HOP-COUNT BASED ENHANCED COOPERATIVE BAIT DETECTION SCHEME USING PREVENTION OF COLLABORATIVE BLACKHOLE ATTACKS IN MANET

V.Abinaya

RESEARCH SCHOLAR, DEPARTMENT OF COMPUTER SCIENCE, SRI RAMAKRISHNA COLLEGE OF ARTS

&SCIENCE FOR WOMEN COIMBATORE-44.

abinayavelmurugan24@gmail.com

Abstract— A MANET is a collection of mobile nodes connected through wireless networks. MANET can join and leave the network dynamically. However, MANET is particularly vulnerable due to its fundamental characteristics, such as dynamic topology, distributed co-operation, and constrained capability. One main challenge on designing these networks is their vulnerability to security attacks.In this paper the performance of Enhanced collaborative bait detection scheme(EnCBDS) using routing protocol AODV with Black hole attack detection have been analysed using NS2 considering various parameters such as average throughput, energy and end-to-end delay to evaluate its performance.

Keyword: Blackhole attacks, MANET, Enhanced Cooperative Bait Detection Scheme, Ad-Hoc On demand Distance Vector Protocol, hop count, malicious node.

I. INTRODUCTION

A MANET is a collection of mobile nodes connected through wireless networks. Wireless networks are self-creating, self-organizing and self-administering by communicating among their components mobile nodes they inherit from being exclusive.[2] The nodes in MANET themselves are reliable for dynamically discovering other nodes to communicate. This property of the nodes makes the mobile ad hoc networks unpredictable from the point of view of capability and topology. Each node performs their function as a router or host [1].Due to dynamic infrastructure-less nature and lack of centralized monitoring; the ad hoc networks are vulnerable to several attacks. The behavior of network and reliability is compromised by attacks on ad hoc network routing protocols. In MANET security challenges have become a primary concern

Dr. K.Santhi ASSOCIATE PROFESSOR,

DEPARTMENT OF COMPUTER SCIENCE, SRI RAMAKRISHNA COLLEGE OF ARTS &

SCIENCE FOR WOMEN COIMBATORE-44. santhiscs@srcw.org

to provide secure communication[14]. Due to the Mobility of the nodes the situation becomes more even complicated [8]. Routing protocols can be classified into three categories viz., proactive, reactive and hybrid protocols. Many routing protocols such as AODV, OLSR, and DSR etc were developed for MANET. In this study, wormhole attack is compared using AODV and DSR with NS-2 simulator and the result is produced. The Network Simulator-2 is a widely used software tool for MANET. AODV (Ad hoc on-demand distance vector) enables self-configuring, dynamic, multi-hop on-demand routing for mobile wireless ad hoc network. Round Trip Time is defined as which measures the time between data transmission and the receipt of a positive acknowledgment. Path tracing approach is used to find and eliminate the exact misbehaving node in the network[12]. Secured wireless ad hoc is a highly challenging issue.

AODV-It stands for ad-hoc on demand distance vector routing protocol. It is a reactive protocol. It makes the route when it is needed and does not require nodes to maintain the routes to various destinations that are not being used in communication[5]. AODV enables multi- hop routing between participating mobile nodes wishing to establish and maintain an ad- hoc network. AODV is able to provide unicast, multicast and broadcast communication ability[3]. Route tables are used in AODV to store applicable routing information. AODV utilizes both a route table for unicast routes and a multicast route table for multicast routes. The protocol is able to respond to topological changes that affect the active routes in a quick and timely manner.Black Hole Attack-In this attack, a malicious node

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

253

ISSN:2229-6093

uses the routing protocol to advertise itself as having the shortest path to the destination node of the packet that was intercepted[3]. This attack can be easily implemented in AODV during the routing discovery process. Once the forged route has been established the malicious node is able to become a member of the active route and intercept the communication packets. The outcomes of this attack can vary[22]. The malicious node can either stop after inserting the false route information in the network and aim in creating instability and unnecessary network traffic or drop all incoming application packet for the specific destination.

II. RELATED WORK

Jian-Ming Chang et al. [10] presented a CBDS mechanism is that effectively detects the malicious nodes that attempt to launch gray hole/collaborative black hole attacks, using dynamic source routing technique. DSR involves two main processes: route discovery and route maintenance. To execute the route discovery phase, the source node broadcasts a Route Request (RREQ) packet through the network, it will reply with a RREP to the source node. CBDS method implements a reverse tracing technique to help in achieving the stated goal. Simulation results are provided, showing that in the presence of malicious-node attacks, the CBDS outperforms the DSR, 2ACK, and best-effort fault-tolerant routing (BFTR) protocols.

Aneith Kumar et al.[11] discussed Detection of Denial of Service Attacks in MANET. Due to lack of security, the network can be easily affected by several attacks. They are mostly vulnerable to the Denial of Service (DoS) attack because of its features. The new algorithm called reputation based system was developed, which detects and isolates the DoS attack and provides better misbehaviour detection. It uses trust table to favor packet forwarding by maintaining a packet dropping ratio and route id for each node. Thus the node recommendation, PDR and route ID are verified. If the nodes packet dropping ratio value falls below a trust PDR threshold value, the corresponding the intermediate node is marked as malicious node which is caused by means of DoS attack. For reducing the energy consumption of whole network, we focused on two cases i.e., energy consumption of the nodes and routes, link and location stability.

