"BSY" DROP_MAC_BUSY
"NRTE" DROP_RTR_NO_ROUTE i.e no route is available.
"LOOP" DROP_RTR_ROUTE_LOOP i.e there is a routing loop
47
"TTL" DROP_RTR_TTL i.e TTL has reached zero.
"TOUT" DROP_RTR_QTIMEOUT i.e packet has expired.
"CBK" DROP_RTR_MAC_CALLBACK
"IFQ" DROP_IFQ_QFULL i.e no buffer space in IFQ.
"ARP" DROP_IFQ_ARP_FULL i.e dropped by ARP
"OUT" DROP_OUTSIDE_SUBNET i.e dropped by base stations on
receiving routing updates from nodes outside its domain.
5.3.2.4 Packet information at IP level
The tags for this field start with a leading "-I" and are listed along with their explanations as
following:
-Is: source address, source port number
-Id: destination address, destination port number
-It: packet type
-Il: packet size
-If: flow id
-Ii: unique id
-Iv: ttl (time to live) value
5.3.2.5 Next hop info
This field provides next hop info and the tag starts with a leading "-H".
-Hs: id for this node
-Hd: id for next hop towards the destination.
5.3.2.6 Packet info at MAC level
This field gives MAC layer information and starts with a leading "-M" as shown below:
-Ma: duration
-Md: dst‟s ethernet address
-Ms: src‟s ethernet address
-Mt: ethernet type
48
5.3.2.7 Packet info at "Application level"
The packet information at application level consists of the type of application like ARP, TCP,
and the type of ad-hoc routing protocol like DSDV, DSR, AODV etc being traced. This field
consists of a leading "-P" and list of tags for different application is listed as below:
-P arp Address Resolution Protocol. Details of ARP are given by the
following tags:
-Po: ARP Request/Reply
-Pm: src mac address
-Ps: src address
-Pa: dst mac address
-Pd: dst address
-P dsr This denotes the ad-hoc routing protocol called Dynamic source
routing. Information on AODV is represented by the following tags:
-Pn: how many nodes traversed?
-Pq: routing request flag
-Pi: route request sequence number
-Pp: routing reply flag
-Pl: reply length
-Pe: src of srcrouting->dst of the source routing
-Pw: error report flag ?
-Pm: number of errors
-Pc: report to whom
-Pb: link error from linka->linkb
-P cbr Constant bit rate. Information about the CBR application is represented by the
following tags:
-Pi: sequence number
-Pf: how many times this pkt was forwarded
-Po: optimal number of forwards
-P tcp Information about TCP flow is given by the following sub-tags:
-Ps: seq number
-Pa: ack number
-Pf: how many times this pkt was forwarded
-Po: optimal number of forwards
49
Retrieve Hs: id for this node and -Hd: id for next hop towards the destination Field by using
AWK utility and generated output file can use for calculating number of packet travel from
each path by using c++, after that it find out maximum data travel path and set as a critical
path.
5.4 SUMMARY
Software part of work is presented in this chapter. Network Simulator-2 is used to formulate
the results. All the details related to software are explained with proper justification.
49
CHAPTER 6
USER MANUALS AND
EXPERIMENTAL RESULTS
50
6.1 USER MANUALS
The proposed algorithm is developed in TCL script, to implement & compare the two protocols.
In this proposed system two algorithms are comparing with each other and comparing factors is
execution time in terms of throughput, network load, packet delivery ratio.
6.1.1 NAM visualization before intruder for 50 nodes
NS-2 simulator TCP and UDP traffic can be generated through NAM visualized before any
intrusive node can enter in network. And TCP and UDP traffic can be transfer from specific
source to destination
.
Figure 6.1.1 NAM visualization before intruder node
6.1.2NAM visualization after intruder for 50 nodes
51
NS-2 simulator TCP and UDP traffic can be generated through NAM visualized after any
intrusive node can enter in network. TCP and UDP traffic can be transfer from specific source to
destination. The infection propagated by malicious node in network and receives the entire
packet from sender and drops them quietly.
Figure 6.1.2 NAM visualization after intruder node
6.1.3 NAM visualization after intrusion detection and prevention for 50 nodes
Malicious
nodes
52
NS-2 simulator TCP and UDP traffic can be generated through NAM visualized after preventing
network from intruder. TCP and UDP traffic can be transfer from specific source to destination.
The infection propagated by malicious node in our network removed by intrusion prevention
technique.
Figure 6.1.3: NAM visualization after intrusion detection and prevention
6.2 RESULT ANALYSIS
Prevention Node
53
The simulation described in this dissertation was tested using the NS-2 that allows users to create
arbitrary network topologies. Here considered 12 nodes for simulation; Test traffic (UDP traffic)
is generated from node 9 to node 3 after that two files will be generated trace file and NAM file.
With the help of test traffic it can find out critical path, after that it introduce a malicious node
that comes into the radio range of one of the critical node, and then generate attack. And again
with the help of NAM file it showed simulation, at the last it used as an IDS to detect the
malicious behavior of node and alarm message about intruder node into the network and inform
all the remaining node about intruder and again find out the simulation.
Definition of variables in the measured metrics is listed as follows.
Number of data packets sent is the number of data packets that are sent by a source node. It is
represented by S and calculated as follows:
1
n
i
S Si
………………………..eq (1)
where Si is the number of data packets sent by a source node at the ith transmission and n is the
number of data packet transmissions.
Number of data packets received, denoted by R, is the number of data packets received by a
destination node. It is calculated as follows:
1
n
i
i
R R
…………eq (2)
where Ri is the number of data packets received by a destination node at the ith transmission and
n is the number of data packet transmission.
Number of routing packets is the number of routing packets (AODV packets in our case) that
are generated during simulation time. It is denoted by C and calculated as
Follows:
54
1
n
i
i
C C
………….eq (3)
where Ci is the number of routing packets generated at the ith
route discovery and n is the
number of route discoveries.
Normalized routing load is the ratio of routing packets over received data packets. Normalized
routing lode is denoted by N and calculated as follows:
CN
R ………………..eq (4)
where C is the number of routing (control) packets generated and R is the number of data packets
received.
Packet delivery fraction is the ratio of received packets over sent packets in percentage. It is
symbolized by P and calculated as shown below.
*100R
PS
…….………….eq (5)
Simulator ns-2.31
Simulation duration 3120 sec
Simulation area
800* 600 m
Number of Nodes 50
Movement model Random waypoint
Traffic type CBR (UDP), FTP(TCP)
Number of malicious nodes 3
TABLE 6.1: SIMULATION PARAMETERS
55
It also calculated the total packet transmission, total packet receive, and total packet lost with the
help of Xgraph utility.
