April 7, 2023 1

Neighbor Defense Technique to Mitigate Flood Attack in MANETs

Guided By- Dr. Savita Gandhi & Mr. Nirbhay ChaubeyPrepared By- Naren Tada & Srushti Trivedi

At

Department of Computer Science,Rollwala Computer Centre,

Gujarat University, Ahmedabad-380009

Dissertation Phase-II

April 7, 2023 2

Overview

Introduction to MANETs

Fundamental working of AODV

Types of possible attacks in AODV

About Flood attack

Motivation to prevent Flood attack

Algorithm for Neighbor Defense Technique to Mitigate Flood

Attack (NDT)Flow chart for NDT

Current working status

Future work

April 7, 2023 3

Characteristics•Operating without a central coordinator •Multi-hop radio relaying •Frequent link breakage due to mobile nodes •Constraint resources (bandwidth, computing power…)•Instant deployment

Challenges of Manets•Routing•Security and Reliability•Quality of Service (QoS)•Inter-networking•Power Consumption•Location-aided Routing

Characteristics and Challenges of MANETs

April 7, 2023 4

MANETs Routing Protocols

Reactive Protocols (AODV,DSR,TORA)

•Finds a route on demand

•Flooding the network with Route Request packets

Proactive Protocols (DSDV,OLSR)

•Maintains fresh lists of destinations and their routes

•Periodically distribute routing tables

Hybrid Protocols (ZRP)

•Combines the advantages of proactive and of reactive routing

•Initially established with some proactively prospected routes

•Then serves the demand from additionally activated nodes through

reactive flooding

April 7, 2023 5

Fundamental working of AODV

Reactive/On – demand

Main Two Processes:

1. Route Discovery

2. Route Maintenance

April 7, 2023 6

Merits•Does not need any central administrative system•Reduce the control traffic messages overhead•Reacts relatively fast to the topological changes•Saves storage place as well as energy

Demerits•Can gather only a very limited amount of routing information•A long path is more vulnerable to link breakages and requires high

control overhead•Has no security measures built in•Vulnerable to various kinds of attacks•Two main types of uncooperative nodes: malicious and selfish

Merits & Demerits of AODV

April 7, 2023 7

Types of possible attacks in AODV

Different ways of malicious node to attack

•Sending fake messages several times

•Fake routing information

•Advertising fake links to disrupt routing operations

Blackhole attack

Flooding attack

Link spoofing attack

Wormhole attack

Colluding misrelay attack

A Review of Current Routing Attacks in Mobile Ad Hoc Networks -- Rashid Hafeez Khokhar, Md Asri Ngadi and Satria Mandala

April 7, 2023 8

About Flood AttackLiterature Work

A New Routing Attack in Mobile Ad Hoc Networks -- Ping Yi, Zhoulin Dai, Shiyong Zhang, Yiping Zhong from Department of Computing and Information Technology, Fudan University, Shanghai, China

•The attacker selects many IP addresses which are not in the

networks

•No node can answer RREP packets for these RREQ

•The attacker successively originates mass RREQ messages for

these void IP addresses

•The attacker will resend the RREQ packets without waiting

for the RREP or round-trip time

April 7, 2023 9

Performance Analysis of Flooding Attack Prevention Algorithm in MANETs

-- Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao•All the nodes in an ad hoc network are categorized as friends,

acquaintances or strangers

•A trust estimator -- a function of various parameters

•friends (most trusted), acquaintances (trusted) and strangers

(not trusted)

•Xrs, Xra, Xrf be the RREQ flooding threshold for a stranger,

acquaintance and friend node respectively, Xrf > Xra > Xrs

•Yrs, Yra, Yrf be the DATA flooding threshold for a stranger,

acquaintance and friend node respectively then Yrf > Yra > Yrs

April 7, 2023 10

Flood attack and its consequences The attacker node-1 and node-8

They flood the RREQ messages at particular time interval

Their neighbor nodes don’t know the route to that destination so

rebroadcast RREQ

Attacker constantly inject false

RREQ packets into the network

Due to false generation, attacker

can introduce a new DOS attack

to exhaust the communication

bandwidth and node resource so

that the valid communication

cannot be kept

April 7, 2023 11

Motivation to prevent Flood Attack

AODV is very conservative about sending RREQ packet in network

After sending request packet there is some waiting time for RREP

to come - RREP_WAIT_TIME = 1 second

There is RREQ_RETRIES = 3 for network wide search - after

exceeding this value MAX_RREQ_TIMEOUT = 10 sec

Malicious node will misuse all these properties and flood its own

fake request in network.

