rate controlling and scheduling in wireless adhoc … · dr.dekson.d.e professor, cse & it,...
TRANSCRIPT
RATE CONTROLLING AND SCHEDULING IN WIRELESS
ADHOC NETWORKS
Thesis submitted in partial fulfillment for the degree of
Doctor of Philosophy in
Computer Science and Engineering
ByT.BUVANESWARI
Under the guidance of
Dr. DEKSON.D.E
Vinayaka Missions University(Vinayaka Missions Research Foundation Deemed University)
Arriyanoor, Salem-636 308
Tamilnadu, India
March 2016
Dr.DEKSON.D.E
Professor, CSE & IT, Chennai.
Aarupadai Veedu Institute of Technology, 10.03.2016
Paiyanoor, Chennai
CERTIFICATE
I, Dr.DEKSON.D.E certify that the thesis entitled “RATE CONTROLLING
AND SCHEDULING IN WIRELESS ADHOC NETWORKS” submitted by
Ms.T.BUVANESWARI for the award of the degree of Doctor of Philosophy is the
record of research work carried out by her during the period from 2011 to 2016 under my
guidance and supervision and that this has not formed the basis for the award of any other
degree, diploma, associateship, fellowship or any other similar titles in this or any other
institution of higher learning.
(Signature & Official seal of the guide)
DECLARATION
I, T.BUVANESWARI declare that the thesis entitled “RATE
CONTROLLING AND SCHEDULING IN WIRELESS ADHOC
NETWORKS” submitted by me for the award of Doctor of Philosophy
is the record of research work carried out by me during the period
from January 2011 to March 2016 under the guidance of
Dr.DEKSON.D.E, Professor, CSE & IT, Aarupadai Veedu Institute
of Technology, Paiyanoor, Chennai and that has not formed the
basis for the award of any other degree, diploma, associateship,
fellowship or any other similar titles in this or any other institution of
higher learning.
Place : SalemDate : 10.03.2016 (Signature of the candidate)
ACKNOWLEDGEMENTS
I would like to take the opportunity to thank God almighty who has been
showering his blessings on me bestowed strength, knowledge and courage all
these days.
I express my sincere gratitude to our founder of Vinayaka Missions
University, Dr.A.Shanmugasundaram and I am grateful to respectable
Madam Chairman Mrs.Annapoorani Shanmugasundaram for constant
support.
I have a great pleasure in expressing my deep sense of gratitude to my
highly spirited and learned research guide Dr.Dekson.D.E, Professor, CSE &
IT, Aarupadai Veedu Institute of Technology, Paiyanoor, Chennai for his
potential guidance and constant encouragement in completing this research work
successfully.
I am also thankful to Prof. Dr. K. Rajendran , Dean (Research) Vinayaka
Missions University, Salem for his valuable suggestion in completing this
research in time. I would thank the Management, Board and Committee
Members, Faculty and Staff of Vinayaka Missions University for helping me in
various ways possible.
I would like to show my great appreciation to my family and friends for
their continuous support during all these years.
TABLE OF CONTENTS
CHAPTERNO. TITLE PAGE
NO.
LIST OF TABLES I
LIST OF FIGURES II
LIST OF ABBREVIATIONS VI
1. INTRODUCTION
1.1 Introduction to Computer Networks 1
1.2 Classification of Networks
1.2.1Bus Network
1.2.2Ring Network
1.2.3Star Network
1.2.4Mesh Network
2
3
4
5
1.3 Classification of Wireless Networks
1.3.1 Wireless Local Area Network (LAN) and
Personal Area Network (PAN)
1.3.2 Wide Area Network and Mobile Area
Network
7
8
1.4 Introduction to Mobile Adhoc Network 10
1.5 Main Advantage of MANET 11
1.6 Applications of MANET 13
1.7 Issues in Mobile Adhoc Network 14
1.8 Routing in Mobile Adhoc Network
1.8.1 Routing Factors in MANET
16
18
1.9 Security Issues in MANET
1.9.1 Passive Attacks
1.9.2 Active Attacks
1.9.3 Packet Dropping
1.9.4 Black holes
1.9.5 Gray holes
1.9.6 Denial of Service (DoS)
1.9.7 Falsifying Route Error Messages
1.9.8 Route Cache Poisoning
1.9.9 Routing Table Overflow Attack
1.9.10 Other Advanced Attacks
20
25
27
28
28
28
30
31
32
32
33
1.10 Introduction to False Location Attacks 35
1.11 Approaches in Handling False Location Attacks 37
1.12 Objective 38
2. LITERATURE SURVEY 41
3.
IMPLEMENTATION OF LIGHT WEIGHT LOCATION
VERIFICATION PROTOCOL BASED ON BEHAVIOR
LEARNING PROCESS FOR MOBILE ADHOC
NETWORKS
3.1 Introduction 65
3.2 Methods Explored 72
3.3 Light Weight Location Verification System
3.3.1 Registration
3.3.2 Behavior Collection
3.3.3 One step Location Verification
75
76
80
86
3.4 Conclusion 88
4.
SECURE DISCOVERY SCHEME AND MINIMUM
SPAN VERIFICATION OF NEIGHBOR LOCATIONS IN
MOBILE ADHOC NETWORKS
4.1 Introduction 89
4.2 Methods Explored 93
4.3 Secure Discovery Scheme
4.3.1 Group Join
4.3.2 Neighbor Discovery Scheme
4.3.3 Location verification Process
99
103
107
4.4 Conclusion 108
5.
TWO HOP NEIGHBOR DISCOVERY BASED
LOCATION VERIFICATION PROTOCOL FOR
MOBILE ADHOC NETWORK USING NODE
DUPLICATION METHOD
5.1 Introduction 109
5.2 Methods Explored 112
5.3 Two Hop Neighbor Verification Approach
5.3.1 Two Hop Neighbor Discovery
5.3.2 Node Duplication Approach
5.3.3 Location Verification Protocol
5.3.4 Node Duplication Location Verified Routing
(NDLVR)
116
118
120
124
5.4 Conclusion 128
6. RESULTS AND DISCUSSION
6.1 A Light Weight Location Verification Protocol based
on Behavior Learning Process for Mobile Adhoc
Networks
130
6.2 Secure Discovery Scheme and Minimum Span
Verification of Neighbor Locations in Mobile Adhoc
Networks
134
6.3 Two Hop Neighbor Discovery Based Location
Verification Protocol for Mobile Adhoc Network
Using Node Duplication Method
139
6.4 Conclusion 145
7. CONCLUSION AND FUTURE WORK 146
REFERENCES 148
LIST OF PUBLICATIONS 169
I
LIST OF TABLES
TABLE NO. TITLE PAGE NO.
Table 1.1 List of routes between node 1 and node 19 18
Table 3.1 Login Message format 76
Table 3.2 Base Station Node Matrix 80
Table 4.1 Shows the Group join Message Format 99
Table 6.1 Details of Simulation Parameters 129
II
LIST OF FIGURES
FIGURENO.
TITLE PAGE NO.
Figure 1.1 Simple network 2
Figure 1.2 Sample Bus Topology 3
Figure 1.3 Ring Topology 4
Figure 1.4 Star topology 5
Figure 1.5 Mesh topology 5
Figure 1.6 Wireless LAN 7
Figure 1.7 A Cellular network 9
Figure 1.8 A Mobile Adhoc network 10
Figure 1.9 Sample Mobile Adhoc Network 18
Figure 1.10 Security Threats 25
Figure 1.11 Example Scenario of False Location 36
Figure 3.1 Sample MANET Topology 66
Figure 3.2 Adversaries Fake Positions 70
III
Figure 3.3 Registration Process with the Base Station 77
Figure 3.4 Flow Chart of Registration 78
Figure 3.5 Transmission of Behavior Message 82
Figure 3.6 Flow chart of Behavior Collection Process 85
Figure 3.7 Flow chart of One Step Verification 86
Figure 4.1 Shows the Example Scenario of the Fake
Location90
Figure 4.2 Architecture of One Step Verification Scheme 97
Figure 4.3 Proposed Addressing Scheme 98
Figure 4.4 Address Allocation Scenario 99
Figure 4.5 Flow Chart of Group Join 102
Figure 4.6 Flow Chart of Neighbor Discovery Scheme 106
Figure 5.1 Example of Two Hop Neighbor Verification 111
Figure 5.2Architecture of Two Hop Neighbor Discovery
Approach117
Figure 5.3Flow Chart of Two Hop Neighbor Discovery
Algorithm120
Figure 5.4 Flow Chart of Node Duplication Method 123
IV
Figure 5.5Flow Chart of Node Duplication Location
Verification127
Figure 6.1Adversary Detection Accuracy between Existing
method and LLV130
Figure 6.2Latency Ratio Produced By Existing Method
and LLV131
Figure 6.3Displacement Allowed According to
Transmission Range131
Figure 6.4Traffic introduced by Existing SL, NPV and LLV
Methods132
Figure 6.5Security Performance Produced by Existing SL,
NPV and LLV Methods133
Figure 6.6Throughput Performance by Existing SL, NPV
and LLV Methods133
Figure 6.7Adversary Detection Accuracy produced by SL,
NPV, LLV and SDS134
Figure 6.8Network overhead introduced by SL, NPV, LLV
and SDS135
Figure 6.9Time Complexity introduced by SL, NPV, LLV
and SDS136
Figure 6.10Comparison of Latency Ratio Produced by SL,
NPV, LLV and SDS136
Figure 6.11Displacement Allowed by SL, NPV, LLV and
SDS according to Range137
Figure 6.12 Traffic introduced by SL, NPV, LLV and SDS 138
V
Figure 6.13Security Performance Produced by SL, NPV,
LLV and SDS138
Figure 6.14Throughput Performance Produced by SL, NPV,
LLV and SDS139
Figure 6.15Adversary Detection Accuracy produced by SL,
NPV, LLV and NDLVR140
Figure 6.16Network overhead introduced by SL, NPV, LLV
and NDLVR141
Figure 6.17Time complexity introduced by SL, NPV, LLV
and NDLVR141
Figure 6.18Comparison of Latency Ratio introduced by SL,
NPV, LLV and NDLVR142
Figure 6.19Displacement Allowed by SL, NPV, LLV and
NDLVR according to Range143
Figure 6.20 Traffic introduced by SL, NPV, LLV and NDLVR 143
Figure 6.21Security Performance introduced by SL, NPV,
LLV and NDLVR144
Figure 6.21Throughput Performance introduced by SL,
NPV, LLV and NDLVR145
VI
LIST OF ABBREVIATIONS
WANET Wireless Adhoc network
MANET Mobile Adhoc Network
VANET Vehicular Adhoc network
TCP Transmission Control Protocol
UDP Unified Datagram Protocol
AODV Ad-Hoc On-Demand Distance Vector
DSR Dynamic Source Routing
LBS Location Based Service
LLV Light Weight Location Verification Protocol
SDS Secure Discovery Scheme
NDLVR Neighbor Discovery Based Location VerificationProtocol
1
CHAPTER – 1
INTRODUCTION
The growth of information technology introduced various
developments in the mode of communication, where the communication
meant to share information between any two entities. This chapter presents
a detailed introduction to various communication methods and discusses
how the communication has been performed between two entities.
1.1 Introduction to Computer Networks
A computer network is the collection of computing devices
interconnected through some form of communication medium. The
communication medium helps the communicating devices to communicate
between them. The network formed by different computing devices
grouped in a different manner to enable communication between them. To
perform communication, the computing device uses various communication
protocols according to their communication medium. Using the protocol, the
source node sends the data in the form of packets towards the destination
node [B2].
The Figure 1.1 shows the simple network of nodes connected. The
kind of communication medium may be wired or wireless.
2
Figure 1.1 Simple network
In the case of wired medium, the used protocol will be Transmission
Control Protocol (TCP), whereas for the wireless connection Unified
Datagram Protocol (UDP) is used. There can be N number of nodes
present in the network and there is no limit to the number of nodes to be
present in any network. The connection and their placement of the
computing devices make different meanings. So based on their type of
placement and connection they can be classified into many cases.
1.2 Classification of Networks
The computer networks can be classified according to their topology
and connections [17,48,49]. Based on their topology they can be classified
as follows:
1.2.1 Bus Network
The bus network connects the computing devices in a serial manner.
The nodes are placed in a serial manner and each node in the network is
Source Destination
Wired Connection
Wireless Connection
3
connected with its neighboring two nodes. They generate a view like a bus.
The data sent from one node have to traverse through a number of
intermediate nodestobe delivered to the destination node. If any one of the
computing devices failed then the entire network would fail.
Figure 1.2 Sample Bus Topology
The Figure 1.2 shows the sample bus topology and shows the way
how the nodes are connected to form the bus topology.
1.2.2 Ring Network
In ring topology the nodes are connected to form the network which
represents a close circuit or a ring. In this topology each node has a
connection with two neighbors on each side. The data sent from the source
node has to traverse through the intermediate nodes in between the source
and destination. The protocol chooses the shortest route based on the
number of nodes between the source and destination.
N1 N2 N3 N4
4
Node
Node
Node
Node Node
Node
Figure 1.3 Ring Topology
1.2.3 Star Network
The star topology represents the look of a star which has leafs
connected to a center point. In this kind of topology all the nodes in the
network have connected to the central hub. Whatever the packets being
sent from the source node will pass through the central hub. The packets
received at the central hub will be delivered to the destination node.
The figure1.4 shows the network of nodes which are connected in a
star topology. Here the nodes are connected to the central hub and the
lifetime of the network is only up to the time of the central hub, if the central
hub fails then the whole network will get spoil and could not perform any
transformations.
5
Figure 1.4 Star topology
1.2.4 Mesh Network
A mesh network is the form of nodes which are connected to each
other. Whereas in other networks, it is not necessary that other nodes
should be connected to that directly. In this kind of net all the nodes are
connected to form a network and a single node has N number of
connection and each node has more than one outgoing connection in the
network.
Figure 1.5 Mesh topology
Node
Node
Node
Node
Node
Node
Node
Node
Node
Node Node
Node
6
Figure 1.5 shows the sample mesh topology, where each node in the
network has more than one connection to different neighbor nodes.
Further the network can be classified based on the topology and their
MAC address. We can classify the network according to communication
and topological behavior.
1. Wired network
2. Wireless network
3. Mobile network
4. Wireless ADHOC network (MANET)
5. Mobile ADHOC network.(MANET)
6. Vehicular ADHOC network(VANET)
1.3 Classification of Wireless Networks
Generally wireless network consists of few or more mobile nodes which
could communicate with other nodes either directly or through an access
point called base station [17, B2]. We can classify the wireless network as
follows:
7
1.3.1 Wireless Local Area Network (LAN) and Personal Area Network
(PAN)
A Wireless Local Area Network has the scenario of mobile nodes and
immovable base station, where both of them communicate through a base
station.
Figure 1.6 Wireless LAN
The personal area network has no constraint in communication and
can use any protocol to communicate with them. A usual architecture for
such joint distributed sensors is a system with wireless links so as to can
be shaped among the sensors in an ad hoc way. Networking unattended
8
sensor nodes are predictable to have an important impact on the
competence of a lot of militaries and social application such as battle field
observation, security and disaster organization. These system process data
gather from manifold sensors to watch events in an area of concentration.
For example, in a catastrophe administration setup, a large integer of
sensors can be drop by a helicopter. Networking these sensors can aid
rescue operation by locating survivors, identifying dangerous areas in
addition to manufacturing the set free crew more aware of the on the whole
location.
1.3.2 Wide Area Network and Mobile Area Network
The growth of the mobile technology and wireless communication
makes feasible for the user to access any network without the presence of
any fixed components or base stations. The MANET is running over cellular
structural design where large neighborhood to be enclosed into different
groups but shares the same base station. All the devices present in the
network communicate through the base station.
Figure 1.7 shows the collection of nodes connected in a Cellular
Network.
9
Figure 1.7 A Cellular Network
The communication between nodes in dissimilar cells is approved on
through a modus operandi called handoffs which involve communication
between the pedestal stations in the two different cells. There is a regular
growth in the cellular networks as they grow from the first generation to
third generation 3G. The most wireless streams use 2g systems. The
growth of mobile technology has forced the wireless medium to shift from
2G to 3G , because peoples use the internet for everything to watch a
movie , play games, video conferencing and etc. The 3G network makes
10
the transfer of data as faster one which is important in video conferencing
and other applications.
1.4 Introduction to Mobile Adhoc Network
The mobile ad-hoc network is a collection of wireless nodes which
has mobility behavior. The nodes of MANET are moving in a different
direction with different speed. The mobility of the nodes makes the topology
be changing in a dynamic manner. Each node in the network has a radio
with fixed transmission range. By using the radio available, the node can
communicate with the nodes within the transmission range. Similarly the
nodes come with fixed power and the node spends a certain amount of
energy to communicate with the neighboring nodes [18, B1].
Fig 1.8 A Mobile ad hoc network
11
Each node in the MANET behaves like a router, which performs the
path finding the procedure to transfer the data packets where it is not
possible in another form of wireless networks. A set of wireless nodes
forms the sensor network which consists of quite a few sensors deploy
without any fixed communications. The dissimilarity between antenna
network and in normal MANET the non-mobile station also moves. Further,
the numeral of nodes is a large amount higher than in commonplace ad
hoc network. The nodes encompass more rigorous power necessities since
they work in harsh ecological conditions. A case of a sensor system is also
a group of wireless nodes which monitors the boiler temperature of a
thermal plant. Other claim domains include armed, homeland refuge and
medical mind.
1.5 Main advantage of MANET
Here using movable nodes on the network, the reason for the
popularity of these networks will be discussed.
(a)Lower deployment costs: These types of networks could be formed
at any time anywhere without any physical communication medium
like wires and cables.
12
(b)Fast deployment: It compared to WLANs, are very measure and
easy to require less physical intrusion since here are no cables fixed
up on the network.
(c)Dynamic Configuration: Ad hoc set of connections arrangement
can change energetically with the occasion. For the lot of scenarios
such seeing that information distribution in classrooms, etc.
(d)Autonomous Terminal: In MANET, each mobile workstation is an
autonomous node, which might act as both a host and a router.
(e)Distributed operation: The nodes involved in a MANET must work
together amongst themselves, and each node acts as a depend on
as needed, to execute roles for example security and routing.
(f) Multi-hop Routing: Fundamental type of Ad-hoc direction finding
algorithms can be Single-hop and Multi- hop, based on different link
layer individuality and direction finding protocols. When distribution
data packets from a sender to its receiver out of the direct wireless
transmission range, the packets ought to be forward through one or
more intermediary nodes.