6.2.1 Graph That Shows Routing Load in AODV, Blackhole AODV and Intrusion
Prevention System AODV
Routing load or network overhead is shown in figure6.2.1. X axis denote time and y axis denote
no. of routing packets. Network load must be lower; if it is lower it means result is improved. As
per network load definition network load of IPS AODV is lower than AODV.
Figure 6.2.1Routing Load in AODV, Blackhole AODV and Intrusion Prevention System
AODV
56
6.2.2 Graph That Shows Throughput in AODV, Blackhole AODV and Intrusion
Prevention System AODV
Figure 6.2.2 shows throughput of AODV, Black hole AODV and Intrusion Prevention System
AODV. X axis denote time and y axis no of node received. Throughput of Intrusion Prevention
System AODV is higher than the AODV and Blackhole AODV.
Figure 6.2.2 Throughput in AODV, Blackhole AODV and Intrusion Prevention System
AODV
57
6.2.3 Graph that shows packet delivery ratio in AODV, Blackhole AODV and Intrusion
Prevention System AODV
Packet delivery ratio of AODV, Blackhole AODV and Intrusion Prevention System AODV is
shown in figure6.2.3. X axis denote time and y axis denote no. of nodes. Results shows IPS
AODV ratio of packet delivery is higher to as compare AODV and Black hole AODV.
Figure 6.2.3 Packet delivery ratio in AODV, Blackhole AODV and Intrusion Prevention
System AODV
58
6.2.4 Graph That Shows Routing Load in MAODV, Blackhole MAODV and Intrusion
Prevention System MAODV
Routing load or network overhead is shown in figure6.2.4. X axis denote time and y axis denote
no. of routing packets. Network load must be lower; if it is lower it means result is improved. As
per network load definition network load of IPS MAODV is lower than MAODV.
Figure 6.2.4Routing Load in MAODV, Blackhole MAODV and Intrusion Prevention
System MAODV
59
6.2.5 Graph That Shows Throughput in AODV, Blackhole AODV and Intrusion
Prevention System AODV
Figure 6.2.5 shows throughput of MAODV, Black hole MAODV and Intrusion Prevention
System MAODV. X axis denote time and y axis no of node received. Throughput of Intrusion
Prevention System MAODV is higher than the MAODV and Blackhole MAODV.
Figure 6.2.5 Throughput in MAODV, Blackhole MAODV and Intrusion Prevention System
MAODV
60
6.2.6 Graph that shows Packet Delivery Ratio in MAODV, Blackhole MAODV and
Intrusion Prevention System MAODV
Packet delivery ratio of MAODV, Blackhole MAODV and Intrusion Prevention System
MAODV is shown in figure6.2.6. X axis denote time and y axis denote no. of nodes. Results
shows IPS MAODV ratio of packet delivery is higher to as compare MAODV and Black hole
MAODV.
Figure 6.2.6 Packet delivery ratio in MAODV, Blackhole MAODV and Intrusion
Prevention System MAODV
61
6.2.7 Graph that shows infection in AODV and modified AODV
Xgraph shows an infection ratio of network.
Figure 6.2.7: Graph of infection
62
6.2.8 Graph that shows packet delivery ratio in AODV and modified AODV
Packet delivery ratio of AODV and modified AODV is shown in figure 6.2.8. X axis denote time
and y axis denote no. of nodes. Results shows modified AODV ratio of packet delivery is higher
to as compare AODV.
Figure 6.2.8 Graph that shows packet delivery ratio in AODV and modified AODV
63
6.2.9 Graph that shows routing load in AODV and modified AODV
Routing load or network overhead is shown in figure 6.2.9. X axis denote time and y axis denote
no. of nodes. Network load must be lower, if it is lower than your result is improved. As per
network load definition network load of modified AODV is lower than AODV.
Figure 6.2.9 Graph that shows routing load in AODV and modified AODV
64
6.2.10 Graph that shows in throughput AODV and modified AODV
Figure 6.2.10 shows throughput of AODV and modified AODV. X axis denote time and y axis
denote no. of nodes. Throughput of modified AODV is higher than the AODV protocol.
Figure 6.2.10 Graph that shows in throughput AODV and modified AODV
65
6.2.11 Graph that shows udp packet delivery ratio in AODV and modified AODV
Packet delivery ratio in AODV and modified AODV is shown in figure6.2.11. X axis denote
time and y axis denote no. of nodes in network. Packet delivery ratio in modified AODV is
improved when 3 malicious nodes are active.
Figure 6.2.11 Graph that shows udp packet delivery ratio in AODV and modified AODV
66
6.3 COMPARATIVE STUDY OF AODV AND MAODV
Table 6.2 Show the comparative study of AODV and modified AODV
6.4 SUMMARY
By performing simulation procedure results are achieved. Analysis in terms of theory and graph
is shown. Comparison of AODV and MAODV is also described in terms of parameter is include
in table.
S.
NO.
PARAMETER AODV MODIFIED
AODV
1 THROUGHPUT 95% 98%
2 PACKET DELIVERY RATIO 95% 98%
3 ROUTING LOAD 90% 20%
4 UDP ANALYSIS 76% 96%
66
CHAPTER 7
CONCLUSION AND
FUTURE SCOPE
67
CONCLUSION
Mobile Ad Hoc Networks has the ability to deploy a network where a traditional network
infrastructure environment cannot possibly be deployed. With the importance of MANET
comparative to its vast potential it has still many challenges left in order to overcome. Security of
MANET is one of the important features for its deployment. In this dissertation it has to be
analyzed the behavior and challenges of security threats in mobile ad hoc networks with solution
finding technique.
In this study, analysis is done by the effect of the Black Hole in an AODV Network. For this
purpose, It has been implemented an AODV protocol that behaves as Black Hole in NS-2.
Simulation is done on three scenarios where each module has 50 nodes that use AODV protocol
Modified AODV. First module simulate regular node using AODV protocol and Modified
AODV. Moreover, it also implemented a solution that attempted to reduce the Black Hole effects
in NS-2 and simulated the solution using the same scenarios. Watch dog and pathrater method
provide efficient detection and prevention of intruder and secure transmission
Result of MAODV is better than AODV routing protocols. Throughput, network overhead,
packet delivery ratio of MAODV is higher than AODV routing protocols.