If attacker is out of control it will flood the entire network and

degrade the performance of manets very high extent.

Only very reliable method is - not to rebroadcast this fake RREQ by

neighbor.

April 7, 2023 12

Algorithm for Neighbor Defense Technique to Mitigate Flood Attack

(NDT)Two lists are maintained in every node which are neighbor of the requester one is Broody list and RREQ_count table

1. Broody list will keep the record for malicious node which floods the request. Flood Timer has taken for generating Dummy packet by the attackers.

Malicious node 1 idMalicious node 2 idMalicious node 3 id

2. RREQ_count table will keep track of number of request come from each neighbor in particular interval.

RREQ_ID RREQentry TimeStampRequester1 Id 5 0.34566Requester2 Id 1 0.55346

April 7, 2023 13

Timers used in simulation

FloodTimer

• In order to inject FAKE Request packet by malicious node in the

MANETs, used flood timer which is continuously send the

request as value 0.009 sec

CacheTimer

• In order to check Request table entry for the expire time as well

as count for the request to check whether to exceed peak or not

as the value 0.002

April 7, 2023 14

The Algorithm:

if(CacheTimer out)then

Erase RREQ_Count table entries if(RREQester is in broodyList)then

Drop the packet if ((RREQester is neighbor) && (there is no entry in RREQ_Count table))then

Add the RREQentry for this RREQ in RREQ_Count table

if(RREQentry >PickValue)then

Put the RREQester in broodyList!

April 7, 2023 15

Flow chart for NDT(While adding entry in table for receive packet)

If the requester is in broody list?

In Receive Request process

BroodyList(Malicious node

entrys)Drop This packet

yes

No

If the requester is very neighbor?

Do the rest receive request processNo

Is the requester is in RREQ_count

table?Yes

RREQ_count table

Increment the Requester’s entry

in the RREQ_count list

Yes

Add the entry of requester in the

RREQ_count list and increment the count

value of request

No

Stop processing packet

End of adding request entry

April 7, 2023 16

If the Cache Timer time out

Yes

Check the Request count entry’s expiry

time

In Waiting state for event to trigger

Flush the entry of the request count

tableYes

Request count table

Check the entry’s exceed the peakValue?

Put the requester in the

BroodyList

Yes

No

Proceed further

Start

While flushing the Entry in request_count table

April 7, 2023 17

Prerequisite for NDT1. As the detection only done by very neighbor of the attacker, it

can not be possible without enabling the HELLO packet of nodes.

2. Peak_value, Cache interval and Flood interval should be synchronize with each other according to MANET’s nature and application .

Prerequisite for NDT & Current working status

Current working status

1. Implemented flood attack

2. Tested the proposed algorithm(NDT) for small network

3. 4-nodes and 1-node as malicious node .tcl

4. 25-nodes with 1 malicious node and 3 malicious nodes .tcl

5. Reading taken with attack and without attack .awk and .sh

April 7, 2023 18

Simulation SetupNo. Simulation Parameter

Parameter Parameter Value1 Simulator NS-2.332 Simulation Area 1000m X 1000m3 MAC Protocol IEEE 802.114 Mobile Nodes 255 Antenna Type Omni antenna6 Propagation Model Two Ray Ground7 Number of Connections 58 Packet Size 512 byte9 Routing Protocols AODV10 Data Traffic CBR (UDP)11 Simulation Time 100 Sec

12 Number of Malicious Node 1,3

13 Pausetime 0,5,10,15,20 ms14 Flood Interval 0.009 sec15 Cache Interval 0.002 sec16 Peak Value 7(no of request)17 Entry Expiry time CURRENT_TIME + 0.05

April 7, 2023 19

Simulation Setup - 25 nodes with 1 malicious node and 5 connections10 Different scenarios with pause time – 0, 5, 10, 15 and 20 ms