13
1.6 Applications of MANET
These types of networks (ADHOC) have a different challenging and
interesting areas where it can be applied in different ranges like from class
rooms to war fields [72].
(a)Battlefield: In a war field the strength of the defense will be added in
the form of ADHOC network, where the nodes which are capable of
sense and transmit will be deployed easily without any time. The
sense and transmit behavior of ADHOC node help to pass messages
from one troop to another to get help and to pass control messages
or to pass information about the status of the force accordingly.
(b)Rescue Operation: Whenever there is a fire accident then there is a
necessary for the ambulance and fire service people which have to
be avail in a short time. At these situations the wireless network can
be deployed in a short time frame which enables the communication
between the rescue peoples.
(c) Event Coverage: This property helps the data sharing between
similar requirements, for example in a press conference the same
data can be shared between different reporters through wireless
devices like laptops.
14
(d)Classroom: The instructor can make an ADHOC network to share
the data between students through laptops.
1.7 Issues in Mobile Adhoc Network
In a transportable ad hoc system, all the nodes help amongst each
additional two ahead the packets in the system and hence, every node is
efficiently a router. Therefore routing becomes the dominant issue which
arises in mobile ADHOC networks. These theses focus mainly on direction-
finding problems of ADHOC network [72]. We discuss other problems
which present in MANET here.
(a) Distributed network: A MANET could be gauged as a collection of
mobile nodes distributed without any fixed communication. The
distributed nature of network makes the absence of dedicated server
to co-ordinate other nodes and the information about them.
(b) Changing topology: The mobility nature of nodes makes the
topology of the network as changing one at all the time. This mobility
nature increases the necessary of adaptive routing protocol which
helps to deliver the packets on time with reduced packet loss and
increased efficiency.
15
(c) Power Factor: The mobile nodes are running with bounded battery
charge and the scarcity of power is huge which moving from the far
location towards a destination. The lifetime of the mobile nodes
depends on the battery power and has to be utilized in an efficient
way. The mobile nodes are participating in forwarding data packets
to other nodes also, in such cases the routing protocol should be a
power efficient one.
(d) Addressing scheme: The system topology keeps varying
enthusiastically and hence the addressing scheme used is quite
noteworthy. A dynamic set of relations topology entails an ever-
present addressing system, which avoids any duplicate address.
Mobile IP is currently life form used in a cellular network where a
base station handles each and every one the node address.
However, such a system doesn’t relate to ADHOC network because
of their decentralized nature.
(e) Network size: The delay present in communication protocol which
depends on the network size spoils the usage of ADHOC network in
commercial applications like conferences.
16
(f) Security: The security in mobile ADHOC network is a key issue for
the data transfer due to the un trusted nodes which are moving
around the network but participates in packet transfer and
forwarding.
1.8 Routing in Mobile Adhoc Network
As the nodes of mobile adhoc network moves across the network, the
topology changes in dynamic manner. To forward a data packet from
source node to the destination node, they use the source routing [5]. The
source node discovers the list of routes available in the network and from
discovered route, the node selects a single route based on certain
constraints. The packet has been forwarded through the selected route.
The intermediate nodes presents in the route also performs the same to
deliver the packet to the destination. Also the nodes involve in cooperative
transmission to deliver the packet to the destination. The routing process
has the following stages namely:
Neighbor Discovery
The neighbor discovery is the process of identifying the neighbors
around any node. Initially each node sends the neighbor discovery request.
The request will be received by the nodes which are located within the
17
transmission range. Upon receiving the request, the neighbor nodes within
the range will reply to the request. Based on collected reply, the source
node adds the neighbor details. The neighbors are the first hop and one
among them will be selected to forward the data packet towards the
destination [59,60,65,69].
Route discovery
The route discovery is the process of identifying the list of routes
between the source and destination. The source node would generate a
route request and forward to its neighbors. The same packet will be
forwarded to all the nodes of the network. The nodes which have the route
will generate a reply otherwise that also forward the packet to its neighbors.
By collecting the route reply from the neighbors the source node will get
route information. From available routes, the source node will select a
single route to forward the data packet [72].
Packet Forwarding
Once an optimal route has been identified then the node forward the
data packet to its neighbor which will in turn performs the route selection to
forward the data packet to its destination. Similarly the data packet will be
forwarded to the intermediate nodes and reaches the destination.
18
Figure 1.9 Sample Mobile Adhoc Network
The Figure 1.9 shows the sample mobile ad-hoc network considered
and each node has a connection to their neighbor nodes. The node has a
connection to its neighbor only if it is located within the transmission range.
1-4-7-11-14-17-19 1-4-7-11-15-17-19 1-2-6-10-13-17-19
1-5-7-11-14-17-19 1-5-7-11-15-17-19 1-2-3-9-12-16-19
1-4-7-11-14-18-19 1-4-7-11-15-18-19 1-4-6-10-13-17-19
1-5-7-11-14-18-19 1-5-7-11-15-18-19
1-5-8-11-14-17-19 1-5-8-11-15-17-19
1-5-8-11-14-18-19 1-5-8-11-15-18-19
Table 1.1 List of routes between node 1 and node 19
2
4
6
1
5
7
3
9
10
11
12
13
8
14
15
16
17
18
19
19
Table 1.1 shows the list of nodes available in the topology, between
the nodes 1 and 19. Similarly, there may be a N+1 number of routes
present in between any two nodes of the network. From the routes
presented in Table 1.1, the routes between the node 1 and node 19 have a
number of hops.
According to the Table 1.1, the source node selects an optimal route
to reach the destination. The packet will be forwarded in the selected route
and the intermediate node performs the same operation to deliver the
packet to the destination.
1.8.1 Routing Factors in MANET
There are many routing protocols has been available to improve the
performance of mobile ad-hoc networks. However each protocol uses
different approaches and factors in selecting a route[48,72]
Node Energy
The energy is the most dominating parameter which affects the
lifetime of the network. The route selection has been performed by
considering the energy of nodes located in the transmission path. The
energy efficient routing protocols consider the node energy and their
depletion ratio to perform route selection.
20
Location
The location of mobile node has more influence in the data
forwarding and routing. The location of the nodes are changing at each
fraction and in order to select a node for data forwarding, the node has to
perform the route selection based on node location.
Mobility Speed
The mobility speed of the node is the most important factor in MANET
routing. The route selection algorithm must consider the mobility speed of
the nodes before selecting the node.
1.9 Security Issues in MANET
There is very limited corporeal security in MANET. Two types of
attack can be an Active attack or Passive attacks [76]. The common
sanctuary issues are Passive attacks that include eavesdrop and in
sequence revelation. Active attacks include are refutation of service, Data
change by viruses, Trojans, and worms. There are other un-mistakable
problems with mobile ad hoc network such as the susceptibility of channel
and nodes, complex black hole, Byzantine, and Wormhole attack
occurrence [97].
21
The safety issue also contains occurrences that may inject flawed
routing information and divert network traffic thus manufactures routing
inefficient. There are many methods to reduce the impact of these attacks,
which include a secure direction finding using public and private keys to get
a documentation authority and use of digital signature and prior trust
associations.
Secure informal network routing protocols are difficult to design, due
to these normally extremely dynamic nature of an ad hoc network and
opposite to the need to operate successfully with too little income, counting
network bandwidth and the CPU dispensation capacity, memory, and
battery power of each entity node in the network.Existing self-doubting ad-
hoc network routing protocol are frequently tremendously optimized to
extend new routing in sequence rapidly as situation change, requiring
quicker and repeatedly more common routing protocol boundary between
nodes than is thespokesperson in a traditional network.
Expensive and difficult security mechanism can delay or thwart such
associations of routing in sequence, foremost to shortened routing
efficiency, and may drink unnecessary complex or node resources, leading
to amuch new opportunity for feasible Denial of Service attacks from end to
end the routing protocols.
22
Security Issues
Security in MANET is a most important issue as to provide secure
communication between the nodes in the infrastructure less setting [24,B1].
Availability
Accessibility means the assets are accessible to certified parties at
appropriate times. Accessibility applies both to data and to services.
Confidentiality
In sequence, access is possible only for the authorized node. (i.e.,)
discretion will be maintained in access messages by the way of provided
that privileges to authorized nodes.
Integrity
Veracity means that assets can be modified only by authorized
parties or only in the unauthorized way. The modification includes writing,
altering status, deleting and creating.
Authentication
Substantiation is essentially an assurance that participants in
communication are authentic and not impersonators. Authenticity is
23
ensured because only the rightful sender can produce a message that will
decrypt properly with the shared key.
Non-repudiation
Non-repudiation ensures that sender and recipient of a message
cannot disown that they have ever sent or established such a
message.This is helpful when we need to distinguish if a node with some
undesired function is compromised or not.
Anonymity
Anonymity means all in a sequence that can be used to classify
owner or current user of the node should non-attendance be kept private
and not be disseminated by node itself or the system software.
Authorization
This property assigns dissimilar access civil rights to different types of
users. For example, thenetwork administrator can perform a complex
management only.
Security Attack
An accessible routing protocol is in ad hoc networks a lot of security
attacks [43]. The attacks can be classified in different ways. One way is to
24
divide attacks into four categories according to where the attacker deploys
the attack in the flow of in sequence from a source to a target shown in
Figure 1.3.
Interruption
An advantage of the system is demolished or become unavailable or
not viable. This is an attack on availability. Examples include noiselessly
discarding manage or data packets.
Interception
An isnot permitted node gains access to an asset of the network. This
is an attack on confidentiality. Examples include eavesdrop control or data
packets in the networks.
Modification
Unconstitutional nodes not only gains access to but also tamper with
an asset. This is an attack on truthfulness. Examples include modifying
control or data packets.
Fabrication
Thisisnot permitted node inserts bogus objects into the organization.
This is an attack on validity. Examples include inserting false direction
25
finding messages into the network or impersonate another node. These
attacks can be classified into two major categories, namely passive attacks
and active attacks.Figure1.10 shows the list of security threats affected by
the network nodes.
Figure 1.10 Security Threats
1.9.1 Passive Attacks
An attack an assailant does not actively contribute to bringing the
network down. The attackers typically involved in not permitted listen to
routing packets. An aggressor just eavesdrops on the network traffic as to
determine which nodes are trying to establish routes to which other nodes,
InformationSource
Informationdestination
Normal Flow
Interruption
Interception
Modification Fabricationn
26
which nodes are the center of the system and so on. A major advantage for
the aggressor is that passive attacks are usually impracticable to detect
and hence makes defensive against such attacks tremendously difficult.
Further, direction finding information can reveal dealings between nodes or
divulge their speeches. If a way to a particular node is appeal more often
than to other nodes, the attacker might expect that the node is important for
the functioning of the network, and disable it could bring the complete
network down. Such attacks can be prevented mostly by applying the
cryptoFigureic technique on messages, to protect the message contents
from being open to the elements to the attacker [24,43,B1]. Three types of
passive attacks are Free of message filling, Traffic analysis, and Message
dropping.
The release of message contents: The hateful node may leak hush-hush
in sequence to illegal users in the network, such as routing or location in
the sequence. We would like to prevent the enemy from learning the
contents of the sensitive data.
The traffic analysis: Suppose that we use encryption to mask the contents
of mail, the enemies might still be able to observe the outline of the mail
and determine the place and uniqueness of communication hosts.
27
The message is dropping: To discard the message carried on by an
intermediate host.
It is hard to differentiate passive attacks in ad hoc networks since
passive attacks do not involve any modification of contents of the mail.
Message loss can occur because of a topology change or undependable
wireless media. However, it is practicable to prevent the success of these
attacks. Thus, the importance of dealing with passive attacks should be put
more on deterrence rather than detection.
1.9.2 Active Attacks
An active attack involves in sequence intermission, adjustment of the
message contents, or formation of the false message, there by trouble to
make the normal functionality of ad hoc networks. Further, active attacks
can be due to an outside attacker(s) and an interior attacker(s). Outside
attackers are illegal nodes without a shared cryptography key in the
network. Inner attackers are authorized but compromised nodes and are
more dangerous and hard to detect as they are in the system and own the
necessary cryptography keys [24,43,B1]. Active attacks can be classified
into Packet dropping, Modification, Production, and other Assorted attacks.
28
1.9.3 Packet Dropping
Malevolent nodes may ensure that certain messages are not
transmitted by simply forwarding few packets and dipping the remaining
one. By dipping packets, an attacker succeeds in troublemaking the
network process. Such naughtiness can be hard to detect as valid nodes
may, from time to time, drop packets due to jamming/collision. Depending
on the strategy of plummeting packets, there are two types of attacks.
1.9.4 Black holes
The attacker injects threadbare steering packets to attract traffic [84].
The attacker intercepts or drops control as well as a data packet to deny
services to genuine nodes. This attack can be prohibited by establishing
routes free of such nodes or by removing them from existing routes.
1.9.5 Gray holes
The assailant drops data packet but not control packets. This attack
is not easy to detect. An immoral mode action within the routing etiquette is
required to detect such an attack [76].
29
Modification
Most routing protocols guess that nodes do not alter fields of the
protocol messages. The protocol messages, or organizes packets, carry
significant routing information that governs the behavior of their
transmission. Since the level of trust in a conventional ad-hoc network
cannot be calculated or enforced, hateful nodes may partake directly in the
route discovery and may intercept and disrupt communiqué. They can
easily cause redirection of network traffic and rejection of service attack by
simply altering field in protocol messages.
Masquerade
A deception takes place when one node pretends to be a different
node. It is usually, joint with other lively attacks by the adversary to deploy
safety attacks. For example, a malicious node may take off another node
while transfer the control packets to create an unwelcome update in the
routing table.
Replay
It involves the passive detail of a valid message and retransmission
to create a not permitted effect.
30
Modification of message
That is some part of an innovative communication has altered, or that
note has delayed, reordered to produce an illegal effect.
Modification route sequence number
A spiteful node uses the steering protocol to advertise itself as having
the shortest path to end whose packets it wants to catch. Typically, routing
protocol maintains routes using monotonically growing sequence numbers
for each end. A hateful node may divert traffic from end to end itself by
promotion a route to a node with a destination progression number greater
than the bona fide value.
Modification hop count
In some protocols such as AODV, the route length is representing in
the message by a hop count field. A malevolent node can succeed in
diverting all the traffic to a particular purpose through itself by publicity the
shortest route (with a very low hop count) to that destination.
1.9.6 Denial of Service (DoS)
Prevents the regular use of communication facilities. In ad hoc
system direction finding, DoS attacks can be classified into two categories
31
(i) DoS attack on routing traffic and (ii) DoS attack on data traffic. An
attacker can launch DoS attacks against a network by disseminating false
direction finding information so that recognized routes for data traffic
transmission are invalid [26,77]. For example, an aggressor can create a
routing loop, causing packets to travel nodes in a cycle without
accomplishment their destination, or divide the network by injecting
malicious routing packets to stop one set of nodes from attainment others.
An attacker container also presentation DoS occurrences on data
transfer by ejecting an important amount of data traffic into the network to
clog the network. Both of these two types of attacks strength are used to
consume valuable network income such as bandwidth, or to consume node
resources such as memory or totaling power, manufacture of messages
means false direction finding messages. Such attacks are difficult to detect.
These types of attacks are listing below.
1.9.7 Falsifying route error messages
AODV and DSR have measures to switch broken routes when
element nodes move or fail. If the purpose node or an in-between node
along an active path moves or fail, the node, which precedes the broken
link, broadcast a route error communication to all active neighbors’ which
32
precede the out of order link. The nodes then invalidate the route for this
destination in their routing tables. A malicious node can succeed in the
introduction a refutation of repair attack against a caring node by
distribution false route error correspondence alongside this benign node
[26,77].
1.9.8 Route cache poisoning
In DSR, a swelling can learn direction findingsequence by overhead
broadcast on routes of which it is not a part. The lumps then add this in
series to its hoard. An attacker can easily develop this technique of
teaching and fatal route caches. If a hateful node, M, needs to launch a
denial of service attack on node X, it can simply transmit a spoofed packet
with source route to X via itself. Any neighboring nodes that eaves-drop the
package show may add the route to their route store.
1.9.9 Routing table overflow attack
A malevolent node may attempt to overcome the protocol by initiate
route discovery to missing nodes. The logic behind this is to create so
many routes that no additional routes could be created as the direction
finding tables of nodes are already overflowing.
33
1.9.10 Other Advanced Attacks
Wormhole attacks
In a wormhole attack [25,27], two attacker nodes collide jointly. One
attacker node receives packets at one point and “tunnels" them to another
attacker node via a confidential network association, and then replay them
into the system. The wormhole sets the enemy nodes popular a very
authoritative position compared to other nodes in the complex. For instance
in reactive (on-demand) routing protocols such as AODV or DSR, the
attackers can tunnel each route request RREQ packets to another
assailant that is near to destination node of the RREQ. When the
neighbors’ of the destination hear this RREQ, they will rebroadcast this
RREQ and then discard all other received RREQs in the same route
detection process.
This type of attack prevents other routes as an alternative of the
wormhole from being naked, and thus creates an enduring Denial-of-
Service attack by plummeting all the data, or selectively removal or
modifies certain packets as needed. The wormhole attack is very
hazardous against ad hoc networking routing protocol and is harder to
detect than other attacks since there is complicity between attackers. This
34
kind of attack does not require the attacker to have any information on
cryptography keys. Using packet leashes can prevent these attacks.
Sybil attack
In the Sybil attack, an opponent presents manifold identity to other
nodes in the network. This attack disrupts routing protocol by causing
nodes to appear to be “in more than one place at once" [43]. This reduces
the diversity of routes available in the network. It also diminishes the
efficiency of fault tolerant schemes such as disseminated storage, disparity,
multi-path routing, and topology maintenance, etc.
Position spoofing attacks
Apart from the usual attacks on direction-finding protocols, position
based protocol faces a new attack, viz., the position spoofing attack. In the
position spoofing attack, a malicious node aims to disrupt the normal
functioning of greedy forwarding by fabricating its position in sequence in
favor of itself. A self-centered node may declare a selected position (e.g.,
away from the destinations’ position) to stay away from forwarding data
packets [43].
35
Byzantine attack
A compromised in between node works alone, or a set of
compromise middle nodes works in collusion and carry out attacks such as
creating routing loops, forwarding packets from side to side non-optimal
paths, or selectively dropping packets, which results in commotion or
degradation of the direction-finding services [43].