67
FUTURE WORK
Simulation of Black Hole Attack in the Ad-hoc Networks and investigated its affects. In this
work, AODV routing protocol is used. But the other routing protocols could be simulated as
well. All routing protocols are likely to present different results. Therefore, the best routing
protocol for minimizing the Black Hole Attack may be determined.
In this work, it attempt to identify and remove the Black Hole effect in the network. In this work,
black hole node is detected and tried to remove its effects. There are many Intrusion Detection
Systems (IDS) for ad-hoc networks. Watchdog method could be used to detect the attacker and
pathrater method used for secure transmission. Any other intrusion detection technique can be
use to improve result of this work. Here are the lists of possibilities to enhance this work further.
Apply the throughput analysis for other types of attack, such as a wormhole attack and include
other detection mechanisms. Expand the analysis for incentive based schemes as well, to see
what kind of incentives make the best sense.
Study the intrusion detection node model with other types of attacks, such as wormhole attacks,
by implementing new algorithms for detecting such attacks. Note that characteristics of attacks
have to be known in order to correctly implement the detection algorithm. However, this
paradigm cannot be applied directly to all types of attacks since it only works on an attack that
does not require collaboration for detection.
68
LIST OF PUBLICATIONS
International Journals
1)
Chandani Kathad, Joy Bhattacharyajee, Roopali Soni “Proposed Model Of Secure
Transmission And Detection Of Malicious Nodes In Wireless Network” International Journal
Of Emerging Technologies And Applications In Engineering Technology And Science
(IJETAETS) ISSN No. 0974-3588 | July ’12 – December ’12 | Volume 5, Issue 2 pp 124-127.
2) Chandani Kathad, Joy Bhattacharyajee, Roopali Soni “Destination Deviation Using
Routing Misbehavior And Prevention Mechanism In Manet" International Journal of
Volume 1 Issue-1 October 2012.
National Conference
1) Chandani Kathad, Joy Bhattacharyajee, Roopali Soni “Survey on Attack in Wireless
Network”, National Level Techno Cultural Festival by Oriental Institute of Science and
Technology at Bhopal 28th
-29th
October2010.
2) Chandani Kathad, Joy Bhattacharyajee, Roopali Soni “Detection of Malicious Node in
Wireless Network Using Artificial Intelligence” National Conference on Artificial Intelligence
by Millennium College of Technology at Bhopal 22nd
-23rd
Sep 2012.
69
REFERENCES
[1] Sumitra Menaria1, Sharada Valiveti2, Dr Ketan Kotecha “Attack Generating And Its
Implication On Ad Hoc Networks” Vol 240 Pp 473-477 Dec 2011.
[2] Yuan-Xi Jiang, Bao-Hua Zhao “A Secure Routing Protocol With Malicious Nodes Detecting
And Diagnosing Mechanism For Wireless Sensor Networks” IEEE Asia-Pacific Services
Computing Conference Pp 49-55 2007.
[3] Alper T. M_Zrak, Student Member, IEEE, Stefan Savage, Member, IEEE, And Keith
Marzullo “Detecting Malicious Packet Losses” IEEE Transactions On Parallel And Distributed
Systems, Vol. 20, No. 2, February 2009
[4] Wei Gong1,2, Zhiyang You1,2, Danning Chen2, Xibin Zhao2, Ming Gu2, Kwok-Yan Lam2
“Trust Based Malicious Nodes Detection In Manet”
[5] Yibeltal Fantahun Alem And Zhao Cheng Xuan “Preventing Black Hole Attack In Mobile
Ad-Hoc Networks Using Anomaly Detection” 2nd International Conference On Future
Computer And Communication Vol 3 Pp 672-676 2010.
[6] Hyejin Son, Hwangnam Kim And Eun-Chan Park “Enabling Secure Resource Sharing In
Wireless Mesh Networks” Pp 999-1004
[7] Sunilkumar S. Manvia, Lokesh B. Bhajantrib, And Vittalkumar K. Vagga “Routing
Misbehavior Detection In Manets Using 2ack” Pp 105-112 April 2010
[8] Santhosh Krishna B.V, Mrs.Vallikannu A.L “Detecting Malicious Nodes For Secure
Routing In Manets Using Reputation” Ijser 2010.
[9] Manikandan T And Sathyasheela K B “Detection Of Malicious Nodes In Manets” Icccct Pp
78 8-793 2010.
[10] Shi-Hong Cho, Chi-Chun Lo And Chun-Chieh Huang ” Mitigating Routing Misbehavior In
Dynamic Source Routing Protocl Using Trust-Based Reputation Mechanism For Wireless Ad-
Hoc Networks” The 8th Annual IEEE Consumer Communications And Networking Conference
- Security And Content Protection Pp 442-447
[11] Maha Abdelhaq, Sami Serhan, Raed Alsaqour And Rosilah Hassan “A Local Intrusion
Detection Routing Security Over Manet Network” 2011 International Conference On Electrical
Engineering And Informatics.
[12] Ms.Sonali P. Botkar And Mrs. Shubhangi R. Chaudhary “An Enhanced Intrusion Detection
System Using Adaptive Acknowledgment Based Algorithm” World Congress On Information
And Communication Technologies Pp 606-611 2011.
70
[13] Pramod Kumar Singh And Govind Sharma “An Efficient Prevention Of Black Hole
Problem In Aodv Routing Protocol In Manet” IEEE 11th International Conference On Trust,
Security And Privacy In Computing And Communications Pp 902-906 2012.
[14] Bo Sun And Lawrence Osborne, Lamar University “Intrusion Detection Techniques In
Mobile Ad Hoc And Wireless Sensor Networks” IEEE Wireless Communications Pp 56-63
October 2007
[15] Suman Deswal And Sukhbir Singh “ Implementation Of Routing Security Aspects In Aodv”
International Journal Of Computer Theory And Engineering, Vol. 2 1793-8201 Pp 135-139
February 2010.
[16] Maitha Salem Al Mazrouei And Dr Sundaravalli Narayanaswami, Fbcs “Mobile Adhoc
Networks: A Simulation Based Security Evaluation And Intrusion Prevention” 6th International
Conference On Internet Technology And Secured Transactions, 11-14 Pp 308-313 December
2011.