0 5 10 15 2005

101520253035404550

NDTAODVPlainAODV

PDF vs Pause Time

Pause Time

PDF

0 5 10 15 200

1020304050607080

NDTAODVPlainAODV

PDR vs Pause Time

Pause Time

PDR

0 5 10 15 2002468

101214161820

NDTAODVPlainAODV

Avg. Throughput vs Pause Time

Pause Time

Avg

Throughput

0 5 10 15 200

5001000150020002500

NDTAODVPlainAODV

NRL vs Pause Time

Pause Time

NRL

Result_with1_5_25.xls

April 7, 2023 20

Simulation Setup - 25 nodes with 3 malicious nodes and 5 connections10 Different scenarios with pause time – 0, 5, 10, 15 and 20 ms

0 5 10 15 200

102030405060

NDTAODVPlainAODV

PDF vs Pause Time

Pause Time

PDF

0 5 10 15 200

1020304050607080

NDTAODVPlainAODV

PDR vs Pause Time

Pause Time

PDR

0 5 10 15 2002468

101214161820

NDTAODVPlainAODV

Avg. Throughput vs Pause Time

Pause Time

Avg

Throughput 0 5 10 15 20

05000

1000015000200002500030000350004000045000

NDTAODVPlainAODV

NRL vs Pause Time

Pause Time

NRL

Result_with3_5_25.xls

April 7, 2023 21

Simple AODV and NDT without attack

0 5 10 15 20767880828486889092

NDTAODVPlainAODV

PDF vs Pause Time

Pause Time

PDF

0 5 10 15 2002468

101214161820

NDTAODV

PlainAODV

PDR vs Pause Time

Pause Time

PDR

0 5 10 15 203.53.63.73.83.9

44.14.24.34.4

NDTAODVPlainAODV

NRL vs Pause Time

Pause Time

NRL

0 5 10 15 20323334353637383940

NDTAODVPlainAODV

Avg. Throughput vs Pause Time

Pause Time

Avg

Throughput

Result_without_5_25.xls

April 7, 2023 22

Future workStill require to simulate NDT for more number of nodes and

different number of malicious nodesWill add RREP and RERR flooding attackWill prevent RREP and RERR flooding

Further ImprovementsIn order to give complete isolation Broody list should be broadcast

by defense node as early as possible(Raising alarm technique). Packet should be queue for some time in order to prevent early

flow by attacker.(Before detection with early flow detection method)QoS (quality of services)

Conclusion derived from graphsWithout attack and low mobility NDT and Plain works similar.Performance improved in all parameter in NDT with attack.Drastic change in graph can be seen due to flow leak in NDT

because of overhead.

April 7, 2023 23

Disadvantage of NDT1. According to Peak_value of network maintain by each node, sloppy

attack still be possible if attacker has chosen flooding interval little bit large but effective.

2. As the MANETs is very dynamic in nature, topology can still be vary and neighbour of attacker will be changed, flow can be leaked and flood can be possible until the new neighbour find the attacker.

Advantage of NDT 1. The attack is defended by very neighbour of attacker2. The list and cache is only maintained by neighbour of attacker for

only some periodic time, after the cache timer out record will be flush.

3. Node will not be isolated completely from network after detection, perhaps it will still be part of the network and can do some cooperation

4. No further impersonation can be made as the neighbour maintains the list malicious node with help of its neighbour list.

April 7, 2023 24

Files changed for proposed algorithm

ns-2.33/aodv/aodv.cc

ns-2.33/aodv/aodv.h

Changed .tcl file

Generated different scenario files for different pause time

April 7, 2023 25

References1. C. Perkins, E. Belding-Royer, S. Das, “RFC3561 of ad hoc on-demand

distance vector (aodv) routing” University of Cincinnati, July 20032. “A Review of Current Routing Attacks in Mobile Ad Hoc Networks” --

Rashid Hafeez Khokhar, Md Asri Ngadi and Satria Mandala from International Journal of Computer Science and Security, volume (2) issue (3)

3. “A New Routing Attack in Mobile Ad Hoc Networks” -- Ping Yi, Zhoulin Dai, Shiyong Zhang, Yiping Zhong, Department of Computing and Information Technology, Fudan University, Shanghai, China, International Journal of Information Technology Vol. 11 No. 2

4. “Performance Analysis of Flooding Attack Prevention Algorithm in MANETs” -- Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao from World Academy of Science, Engineering and Technology, 56, 2009

5. http://elmurod.net/?p=196 “Adding Malicious Node to AODV”

April 7, 2023 26

Thank you !

Questions??