Rushing attack
Two colluded attackers use the tunnel process to form a wormhole. If
a fast program path (e.g. a dedicated channel shared by attackers) exists
between the two ends of the wormhole, the tunnel packets can broadcast
faster than those through a normal multi-hop route can. This forms the
rushing attack. The stepping up attack can act as an effective denial of
service [43].
1.10 Introduction to False Location Attacks
Other than the attacks discussed earlier, the nodes of mobile ad-hoc
network involve in another kind of attack called false location attacks.
Whenever the routing protocol performs route selection based on the
location of mobile nodes, there is the higher feasibility of performing
location specific attacks. To perform route selection, the source node
36
discovers the nodes and their locations. When a malicious node is there in
the network, the node tries to participate in routing. The source node sends
a neighbor request to discover the neighbors around it.
The malicious node may be located somewhere in the network and
has higher transmission range to receive the packets from all the nodes. By
receiving the request, it will generate the reply with the false location so
that the source node would come to the conclusion that the malicious node
is the best first hop. By identifying the malicious node as the best first hop
to transfer the data packet, the source node will transfer the packet to the
malicious node. By diverting the data towards the malicious node, it can
perform many attacks including modification, eaves dropping and so on.
Figure 1.11 Example scenario of false location
2
4
6
1
5
7
3
9
10
11
12
13
8
14
15
16
17
18
19
6
6
6
6
6
6
6
6
37
The Figure 1.11 shows the example scenario of false location attack
where the Node 6, specifies the false location to the node 1 and to the rest
of the nodes also. In the Figure 1.11 the Node 6, replies to all the nodes
that it is the first neighbor and has a route to reach the destination. By
specifying the false location, the malicious node diverts the entire traffic
through the malicious node and involves in different attacks.
1.11 Approaches in Handling False Location Attacks
The false location attacks can be handled by various approaches.
The source node collects the location information of the neighbor nodes.
Neighbor Verification
The nodes location has been verified by communicating with the
other neighbors. The node identifies the location of particular node by
communicating with the other node for the presence in their neighbor list.
Each node maintains the list of neighbor nodes and a node comes in the
list only when it is located within the transmission range. The source node
gathers the list of neighbors from each neighbor and from the list the
source node verifies the trustworthy of the concerned node. In this case,
when a malicious node present in the neighbor list of a different node or all
38
the nodes neighbor list, it can be concluded that it has given fake
information. By verifying this way the malformed location can be identified.
Base Station through Verification
Each base station maintains a list of nodes which enters into its
coverage range. Also the station may maintain the direction, speed. So that
the source node may send a single request to the base station to verify the
node detail and the base station performs an approximation based on the
location details. Based on the results the location of the node could be
verified.
Still there are a number of approaches can be used to verify the
location of the neighbor nodes in such a way to improve the security of
mobile ad-hoc networks. The thesis is focused on improving the mobile ad-
hoc network security by designing different location verification protocols.
1.12 Objective
1. To perform the rate controlling and scheduling in an effective manner to
improve the performance of the Mobile Adhoc Network.
2. To select the forwarding node based on geometric details of nodes and
spatial information including the location of the node.
39
3. To perform location verification that minimizes the network overhead,
latency or time complexity of the network
4. To design an efficient location verification protocol that increases
throughput rate by removing the frequency of attacks.
5. To design the location verification protocol that has to reduce the
sinkhole attack.
.
40
CHAPTER-2
LITERATURE SURVEY
This section presents the detailed review of the methods
discussed earlier for the problem of network threats and secure neighbor
discovery approaches. A number of methods has been discussed for the
problem of neighbor discovery and this section discusses the general
approaches for handling threats.
The aims of Ad hoc networks and particularly MANET have in recent
years not only seen widespread use in commercial and domestic
application areas but have also become the focus of intensive research.
Applications of MANET’s range from simple wireless home and office
networking to sensor networks and similarly constrained tactical network
environments. Security aspects play an important role in almost all of
these application scenarios gave the vulnerabilities inherent in wireless ad
hoc networking from the very fact that radio communication takes place
(e.g. in tactical applications) to routing, man-in-the-middle and elaborate
data injection attacks.
An ad hoc routing protocol is a convention, or standard, that controls
how nodes decide which way to route packets between computing devices
41
in a mobile ad-hoc system. In ad hoc nets, nodes do not jump out
acquainted with the topology of their networks; in its place, they have to
determine it. The straightforward impression is that a novel node may
proclaim its occurrence and should listen for statements broadcast by its
neighbors.Each node acquires about nodes close and how to spread them,
and may broadcast that it, too, can spread them. Note that in a wider
sense, the ad-hoc protocol can also be used literally, that is, to mean an
improvised and often impromptu protocol established for a specific
purpose.
J. P. Anderson(1972) proposed Computer Security Technology Planning
Study. The author pointed out the computer Intrusion Detection (ID)
problem in 1972. Then he proposed the concept of IDS in 1980 [2] which
was one of the earliest works on ID.
D. E. Denning(1987) proposed an intrusion-detection model. The author
describes a model for a real-time intrusion-detection expert system that
aims to detect a wide range of security violations ranging from attempted
break-ins by outsiders to system penetrations and abuses by insiders. The
perfect is autonomous of any precise system, request situation, system
42
susceptibility, or type of interruption, thereby as long as anoutline for a
general-purpose intrusion-detection skillful system.
L. T. Heberlein, et.al(1990) proposed a network security monitor. The
objective of the study was to formalize various possible network attacks.
The straightforward plan is to develop profiles of usage of network
possessions and then associate current usage patterns with the past profile
to determine possible security defilements. Thus, the work is comparable to
the host-based intrusion-detection systems. Different from such
organizations, however, is the use of a graded model to refine the
concentration of the intrusion-detection mechanism. The authors also
report on the expansion of an experimental LAN monitor currently under
implementation.
J. Kim, et.al(1999) proposed the artificial immune model for network
intrusion detection. This paper investigated the existing network-based
IDS’s. And also describes the novel artificial immune model. This model
combines the three evolutionary stages: gene library evolution, negative
selection and clonal selection into a single methodology. These three
43
processes are co-ordinated across a network to satisfy the three goals for
designing effective IDS's: being distributed, self-organising and lightweight.
L. N. De Castro, et.al(2000) suggested the clonal selection algorithm with
engineering applications. The clonal selection mechanism is used by the
natural immune system to define the basic features of an immune response
to an antigenic stimulus. The algorithm was verified to be capable of
performing learning and maintenance of high-quality memory and, it was
also capable of solving complex problems, like multi-modal and
combinatorial optimization. The algorithm introduced constitutes a crude
version of the clonal selection principle.
J. Kim(2001) proposed towards an artificial immune system for network
intrusion detection: an investigation of clonal selection with a negative
selection operator. The aim of the paper was to describe research towards
the use of an artificial immune system (AIS) for network intrusion detection.
The author focused on one significant component of a complete AIS, static
clonal selection with a negative selection operator, describing this system
in detail. Kim and Bentley used a static CSA with NS operator as one
component of the AIS for Network ID (NID).
44
Dipankar Dasgupta, et.al(2002) proposed an immunity-based technique
to characterize intrusions in computer networks. The author investigated
an immuno-computing technique to evolve novel pattern detectors in the
complement pattern space to identify any changes in the normal behavior
of monitored behavior patterns. This technique (NC) is used to characterize
and identify different intrusive activities by monitoring network traffic, and
compared with another approach.
D. Dasgupta, et.al(2002) proposed anomaly detection in multidimensional
data using negative selection algorithm. The objective of the study was to
improve the performance. By changing the encoding from binary to Gray
code, the performance can be improved. The aim is that systematizations
of two consecutive statistics have small Pretense distance. And this
method still goes to the binary encoding.
Mirkovic.J, et.al(2002) proposed attacking DDoS at the source. The
author proposed D-WARD, a DDoS protection scheme organized at
source-end networks that separately notices and stops occurrences
creating from these networks. Attacks are noticed by the continuous
intensive care of two-way traffic flows between the network and the rest of
45
the Internet and episodic comparison with standard flow models.
Mismatching movements are rate-limited in anamount to their violence.
Dean. D, et.al(2002) proposed an algebraic approach to IP trace back.
They have presented a new algebraic approach to providing trace back
information in IP packets. This approach is based on mathematical
techniques that were first developed for problems related to error-correcting
codes and machine learning. The scheme has improved robustness over
previous combinatorial approaches, both for noise limitation and multiple-
path reconstruction. An- another key advantage of this schemes is that they
will automatically benefit from any improvement in the underlying
mathematical techniques.
U. Aickelin, et.al(2003) proposed the Danger theory: the link between AIS
and IDS. The aim was to solve the classical self- non self view point in
Artificial Immune Systems based Intrusion Detection System, and replace it
with ideas from the Danger Theory. This mechanism has the advantage of
detecting rapidly spreading viruses or canning intrusions at an early stage.
46
Feinstein. L, et.al(2003) proposed Statistical approaches to DDoS attack
detection and response. The initial goal was to provide an effective defense
against existing DDoS tools. This prototype detector is able to determine
that the network is under attack and deploy accurate filtering rules. The
filtering effort is immediate and reduces the impact of the attack
downstream almost instantly. Because baseline measurements and
thresholds can be established automatically, and because detectors can
generate filtering rules automatically based on the traffic statistics they
gather, the system is adaptable to a wide range of network environments
with minimal manual tuning.
Weichao Wang, et.al(2004) proposed Visualization of wormholes in
sensor networks. The author proposed a mechanism, MDS-VOW, to detect
wormholes in a sensor network. MDS-VOW first reconstructs the layout of
the sensors using multidimensional climbing. To compensate the
misrepresentations caused by distance dimension errors, a surface
flattening scheme is adopted. MDS-VOW then detects the wormhole by
imagining the anomalies presented by the attack. The irregularities, which
are produced by the fake influences through the wormhole, bend the
recreated surface to pull the instruments that are faraway to each other.
47
The charities of MDS-VOW are:(1) it does not necessitate the sensors to
be fortified with special hardware, (2) it adopts and syndicates the
techniques from communal science, processer graphics, and scientific
visualization to bout the problematic in network security.
Christos.D, et.al(2004) proposed DDoS attacks and defense mechanisms:
classification and state-of-the-art. This paper presents a structural
approach to the DDoS problem by developing a classification of DDoS
attacks and DDoS defense mechanisms. The important features of each
attack and defense system category are described and advantages and
disadvantages of each proposed scheme are outlined. The goal of the
paper is to place some order into the existing attack and defense
mechanisms, so that a better understanding of DDoS assaults can remain
achieved and then more effectual and effective procedures, methods and
events to battle these assaults may be advanced.
Z.Ji, et.al(2004) proposed real-valued negative selection algorithm with
variable-sized detectors. In this paper, the author investigated dissimilar
AIS philosophies and showed how to syndicate different ideas to resolve
48
problems of network security area. An Intrusion Detection System (IDS)
that smear those ideas was built and verified in a real-time setting to test
the pros then cons of Artificial Immune System (AIS) and clarify its
applicability. Also particular investigation on the vaccination living process
is familiarized. A special component was built to perform this development
and check its procedure and how it possibly will be formulated in false life.
T. Li(2005) proposed an immune-based dynamic intrusion detection mode.
A new immune-based dynamic intrusion detection model (Idid) was
proposed. In Idid, the dynamic models and the corresponding recursive
equations of the lifecycle of mature lymphocytes, and the immune memory
are built. The difficult of the dynamic account of self and nonself in
processer immune systems is solved, and the flaw of the low competence
of established lymphocyte generating in outdated computer resistant
systems is overwhelmed.
1609.2-2006:IEEE Trial-Use Normal for Wireless Admission in Vehicular
Environments - Security Services for Applications and Management
Messages. It uses protected communication formats, and the dispensation
of those secure mails, within the DSRC/WAVE scheme are defined. The
49
normal covers methods for securing WAVE organization messages and
submission messages, with the omission of vehicle-originating safety
communications. It also describes administrative occupations necessary to
provision the core safety functions.
A.Vora et.al(2006) proposed Secure Location Verification Using Radio
Broadcast. The author proposed a solution that leverages the broadcast
nature of the radio signal emitted by the prover and the distributed topology
of the network. The idea is to separate the functions of the sensors. Some
sensors are placed such that they receive the signal from the prover if it is
inside the protected area. The others are positioned so that they can only
receive the signal from the prover outside the area. Hence, the latter
sensors reject the prover if they hear its signal. This solution is versatile
and it deals with provers using either omnidirectional or directional
propagation of radio signals without requiring any special hardware besides
a radio transceiver. Also estimated the bounds on the number of sensors
required to protect the areas of various shapes and extend our solution to
handle complex radio signal propagation, optimize sensor placement, and
operate without precise topology information
50
T. Lin muEller et.al (2006) proposed Improved Security in Geographic Ad
Hoc Routing through Autonomous Position Verification. The author
proposed an NPV protocol that consents nodes to authorize the position of
their nationals through local comments only. This is done by checking
whether following positions announced by one national draw a drive over
time that is bodily possible.
J. Kim(2007), Immune system approaches to intrusion detection—a
review. The objective of this review paper is to provide an overview of
intrusion detection system for Artificial Immune Systems researchers to
identify suitable intrusion detection research problems, and to provide
information for IDS researchers about current AIS solutions. The author
hassummarized six immune features that are desirable in an effective IDS:
distributed, multi-layered, self-organised, lightweight, diverse and
disposable. In addition, they have provided a comprehensive phylogeny of
artificial immune algorithms.
J. Hwang et.al(2007) proposed Detecting Phantom Nodes in Wireless
Sensor Networks. The author proposed a safe localization device that
detects the being of these nodes, termed as ghost nodes, without relying
51
on some trusted entities, an approach meaningfully different from the
current ones. The future mechanism enjoys a set of nice topographies.
First, it prepares not have any dominant point of attack. All protuberances
play the character of theverifier, by producing alocal map, i.e. a view
created based on ranging material from its nationals. Second, this
distributed and limited construction consequences in quite durable results:
even when a number of phantom knobs is greater than that of honest
protuberances, they can strainer out greatest phantom nodes.
P. Papadimitratos, et.al(2008) proposed Secure Neighborhood Discovery
: A Fundamental Element for Mobile Ad Hoc Networks. They traveled the
numerous attacks conceivable in the corporeal and message medium of
the mobile ad-hoc networks. They confidential the neighbor unearthing as
physical and communication national discovery. Protocols are targeting at
announcement ND, which is founded on physical ND procedures, often
nosedive to achieve their objective. This is since these two types of
detection are not corresponding. At the same time, procedures for
message ND do not fully speech the problematic at hand. They are active
only under very specific operative conditions or they do not ensure
perfection in all cases.
52
E. Ekici, et.al(2008) proposed Secure Probabilistic Location Verification in
Randomly Deployed Wireless Sensor Networks. The planned Probabilistic
Location Verification (PLV) procedure leverages the probabilistic
requirement of a number of hops a broadcast pack traverses to reach a
terminus and the Euclidean distance amid the foundation and the terminus.
A few verifier nodes is secondhand to regulate the trustworthiness of the
demanded location, which is signified by a real amount between zero and
one. Using the intended credibility metric, it is conceivable to create a
random number of faith levels in the location claimed. Simulation
educations verify that the proposed answer provides ahigh presentation in
theface of numerous categories of attacks.
M. Poturalski, et.al(2008) proposed Secure Neighbor Discovery in
Wireless Networks: Formal Investigation of Possibility. The goal of the
education was to donate such an analysis: Build a formal model capturing
salient characteristics of wireless systems, most notably obstacles and
interference, and provide a specification of a basic variant of the Neighbor
Discovery problem. Then, the author derived an impossibility result for a
general class of protocols, term time-based protocols, to which many of the
schemes in the literature belong. Also identify the conditions under which
53
the impossibility result is lifted. Moreover, they explored the second class of
protocols, term time-based and location-based protocols and proved they
can secure Neighbor Discovery.
S. X. Wu et.al(2010) proposed the use of computational intelligence in
intrusion detection systems: a review. The objective was to provide an
overview of the research progress in applying CI methods to the problem of
intrusion detection. The scope of this review will encompass core methods
of CI, including artificial neural networks, fuzzy systems, evolutionary
computation, artificial immune systems, swarm intelligence, and soft
computing. The investigation donations in each field are methodically
potted and compared, allowing us to clearly define existing research
challenges, and to highlight promising new research directions. The
findings of this review should provide useful insights into the current IDS
literature and be a good source for anyone who is interested in the
application of CI approaches to IDSs or related fields.
Medina.A., et.al(2010) proposed a performance model of neighbor
discovery in proactive routing protocols This paper delivers a detailed
perfect of key performance metrics of neighbor detection algorithms, such
54
as node gradation and the delivery of the coldness to symmetric nationals.
The model books for the dynamics of national discovery as glowing as
node density, suppleness, radio and interference. The paper validates a
method for smearing these models to the assessment of global system
metrics. In particular, it designates a model of network connectivity.
Validation of the models demonstrations that the degree approximation
agrees, within 5% error, through simulations for the measured scenarios.
The work accessible in this paper attends as a basis for the presentation
evaluation of outstanding performance metrics of routing protocols, vital for
great scale placement of ad-hoc networks.
G. Calandriello, et.al(2011) proposed on the Performance of Secure
Vehicular Communication Systems. The aim is to provide security,
safeguard users', and security architectures for VC systems. The author
investigated the joint effect of a set of system parameters and components.
The authors consider the state-of-the-art approach in secure VC, and
evaluate analytically and through simulations the interdependencies among
components and system characteristics. Overall, they identify key design
choices for the deployment of efficient, effective, and secure VC systems.
55
T.S.Sobh et.al(2011) proposed a cooperative immunological approach for
detecting network anomaly. A cooperative immunological approach for
detecting network anomaly presented set of self as a binary vector for the
communication triple (source, destination IP and Port, and protocol).The
author investigated dissimilar AIS models and showed how to syndicate
different thoughts to solve glitches of network security area. An Intrusion
Detection System (IDS) that put on those ideas was constructed and
verified in a real-time situation to test the pros and cons of Artificial Immune
System (AIS) and illuminate its applicability. Also some examination on the
vaccination natural process is familiarized. A special module was
constructed to perform this procedure and check its practice and how it
could be expressed in artificial life.