[17] Kai Inkinen “New Secure Routing In Ad Hoc Networks: Study And Evaluation Of Proposed
Schemes”
[18] Patroklos G. Argyroudis And Donal O’mahony “ Secure Routing For Mobile Ad Hoc
Networks”
[19] Sergio Marti, T.J Giuli,Kevin Lai, And Mary Baker “Mitigating Routing Misbehavior In
Manet”
[20] Amitabh Mishra, Ketan Nadkarni, And Animesh Patcha “Intrusion Detection In Wireless
Ad-Hoc Networks” 2004 IEEE.
[21] Ketan Nadkarni, Amitabh Mishra,“A Novel Intrusion Detection Approach For Wireless Ad
Hoc Networks”. Available: {[email protected], [email protected] }
[22] Y. Hu, A. Perrig, And D. B. Johnson, “Packet Leashes: A Defense Against Wormhole
Attacks In Wireless Ad Hoc Networks,” Proceedings Of IEEE Infocom Vol. Pp. 76-86, April
2003.
[23] H. Deng, W. Li, And D. P. Agrawal, “Routing Security In Wireless Ad Hoc Network,”
IEEE Communication Magazine, Vol. 40, No, 10, Pp. 70-77,October 2002.
[24] B. Awerbuch, D. Holmer, C. Nita-Rotaru, And H. Rubens, “An On-Demand Secure Routing
Protocol Resilient To Byzantine Failures,” Proceedings Of The Acm Workshop On
Wireless Security 2002, Pp. 21-30, September 2002.
[25]. P. Papadimitratos And Z. J. Haas, “Secure Routing: Secure Data Transmission In Mobile
Ad Hoc Networks,” Proceeding Of Acm Workshop On Wireless Security, Pp. 41-50, September
2003.
71
[26]. Y. Hu, D.B. Johnson, And A. Perrig, “Sead: Secure Efficient Distance Vector Routing For
Mobile Wireless Ad Hoc Networks,” Proceeding Of IEEE Wmcsa 2002, Pp. 3-13, June 2002.
[27] Y. Hu, A. Perrig, And D.B. Johnson, “Rushing Attacks And Defense In Wireless Ad Hoc
Network Routing Protocols,” Proceeding Of The Acm Workshop On Wireless Security 2003,
Pp. 30-40, September 2003.
[28] K. Sanzgiri, B.Dahill, B. N. Levine, C. Shields, And E.M.B. Royer, “A Secure Routing
Protocol For Ad Hoc Networks, ” Proceeding Of IEEE Icnp 2002, Pp. 78-87, November 2002.
[29] Y. Zhang, W. Lee, And Y. Huang.”Intrusion Detection Techniques For Mobile Wireless
Networks” Acm/Kluwer Mobile Networks And Applications (Monet), 2002.
[30] Y. Zhang And W. Lee. Intrusion Detection In Wireless Ad Hoc Networks. In Proceedings
Of The 6th Annual International Conference On Mobile Computing And Networking, Pp. 275–
283. Acm Press, 2000.
72
BIBLIOGRAPHY
[31] Andrew S. Tanenbaum “Computer Networks”, Fourth Edition, Tata Macgraw Hill
[32] Behroun Fourozoan “Data Communication” , Fourth Edition, Tata Macgraw Hill
[33] Matthew Gast “802.11 Wireless Networks: The Definitive Guide”, 2nd Edition, O'reilly
Media
73
WEB REFERENCES
[34] Ns and nam build questions http://www.isi.edu/nsnam/ns/ns-build.html
[35] Ns mailing list: [email protected]
[36]Ns manual and tutorial: http://www.isi.edu/nsnam/ns/ns- documentation.html
[37] NS by Example: http://nile.wpi.edu/NS
74
APPENDIX-I
ADM Anomaly detection module
AODV Ad-hoc on demand vector
AWK Abstract window toolkit
AP Access point
ARP Address Resolution Protocol
CBR Constant bit rate
CDPD Cellular Digital Packet Data
DDOS Distributed Denial of Service
DOS Denial of service
DSA Digital Signature Algorithm
DSR Dynamic source routing
FRAC Flow-based route access control
GSM Global System for Mobile Communication
IDRM Intrusion detection and response model
IDS Intrusion Detection System
IRM Intrusion response model
IDMEF Intrusion Detection Message Exchange Format
IDXP Intrusion Detection Exchange Protocol
LID Local intrusion database
LIDS Local Intrusion Detection System
MAC Access Control
MANET Mobile Ad-hoc network
MDM Misuse detection module
MIB Management information bases
NAM Node Animator
PDA Personal digital assistant
RF Radio frequency
RIP Routing Information Protocol
RREQ Route Requests
75
SA Security association
SIG Special Interest Group
SNMP Simple Network Management Protocol
SSH Secure Shell
SSID Service Set Identifier
SSD Stationary secure database
TCL Tool command language
TCP Transfer control protocol
TIARA Techniques for Intrusion-Resistant Ad Hoc Routing Algorithm
TKIP Temporal Key Integrity Protocol
UDP User datagram protocol
WEP Wired Equivalent Protocol
WLAN Wireless local area network
WPAN Wireless Personal Area Network
76
APPENDIX-II
GENERATE PACKET DROP MISBEHAVIOUR IN NS-2
# A 50-node example for ad-hoc simulation with AODV
# Define options
set val(chan) Channel/WirelessChannel ;# channel type
set val(prop) Propagation/TwoRayGround ;# radio-propagation model
set val(netif) Phy/WirelessPhy ;# network interface type
set val(mac) Mac/802_11 ;#MAC type
set val(ifq) Queue/DropTail/PriQueue ;# interface queue type
set val(ll) LL ;# link layer type
set val(ant) Antenna/OmniAntenna ;# antenna model
set val(ifqlen) 50 ;# max packet in ifq
set val(nn) 50 ;# number of mobilenodes
set val(rp) AODV ;# routing protocol
set val(x) 800 ;# X dimension of topography
set val(y) 600 ;# dimension of topography
set val(stop) 100 ;# time of simulation end
set ns [new Simulator]
$ns use-newtrace
set tracefd [open ipsaodv.tr w]
set t1 [open TCP1-Win-IPSAODV.tr w]
set t2 [open TCP2-Win-IPSAODV.tr w]
set t3 [open TCP3-Win-IPSAODV.tr w]
set t4 [open TCP4-Win-IPSAODV.tr w]
set t5 [open TCP5-Win-IPSAODV.tr w]
set t6 [open TCP6-Win-IPSAODV.tr w]
set t7 [open TCP7-Win-IPSAODV.tr w]
set t8 [open TCP8-Win-IPSAODV.tr w]
set t9 [open TCP9-Win-IPSAODV.tr w]
set t10 [open TCP10-Win-IPSAODV.tr w]
set namtrace [open ipsaodv.nam w]
$ns namtrace-all-wireless $namtrace $val(x) $val(y)
$ns trace-all $tracefd
set f0 [open UDP-RX-IPSAODV.tr w]
set f1 [open UDP-Lost-IPSAODV.tr w]
set f2 [open UDP-TX-IPSAODV.tr w]
# define color index
$ns color 0 blue
$ns color 1 red
$ns color 2 chocolate
$ns color 4 brown
$ns color 5 tan
$ns color 6 gold
$ns color 7 black
#set up topography object
set topo [new Topography]
77
# define topology
$topo load_flatgrid $val(x) $val(y)
set god_ [create-god $val(nn)]
# ======================================================================
set AgentTrace ON
set RouterTrace ON
set MacTrace OFF
LL set mindelay_ 50us
LL set delay_ 25us
# set up the antennas to be centered in the node and 2.5 meters above it
Antenna/OmniAntenna set X_ 0
Antenna/OmniAntenna set Y_ 0
Antenna/OmniAntenna set Z_ 2.5
Antenna/OmniAntenna set Gt_ 2.0
Antenna/OmniAntenna set Gr_ 2.0
# Initialize the SharedMedia interface with parameters to make
# it work like the 914MHz Lucent WaveLAN DSSS radio interface
Phy/WirelessPhy set CPThresh_ 20.0 ;# receive power threshold
Phy/WirelessPhy set CSThresh_ 1.559e-11 ;# -108.07154db carrier sense thresh
Phy/WirelessPhy set RXThresh_ 3.652e-10
Phy/WirelessPhy set Rb_ 2*1e6
Phy/WirelessPhy set Pt_ 0.2818 ;# For 250m transmission range.