M. Fiore, et.al(2011) proposed Secure Neighbor Position Discovery in
Vehicular Networks The aim was to address the essential by suggesting a
frivolous distributed etiquette that trusts lone on information conversation
among nationals, deprived of any need of a prior trustworthy nodes. They
present a detailed security analysis of this protocol in the presence of one
or multiple adversaries, and evaluate its performance in a realistic vehicular
environment. They proposed a lightweight, distributed scheme for securely
56
discovering the position of communication neighbors in vehicular ad hoc
networks. Our solution does not require the use of apriori trustworthy
nodes, but it leverages the information exchange between neighbors.
Analysis showed the scheme to be very effective in identifying adversarial
nodes.
Xu Li, et.al(2011) proposed a novel mobility prediction based “hello”
protocol, named ARHP (Auto Regressive Hello protocol). The objective of
the study was to address the problem of neighborhood discovery in
MANET. Each node predicts its neighbors mobility and position by
autoregressive (AR) modeling, based on historical location reports; it also
predicts its own mobility and position using position samples. The node
updates its location among neighbors only when the predicted location is
too different from the true location. Each location update corresponds to a
‘hello’ message transmission. Simulation results indicate that ARH
achieves as high neighborhood discovery performance.
Haldar N.A(2012) proposed an activity pattern based wireless intrusion
detection system information technology, information technology: New
Generations (ITNG). The objective was to contemporary an intrusion
57
detection system which exploits pattern gratitude techniques to classical
the usage decorations of authentic users and uses it to detect impositions
in wireless grids. The key idea behind the planned intrusion detection
organization is the documentation of discriminative topographies from
users movement data and use them to identify interruptions in wireless
networks. The uncovering module uses PCA technique to accumulate
attentive statistical variables and associates them with the brinks derived
from users happenings data. When the variables surpass the estimated
verges, an alarm is elevated to alert about a conceivable interruption in the
network. The novelty of the future scheme dishonesties in its light-weight
design which requires less meting out and memory resources and it can be
used in thereal-time environment.
Francois.J et.al(2012) proposed a collaborative protection network for the
detection of flooding DDoS attacks. They addressed the problem of DDoS
attacks and presented the theoretical foundation, architecture, and
algorithms of FireCol. The core of FireCol is composed of interruption
prevention systems (IPSs) positioned at the Internet service providers
(ISPs) equal. The IPSs form virtual defense rings everywhere the hosts to
defend and collaborate by exchanging selected traffic information. The
58
evaluation of FireCol using extensive simulations and a real dataset is
presented, showing FireCol effectiveness and low overhead, as well as its
support for incremental deployment in real networks.
Radu Stoleru et.al(2012) proposed a Mobile Secure Neighbour Discovery
(MSND) protocol, which offers a measure of protection against wormholes
by allowing participating mobile nodes to securely determine if they are
neighbours, and a wormhole localization protocol, which allows nodes that
detected the presence of a wormhole to determine wormhole’s location.
The MSND protocol is based on the intuition that when nodes range while
moving, the length of the next range is related to the distance traveled
between consecutive ranges. Since the wormhole is unable to know the
distance traveled by each node, it is not able to influence ranging
operations in a way that causes a consistent set of ranges to be built.
Graph rigidity is key to this intuition. MSND influences graph inflexibility to
aid in the confirmation of system neighbors.
Seon Yeong Han(2013) proposed an Adaptive Hello Messaging Scheme
for Neighbor Discovery in On-Demand MANET Routing Protocols. The
objective of the research was to maintain link connectivity. The writers
59
current an adaptive Hello messaging arrangement to overwhelm needless
Hello messages without reduced detectability of the fragmented relatives.
The result shows that the proposed scheme reduces energy consumption
and network overhead without any explicit difference in throughput. When
the node distribution is very sparse, packet delivery ratio and the average
end-to-end delay give some negative effect.
Priyadarshani.K(2013) proposed Dynamic Neighbor Positioning In
MANET with Protection against Adversarial Attacks. The objective of this
study was identifying neighbor positions without prior information. The
distributed neighbor position verification scheme eventually provides
security from malicious nodes. The protocol is robust to adversarial attacks.
This protocol will also update the position of the nodes in an active
environment.
Marco Fiore, et.al(2013) suggested Discovery and Verification of
Neighbour Positions in Mobile Ad Hoc Networks. The author proposed a
fully distributed cooperative solution that is robust against independent and
colluding adversaries, and can be impaired only by an overwhelming
presence of adversaries. Results show that the proposed protocol can
60
thwart more than 99% of the attacks under possible conditions for the
adversaries, with minimal false positive rates. All process should proceed
by network nodes only.
Thilagavathy.S (2013) proposed Neighbor node discovery and Trust
prediction in MANET the proposed system, the author integrate the trust-
based security system to the neighbor discovery process, in order to
identify the hateful and selfishly acting nodes. The proposed scheme aims
to decrease the amount of period slots required to determine all the
neighbors cutting-edge the net and likewise it affords security machine to
improve the support between the neighbor nodes. The trust amongst the
neighbors is recognized to improve the cooperative work amongst the
neighbors. The planned system connections the trust material about the
knots only with their neighbors therefore it diminishes a number of
messages advanced into the system and the statistics traffic in the system.
The proposed system aims to consume the lesser resource to convey the
trust information among the neighbor.
61
Munivara Prasad, et.al(2013) proposed discrimination of flash crowd
attacks from DDoS attacks on internet threat monitoring (ITM) using
entropy variations. The author defined an approach to detect the internal
and external security attacks on the internet at ITM Internet threat
Monitoring monitors initiated by an attacker using botnets. The author used
entropy variations to discriminate the flash crowd attacks from genuine
flash crowds to distinguish the patterns of flash crowd imitations or DDoS
attacks from attack traffic. The author theoretically proved the possibility of
the proposed detection method, and the effectiveness of the discrimination
method within the internet at ITMs. The author used the entropy variations
approach to identify the genuine flash crowd traffic but the threshold value
defined to identify the traffic depends on the size of the network traffic.
Elhadi.M, et.al(2013) proposed EAACK - A secure intrusion detection
system for MANETs. The author proposed EAACK Enhanced Adaptive
ACKnowledgement which was designed with the implementation of RSA
and SA numerical autographs using DSR routing procedure. Performance
assessment was done and results were got. But this EAACK has no
delivery for handling link smashing and hateful source node situation.
62
L.Peng, et.al(2013) proposed Dynamically real-time anomaly detection
algorithm with the immune negative selection. The outstanding devices of
self-learning and adaptability in the hominid immune scheme are
mentioned besides a dynamic anomaly uncovering algorithm with protected
negative collection, named as DADAI, was projected. The thoughts and
formal accounts of antigen, antibody, and memory lockups in the network
safekeeping domain are given; the dynamic clonal principle of antibody is
combined; the instrument of immune vaccination is discussed, and the
active evolvement formulations of detection profiles are established
(including the detection profiles’ dynamic cohort and extinction, dynamic
knowledge, dynamic alteration, and dynamic self-organization), which will
accomplish that the discovery profiles animatedly synchronize through the
real network situation.
Kanchan.H, et.al(2014) proposed Secure network access by flow analysis
based detection against DDoS attack. The proposed method in this paper
tried to differentiate distributed denial of service attacks from genuine flash
crowds. Under the current conditions of botnet size and organization, it has
noted that DDoS attack flows have more similarity than genuine flash
63
crowd flows. So the flow correlation coefficient is used here to measure
similarity among suspicious flows and to confirm DDoS attack.
FuiFui.W, et.al(2014) proposed a Survey of trends in massive DDoS
attacks and cloud-based mitigations. The objective was to provide an in-
depth study on the current largest DNS reflection attack with more than 300
Gbps on Spamhaus.org. They have reviewed and analyzed the current
most popular DDoS attack types that are launched by the hacktivists.
Lastly, effective cloud-based DDoS mitigation and protection techniques
proposed by both academic researchers and large commercial cloud-based
DDoS service providers are discussed.
Anil Kumar Gona, et.al(2014) proposed Discovery and Verification of
Neighbor Positions in Mobile AD HOC Networks. The proposed method
allows any node in a mobile ad-hoc network to verify the position of its
communication neighbors without relying on priori trustworthy nodes.
Analysis showed that this protocol is very robust to attacks by independent
as well as colluding adversaries, even when they have perfect knowledge
of the neighborhood of the verifier. The approach is effective in identifying
64
nodes advertising false positions, while keeping the probability of false
positives low.
Andrew.C, et.al(2015) proposed defense for Distributed Denial of Service
Attacks in Cloud Computing. The author investigated the mistreatment of
compromised simulated machines to complete large-scale Circulated
Denial-of-Service (DDoS) attacks. A dangerous review of most current
intrusion detection and prevention organizations to mitigate possible DDoS
doses is presented.
Chaitanya. H et.al(2015) proposed anomaly based DDoS attack detection.
This paper presented a simple yet effective method to detect DDoS attack
for all possible attack scenarios. Also presented an overview of DDoS
attack, detection schemes and finally proposed a method to detect
various attack patterns. Most of the methods for DDoS anomaly
detection are either not too effective, not accurate or are complex in
nature and firm to implement. But the process projected in this
broadside is very simple in concept and easy to implement.
65
CHAPTER – 3
IMPLEMENTATION OF LIGHT WEIGHT LOCATION VERIFICATIONPROTOCOL BASED ON BEHAVIOR LEARNING PROCESS FOR
MOBILE ADHOC NETWORKS
3.1 Introduction
The mobile ad-hoc network has numerous amounts of nodes which
have no restriction on their mobility and their direction of displacement. The
mobility nature introduces dynamic changing topology in MANET. So the
neighbor nodes of any node are always changing. Unlike peer to peer
network the neighbor nodes of any node is keep changing and the
trustworthy of the nodes cannot be obtained. Such loosely coupled nature
of the MANET has more prone to various network threats. The entry of
malicious node with higher transmission range introduces various threats to
the network performance.
66
Figure 3.1 Sample MANET Topology
The Figure 3.1 shows the snapshot of sample network topology and
each node has fixed transmission range. But the node 20 has high power
ratio with transmission range higher than other nodes. So that the node 20
can directly communicate with number of nodes. From the figure 3.1, the
node 20 has direct communication with the nodes 1 to 11. So it can say
that it is the first neighbor and has direct communication with the
destination node.
20
2
4
6
1
5
7
3
9
10
11
12
13
8
14
15
16
17
18
19
67
The growing internet technology makes the mobile user access all
major services irrespective of their location. Nowadays Location-based
services are attaining popularity. For specimen in a road traffic network the
moveable user can access few location based services to get know about
the restaurants, hotels, hospitals etc which are nearer to them. Whatever
the provision they need the consequence is providing founded on their
locations only so that the location based services developed more popular
and used by many users on necessity basis. Now the focus is on mobile
ad-hoc net where there are no standard topologies and neighbor nodes can
serve as an intermediate node and participate in the routing process.
Location based services (LBS) has the ability to locate the geometric
location of the user to deliver area exact information. LBS can deliver
useful information concerning public transport, route options, climate
forecasts, and location of infirmaries, eateries, police stations, traveler
attractions, landmarks, petrol drives, ATMs etc. In a VANET network the
location based service can be accessed in many ways. The routing in
VANET becomes more complicated due to the increase in mobile nodes. A
mobile node can access a service to know about the traffic and route to the
desiredterminus by retrieving the LBS. The LBS can send the information
about thetraffic and possible set of routes to t reach the destination. The
68
mobile node could choose a path to reach the destination. Alternatively,
accessing the service need a request to be transferred, so that the
neighboring nodes becomes a participant in the broadcast. In practice most
of the periods the neighbor node becomes challenger and introduces
different kind of attacks, which in turn decreases the throu[put rate of the
network.
The location discovery of neighbor nodes and verification process
becomes more complicated one, due to the increase in protocols of mobile
ad-hoc networks. There are many NPV protocols, “Secure Probabilistic
Location Verification in Randomly Deployed Wireless Sensor Networks”
[65], “Secure and Precise Location Verification Using Distance Bounding
and Simultaneous Multialteration” [74] been spoken earlier for the
Verification of the portable nodes location. Most of them founded on the
precise evidence about the nodes or distance and time occupied for the
appeal and reply procedure. The adversaries may five untrue locations for
the appeal when it obtains from a source node and deteriorate the routing
procedure and reduces the network presentation.
Each network has dedicated routing protocol enforced and it can be
of any protocol from shortest path routing to energy efficient one. Whatever
the routing protocol used, the protocol will be efficient only where there is
69
no malicious node. If the malicious node exists, then the malicious node
can involve in capturing the packet and can perform different attacks.
Once the intermediate node captures the network packets then it can
perform different attacks like eaves dropping which drops the packet
without any constraint. In another case the malicious node would modify
the data packet. On another case, the malicious node would perform
different other attacks also.
Suppose the network uses the shortest path routing, then if the
malicious node could capture the packet, then it can forward the data
packet through the longest route. Even if the other nodes perform the same
shortest path routing then the malicious node can identify a node which has
no other shortest route than a longer route then it can forward the data
packet through the longer route.
By performing such routing attack, the latency of data packets can be
increased. Also the TTL based routing gets affected and if the TTL value of
the packet increases then the packet will be dropped. Entirely this reduces
the network performance and even the packets will be dropped by the
destination. All these issues are due to the false selection of the forwarding
node. In general the source node selects a forwarding node based on the
70
location of neighbors. Because of to transmit the data packet the node
spends some energy and to reduce the energy consumption, the node
selects a closure node. The malicious node takes advantage of this and by
providing fake location information to the source node it tries to get
selected as the forwarding node.
Figure 3.2 Adversaries Fake Positions
The Figure 3.2 shows that there are fake and adversary nodes and
their positions. Yellow colored nodes are trusted ones, Red-colored is the
adversary node and blue colored is the false position of the opponent node.
It is strong that the opponent node makes a fake position for each neighbor
node of it and sends false deceptive location info to its neighbors. This
untrue location information affects the process of routing in the mobile ad-
hoc network, because each each neighbor participates in the routing for
71
mobile adhoc network. When an adversary sends fake position to its
neighbor, and the neighbor selects the fake node to transmit a message,
then the packet or information will not be transferred to the destination
exactly. The fake node could take all the messages from the source node
and may generate collinear or jamming attack to degrade the network
performance.
Protocols for Neighborhood Discovery(ND) serve as fundamental
building blocks in mobile wireless systems. Clearly, ND enables (multi-hop)
communication, as it is essential for route discovery and data forwarding.
ND can also support a wide range of system functionality: network access
control, topology control, transmission scheduling, energy-efficient
communication, as well as physical access control. Given the critical and
multifaceted role of ND, its security and robustness must be ensured: ND
protocols must identify the actual neighbors, even in hostile environments.
The problem of location verification can be performed in many ways.
Whenever a source node selects a route to transmit the packet towards the
destination, it transmits the packet information, destination information and
the route information to the base station. If the base station maintains the
location information and by maintaining the behavior information of the
nodes, location verification can be performed efficiently.
72
3.2 Methods Explored
This section discusses different methods of location verification
related to the problem of MANET security.
Here we discuss various methods proposed for the verification of
nodes position and node discovery. Secure services for application
and management messages have proposed in [44], it uses secure
message formats, and the processing of those secure messages, within the
Dedicated Short-Range Communications (DSRC)/Wireless Access in
Vehicular Environment (WAVE) system are defined. The standard covers
methods for securing WAVE management messages and application
messages, with the exception of vehicle-originating safety messages. It
also describes administrative functions necessary to support the core
security functions.
For the discovery of mobile nodes [59], the author explored the
possible types of attacks in the physical and communication intermediate of
the mobile ad-hoc nets. Neighbor detection is confidential intocorporeal and
message neighbor detection. Protocols are pointing at communiqué ND,
which is founded on corporeal ND protocols, often nosedive to accomplish
their detached. This is since these two types of detection are not
73
equivalent. At the identical time, protocols for message ND do not fully
speech the problematic at hand. They are effective only under actual
specific working situations or they do not safeguard precision in all cases.
For the verification of Neighbor position [45,61], there are methods
was dealt in the context of ad hoc and sensor networks; however, existing
Neighbor Position Verification schemes often rely on fixed or mobile
trustworthy nodes, which are assumed to be always available for the
verification of the positions announced by third parties. In ad hoc
environments, however, the pervasive presence of either infrastructure or
neighbor nodes that can be aprioristically trusted is quite unrealistic.
For Secure Positioning in Wireless Networks [46], NPV protocol is
proposed which calculate distances for all neighbors, and formerly praises
that all triplets of protuberances encircling a couple of other protuberances
act as verifiers of the pair’s locations. This scheme prepares not rely on
dependable nodes, but it is calculated for static device networks, and
necessitates lengthy multi-round multiplications involving several swellings
that seek agreement on a common national verification. Furthermore, the
pliability of the procedure into colluding assailants has not remained
demonstrated. Static sensor networks also require several nodes to
exchange information on the signal emitted by the node whose location has
74
to be verified. Moreover, it aims at assessing only whether the nodes are
within a given region or not.
An Improved Security in Geometric Ad-Hoc Routing through
Autonomous Position Verification is discussed in [47]. The authors
proposed an NPV protocol that allows nodes to validate the position of their
neighbors through local observations only. This is performed by checking
whether subsequent positions announced by one neighbor could draw a
movement over a time in a realistic sense.
The approach [56] forces a node to collect several data on its
neighbor movements before a decision can be occupied, making the
answer unfit to situations anywhere the place information is to be gotten
and confirmed in a short time span. Moreover, a challenger can mislead the
procedure by simply announcing untrue positions that shadow a truthful
mobility design.
The scheme in Secure Location Verification for Vehicular Ad-Hoc
Networks [70 ] exploits Time-of-Flight (ToF) distance bounding and node
cooperation to mitigate the problems of the preceding solutions. The
collaboration is incomplete to twosomes of national nodes, which renders
the protocol ineffective against colluding attackers.
75
To the problems identified, there must be a protocol which is fully
distributed and light weight to solve the verification of node position in
mobile adhoc networks. It should not depend on trusted nodes and should
be secure for numerous kinds of attacks
3.3 Light Weight Location Verification system
Fast varying and growing nature of mobile ad-hoc systems make the
accessibility of location aware services becoming difficult. With the
presence of adversaries and aggressive nodes, the location based service
discovery converts a challenging one. We suggest a light weight location
verification protocol for the verification of nodes which turns available to be
a healthy one and uses the behavior of nodes for the verification process.
Here distributed one step Location Verification Protocol is being used and
session based behavior learning process for the identification of adversary
nodes has been adopted.
The proposed system verifies the node location using one step
verification process utilizing session based behavior learning process. The
node in the network receives their geometric and spatial metrics at the time
of registration or entering in towards the coverage of the base station. The
76
nodes specify the location information, haste and displacement particulars
at all time. At each time stamp the base stationsends the notification to
gather nodes performance details. Upon in receipt of this communication
for a certain time, if a node transmits a dispatch it sends node, packet and
promoting node details to the base station. The base station upholds node
details under its coverage and behavior matrix where it stores the
broadcast details of all nodes which could be used to identify the adversary
nodes.
The proposed system has the following three phases.
(i.)Registration,
(ii.)Behavior Collection and
(iii.)One step Location Verification.
3.3.1 Registration:
When a mobile enters to a new coverage area, it required to register
in the base station about its latitude and longitude. The login message has
the following parameters.
Message-Id Node Id LocationDetails
TimeStamp(entry
time)Speed
Table3.1Login Message set-up
77
In the login communication it has Message-Id which is unique for the
message sent by the node, Node-Id specifies the identification number of
the node which sent the message, Location Details specifies the geometric
position material and Time Stamp stipulates that at what time the message
generated and Speed tells the displacement or at what fleetness the mobile
node is moving. Whenever the base station receives the message it
updates the mobile node particulars in the matrix what it is maintaining.
This communication is authenticated with the private key (pk) produced by
the node and at this time after all the communications sent by the node will
be genuine with that specific secluded key.
Figure 3.3 Registration process with the base station
78
Figure 3.3 shows the registration process and each node
communicates with the base station and the base station returns the
private key to the user.
Figure 3.4 Flow chart of registration
Start
Generate Node ID
Generate Message ID
Compute location details
Generate entry time stamp
Compute displacement speed
Generate login message andsend
stop
79
Figure 3.4 shows the steps of registration performed by the incoming
node and details the process involved in registration.
Pseudo Code of Registration
Start
Generate Node-ID nid.
Generate Message-ID mid.
Compute Geometric metrics location values Gx,
Gy.(Latitude/longitude?)
Generate entry time stamp mt.
Compute speed ns =Ø(((Gx-Gx-1)* (Gx-Gx-1))+( (Gy-Gy-1)* (Gy-Gy-1)))/sec.
Construct Login message Lm=nid+mid+(Gx,Gy)+mt+ns.
Stop.
The registration algorithm generates the message with the node id,
location details and its mobility speed to the base station. The base station
maintains the information about various mobile nodes which will be used to
verify the location later.
The base station maintains the following details in the node matrix.
80
Message ID NodeIdLocationDetails
Time Stamp Speed
M1 N1 120,130 01.23.45.900 5m/sec
… … … … ….
… … … … …
… … … … …
Table 3.2 Base station node matrix,
The node details are stowed in the node matrix only if the node
records the base station at the time of handover process. So that the nodes
location can be calculated using those parameters in the login message by
the mobile base station at any point of time.
3.3.2 Behavior Collection
The base station initiates Behavior Collection procedure periodically
with a specific time interval. Upon in receipt of this message both node
either receives or transmits a communication,it generates additional control
message which has the packet id received or transmitted, and node id from
which it receives and also where to it transmits time stamp etc… The base
station collects this information and updates the behavior matrix
periodically. This procedure will be repeated periodically and the update
81
time is set to depend on the nodes movement to analyze the system status
and for the Verification of the mobile nodes and if there are adversary
nodes.
The base station examines the behavior matrix for each packed id
and node id. If the package is not transferred or received by a node id
which is specified the message sent by earlier host then it can recognize
the attendance of adversary and it can recognize there is no link present in
between the nodes specified in the packet.
From the figure 3.5, it is very clear that if the node 6 communicates
the message to 4 and it selects the path through the adversary node and
fake path which is noticeable in blue, the base station will not receive a
message from the adversary node and likewise the node next to the
opponent node also will not receive or transmit the packet with the same id.
This assistances the base station to identify the adversary node even
though it is a registered one.
From the figure 3.5, it is very clear that if the source 6 selects the
path through 2 to reach 4, then the base station receives the behavior
message completely.
82
Figure 3.5 Transmission of Behavior Message
The base station of every time slot studies the behavior matrix and
search for the conclusion of transmission with the packet id and source and
destination id quantified in the matrix. If the broadcast is incomplete then it
identifies the fake node with link and adversary node from the matrix and
packet details. It iupdates all identified adversary particulars and archives in
adversary matrix.
It is normally problematic to say a node as an opponent node with
one single broadcast. Sometimes the mobility of the node also can be the
motive for incomplete broadcast, since the node might consume moved to
certain other location which is calculated by the source node at the time of
route selection. Here the behaviour of challenger node helps us by
83
charitable false locations to more than one neighbor, so that the opponent
node could be recognized by the base station by classifying the same node
id present in numerous broadcast which is incomplete from the behaviour
matrix kept in the base station.
Pseudo Code of Behavior Collection
Start
initialize behavior matrix Bm and adversary matrix Am, initialize time
stamp Bt.
for every node Mni from the Node set Ns.
Send Behavior message BM.
Receive reply BRM.
Extract packet id (Pid), source id (Sid), destination id (Did) ,NodeId(
Nid), Ts
Store in Bm.
End.
for every row in matrix Bm.
Identify unique packet id pid.
Search for the row for completion of transmission.
If( incomplete)
84
Add Nid in adversary matrix Am.
End.
wait for next time stamp and repeat step 3, 4 .
end.
Stop
The behavior collection algorithm sends the behavior collection
message and collects the transmission completion details. Based on the
received results the location verification is performed.
The Figure 3.6 shows the flow chart of behavior collection algorithm
and shows step by step process in detail.
85
Yes/no ?
Yes/no ?
Figure 3.6 Flow chart of Behavior Collection Process
Start
Initialize Bm, Am,
Bt
For each nod in Ns Send Bm
Receive BRMBm(i)={Pid,Sid,Did,Ni
d}
For each entry in Bm Identify unique pid
Trace for incompletetransmission
Incomplete
Add to adversary matrixAm
Wait for next time stamp
Stop
86
3.3.3 One step Location Verification:
The mobile node initiates this verification procedure for each
transmission. At the time of transmission it selects the pathway and the
neighbors by broadcasting the message. On receiving a reply the source
node collects the set of neighbors and updates its neighbor matrix. For
every chosen path for the destination, the neighbors are verified using
procedure as given in the flow chart.
It sends the verification message Vm to the base station with the
location details and geometric metric which is directed by the neighbor .
The base station extracts the national details and its geometric metric and
computes the new location for the mobile node using the details in the node
matrix. The neighbor details are kept stored in the node matrix when it
enters within the coverage of the base station, it uses the location details of
the mobile node and speed to compute the displacement of the neighbor
node.
It compares the location details sent by the source node and
calculated location, if the difference between them is within a tolerance
then it identify the neighbor as genuine node and likewise checks the entry
of neighbor id in adversary matrix if the neighbor id is present in the
87
adversary matrix,then it assumes that the neighbor as adversary one.
Based on the two comparison process it sends reply as anhonest node or
opponent one for the source node to transmit the communication to the
neighbor in order to communicate the message else it discards the
neighbor and selects another neighbor to transmit. It repeats the
verification process for all neighbors to transmit the message.
no
yes
Figure 3.7 Flow Chart of One Step Verification
Start
Collect node id, location
Generate location verificationrequest
Receive reply
Forward packet
Choose another one
Stop
Not Adversary
88
The Figure 3.7 shows the flow chart of one step verification process
performed by each source node and explains the process in detail.
3.4 Conclusion:
The proposed methodology is a secure one for all kind of attacks
coming in mobile adhoc network. We used one step verification process,
which is less time consuming and we collect behavior of the nodes
periodically, so that even if there are many number of adversaries present
in the network we could identify easily with the help of one step verification
process. The behavior collection helps us to increase the performance and
throughput of the overall network, because the forwarding node selection
implies the performance of the overall system. Even though the behavior
collection introduces little network overhead for 6%, it reduces the
verification time and heaviness of computing signature and using multiple
keys for the identification and verification process, thus improves the
efficiency of the overall network.
89
CHAPTER – 4
SECURE DISCOVERY SCHEME AND MINIMUM SPAN VERIFICATIONOF NEIGHBOR LOCATIONS IN MOBILE ADHOC NETWORKS
4.1 Introduction:
Mobile adhoc networks (MANET), popular technology the world
society speaks about due to the technology development. The modern
world uses internet technology for everything as a part of their life, and now
a day they use mobile technology in place of IT to get access to the
location based service. The kind of sophisticated service grows with the
risk rate in accessing the service. The service providers have more
challenges in providing services and maintaining the quality of service
parameters. As like in other networks like wired and wireless networks, the
MANET also prone to different type of network attacks.
Mobile adhoc network, another kind of wireless network where you
can find number of base stations which supports the communication of
mobile nodes. The mobile node supports the routing process of the
communication to improve the throughput of the network. The mobile
nodes are moving at some speed and towards a direction, which makes the
topology of the network gets changing at every fraction of time. Due to this
90
reason there will be number of nodes comes into the coverage perimeter of
a base station and leaves, which cannot be trusted for service handling.
What the adversary does here is, it replies with the route discovery phase
using a fake location information with the intension to get participate in
routing process. After gets selected it simply discard the packet, or
manipulate the packet, or else it will never receive the packet because of
false location. This makes the transmission as a failure one and service
throughput degrades.
Figure 4.1 Shows the Example Scenario of the Fake Location
Location Based Services are one, which is provided and accessed
based on the location information. In a road traffic network the location
based service can be retrieved in many ways. The routing in road network
becomes more complicated due to the increase in mobile nodes. A mobile
91
node can access a service to know about the traffic and route to reach a
destination by accessing the location based service. The Location Based
Services could reply the knowledge about the traffic and set of routes to
reach the destination. The mobile node can chose a path to reach
destination. In another way, accessing the service need a request to be
transferred, so that the neighboring nodes becomes participant in the
transmission. Most of the time, the neighbor node becomes adversary and
introduces different kind of attacks, which reduces the throughput of the
network.
Protocols for Neighborhood Discovery serve as fundamental building
blocks in mobile wireless systems. Clearly, ND enables (multi-hop)
communication, as it is essential for route discovery and data forwarding.
ND can also support a wide range of system functionality: network access
control, topology control, transmission scheduling, energy-efficient
communication, as well as physical access control. Given the critical and
multifaceted role of ND, its security and robustness must be ensured: ND
protocols must identify as neighbors only those devices that actually are
neighbors, even in hostile environments.
The location discovery of neighbor nodes and verification process
becomes more complicated one, due to the increase in protocols of mobile
92
adhoc networks. There are many protocols been discussed earlier for the
verification of the mobile nodes location. Most of them based on the
distance and time taken for the request and reply process. The adversaries
are giving fake locations for the request when it receives from a source
node and dilutes the routing protocol and reduces the network
performance.
From Figure 4.1, we can see the adversary node with the green color
and the red color node shows the fake positions generated by the
adversary nodes and nodes colored with yellow are the neighbor nodes.
Support if the node 4, plans to transmit a packet to any node from the list
(2-3-1) then what the adversary does is it generates three different fake
locations around node-4 in order to get selected. From this scenario it is
clear that, whatever be the destination, the fake node will be selected in all
the case.
So that there must be a protocol which verifies the location of the
nodes gets selected in the routing phase of the transmission with little
overhead in time, space and power ratio.
93
4.2 Methods Explored
There are different approach has been proposed for the problem
identified using different parameters like proactive and reactive details of
the nodes in the transmission range. Here we discuss few of them
according to the problem identified.
An Adaptive Hello Messaging Scheme for Neighbor Discovery in On-
Demand MANET Routing Protocols [108], proposes an adaptive Hello
messaging scheme to suppress unnecessary Hello messages without
reduced detectability of broken links. Simulation results show that the
proposed scheme reduces energy consumption and network overhead
without any explicit difference in throughput.
Dynamic Neighbor Positioning in MANET with Protection against
Adversarial Attacks [109], propose techniques for finding neighbours
effectively in a non priori trusted environment are identified. These
techniques will eventually provide security from malicious nodes. The
protocol is robust to adversarial attacks. This protocol will also update the
position of the nodes in an active environment. The performance of the
proposed scheme will be effective one.
Discovery and Verification of Neighbor Positions in Mobile Ad Hoc
94
Networks [110], address the problem of a priori trusted nodes, the
discovery and verification of neighbor positions presents challenges that
have been scarcely investigated in the literature. This open issue is
addressed by proposing a fully distributed cooperative solution that is
robust against independent and colluding adversaries, and can be impaired
only by an overwhelming presence of adversaries. Results show that our
protocol can thwart more than 99 percent of the attacks under the best
possible conditions for the adversaries, with minimal false positive rates.
Neighbor node discovery and Trust prediction in MANETs [111], gate
this vulnerability and secure ND is crucial. This paper uses the directional
antenna algorithm called as scanning based direct discovery algorithm to
discover the neighbors. To enable cooperative working of the various
distributed protocols we use trust system to provide the trust level of
various nodes, thereby enhancing the cooperation among the nodes. This
paper uses distributed hybrid trust algorithm and also uses relationship
maturity concept to compute the trust of the nodes. This paper
demonstrates that Trust systems are better than already existing
cryptographic techniques.
For the discovery of mobile nodes in [60], they explored the various
attacks possible in the physical and communication medium of the mobile
95
adhoc networks. They classified the neighbor discovery as physical and
communication neighbor discovery. Protocols aiming at communication
ND, which are based on physical ND protocols, often fail to achieve their
objective. This is because these two types of discovery are not equivalent.
At the same time, protocols for communication ND do not fully address the
problem at hand. They are effective only under very specific operational
conditions or they do not ensure correctness in all cases.
For the verification of Neighbor position [61,74], there are methods
was studied in the context of ad hoc and sensor networks; however,
existing Neighbor Position Verification schemes often rely on fixed or
mobile trustworthy nodes, which are assumed to be always available for
the verification of the positions announced by third parties. In ad hoc
environments, however, the pervasive presence of either infrastructure or
neighbor nodes that can be aprioristically trusted is quite unrealistic.
Discovery and Verification of Neighbor Positions in Mobile Ad Hoc
Networks, proposing a fully distributed cooperative solution that is robust
against independent and colluding adversaries, and can be impaired only
by an overwhelming presence of adversaries. Results show that our
protocol can thwart more than 99 percent of the attacks under the best
possible conditions for the adversaries, with minimal false positive rates.
96
To the problems identified, there must be a protocol which is fully
distributed and light weight to solve the verification of node position in
mobile adhoc networks. It should not depend on trusted nodes and should
be secure for various kinds of attacks.
4.3 Secure Discovery Scheme
The development of mobile technology brings service accessibility of
location aware service an important criteria in mobile adhoc networks
anywhere challenging metric is the dynamic changing topology of MANET.
This dynamic topology greeting the huge network threats in different forms
like Hyperbola and collinear attacks.
Generally the adversaries responds to the route discovery procedure
of any routing protocol with fake positions, so that to be get selected as a
forwarding node in the routing process , subsequently to affect the routing
process and degrade the throughput of the network by simply discarding
the message or by generating modification attacks.
The author proposed a secure neighbor discovery scheme, which
uses proactive and reactive details of the neighbor nodes to compute a
group G, where set of nodes get selected according to the location details.
97
From the group of nodes G, a single node will be selected for the
forwarding phase whose location will be verified with the base station using
some simple verification protocol.
The verification protocol uses the proactive and reactive details to
verify the location of the mobile node. The proposed method has more
advantages that the neighbor discovery is done with little overhead by the
source node and only the verification process engage with the base station.
Figure 4.2 Architecture of One Step Verification Scheme
Packet
Secure Discovery Scheme and One Step Verification Scheme
Group Join Neighbor DiscoveryScheme
Location Verification
Routing
98
The Figure 4.2 shows the architecture of proposed one step
verification scheme and shows the functional components.
The proposed method uses proactive details about the nodes which
have learned at the time of registration process when the node first comes
into the transmission range of the base station. With the proactive details, it
uses reactive information received from the verifying node, in order to verify
the location of the selected node. In the proposed method the Base station
Bs uses a different addressing scheme as follows:
Figure 4.3 Proposed Addressing Scheme
99
Figure 4.3 shows the format of addressing scheme used to eliminate
the false addressing and location specification.
Figure 4.4 Address Allocation Scenario
Figure 4.4 shows the address allocation scenario and how addresses
are assigned to the nodes of network.
4.3.1 Group Join:
The group join mechanism is invoked by the mobile node when it
switches it location from the transmission range of a base station from
another. The group join message has the following details.
Req. ID Node-Address Location
Details
Time
Stamp
Speed Private Key
Table 4.1 shows the Group joins Message format.
100
The group join message has the following fields namely: Req.ID–
Specifies the unique identification of the group join request, Node-Address–
specifies the unique address of the mobile node, Location Details– has the
geometric location details of the mobile node and the time stamp– specifies
the time at which the message sent by the node, and Speed tells the
displacement or at what speed the mobile node is moving, finally the
private key- mentions the private key to be used to communicate with the
node.
Whenever the base station collects the communication it updates the
node particulars in the medium what it is preserving. This message is
genuine with the private key pkproduced by the node in addition here after
whatsoever the communication sent by the node will be genuine with that
specific private key. Also the base station uses a different addressing
scheme which restricts the adversaries to generate fake locations. The
base station also sends the addressing scheme and range of addresses
allocated details and adversaries list with the acknowledgement to the
source node.
Pseudo Code of Group Join
Step1: start
Step2:initialize neighbor matrix Nb, addressing scheme As, Allocation range Al,
101
Adversaries Adl.
Step3: Generate group join Request message GJR.
GJR(Req.ID)= Generate random number.
GJR(Node.Address) = Broadcast Address of the mobile node.
GJR(Location Details)= { Longitude, Latitude, Gx, Gy};
GJR(TimeStamp) = {Current Time};
GJR(Speed)= $((( Gx-Gx-1)* ( Gx-Gx-1))+( ( Gy-Gy-1)* ( Gy-Gy-1)))/sec.;
GJR(Pk) = {Private key }
Step4: Send to the base station Bs.
Step5: Receive reply GJRep.
Nb=extract Neighbor details from GJRep.
As= GJRep(Addressing Scheme).
Al = GJRep(Allocation Range).