Phy/WirelessPhy set freq_ 914e+6 ;# frequency
Phy/WirelessPhy set L_ 1.0 ;# system loss factor
Phy/WirelessPhy set Pt_consume_ 0.660 ;# 1.6 W drained power for tx
Phy/WirelessPhy set Pr_consume_ 0.395 ;# 1.2 W drained power for reception
Phy/WirelessPhy set P_idle_ 0.035 ;# 1.15 W drained power for idle
#===============================================================================
==
#Create nn mobilenodes [$val(nn)] and attach them to the channel.
set chan_1 [new $val(chan)]
#cofigure the nodes
$ns node-config -adhocRouting $val(rp) \
-llType $val(ll) \
-macType $val(mac) \
-ifqType $val(ifq) \
-ifqLen $val(ifqlen) \
-antType $val(ant) \
-propType $val(prop) \
-phyType $val(netif) \
-channelType $val(chan) \
-topoInstance $topo \
-agentTrace ON \
-routerTrace ON \
-macTrace OFF \
-movemenTrace ON
#next-hop information
$ns compute-routes
78
## Creating node objects..
$ns node-config -adhocRouting untrustAODV
$ns node-config -adhocRouting ipsAODV
set node(0) [$ns node]
$ns node-config -adhocRouting AODV
for {set i 1} {$i < 4 } { incr i } {
set node($i) [$ns node]
}
$ns node-config -adhocRouting ipsAODV
set node(4) [$ns node]
$ns node-config -adhocRouting untrustAODV
$ns node-config -adhocRouting ipsAODV
set node(5) [$ns node]
$ns node-config -adhocRouting ipsAODV
for {set i 6} {$i < 12 } { incr i } {
set node($i) [$ns node]
}
$ns node-config -adhocRouting ipsAODV
set node(12) [$ns node]
$ns node-config -adhocRouting untrustAODV
$ns node-config -adhocRouting ipsAODV
set node(13) [$ns node]
$ns node-config -adhocRouting ipsAODV
for {set i 14} {$i < 29 } { incr i } {
set node($i) [$ns node]
}
$ns node-config -adhocRouting ipsAODV
set node(29) [$ns node]
$ns node-config -adhocRouting ipsAODV
for {set i 30 } {$i < $val(nn) } { incr i } {
set node($i) [$ns node]
}
$node(0) color red
$ns at 0.0 "$node(0) color red"
for {set i 1} {$i < 5} {incr i} {
$node($i) color green
$ns at 0.0 "$node($i) color green"
}
$node(5) color red
$ns at 0.0 "$node(5) color red"
79
for {set i 6} {$i < 13} {incr i} {
$node($i) color green
$ns at 0.0 "$node($i) color green"
}
$node(13) color red
$ns at 0.0 "$node(13) color red"
for {set i 14} {$i < $val(nn)} {incr i} {
$node($i) color green
$ns at 0.0 "$node($i) color green"