Adl = GJRep(Adversaries List).
Step6: stop
The group join algorithm generate group join request and sends to
the base station. Also the algorithm receives the reply from the base station
which assigns the address for the newly joined node.
102
Figure 4.5 Flow Chart of Group Join
The Figure 4.5 shows the flow chart of the group join request
generated by the newly arriving node and shows how the address has
been assigned to the new node.
Start
Initialize neighbor matrix
Initialize addressing scheme
Generate group join request
Send to base station
Receive group join reply
Extract address assigned
stop
103
4.3.2 Neighbor Discovery Scheme:
The source node concepts a broadcast communication to determine
the neighbors around the node. On getting the broadcast communication
the nodes under the transmission range of the node replies with the
acknowledgement with the location information. The source node initialize
a timer to receive the acknowledgement, after the timer expires it stops
receiving the acknowledgment. With the set of nodes from which it obtains
the acknowledgment. After receiving the acknowledgment it checks with
the addressing of each node with the addressing scheme of the base
station and adversaries list. If any hateful address found on the list then it
eliminates the address of node after which it has to choice a route to the
terminus. After checking the speaking scheme it produces a group of node
id’s which are very adjacent to the foundation node and payments with the
previous update of the challenger notification. If the challenger notification
time expires then it onward the group created to the base station for
confirmation otherwise it simply selects a node from the group and starts
advancing. Unlike other confirmationinstruments, the proposed method
customs base station impartial to verify the location of the nodes and
recurrence a list of nodes. From the list refunded the source node can
choice closer node to forward the data packet. Here the overhead
104
generated at the base station due to verification process is minimized by
broadcasting the identified adversary to the other nodes in the transmission
range of the base station.
Pseudo Code of Neighbor Discovery Algorithm
Step1: start
Step2: resetbroadcast group TG, broadcast timer Bt..
Step3: read Neighbor matrix Nb, Adversary list Adl, Addressing scheme As,
allocation range
Al, adversary statement time Ant.
Step4: compute Hello Broadcast message –Hello.
Step5: broadcast to all its neighbors Nb.
Step6: start broadcast timer Bt.
Receive acknowledgment until Bt expires.
TG(i) = ack{Node-Address}.
End.
Step7: for each entry in TG
Verify adversary list Adl.
If TG(i)@Adl then
TG=TG-TG(i).
105
End
Verify is addressing scheme and range.
If TG(i)> addressing range then
TG=TG-TG(i).
End
If Addressing Scheme( TG(i)) != addressing scheme then
TG=TG-TG(i).
End
End.
Step8: check the adversary notification time Ant.
If Ant is active then
Forwarding node Fn =Select a node from the group TG.
Start transmitting through Fn.
Else
Send TG to Base station.
Approved TG = verified list from BS.
Select a node from the group TG.
Start transmitting through Fn.
End.
Step9: stop.
106
The neighbor discovery algorithm identifies the list of neighbors by
verifying the location of the nodes to perform routing efficiently.
Figure 4.6 Flow Chart of Neighbor Discovery Scheme
Start
Read Neighbor Matrix,Adversary list
Send hello message
Verify addressing range
Check adversary notificationtime
Send TG to base station
stop
For each reply
Ant is active Select node from group
107
The Figure 4.6 shows the flow chart of neighbor discovery scheme of
proposed one step verification approach and shows the stages in detail.
4.3.3 Location verification Process:
The location verification process uses the proactive details which is
available from the period of node group join process. Upon receiving
request from the source node it checks the set of addresses assigned from
the address list and if there is any address unfound then it removes the
address from the transmission group TG and add to the adversary list Al.
From the location details available with the request, it compares the
location of each node from the group TG. It computes the possible
displacement for each node according to its speed to verify with the new
location. Adversaries are identified and removed based on the computed
locations and the new transmission group will be sent to the source node. If
there is any new adversary found then it will be broadcasted to all the
nodes in the network which will be get updated at the adversaries list of the
nodes.
108
4.4 Conclusion
The proposed methodology is a secure one for all kind of attacks
coming in mobile adhoc network. We used secure node discovery
procedure and location verification process, which is less time consuming
and we use proactive and reactive node details, so that even if there are
many number of adversaries present in the network we could identify easily
with the help of verification process. The proactive details with the reactive
information about the nodes help us to increase the performance and
throughput of the overall network. Even though the discovery phase
introduces little network overhead, it reduces the frequency of verification
and overhead generated by earlier methods. The verification process will
be asked to the base station only if the adversary notification timer gets
expired, which reduces the communication with the base station. Ultimately
this discovery and verification scheme increases the throughput and
reduces the latency of the network
109
CHAPTER – 5
Two Hop Neighbor Discovery Based Location Verification Protocol for
Mobile Adhoc Network Using Node Duplication Method
5.1 Introduction
The mobile adhoc network is the collection of mobile nodes where the
nodes has no restriction on their movement and speed or direction. This
makes the topology of the network to be changed at every time and difficult
to find a node at a fixed position for long time. The growth of internet
technology increases the number of service to be accessible through
mobile devices. This highly reduces the coupling feature of the
environment and increases the possibility of network threat. The packets
sent from the source to the service point or destination has to pass through
various nodes and if there are any malicious node then the packet received
may be dropped or the malicious node could learn the details of packet and
perform various other threats.
The node has fixed transmission range so that whatever the packets
to be send could not be done directly so that there is a necessary for co-
operative transmission. In mobile ad-hoc network the routing is performed
using the neighbor nodes to reach the destination. There are many routing
110
approaches available for mobile ad-hoc network and each vary with various
constraints. For example in the case of shortest path routing, the protocol
chooses a least distanced or least hop path and in some other cases the
protocol considers the energy or traffic and so on. Whatever the procedure
used the only requirement is whether the packet is not faced any malicious
operation or the packet is delivered successfully.
Unlike general nodes of MANET there are few other nodes called
adversaries, which are more powerful and has more transmission range.
This higher transmission range of adversaries provides facility to hear the
packet being transmitted by any node and whenever a node performs a
neighbor discovery procedure the adversary also replies that it is the most
neighbor to the source by specifying the fake location. While performing
routing in mobile ad-hocnetwork using location information, the adversary
can specify a close location to the source node so that it can participate in
all transmission of packets and can perform any mode of network threat.
By assuming or selecting the adversary as the forwarding node if the
source sends the packet through the adversary, the packet sent by the
source will not be delivered to the destination which makes transmission
failure and reduces the network throughput. So that the location specified
by any neighbor has to be verified in more strategic manner. There are
111
many approaches has been discussed to verify the location of the nodes
being selected for routing and each uses various metrics. If the location
could be verified then the wrong selection of forwarding node could be
avoided.
Two hop neighbor discovery is the process of identifying the neighbor
and their neighbors. The source node sends the neighbor discovery
message and the neighbor returns a set of neighbors it has. By using this,
the source node can obtain the neighbor of neighbors. The information
about the neighbors and their neighbor could be used to identify the original
location of the nodes.
Figure 5.1 Example of Two-Hop Neighbor Verification
20
2
4
6
1
5
7
3
9
10
11
12
13
8
14
15
16
17
18
19
112
In two hop neighbor verification approach, the source node sends the
neighbor verification request to its neighbor and the same will be sent to
their neighbors also. If the selected forwarding node, present in their entire
neighbor list then it is identified as malicious and can be concluded as an
adversary.
5.2 Methods Explored
There are several methods has been deliberated for the location
verification protocol and we converse few of them here.
Discovery and Verification of Neighbor Positions in Mobile Ad Hoc
Networks [110], speech this open issue by suggesting a fully distributed
cooperative answer that is robust against self-governing and colluding
adversaries, then can be impaired only by an irresistible presence of
adversaries. Results demonstration that our protocol can frustrate more
than 99 percent of the attacks under the best conceivable conditions for the
challengers, with minimal false optimistic rates.
Mobile Ad Hoc Networking: Imperatives and Challenges [79], efforts
to deliver a complete overview of this lively field. It first clarifies the
significant role that mobile ad hoc systems play in the development of
upcoming wireless machinery. Then, it reviews the latest investigation
113
activities in these areas of MANETs characteristics, abilities and
applications.
Secure services for application and management messages have
proposed in [44], it uses secure message formats, and the processing of
those secure messages, within the Dedicated Short-Range
Communications (DSRC) /Wireless Access in Vehicular Environment
(WAVE) organization are definite. The standard covers approach for
securing WAVE organizationcommunications and request messages, with
the concession of vehicle-originating safety communications. It also labels
administrative functions necessary to provision the core safety functions.
For the discovery of mobile nodes [59], the author explored the
possible types of attacks in the physical and communication medium of the
mobile adhoc networks. Neighbor discovery is classified into physical and
communication neighbor discovery. Protocols aiming at communication
ND, which are based on physical ND protocols, often fail to achieve their
objective. This is because these two types of discovery are not equivalent.
At the same time, protocols for communication ND do not fully address the
problem at hand. They are actual only under very specific working
conditions or they do not guaranteeaccuracy in all gears.
114
For the verification of Neighbor position [61,74], there are methods
was dealt in the setting of ad hoc and instrument networks; though, existing
Neighbor Position Verificationarrangements often rely on immovable or
mobile trustworthy nodes, which are presumed to be always obtainable for
the verification of the position publicized by third parties. In ad hoc
environments, however, the the pervasive presence of either infrastructure
or neighbor nodes that can be aprioristically important is quite impractical.
For Secure Positioning in Wireless Networks [45], NPV protocol is
proposed which calculate distances for all neighbors, and then commends
that all triplets of nodes encircling a pair of other nodes act as verifiers of
the pair’s positions. This scheme does not rely on trustworthy nodes, but it
is designed for static sensor networks, and requires lengthy multi round
computations involving several nodes that seek consensus on a common
neighbor verification. Furthermore, the resilience of the protocol in to
colluding attackers has not been demonstrated. Static sensor networks [61]
also require several nodes to exchange information on the signal emitted
by the node whose location has to be verified. Moreover, it aims at
assessing only whether the nodes are within a given region or not.
An Improved Security in Geometric Ad Hoc Routing through
Autonomous Position Verification is discussed in [47]. The authors
115
proposed an NPV protocol that allows nodes to validate the position of their
neighbors through local observations only. This is performed by checking
whether subsequent positions announced by one neighbor could draw a
movement over a time in realistic sense. The approach [47] forces a node
to collect several data on its neighbor movements before a decision can be
taken, making the solution unfit to situations where the location information
is to be obtained and verified in a short time span. Moreover, an adversary
can mislead the protocol by simply announcing false positions that follow a
realistic mobility pattern.
The scheme in Secure Location Verification for Vehicular Ad-Hoc
Networks [46] exploits Time-of-Flight (ToF) distance bounding and node
cooperation to mitigate the problems of the preceding solution. The
collaborationis limited to a pair of neighbor nodes, which renders the
protocol ineffective against colluding attackers.
To the difficulties identified, here must be a protocol which is fully
distributed and light weight to solve the verification of node position in
mobile adhoc networks. It would not depend on trustedt nodes and would
be protected from many kinds of attacks.
116
5.3 Two Hop Neighbor Verification Approach
The development of mobile-enabled services increases the access of
location based services where the selection of exact service location and
delivery of the packet to the right destination becomes essential. The
growth of location-based service access has great threat due to the
presence of malicious nodes which can perform various network attacks
like eaves dropping; modification or DDoS attacks and so on, so that the
performance of the network is highly degraded. There are many
approaches has been discussed to verify the location of the nodes, but
suffers from more overhead and poor accuracy. We propose a novel
approach using node duplication method and two hop neighbor discovery
method using which the location of the node can be verified. The source
node performs two hop neighbor discovery to collect the neighbor nodes
and perform node duplication method to verify the location of the node
being selected to route the packet. The proposed method reduces the
overhead introduced by verification procedure and increases the network
performance.
The proposed method has various stages of location verification to
perform routing in an efficient manner. The method has the following
stages namely Two Hop Neighbor Discovery, Node Duplication Method,
117
Location Verification, Energy Efficient Routing. We will discuss each of
them popular detail in this section.
Figure 5.2 Architecture of Two-Hop Neighbor Discovery Approach
Figure 5.2 shows the architecture of two hop neighbor discovery
algorithm based location verification approach. Also Figure5.2 shows the
functional stages in detail.
Packet
Two Hop Neighbor Discovery Based Location Verification Approach
Two Hop NeighborDiscovery
Node DuplicationMethod
Location Verification
Routing
118
5.3.1 Two Hop Neighbor Discovery
The source node generates a two-hop neighbor discovery message
(THND) and broadcast the message. The neighbors located within the
transmission range and the adversary if present. The neighbor genuine
node also performs single-hop neighbor discovery and reply to the set of
neighbors to the source node. What happens here is the neighbor node
collects the location details of their neighbors and replies to the source
node. The collected information is stored in its neighbor table and returned
to the source node. The neighbor node generated the Two hop neighbor
reply (THNR) message and sent to the source node.
Pseudo Code of Two-Hop Neighbor Discovery Algorithm:
Input: Neighbor Table Nt.
Output: Neighbor Table Nt.
Start
generate Two hop neighbor discovery message (THNR).
THNR = {Source ID}.
Broadcast into the network.
Receive THNR.
119
Generate Hello message HM.
HM = {Source ID, Seq.No, TTL}.
Broadcast HM.
Receive HM.
Generate Hello Reply HP.
HP = {Seq.No, Node ID, Loc}.
Generate THNReply.
THNReply =
send Two hop neighbor reply to the source node.
Receive Neighbor Reply Np.
Extract Neighbor details from thereply.
Nt =
Stop.
The two hop neighbor discovery algorithm collects the neighbor and
their neighbor information and adds it to the neighbor matrix.
120
Figure 5.3 Flow Chart of Two-Hop Neighbor Discovery Algorithm
The Figure 5.3 shows the flow chart of two hop neighbor discovery
algorithm and shows the stages in detail.
5.3.2 Node Duplication Approach
The node duplication approach performs the core part of the
proposed method. When the set of neighbors being discovered which has
Start
Generate neighbor discoverymessage
Broadcast request and replymessage
Send hello message
Receive hello reply
Extract neighbor details
Add to neighbor table
Stop
121
location details and node id of a set of nodes we perform the node
duplication approach. Based on the location details of the node for each
node present in the reply, we generated a topology and based on that we
compute the distance between each of the node available in the reply. In
generic case each node in the network has fixed transmission range and
based on that the node which has more occurrences and has duplicate
locations are identified. The identified information is used for performing
location verification in the later stage.
Pseudo Code of Node Duplication Algorithm
Input: Neighbor Table Nt.
Output: Neighbor Table NT.
Start
for each neighbor Ni from Nt
Find common node Cn from Ni(Ni).
Cn =
End
for each common node CN
Compute distance of their first neighbor.
Ndist =
122
End
Identify the node with more distanced.
DN =
Remove Dn from NT.
Return Dn.
Stop.
The node duplication algorithm computes the distance from their first
neighbor and identifies the node with more distance. Based on the
distance, the method removes concern neighbor from the list.
123
Figure 5.4 Flow Chart of Node Duplication Method
The Figure 5.4 shows the flow chart of node duplication method and
shows the stages in detail.
Find Common Nodes
Broadcast request and replymessage
Start
Identify more distancednode
Remove from neighbor table
Stop
For each neighbor
For each commonnode
124
5.3.3 Location Verification Protocol
The location verification is performed by the source node while
choosing a route to transfer the packet toward the destination. The node
first performs the two hop neighbor discovery approach to collect the set of
neighbors located around the source node at a current time. Then by
collecting the neighbor information and their location, we compute the node
duplication method which identifies the fake location details and the nodes
which are present in the entire nodes neighbor list which is not possible in
the mobile ad-hoc network where each node has fixed transmission range.
The node duplication approach performs the location verification in an
easier manner.
Algorithm:
Step1: start
Step2: start discovering neighbor details.
Step3: perform node duplication method.
Step4: returns the result.
5.3.4 Node Duplication Location Verified Routing (NDLVR)
In this approach, the source node first performs neighbor discovery
using two hop neighbor discovery approach. With the discovered neighbors
125
the method invokes the location verification protocol which identifies the list
of fake positions and adversaries in the given neighbor list. With the result
the node generates a route request (ADRR-Adversary disable route
request) message and multicast to all its neighbors other than the
adversary identified. We cannot say surely that the identified adversary is
known to the neighbor so that it attaches the adversary name with the
request. On receiving the request the neighbor also comes to know that the
specific node id is an adversary and will avoid the node while performing
route discovery. The neighbor node verifies the same by sending a hello
message to the adversary which in turn returns a hello reply which confirms
the node is an adversary. If the neighbor has route it sends a reply through
the path followed and otherwise it will send the same to other neighbors.
Finally when a node has a route to reach the destination it sends the reply
to the source node.
Pseudo Code of Node duplication location verification Algorithm
Input: Neighbor Table Nt, packet P.Output: NullStart
Read Neighbor table NT.
126
generate route request ADDR.
ADDR = {seq.no, ADNAM, Source, Dest,TTl}.
multicast ADDR to neighbors.
Receive ADDR by neighbors.
Lookup the Destination in Neighbor table Nt.
If found send a reply to the source.
Else
Forward the route request to other neighbors than the ADNAM.
Receive Reply.
Forward reply.
End.Stop
The node duplication based location verification algorithm collected
the two hop neighbor details and based on that the algorithm verifies the
location of the nodes to improve the performance of mobile ad-hoc security
protocols.
127
Figure 5.5 Flow Chart of Node Duplication Location Verification
The Figure 5.5 shows the flow chart of node duplication location
verification and shows the stages of verification in detail.
Start
Read neighbor table
Generate route request andbroadcast
Receive address from neighbors
Lookup in neighbor tables
Send reply to source
Forward request to otherneighbor
Stop
128
5.4 Conclusion
We proposed a two-hop neighbor discovery with node duplication
method to perform location verification. The proposed method collects the
set of neighbors and their neighbors which have the location information of
neighbor discovered. Using the location details of the two-hop neighbors,
we compute the duplication method to identify the presence of duplicate
nodes in the entire nodes neighbor list which shows the presence of
adversary around the source node. The method performs route discovery
with the identified adversary node and by receiving the request, the
neighbors performs route discovery and avoids sending the request to the
identified fake node or adversary node. The neighbors do not simply avoid
the adversary node and itself will perform one hop neighbor discovery
where the adversary will produce its location or reply. The proposed light
weight location verification protocol reduces the overhead introduced by
other methods. This also reduces the traffic introduced in the base station
in verification process as designed in our previous one step verification
approach. The proposed method improves the accuracy of location
verification and reduces the time complexity also.
129
CHAPTER – 6
RESULTS AND DISCUSSION
To improve the security performance in mobile ad-hoc networks the
author has discussed different approaches in this thesis. Each approach
has been implemented and evaluated for its efficiency in different
simulation scenarios. Towardamount the presentation of the planned
methods the following simulation setups have been used. The details of
simulation parameter are given below:
Simulation Parameter Value
Simulator Used NS2
Number of Nodes 200
Transmission Range 100 Meters
Simulation Time 5 Minutes
Table 6.1 Details of Simulation Parameters
Table 6.1 shows the details of simulation being used to evaluate the
performance of different protocols designed. Each protocol has been
validated for its efficiency under different network conditions.
130
6.1A Light Weight Location Verification Protocol based on behavior
learning process for Mobile Adhoc Networks (LLV)
The light weight location verification protocol has been implemented
and the method learns the behavior of the nodes. The proposed system
produces very good results and it has been tested with a large number of
nodes and a large number of adversary nodes.
0102030405060708090
100
Secure Location NPV LLV
Adv
ersa
ry D
etec
tion
Acc
urac
y %
Adversary Detection Accuracy
Figure 6.1 Adversary Detection Accuracy between Existing method
and LLV
The Figure 6.1 shows that the accuracy of adversary detection
produced by different existing methods. The result shows that the proposed
behavior learning process has produced higher adversary detection
accuracy than Secure Location and NodePositionVerification.
131
80
85
90
95
100
Secure Location NPV LLV
Lat e
ncy
Ra
t io
in m
ill
i se
con
ds Latency Ratio
Figure 6.2 Latency Ratio Produced By Existing Method and LLV
Figure 6.2 shows the comparison of latency introduced by different
methods and it shows clearly that the proposed method has lower latency
ratio than other methods.
Figure 6.3 Displacement Allowed according to transmission range
Displacement Ratio
132
Figure 6.3 shows the result produced by the proposed system and
the average displacement allowed with the proposed system according to
the transmission range.
Figure 6.4 Traffic introduced by Existing SL, NPV and LLV Methods
Figure 6.4 shows the traffic introduced by proposed LLV and existing
Secure Location and Node Position Verification algorithm for the
verification process. The consequencesdemonstrations that our practice
introduces only slight traffic compare to other schemes.
133
Figure 6.5 Security Performance Produced by Existing SL, NPV and
LLV Methods
Figure 6.5 shows the comparison of security performance produced
by different methods and it shows clearly that the proposed method has
produced higher security performance than other methods.
Figure 6.6 Throughput Performance by Existing SL, NPV and
LLV Methods
134
Figure 6.6 shows the comparative result on throughput produced by
various methods and it shows clearly that the proposed LLV method has
produced higher throughput than other methods.
6.2Secure Discovery Scheme and Minimum Span Verification ofNeighbor Locations in Mobile Adhoc Networks(SDS)
The proposed Secure Discovery Scheme (SDS) and Minimum Span
Verification of Neighbour Locations have also been implemented and
tested for its efficiency with various parameters of network performance.
The proposed SDS approach produces very good results and this has been
tested with a large number of nodes and a large number of adversary
nodes.
Figure 6.7Adversary Detection Accuracy produced by SL, NPV, LLV
and SDS
135
Figure 6.7 shows the comparison of adversary detection accuracy
and it shows clear that the proposed method has produced higher accuracy
in detection of accuracy.
Figure 6.8 Network overhead introduced by SL, NPV, LLV and SDS
Figure 6.8 shows the network overhead introduced by different
methods in performing location verification. It shows that the proposed
methodology introduces little network overhead compared with other
methods.
136
.Figure 6.9 Time Complexity introduced by SL, NPV, LLV and SDS
Figure 6.9 shows the comparison of time complexity introduced by
various methods in location verification and it shows clearly that the
proposed method has produced less time complexity than Secure Location
and NPV.
Figure 6.10 Comparison of Latency Ratio Produced by SL, NPV, LLVand SDS
137
The Figure 6.10 shows the comparison of latency introduced by
different methods and the result shows that the proposed method has
produced less latency than other methods.
Figure 6.11 Displacement Allowed by SL, NPV,LLV and SDS according
to Range
The Figure 6.11 shows the result produced and the average
displacement allowed by the proposed system with respect to the
transmission range.
138
Figure 6.12 Traffic introduced by SL, NPV,LLV and SDS
The Figure 6.12 shows the traffic introduced by
NodePositionVerification algorithm with our methodology. The results show
that our methodology introduces only a little trafficcompare to other
systems.
Figure 6.13 Comparison of Security Performance Produced by SL,NPV, LLV and SDS
139
The Figure 6.13 shows the comparison of security performance
produced by different methods and it shows clearly that the proposed
method has produced higher security performance than other methods.
Figure 6.14 Comparison of Throughput Performance Produced by SL,NPV, LLV and SDS
The Figure 6.14 shows the comparative result on throughput
produced by various methods and it shows clearly that the proposed
method has produced higher throughput than other methods.
6.3 Two Hop Neighbor Discovery Based Location Verification Protocol
for Mobile Adhoc Network Using Node Duplication Method
The proposed two hop neighbor discovery with node duplication
approach has been implemented and tested for its efficiency. The
plannedtechnique has produced effectualconsequences in all the factors of
140
MANET routing. The method has produced higher resistance in adversary
node identification and has produced a higher rate of detection.
Figure 6.15 Adversary Detection Accuracy produced by SL, NPV, LLV
and NDLVR
The Figure 6.15 shows the comparison of adversary detection
accuracy and it shows clear that the proposed method has produced higher
accuracy in detection of accuracy.
141
0
5
10
15
20
25
30
35
10 20 30 40 50 100 200
Ne
t wo
r k o
ve
r he
ad
in
byt e
sOverhead of adversary detection
Secure Location
NPV
LLV
NDLVR
Number of Adversariesge
Figure 6.16 Network overhead introduced by SL, NPV, LLV and
NDLVR
The Figure 6.16 shows the network overhead introduced by different
methods in performing location verification. The results show that our
methodology introduces only little network overhead compared with other
systems.
0
100
Secure LocationNPV
LLVNDLVR
Tim
e C
om
pl e
xi t
y in
ms
ec
Time Complexity
Figure 6.17 Time complexity introduced by SL, NPV, LLV and NDLVR
142
The Figure 6.17 shows the comparison of time complexity introduced
by various methods in location verification and it shows clearly that the
proposed method has produced less time complexity than others.
Figure 6.18 Comparison of Latency Ratio introduced by SL, NPV, LLV
and NDLVR
The Figure 6.18 shows the comparison of latency introduced by
different methods and the result shows that the proposed method has
produced less latency than other methods.
143
Figure 6.19 Displacement Allowed by SL, NPV, LLV and NDLVR
according to Range
The Figure 6.19 shows the result produced by the proposed system
and the average displacement allowed with the proposed system according
to the transmission range.
0
2
4
6
8
10
12
14
Traf
fic
in b
yt e
s
Traffic Ratio
Secure Location
NPV
LLV
NDLVR
Transmission Rangege
Figure 6.20 Traffic introduced by SL,NPV, LLV and NDLVR
Displacement Ratio
144
The Figure 6.20 shows the traffic introduced by existing SL, NPV
algorithm with our methodology. The results show that our methodology
introduces only a little trafficcompare to other systems.
0
10
20
30
40
50
60
70
80
90
100
Secure Location NPV LLV NDLVR
Secu
r ity
Pe
r fo
r ma
nce
%
Security Performance
Figure 6.21 Security Performance introduced by SL, NPV, LLV and
NDLVR
The Figure 6.21 shows the comparison of security performance
produced by different methods and it shows clearly that the proposed
method NDLVR has produced higher security performance than other
methods.
145
0
50
100
SecureLocation
NPVLLV
NDLVR
Thr o
ug
hp
ut
Per f
or m
an
ce % Throughput Performance
Figure 6.22 Throughput Performance introduced by SL, NPV, LLV and
NDLVR
The Figure 6.22 shows the comparative result on throughput
produced by various methods and it shows clearly that the proposed
method has produced higher throughput than other methods.
6.4 Conclusion
The author has proposed three different methods to improve the
throughput rate and security performance in mobile ad-hoc networks. Each
method has been evaluated for its efficiency in various parameters. The
results produced by the method have been verified with the results
produced by other methods. The result shows clearly that the proposed
approach has improved the performance of security in mobile ad-hoc
networks.
146
CHAPTER-7
CONCLUSION AND FUTUREWORK
The problem of security in mobile ad-hoc network has been
discussed in different research articles and the security in mobile ad-hoc
network has been affected by false location. The malicious nodes present
false locations to the source node to get participated in data transmission.
By participating in the data transmission the malicious node performs
various malicious activities. To overcome the issue of security the author
has proposed different approaches in this thesis.
First the author proposed a light weight verification protocol which
learns the behavior of nodes. At each cycle the source node sends the
information about the transmission and the route in which the data has
been transmitted. At the verification stage the base station looked for the
incomplete transmission and based on that the method identifies the
presence of malicious node. We recycled one step Verification process,
which is a smaller amount time in controllable and we collect conduct of the
nodes occasionally, so that smooth if there are many numbers of
opponents present in the system we could classify easily with the help of
one step verification process. The behavior collection helps us to increase
the performance and throughput of the overall network, because the
forwarding node selection implies the performance of the overall system.
Even though the behavior collection introduces little network overhead for
6%, it reduces the time of verification and heaviness of computing
signature and using multiple solutions for the identification and confirmation
process, thus recovers the efficiency of the general network.
147
To reduce the overhead, the author proposed the second method
secure neighbor discovery scheme, which uses proactive and reactive
details of the neighbor nodes to compute a group G, where a set of nodes
get selected according to the location details. From the group of nodes G, a
single node will be selected for the forwarding phase whose location will be
verified with the base station using some simple verification protocol. The
verification protocol uses the proactive and reactive details to verify the
location of the mobile node. The proposed method has more advantages
that the neighbor discovery is done with little overhead by the source node
and only the verification process engage with the base station.
The Third approach is about using two-step verification process. The
method collects the set of neighbors and their neighbors which have the
location information of neighbor discovered. Using the location details of
the two-hop neighbors, we compute the duplication method to identify the
presence of duplicate nodes in the entire nodes neighbor list which shows
the presence of adversary around the source node. The method performs
route discovery with the identified adversary node and by receiving the
request, the neighbors performs route discovery and avoids sending the
request to the identified fake node or adversary node. The neighbors do not
simply avoid the adversary node and itself will perform one hop neighbor
discovery where the adversary will produce its location or reply. The
proposed two hop neighbor discovery protocol reduces the overhead
introduced by other methods. This also reduces the traffic introduced in the
base station in verification process as designed in our previous one step
verification approach. The proposed method improves the accuracy of
location verification and reduces the time complexity also.
148
All the method has been produced efficient results in different
parameters of MANET security. Further the research can be carried out by
adapting various other protocols which consider the neighbor conditions
and traces.
149
REFERENCES
JOURNALS
1. D.E.Denning, “An Intrusion-Detection Model,” IEEE Transactions on
Software Engineering, 1987, vol.13 (2), pp. 222–232.
2. L.T.Heberlein, et.al., “A Network Security Monitor,” Proceedings of the
IEEE Computer Society Symposium on Research in Security and
Privacy, 1990, pp. 296–304, Oakland, Calif, USA, .
3. S.Deering, “ICMP Router Discovery Messages”, Internet Request for
Comments (RFC 1256), 1991.
4. Z.Grossman, et.al., “Tuning of Activation Thresholds Explains
Flexibility in the Selection and Development of T Cells in the Thymus,”
Proceedings of the National Academy of Sciences of the United States
of America, 1996, vol. 93 (25), pp. 14747–14752.
5. S. Das,et.al., “Comparative performance evaluation of routing
protocols for mobile ad hoc networks”, IEEE Proceedings Seventh
International Conference Computer Communications and Networks,
1998.
6. J.Kim, et.al., “The Artificial Immune Model for Network Intrusion
Detection,” Proceedings of the 7th European Conference on Intelligent
Techniques and Soft Computing (EUFIT '99), 1999.
150
7. L.N.De Castro, et.al., “The Clonal Selection Algorithm with Engineering
Applications,” in Proceedings of Genetic and Evolutionary Computation
Conference (GECCO '00), 2000, pp.36–39.
8. Gil.T.M, et.al., “Multops: A Data Structure for Bandwidth Attack
Detection,” Proceedings of the 10th USENIX security symposium,
washington, 2001, pp.23-38.
9. J.Kim, et.al., “Towards an Artificial Immune System for Network
Intrusion Detection: An Investigation of Clonal Selection with a
Negative Selection Operator,” Proceedings of the Congress on
Evolutionary Computation(CEC '01), 2001, pp. 1244–1252.
10. NICHOLS, R. K., et.al., “ Wireless Security Models, Threats, and
Solutions”. McGraw–Hill, ISBN: 0-07-138038-8, 2002
11. Dipankar Dasgupta,et.al., “An Immunity-Based Technique to
Characterize Intrusions in Computer Networks,” IEEE Transactions on
Evolutionary Computation, 2002, vol. 6 (3), pp. 281–291.
12. Dipankar Dasgupta,et.al., “Anomaly Detection in Multidimensional Data
Using Negative Selection Algorithm,” Proceedings of the Congress on
Evolutionary Computation (CEC '02), 2002, vol. 2, pp. 1039–1044.
13. J. Kim, et.al., “A Model of Gene Library Evolution in the Dynamic
Clonal Selection Algorithm,” Proceedings of the 1st International
151
Conference on Artificial Immune Systems (ICARIS '02), Canterbury,
UK, 2002.
14. Mirkovic.J, et.al., “Attacking DDoS at the Source,” 10th IEEE
International conference on network protocols, 2002, pp. 312-321.
15. Chang.D, ”Defending Against Flooding Based DDoS attacks” A
Tutorial, 2002.
16. Dean.D, et.al., “An Algebraic Approach to IP Traceback,” ACM
transactions on information and system security, 2002, vol.5 (2),
pp.119-137.
17. Edward Cheung, “LAN / WAN Technologies”, The Hong Kong
Polytechnic University Industrial Centre, LAN WAN.ppt, 2003.
18. Humayun Bakht, “The history of mobile Ad hoc networks”, Computing
unplugged magazine, 2003.
19. U.Aickelin, et.al., “Danger theory: the Link between AIS and IDS?”
Artificial Immune Systems, Springer, 2003, vol. 2787, pp.147–155.
20. Belenky.A et.al.,, “IP Traceback with Deterministic Packet Marking,”
IEEE communication,2003, vol. 7 (4), pp. 162-164.
21. Feinstein.L, et.al., “Statistical approaches to DDoS attack detection
and response,” Proceedings of DARPA Information survivability
conference and exposition, Washington DC, 2003, pp. 303-314.
152
22. Mirkovic.P, et.al., “Coordinated suppression of simultaneous attacks”,
Proceeding of third DARPA information survivability conference,
pp.2-3, 2003.
23. Papadopoulos.C, et.al., “Coordinated suppression of simultaneous
attacks,” Proceedings of the DARPA information survivability
conference and exposition, Vol. 2, Washington, pp. 2-13, 2003.
24. I. STAMOULI. “Real-time intrusion detection for ad hoc networks”,
Master's thesis, University of Dublin, 2003.
25. Weichao Wang, et.al., "Visualization of wormholes in sensor networks”,
WiSe ’04: Proceedings of the 2004 ACM workshop on Wireless
security, pp. 51–60, 2004.
26. Christos.D,et.al., “DDoS attacks and defense mechanisms, A
classification and state of art”, Science Direct, vol.44 (5), pp: 643-656,
2004.
27. Lingxuan Hu, et.al., “Using directional antennas to prevent wormhole
attacks”, Symposium on Network and Distributed Systems Security
(NDSS), 2004.
28. Peng.T, et.al., “Detecting distributed denial of service attacks using
source IP address monitoring”, Proceedings of the 3rd International
networking conference, Athens , pp 771-782, 2004 .
153
29. Mirkovic.J, et.al., “A taxonomy of DDoS attack and DDoS defense
mechanisms,” ACM SIGCOMM computer communications review,
2004, vol. 34 (2), pp. 39-53.
30. Z.Ji, et.al., “Real-valued negative selection algorithm with variable-
sized detectors,” Genetic and Evolutionary Computation-GECCO
Springer, 2004, pp. 287–298.
31. Lingxuan Hu, et.al., “Using directional antennas to prevent wormhole
attacks”, Symposium on Network and Distributed Systems Security
(NDSS), 2004.
32. Weichao Wang., et.al., “Visualization of wormholes in sensor
networks”, WiSe 04: Proceedings of the 2004 ACM workshop on
Wireless security, 2004, pp. 51–60, New York, NY, USA.
33. F.Liu, et.al.,, “Intrusion detection based on immune clonal selection
algorithms,” AI 2004: Advances in Artificial Intelligence, Springer, 2004
vol. 3339, pp. 1226–1232.
34. S.Cayzer, et.al., “What have gene libraries done for AIS?”Artificial
Immune Systems, Springer, 2005, vol. 3627 pp. 86–99.
35. T.Li, “An immune based dynamic intrusion detection model,” Chinese
Science Bulletin, 2005, vol. 50(22), pp. 2650–2657.
154
36. Alessandro Armando, et.al., “The AVISPA tool for the automated
validation of internet security protocols and applications”, Proceedings
of CAV’ 2005, Springer-Verlag, 2005, pp. 281–285.
37. LeventeButtyan, et.al., “Statistical wormhole detection in sensor
networks”, Springer, 2005, vol. 3813, pp. 128–141.
38. J.Greensmith, et.al., “Introducing dendritic cells as a novel immune-
inspired algorithm for anomaly detection,” in Artificial Immune Systems,
Springer, 2005, vol.3627, pp:153–167.
39. J.Kim, et.al., “Danger is ubiquitous: detecting malicious activities in
sensor networks using the dendritic cell algorithm,” in Artificial Immune
Systems, Springer, 2005 vol. 3627, pp: 153–167.
40. Alessandro Armando, et.al., “The AVISPA tool for the automated
validation of internet security protocols and applications”, Springer,
2005, vol. 3813, pp: 128–141.