}
## Provide initial location of mobilenodes..
$node(0) set X_ 500
$node(0) set Y_ 500
$node(1) set X_ 100
$node(1) set Y_ 200
$node(2) set X_ 300
$node(2) set Y_ 400
$node(3) set X_ 700
$node(3) set Y_ 100
$node(4) set X_ 500
$node(4) set Y_ 200
$node(5) set X_ 800
$node(5) set Y_ 600
$node(6) set X_ 600
$node(6) set Y_ 300
$node(7) set X_ 150
$node(7) set Y_ 150
$node(8) set X_ 200
$node(8) set Y_ 150
$node(9) set X_ 100
$node(9) set Y_ 300
$node(10) set X_ 400
$node(10) set Y_ 450
$node(11) set X_ 600
$node(11) set Y_ 350
$node(12) set X_ 550
$node(12) set Y_ 300
$node(13) set X_ 700
80
$node(13) set Y_ 300
$node(14) set X_ 450
$node(14) set Y_ 600
$node(15) set X_ 250
$node(15) set Y_ 200
$node(16) set X_ 600
$node(16) set Y_ 500
$node(17) set X_ 450
$node(17) set Y_ 400
$node(18) set X_ 650
$node(18) set Y_ 500
$node(19) set X_ 750
$node(19) set Y_ 150
$node(20) set X_ 750
$node(20) set Y_ 300
$node(21) set X_ 250
$node(21) set Y_ 600
$node(22) set X_ 350
$node(22) set Y_ 550
$node(23) set X_ 600
$node(23) set Y_ 600
$node(24) set X_ 300
$node(24) set Y_ 350
$node(25) set X_ 750
$node(25) set Y_ 250
$node(26) set X_ 750
$node(26) set Y_ 100
$node(27) set X_ 100
$node(27) set Y_ 50
$node(28) set X_ 600
$node(28) set Y_ 450
$node(29) set X_ 250
$node(29) set Y_ 450
$node(30) set X_ 800
$node(30) set Y_ 300
$node(31) set X_ 150
$node(31) set Y_ 250
$node(32) set X_ 300
$node(32) set Y_ 300
81
$node(33) set X_ 150
$node(33) set Y_ 600
$node(34) set X_ 100
$node(34) set Y_ 400
$node(35) set X_ 400
$node(35) set Y_ 200
$node(36) set X_ 200
$node(36) set Y_ 300
$node(37) set X_ 350
$node(37) set Y_ 600
$node(38) set X_ 270
$node(38) set Y_ 100
$node(39) set X_ 380
$node(39) set Y_ 300
$node(40) set X_ 650
$node(40) set Y_ 150
$node(41) set X_ 600
$node(41) set Y_ 250
$node(42) set X_ 400
$node(42) set Y_ 350
$node(43) set X_ 800
$node(43) set Y_ 400
$node(44) set X_ 350
$node(44) set Y_ 150
$node(45) set X_ 680
$node(45) set Y_ 180
$node(46) set X_ 350
$node(46) set Y_ 300
$node(47) set X_ 700
$node(47) set Y_ 400
$node(48) set X_ 300
$node(48) set Y_ 200
$node(49) set X_ 550
$node(49) set Y_ 500
## Define node initial position in nam..
for {set i 0} {$i < $val(nn)} { incr i } {
# 30 defines the node size for nam..
$ns initial_node_pos $node($i) 30
}
82
#Generation of mobile nodes
$ns at 5.0 "$node(0) setdest 250.0 250.0 30.0"
$ns at 15.0 "$node(1) setdest 50.0 240.0 3.0"
$ns at 50.0 "$node(2) setdest 450.0 300.0 5.0"
$ns at 16.0 "$node(3) setdest 10.0 300.0 4.0"
$ns at 13.0 "$node(4) setdest 1.0 1.0 4.0"
$ns at 14.0 "$node(5) setdest 10.0 34.0 5.0"
$ns at 13.0 "$node(6) setdest 25.0 100.0 6.0"
$ns at 20.0 "$node(7) setdest 50.0 150.0 4.0"
$ns at 21.0 "$node(8) setdest 60.0 200.0 8.0"
$ns at 24.0 "$node(9) setdest 150.0 10.0 10.0"
$ns at 34.0 "$node(10) setdest 250.0 10.0 15.0"
$ns at 40.0 "$node(11) setdest 300.0 300.0 2.0"
$ns at 37.0 "$node(12) setdest 10.0 340.0 2.0"
$ns at 47.0 "$node(13) setdest 100.0 340.0 5.0"
$ns at 17.0 "$node(14) setdest 10.0 240.0 10.0"
$ns at 13.0 "$node(15) setdest 10.0 140.0 3.0"
$ns at 15.0 "$node(16) setdest 600.0 200.0 5.0"
$ns at 70.0 "$node(17) setdest 600.0 34.0 30.0"
$ns at 71.0 "$node(18) setdest 700.0 14.0 2.0"
$ns at 62.0 "$node(19) setdest 400.0 25.0 6.0"
$ns at 77.0 "$node(20) setdest 500.0 500.0 8.0"
$ns at 86.0 "$node(21) setdest 300.0 400.0 3.0"
$ns at 18.0 "$node(22) setdest 300.0 30.0 11.0"
$ns at 5.0 "$node(23) setdest 150.0 150.0 1.0"
$ns at 3.0 "$node(24) setdest 8.0 80.0 21.0"
$ns at 2.0 "$node(25) setdest 10.0 450.0 20.0"
$ns at 1.0 "$node(26) setdest 180.0 240.0 25.0"
$ns at 9.0 "$node(27) setdest 10.0 400.0 14.0"
$ns at 8.0 "$node(28) setdest 250.0 440.0 23.0"
$ns at 60.0 "$node(29) setdest 50.0 3.0 15.0"
$ns at 10.0 "$node(30) setdest 10.0 300.0 15.0"
$ns at 60.0 "$node(31) setdest 550.0 10.0 1.0"
$ns at 6.0 "$node(32) setdest 250.0 3.0 5.0"
$ns at 23.0 "$node(33) setdest 50.0 60.0 8.0"
$ns at 30.0 "$node(34) setdest 100.0 3.0 25.0"
$ns at 44.0 "$node(35) setdest 10.0 19.0 10.0"
$ns at 8.0 "$node(36) setdest 50.0 35.0 1.0"
$ns at 18.0 "$node(37) setdest 50.0 3.0 6.0"
$ns at 49.0 "$node(38) setdest 10.0 120.0 20.0"
$ns at 6.0 "$node(39) setdest 50.0 12.0 15.0"
$ns at 9.0 "$node(40) setdest 300.0 3.0 7.0"
$ns at 20.0 "$node(41) setdest 200.0 40.0 5.0"
$ns at 9.0 "$node(42) setdest 50.0 10.0 25.0"
$ns at 60.0 "$node(43) setdest 500.0 500.0 2.0"
$ns at 17.0 "$node(44) setdest 100.0 90.0 14.0"
$ns at 26.0 "$node(45) setdest 50.0 3.0 5.0"
$ns at 22.0 "$node(46) setdest 350.0 400.0 10.0"
$ns at 29.0 "$node(47) setdest 500.0 9.0 3.0"
$ns at 3.0 "$node(48) setdest 250.0 140.0 15.0"
$ns at 6.0 "$node(49) setdest 10.0 300.0 19.0"
#Set a TCP connection between node 0 and node 19
set tcp [new Agent/TCP/Newreno]
83
$tcp set class_ 2
set sink [new Agent/TCPSink]
$ns attach-agent $node(40) $tcp
$ns attach-agent $node(19) $sink
$ns connect $tcp $sink
set ftp [new Application/FTP]
$ftp attach-agent $tcp
$ns at 1.0 "$ftp start"
$tcp set fid_ 1
$ns at 1.0 " $node(40) color gold"
$ns at 1.0 " $node(19) color gold"
#Set a TCP connection between node 6 and node 12
set tcp1 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink1 [new Agent/TCPSink]
$ns attach-agent $node(6) $tcp1
$ns attach-agent $node(12) $sink1
$ns connect $tcp1 $sink1
set ftp1 [new Application/FTP]
$ftp1 attach-agent $tcp1
$ns at 5.0 "$ftp1 start"
$tcp1 set fid_ 2
$ns at 5.0 " $node(6) color tan"
$ns at 5.0 " $node(12) color tan"
#set a tcp connection between node 25 and node 24
set tcp2 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink2 [new Agent/TCPSink]