41. Lakhina.A, et.al., “Mining anomalies using traffic feature distributions,”
ACM SIGCOMM Computer communication review, 2005, vol. 35(4),
pp. 217-228.
42. Freiling.F, “Botnet tracking exploring a root cause methodology to
prevent DDoS attacks,” Computer security 2005, Milan, 2005, pp. 319-
335.
155
43. Bing Wu,et.al.,” A Survey on Attacks and Countermeasures in Mobile
Ad Hoc Networks”, Springer, 2006
44. 1609.2-2006: IEEE Trial-Use Standard for Wireless Access in
Vehicular Environments - Security Services for Applications and
Management Messages, IEEE, 2006.
45. S.Capkunet.al., “Secure Positioning in Wireless Networks,” IEEE
J.Selected Areas in Communication, 2006, vol. 24(2), pp. 221-232.
46. A.Vora et.al., “Secure Location Verification Using Radio Broadcast,”
IEEE Trans. Dependable and Secure Computing, 2006, vol. 3(4), pp.
377-385.
47. T.Leinmu ller, et.al., “Improved Security in Geographic Ad Hoc Routing
through Autonomous Position Verification,” Proceedings ACM Third
International Workshop Vehicular Ad Hoc Networks (VANET), 2006.
48. www.baam.boun.edu.tr/news&events/seminar%20ppt/Evren_NETLAB
_2006.ppt, 2006
49. Larry L. Peterson, et.al, “Computer Networks: A Systems Approach”,
Elsevier, 2007
50. J.Kim, et.al., “Immune system approaches to intrusion detection—a
review,” Natural Computing, 2007, vol. 6(4), pp. 413–466.
156
51. J.Hwang, et.al., “Detecting Phantom Nodes in Wireless Sensor
Networks,” Proceedings IEEE INFOCOM, 2007
52. J.Zeng, et.al., “A feedback negative selection algorithm to anomaly
detection,” in Proceedings of the 3rd International Conference on
Natural Computation (ICNC '07), 2007, pp. 604–608.
53. Kasper Bonne Rasmussen et.al., “Implications of radio fingerprinting
on the security of sensor networks”. International Conference on
Security and Privacy for Emerging Areas in Communications Networks
(SecureComm), 2007.
54. Gelenbe.E et.al., “A self-aware approach to denial of service defence”
Computer networks, 2007, pp 1299-1314.
55. Ritesh Maheshwari, et.al., “Detecting wormhole attacks in wireless
networks using connectivity information”, IEEE Conference on
Computer Communications INFOCOM, 2007.
56. Radha Poovendran, et.al.,“A graph theoretic framework for preventing
the wormhole attack in wireless ad hoc networks” 2007, vol 13, pp. 27–
59, Hingham, MA, USA.
57. Chen.Y, et.al., “Collaborative detection of DDoS attacks over multiple
network domains,” IEEE transaction on parallel and distributed
systems, 2007, vol. 18, No. 12, pp. 1649-1662..
157
58. Chen.Z, et.al., “An inline detection and prevention framework for DDoS
attacks.” Computer Journal, 2007, pp 27- 40.
59. P.Papadimitratos, et.al., “Secure Neighborhood Discovery:A
Fundamental Element for Mobile Ad Hoc Networks,” IEEE Comm.
Magazine, 2008, vol. 46(2), pp. 132-139.
60. M.Poturalski, et.al., “Secure Neighbor Discovery in Wireless Networks:
Formal Investigation of Possibility,” Proceedings ACM Symposium.
Information, Computer and Communication Security (ASIACCS), 2008.
61. S.Capkun, et.al., “Secure Location Verification with Hidden and Mobile
Base Stations,” IEEE Trans. Mobile Computing, 2008, vol. 7(4), pp.
470-483.
62. Joshi.R.C, et.al., “An ISP level solution to combat DDoS attacks using
combined statistical based approach,” International journal of
information assurance and security, 2008 vol. 3, No. 2, pp. 102-110.
63. S.T.Powers, et.al., “A hybrid artificial immune system and Self
Organising Map for network intrusion detection,” Information Sciences,
2008, vol. 178(15), pp. 3024–3042.
64. Asha Nagesh, “Distributed network forensics using jade mobile agent
framework, 2008.
158
65. E.Ekici, et.al., “Secure Probabilistic Location Verification in Randomly
Deployed Wireless Sensor Networks,” Elsevier Ad Hoc Networks,
2008, vol. 6, no. 2, pp. 195-209.
66. T.Anantvalee et.al., “A Survey on Intrusion Detection in Mobile Ad Hoc
Networks,” in Wireless/Mobile Security. New York: Springer- Verlag,
2008.
67. M.T.Thai, et.al., “On Detection of malicious Users Using Group Testing
Techniques,” Proceedings International Conference Distributed
Computing Systems (ICDCS), 2008.
68. S.Khattab, et.al., “Live Baiting for Service-Level DoS Attackers,”
Proceedings IEEE INFOCOM, 2008
69. M.Poturalksi, et.al., “Towards Provable Secure Neighbor Discovery in
Wireless Networks,” Proceedings Workshop Formal Methods in
Security Engineering, 2008.
70. J.H.Song, et.al., “Secure Location Verification for Vehicular Ad-Hoc
Networks,” Proceedings IEEE Globecom, 2008.
71. V.C.Gungoret.al., “Industrial wireless sensor networks: Challenges,
design principles, and technical approach,” IEEE Transaction. Ind.
Electron., 2009, vol. 56(10), pp. 4258–4265.
159
72. R. R. Mudholkar, et.al.,”On-Demand Routing In Multi-Hop Wireless
Mobile Ad Hoc Networks”, Thesis, Department of Electronics, Shivaji
University, Kolhapur, 2009
73. J.Yang, et.al., “Distributed agents model for intrusion detection based
on AIS,” Knowledge-Based Systems, 2009, vol. 22(2) pp. 115–119,
2009.
74. J.Chiang, et.al., “Secure and Precise Location Verification Using
Distance Bounding and Simultaneous Multilateration,” Proceedings
Second ACM Conf. Wireless Network Security (WiSec), 2009.
75. Min.A.W, “Attack tolerant distributed sensing for dynamic spectrum
access networks, IEEE conference on network protocols, 2009.
76. Liu.J, et.al., “Botnet classification, attacks, detection, tracing, and
preventive measures,” EURASIP Journal, Wireless communications
and networking, 2009, vol. 2009, pp.11.
77. Gupta.B.B, et.al., “Defending against DDoS attacks: Issues and
challenges,” Information security journal: A global perspective, 2009,
vol. 18, No. 5, pp. 224-247.
78. Chen C.L, “A new detection method for distributed denial of service
attack traffic based on statistical test”, Journal of universal computer
science 15, 2009, pp 488-504.
160
79. Pravin Ghoasekar, “Mobile Ad Hoc Networking: Imperatives and
Challenges”, IJCA Special Issue on Mobile Ad-hoc Networks MANETs,
2010.
80. S.X.Wu, et.al.,, “The use of computational intelligence in intrusion
detection systems: a review,” Applied Soft Computing Journal, 2010,
vol. 10, no. 1, pp. 1–35.
81. V.D.Kotovet.al., “Immune model based approach for network intrusion
detection,” Proceedings of the 3rd International Conference on
Security of Information and Networks (SIN '10), 2010, pp. 233–237.
82. P.S.Andrews et.al., “Tunable detectors for artificial immune systems:
from model to algorithm,” Bioinformatics for Immunomics, Springer,
New York, NY, USA, 2010 vol. 3, pp. 103–127.
83. Vokorokos.L, “ Host Based Intrusion Detection System”, Intelligent
Engineering Systems (INES), 2010, pp. 43 – 47.
84. W. Tang, et.al., “Avidity-model based clonal selection algorithm for
network intrusion detection,” in Proceedings of the IEEE 18th
International Workshop on Quality of Service (IWQoS '10), 2010, pp.
1–5.
85. Nguyen.H et.al,“ Proactive detection of DDoS attacks utilizing k-NN
classifier in an anti-DDoS framework.”, International journal of
161
electrical, computer, and systems engineering, 2010, vol. 4, pp. 247–
252,.
86. Liu.Y, et.al., “DDoS attack detection based on neural network,”
Proceedings of IEEE 2nd international symposium on aware
computing, pp.196-199, 2010.
87. Chi Chun.L "A cooperative intrusion detection system framework for
cloud computing networks,", in parallel processing workshops, 39th
International conference, 2010, pp 280-284.
88. Medina.A., et.al., ”A performance model of neighbor discovery in
proactive routing protocols”, Prof. ACM PE-WASUN, 2010, pp. 66–70.
89. R. R. Mudholkar, et.al.,”On-Demand Routing In Multi-Hop Wireless
Mobile Ad Hoc Networks”, Thesis, Department of Electronics, Shivaji
University, Kolhapur, 2009
90. T.S.Sobh, et.al., “A cooperative immunological approach for detecting
network anomaly,” Applied Soft Computing Journal, 2011, vol. 11, pp.
1275–1283.
91. Agarwa, et.al., “Estimating strength of a DDoS attack in real time using
ANN based scheme,” Communications in computer and information
science, Springer, 2011, pp 301-310.
162
92. J. Zeng, et.al “A novel intrusion detection approach learned from the
change of antibody concentration in biological immune response,”
Applied Intelligence, 2011, vol. 35(1), pp. 41–62,.
93. G.Calandriello, et.al., “On the Performance of Secure Vehicular
Communication Systems,” IEEE Transaction Dependable and Secure
Computing, 2011, vol. 8(6), pp. 898-912.
94. M. Fiore, et.al., “Secure Neighbor Position Discovery in Vehicular
Networks,” Proc. IEEE/IFIP 10th Ann. Mediterranean Ad Hoc
Networking Workshop (Med-Hoc-Net), 2011.
95. Xu Li, et.al., “Mobility Prediction Based Neighborhood Discovery in
Mobile Ad Hoc Networks”, Springer, Networking, 2011, vol. 6640,
pp:241-253.
96. Qi.C, “A packet filtering method for DDoS attack defense in cloud
environment", dependable, autonomic and secure computing, IEEE 9th
international conference, 2011, pp. 427- 434.
97. Akbani, et.al., “Mobile ad-hoc network security,” Journal of electrical
engineering, Springer, 2012, vol. 127, pp. 659-666.
98. Katkamwar. et.al., “Securing cloud servers against flooding based
DDoS attacks”, International journal of application or innovation in
engineering & management, 2012, vol 1(3).
163
99. Joshi.B, “Securing cloud computing environment against DDoS
attacks," Computer communication and informatics (ICCCI),
International conference, 2012, pp. 1-5.
100. Haldar.N.A, “An activity pattern based wireless intrusion detection
system information technology, information technology”: New
Generations (ITNG), 2012, pp 846- 847.
101. Gilad.V, et.al., ‘‘LOT: A defense against IP spoofing and flooding
attacks,’’ ACM transaction on information systems, 2012.
102. Gupta B.B, et.al. “ANN based scheme to predict number of zombies
in DDoS attack.” International journal of network security, 2012, vol.
14, pp 36-45.
103. Francois.J, et.al.,“A collaborative protection network for the detection
of flooding DDoS attacks.” IEEE/ACM transaction on networking,
2012 vol. 20, pp.1828-1841.
104. Radu Stoleru, et.al., “Secure Neighbor Discovery and Wormhole
Localization In Mobile Adhoc Networks”, ACM, Adhoc networks,
2012, vol.10(7), pp:1179-1190.
105. Alomari.E, et.al., “Botnet based DDoS attacks on web Servers:
Classification and art,” International journal of computer applications,
2012, vol. 49(7), pp. 24-32.
164
106. L.Peng, et.al., “Dynamically real-time anomaly detection algorithm
with immune negative selection,” Applied mathematics & Information
Sciences, 2013, vol. 7(3), pp. 1157–1163.
107. Elhadi.M, et.al, “EAACK—A Secure Intrusion-Detection System for
MANETs”, IEEE TRANSACTIONS ON INDUSTRIAL
ELECTRONICS, 2013, vol. 60(3).
108. Seon Yeong Han, “An Adaptive Hello Messaging Scheme for
Neighbor Discovery in On-Demand MANET Routing Protocols”, IEEE
Transactions on communication, 2013, vol 17(5), pp-1040-1043.
109. Priyadarshani.K, “Dynamic Neighbor Positioning In Manet with
Protection against Adversarial Attacks”, IJCER, 2013, vol 3(4).
110. M. Fiore, “Discovery and Verification of Neighbor Positions in Mobile
Ad Hoc Networks”, IEEE Transactions on Mobile Computing, 2013,
vol. 12 (2),pp. 289-303.
111. Thilagavathy.S, ”Neighbor node discovery and Trust prediction in
MANETs”, International Journal of Science, Engineering and
Technology Research (IJSETR) , 2013, vol. 2(1).
112. Munivara Prasad et.al., “Discrimination of flash crowd attacks from
DDoS attacks on internet threat monitoring (ITM) using entropy
165
variations”, IEEE African journal of computing, 2013, vol. 6(2), pp. 53-
62.
113. Negi.P, et.al., “ Enhanced CBF packet filtering method to detect
DDoS attack in cloud computing environment,” International journal of
computer science issues, 2013, vol. 10(1), pp 142-146.
114. Lonea.A.M, et.al.,,“DDoS attacks in cloud computing environment,”
International journal of computing and communication, 2013, vol
8(1), pp 70-78.
115. Huang V.S, "A DDoS mitigation system with multi stage detection and
text based turing testing in cloud computing," In advanced information
networking and applications workshops, International conference
2013, pp.655-662.
116. Ismail.M.N, “Detecting flooding based dos attack in cloud computing
environment using covariance matrix approach," Presented at the
proceedings of the 7th international conference on ubiquitous
information management and communication, Kota, Malaysia, 2013.
117. Madhav.K et.al., “DDoS attack detection based on an ensemble of
neural classifier”, International journal of computer science and
network security, 2014, vol.14(7).
166
118. Khandelwal.S "SNMP reflection DDoS attacks on the rise”, The
Hackers News, 2014.
119. Junho.C, et.al., “A method of DDoS attack detection using HTTP
packet pattern and rule engine in cloud computing environment”,
springer, soft computing, 2014, vol. 18(9), pp. 1697-1703.
120. Kanchan.H, et.al., ”Secure network access by flow analysis based
detection against DDoS attack”, International journal of advanced
research in computer science and software engineering, 2014, vol.
4(9).
121. Deepesh.N, et.al., “Detection approach for DoS attack in dynamic
wireless networks,” Journal of electronics and communication
engineering research, 2014, vol. 2, pp: 01-06.
122. Dhruv.A, et.al., “Detection and mitigation of DDoS attack against web
server”, IJEDR, 2014, vol 2(2).
123. FuiFui.W et.al., “A Survey of trends in massive DDoS attacks and
cloud-based mitigations,” International journal of network security &
its applications, 2014, vol.6(3).
124. Anil Kumar Gona, et.al, “Discovery and Verification of Neighbor
Positions in MobileAD HOC Networks”, International Journal of
167
Research Studies in Science, Engineering and Technology, 2014, vol
1(8), PP 1-8.
125. Jeena.J, et.al., “Analysis detection and prevention of users from click
jacking attack using DDoS”, IJEDR, 2015.
126. Khundrakpam Johnson.S, et.al., “A Novel Approach of detection and
mitigation of DDoS attack”,International conference on computer
science, data mining & mechanical engineering ,2015.
127. Khalid.S, et.al., “ A novel botnet detection system to identify resilient
p2p-botnet”, International journal of engineering sciences & research
technology, 2015.
128. Junho.H, et.al., ”Implementation of graphic based network intrusion
detection system for server operation”, International journal of
security and its applications, 2015, vol.9(2), pp 37-48.
129. Galante.J, “Sony network breach shows amazon clouds appeal for
hackers”, 2015.
130. Geerthidevi.K.G, et.al., “Social network based security schema for
botnet detection and prevention”, International journal of engineering
and computer science, 2015, vol. 4(6).
168
131. Ahmed.R et.al., “A defense framework against DDoS in a multipath
network environment”, Scientific research publishing,
Communications and network, 2015, pp 106-116.
132. Andrew.C, et.al.,”Defence for DDoS attacks in cloud computing”
International conference on advanced wireless, information, and
communication technologies, 2015, vol.73, pp. 490-497.
133. Chaitanya.H et.al., “Anomaly based DDoS attack detection”,
International journal of computer applications, 2015, vol. 123, pp.17.
BOOKS
1. C. Siva Ram Murthy et.al., “Ad Hoc Wireless Networks: Architectures
and Protocols”, Prentice Hall communications engineering and emerging
technologies series Upper Saddle River, 2004.
2. Tanenbaum, et.al., “COMPUTER NETWORKS”, Pearson Education,
Inc., publishing as Prentice Hall, 2011
169
LIST OF PUBLICATIONS
International Journals
1. “Two Hop Neighbor Discovery Based Location Verification Protocol for
Mobile Adhoc Network Using Node Duplication Method” in International
Journal of Innovative Research in Engineering & Science, ISSN 2319-
5665, Volume 1, Issue 4, January 2015, pp:25-33
2. “Secure Discovery Scheme and Minimum Span Verification of Neighbor
Locations in Mobile Ad-hoc Networks” in Australian Journal of Basic and
Applied Sciences, AENSI Journals, ISSN:1991-8178 8(2), February
2014, pp: 30-36.[ANNEXURE-II]
3. “A Light Weight Location Verification Protocol Based on Behavior
Learning Process for Mobile Adhoc Networks” in International Journal of
Scientific & Engineering Research, ISSN 2229-5518, Volume 4, Issue
11, November -2013,pp:214-218.
170
Conference
1. Presented a paper titled “An Approach for avoiding Wormhole attacks in
MANET routing using Digital Signature” at a National Conference held at
Maharaja Engineering College for Women, Perundurai, Salem on 2nd
Feb 2013
2. Presented a paper titled “Throughput Rate Controlling in Wireless Adhoc
Network” at an International Conference held at VIT University, Vellore
on Nov 8-9, 2012.
3. Presented a paper titled “End-to-End Packet Delay Minimization with
Energy Efficient in Wireless Adhoc Networks” at an International
Conference held at Mahendra Engineering College, Salem on 29th – 31st
Mar 2012.
4. Presented a paper titled “Improvisation of Throughput for Multichannel
WMNS” in the National level conference conducted by V.M.K.V.
Engineering College, Salem on 11th Mar 2011.