$ns attach-agent $node(25) $tcp2
$ns attach-agent $node(24) $sink2
$ns connect $tcp2 $sink2
set ftp2 [new Application/FTP]
$ftp2 attach-agent $tcp2
$ns at 2.0 "$ftp2 start"
$tcp2 set fid_ 2
$ns at 2.0 " $node(25) color chocolate"
$ns at 2.0 " $node(24) color chocolate"
#set a tcp connection between node 31 and node 21
set tcp3 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink3 [new Agent/TCPSink]
$ns attach-agent $node(31) $tcp3
$ns attach-agent $node(21) $sink3
$ns connect $tcp3 $sink3
set ftp3 [new Application/FTP]
$ftp3 attach-agent $tcp3
$ns at 3.0 "$ftp3 start"
$tcp3 set fid_ 2
$ns at 3.0 " $node(31) color tan"
$ns at 3.0 " $node(21) color tan"
84
##################
#set a tcp connection between node 22 and node 7
set tcp4 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink6 [new Agent/TCPSink]
$ns attach-agent $node(22) $tcp4
$ns attach-agent $node(7) $sink6
$ns connect $tcp4 $sink6
set ftp4 [new Application/FTP]
$ftp4 attach-agent $tcp4
$ns at 5.0 "$ftp4 start"
$tcp4 set fid_ 2
$ns at 5.0 " $node(22) color tan"
$ns at 5.0 " $node(7) color tan"
###############
##################
#set a tcp connection between node 2 and node 11
set tcp5 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink7 [new Agent/TCPSink]
$ns attach-agent $node(2) $tcp5
$ns attach-agent $node(11) $sink7
$ns connect $tcp5 $sink7
set ftp5 [new Application/FTP]
$ftp5 attach-agent $tcp5
$ns at 4.0 "$ftp5 start"
$tcp5 set fid_ 2
$ns at 4.0 " $node(2) color gold"
$ns at 4.0 " $node(11) color gold"
###############
#set a tcp connection between node 35 and node 41
set tcp6 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink10 [new Agent/TCPSink]
$ns attach-agent $node(35) $tcp6
$ns attach-agent $node(41) $sink10
$ns connect $tcp6 $sink10
set ftp6 [new Application/FTP]
$ftp6 attach-agent $tcp6
$ns at 3.0 "$ftp6 start"
$tcp6 set fid_ 2
$ns at 3.0 " $node(35) color blue"
$ns at 3.0 " $node(41) color blue"
#set a tcp connection between node 42 and node 44
set tcp7 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink11 [new Agent/TCPSink]
$ns attach-agent $node(42) $tcp7
$ns attach-agent $node(44) $sink11
$ns connect $tcp7 $sink11
set ftp7 [new Application/FTP]
$ftp7 attach-agent $tcp7
$ns at 2.0 "$ftp7 start"
$tcp7 set fid_ 2
$ns at 2.0 " $node(42) color brown"
$ns at 2.0 " $node(44) color brown"
85
#set a tcp connection between node 48 and node 32
set tcp8 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink12 [new Agent/TCPSink]
$ns attach-agent $node(48) $tcp8
$ns attach-agent $node(32) $sink12
$ns connect $tcp8 $sink12
set ftp8 [new Application/FTP]
$ftp8 attach-agent $tcp8
$ns at 4.0 "$ftp8 start"
$tcp8 set fid_ 2
$ns at 4.0 " $node(48) color gold"
$ns at 4.0 " $node(32) color gold"
#set a tcp connection between node 39 and node 14
set tcp9 [new Agent/TCP/Newreno]
$tcp set class_ 1
set sink14 [new Agent/TCPSink]
$ns attach-agent $node(39) $tcp9
$ns attach-agent $node(14) $sink14
$ns connect $tcp9 $sink14
set ftp10 [new Application/FTP]
$ftp10 attach-agent $tcp9
$ns at 4.0 "$ftp10 start"
$tcp9 set fid_ 2
$ns at 4.0 " $node(39) color tan"
$ns at 4.0 " $node(14) color tan"
###############
#set a udp connection between node 10 and node 15
set udp1 [new Agent/UDP]
$ns attach-agent $node(15) $udp1
set sink4 [new Agent/LossMonitor]
$ns attach-agent $node(10) $sink4
$ns connect $udp1 $sink4
$ns at 2.0 " $node(10) color Green"
$ns at 2.0 " $node(15) color Green"
#set a udp connection between node 20 and node 3
set udp2 [new Agent/UDP]
$ns attach-agent $node(20) $udp2
set sink5 [new Agent/LossMonitor]
$ns attach-agent $node(3) $sink5
$ns connect $udp2 $sink5
86
$ns at 3.0 " $node(3) color brown"
$ns at 3.0 " $node(20) color brown"
#set a udp connection between node 33 and node 37
set udp3 [new Agent/UDP]
$ns attach-agent $node(33) $udp3
set sink8 [new Agent/LossMonitor]
$ns attach-agent $node(37) $sink8
$ns connect $udp3 $sink8
$ns at 5.0 " $node(33) color tan"
$ns at 5.0 " $node(37) color tan"
#set a udp connection between node 47 and node 30
set udp4 [new Agent/UDP]
$ns attach-agent $node(47) $udp4
set sink9 [new Agent/LossMonitor]
$ns attach-agent $node(30) $sink9
$ns connect $udp4 $sink9
$ns at 1.0 " $node(47) color blue"
$ns at 1.0 " $node(30) color blue"
#set a udp connection between node 45 and node 16
set udp5 [new Agent/UDP]
$ns attach-agent $node(45) $udp5
set sink15 [new Agent/LossMonitor]
$ns attach-agent $node(16) $sink15
$ns connect $udp5 $sink15
$ns at 2.0 " $node(16) color brown"
$ns at 2.0 " $node(45) color brown"
#set a udp connection between node 8 and node 43
set udp6 [new Agent/UDP]
$ns attach-agent $node(8) $udp6
set sink16 [new Agent/LossMonitor]
$ns attach-agent $node(43) $sink16
$ns connect $udp6 $sink16
$ns at 3.0 " $node(43) color brown"
$ns at 3.0 " $node(8) color brown"
87
proc attach-CBR-traffic { node sink size interval } {
#Get an instance of the simulator
set ns [Simulator instance]
#Create a CBR agent and attach it to the node
set cbr [new Agent/CBR]
$ns attach-agent $node $cbr
$cbr set packetSize_ $size
$cbr set interval_ $interval
#Attach CBR source to sink;
$ns connect $cbr $sink
return $cbr
}
set cbr1 [attach-CBR-traffic $node(15) $sink4 512 .85]
$ns at 2.0 "$cbr1 start"
set cbr2 [attach-CBR-traffic $node(20) $sink5 512 .65]
$ns at 2.0 "$cbr1 start"
$ns at 3.0 "$cbr2 start"
proc record {} {
global sink4 sink5 f0 f1 f2
#Get An Instance Of The Simulator
set ns [Simulator instance]
#Set The Time After Which The Procedure Should Be Called Again
set time 0.05
#How Many Bytes Have Been Received By The Traffic Sinks?
set bw0 [$sink4 set npkts_]
set bw1 [$sink4 set nlost_]
set bw2 [expr $bw0+ $bw1]
set bw3 [$sink5 set npkts_]
set bw4 [$sink5 set nlost_]
set bw5 [expr $bw3+ $bw4]
#Get The Current Time
set now [$ns now]
#Save Data To The Files
puts $f0 "$now [expr $bw0 + $bw3]"
puts $f1 "$now [expr $bw1 + $bw4]"
puts $f2 "$now [expr $bw2 + $bw5]"
#Re-Schedule The Procedure
$ns at [expr $now+$time] "record"
}
# printing the window size
proc plotWindow {tcpSource file} {
global ns
set time 0.01
set now [$ns now]
88
set cwnd [$tcpSource set cwnd_]
puts $file "$now $cwnd"
$ns at [expr $now+$time] "plotWindow $tcpSource $file" }
$ns at 1.01 "plotWindow $tcp $t1"
$ns at 1.01 "plotWindow $tcp1 $t2"
$ns at 1.01 "plotWindow $tcp2 $t3"
$ns at 1.01 "plotWindow $tcp3 $t4"
$ns at 1.01 "plotWindow $tcp4 $t5"
$ns at 1.01 "plotWindow $tcp5 $t6"
$ns at 1.01 "plotWindow $tcp6 $t7"
$ns at 1.01 "plotWindow $tcp7 $t8"
$ns at 1.01 "plotWindow $tcp8 $t9"
$ns at 1.01 "plotWindow $tcp9 $t10"
#Telling nodes when the simulation ends
for {set i 0} {$i < $val(nn)} { incr i } {
$ns at $val(stop) "$node($i) reset" ;
}
#start ftp transmission
$ns at 1.0 "$node(40) label \"FTP\""
$ns at 1.0 "$node(19) label \"FTP\""
$ns at 5.0 "$node(6) label \"FTP\""
$ns at 5.0 "$node(12) label \"FTP\""
$ns at 2.0 "$node(25) label \"FTP\""
$ns at 2.0 "$node(24) label \"FTP\""
$ns at 3.0 "$node(31) label \"FTP\""
$ns at 3.0 "$node(21) label \"FTP\""
$ns at 5.0 "$node(22) label \"FTP\""
$ns at 5.0 "$node(7) label \"FTP\""
$ns at 4.0 "$node(2) label \"FTP\""
$ns at 4.0 "$node(11) label \"FTP\""
$ns at 4.0 "$node(35) label \"FTP\""
$ns at 4.0 "$node(41) label \"FTP\""
$ns at 5.0 "$node(42) label \"FTP\""
$ns at 1.0 "$node(44) label \"FTP\""
$ns at 4.0 "$node(32) label \"FTP\""
$ns at 1.0 "$node(39) label \"FTP\""
$ns at 4.0 "$node(14) label \"FTP\""
$ns at 2.0 "$node(10) label \"CBR\""
$ns at 2.0 "$node(15) label \"CBR\""
$ns at 3.0 "$node(20) label \"CBR\""
$ns at 3.0 "$node(3) label \"CBR\""
$ns at 3.0 "$node(39) label \"CBR\""
$ns at 4.0 "$node(14) label \"CBR\""
$ns at 3.0 "$node(45) label \"CBR\""
$ns at 1.0 "$node(16) label \"CBR\""
$ns at 3.0 "$node(8) label \"CBR\""
$ns at 2.0 "$node(43) label \"CBR\""
$ns at 0.01 "$node(5) label \"Untrusted node\""
$ns at 0.01 "$node(13) label \"Untrusted node\""
$ns at 0.01 "$node(4) label \"Prevention node\""
$ns at 0.01 "$node(12) label \"Prevention node\""
$ns at 0.01 "$node(29) label \"Prevention node\""
89
#Node Movment with Trace Information
$ns at 1.0 "$ns trace-annotate \"Node's Move\""
$ns at 1.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 40 TO 19 \""
$ns at 5.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 6 TO 12 \""
$ns at 2.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 25 TO 24 \""
$ns at 3.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 31 TO 21 \""
$ns at 5.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 22 TO 7 \""
$ns at 4.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 2 TO 11 \""
$ns at 1.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 35 TO 41 \""
$ns at 4.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 42 TO 44 \""
$ns at 5.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 48 TO 32 \""
$ns at 4.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 9 TO 36 \""
$ns at 1.0 "$ns trace-annotate \"TCP Over FTP Packet TX. Start From 39 TO 14 \""
$ns at 2.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 10 TO 15 \""
$ns at 3.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 20 TO 3 \""
$ns at 3.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 33 TO 37 \""
$ns at 2.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 47 TO 30 \""
$ns at 3.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 45 TO 16 \""
$ns at 5.0 "$ns trace-annotate \"UDP Over CBR Packet TX. Start From 8 TO 43 \""
#ending nam and the simualtion
$ns at $val(stop) "$ns nam-end-wireless $val(stop)"
$ns at $val(stop) "stop"
$ns at 100.01 "puts \"end simulation\" ; $ns halt"
proc stop {} {
global ns f0 f1 f2 tracefd namtrcae
$ns flush-trace
close $tracefd
close $f0
close $f1
close $f2
exec nam ipsaodv.nam &
exec xgraph UDP-RX-IPSAODV.tr UDP-Lost-IPSAODV.tr UDP-TX-IPSAODV.tr
exit 0
}
$ns at 0.0 "record"
$ns run