Mohammad Al-Shurman [12] described the “Black Hole Attack in Mobile Ad Hoc Networks”. It presents two possible solutions. The first is to find more than one route to the destination. The second is to exploit the packet sequence number included

in any packet header. Author studied only one node attack to be in the route (not a group of attackers). The group attack for this problem should be studied. Computer simulation shows that compared to the original ad hoc on-demand distance vector (AODV) routing scheme, the second solution can verify 75% to 98% of the route to the destination depending on the pause times at a minimum cost of the delay in the networks.

Bing Wu et al, [13] provided a survey on attacks and countermeasures in MANET. Further defining countermeasures, are the features or functions which eliminate security vulnerabilities and attacks. Author gives an overview of attacks according to the protocols stack. According to the paper there are three ways to categorize the attacks. Firstly security attacks classification which is of two type first is Passive Attacks which consist Eavesdropping, traffic analysis, monitoring. Secondly Active Attack are Jamming, spoofing, modification, replaying, DoS. Secondly classification of attack is according to the protocol stack. All layers in the stack have different attacks individually. MAC layer DoS attacks is to keep the channel busy and the battery life of that node may be drained. By avoiding the nodes that does not have the certificate of authentication the attack is prevented.

Yi Tan et al. [14] presented the open paradigm of cognitive radio networks and lack of proactive security protocols, the IEEE 802.22 networks are vulnerable to various denial-of-service (DoS) threats. Author formulates the problem from both one-stage and a multi-stage scenario. In one-stage scenario, a cooperative game among the malicious nodes is formulated and derives the optimal decision strategy for them. In the multistage case, author propose a discrete-time Markov chain model for the dynamic behavior of both malicious nodes and the 802.22 secondary networks As a result author showed that by taking the coordinated approach, the malicious nodes can obtain as high as 10-15% more net payoff than when they do not cooperate.

Zhenqiang Ye, et al. [15] provided redundancy in terms of providing multiple node-disjoint paths from a source to a destination, proposing a modified version of the popular AODV protocol that allows to discover multiple node-disjoint paths from a source to a destination. According to the author reliable nodes should be placed in the net-work for efficient operations. Simulation results show that the number of node-disjoint paths that can be found between a source and a destination depends on the density of nodes in the network.

Nen-Chung Wang et al. [16] proposed an improved location-aided routing (ILAR) scheme to improve

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

254

ISSN:2229-6093

the efficiency of location-aided routing (LAR) scheme by using the global positioning system (GPS). They also propose a partial reconstruction process that maintains a routing path. When a node on a routing path finds that a link is broken, the node starts the process of routing maintenance. According to author for route discovery a baseline, is the line between the source node and the destination node. The request packet is broadcasted in a request zone based on the baseline to determine the next broadcasting node. The neighbouring node with the shortest distance to the baseline is chosen as the next broadcasting node. Experimental results show that the proposed ILAR scheme good as compared to LAR scheme. It reduces the number of route discovery packets and increase the average route lifetime.

III. ENHANCED COOPERATIVE BAIT DETECTION SCHEME

This paper proposes a detection scheme called the Enhanced Cooperative Bait Detection Scheme (EnCBDS) based AODV hop count[11]. This method is effectively detects the malicious nodes that attempt to launch gray hole/collaborative black hole attack In Enhanced CBDS technique it sends alarm packets to others nodes after detecting the malicious node. So that every node knows about the defective nodes and after that they will not send or receive any packet from malicious node[21]. Adding alarm packet is the Enhanced CBDS technique. It shows better results than the CBDS technique. Following is the enhanced CBDS operations. Enhanced co-operative Bait detection scheme detecting collaborative attacks in MANET. The Bait detection process is invoked based on the hop count value[18]. A hop count value is estimated for each node from the direct observations. When the hop count value of any intermediate node falls below a minimum threshold value, the co-operative Bait detection scheme will be invoked by the source. Moreover if the hop count value of any nodes in the random schedule table becomes low, it will be removed from the table.

The enhanced CBDS scheme comprises three steps: 1) the initial bait step; 2) the initial reverse tracing step; and 3) the shifted to reactive defense step, i.e., the AODV route discovery start process[5]. The first two steps are initial proactive defense steps, whereas the third step is a reactive defense step.

A) Bait Detection

The source node choose the adjacent node within the sense that the address of this node is employed as bait destination address to bait malicious nodes to send a reply RREP message.[11] The adjacent

node is chosen from the random schedule table having latest time stamp value and invokes the bait detection scheme.

The bait setup phase is activated whenever the bait RREQ′ is sent earlier for seeking the initial routing path. The bait analysis procedure is as follows[9].

• If nr node had not launched a black hole attack, then after the source node had sent out the RREQ′, the other nodes has sent the RREP indicates that the malicious node is present in the reply routing. So in order to detect the route a reverse tracing program is initiated.

• If only the 𝑛𝑛𝑟𝑟 has sent the RREP for the RREQ′ from the source node, there was no other malicious node in the network except the nr.

• If both 𝑛𝑛𝑟𝑟 and the other nodes in the network have sent the RREP shows that the malicious node is present in the route reply.

If the 𝑛𝑛𝑟𝑟 does not send the RREP intentionally, then nr would be directly directed into the blackhole list by the source node

Fig 3: Random selection of a Cooperative bait address

B) Reverse Tracing Step

The converse following step is utilized to identify the behaviors of malicious nodes through the route answer to the RREQ' message[8]. On the off chance that a noxious node has gotten the RREQ’, it will answer with a false RREP. Likewise, the reverse tracing operation will be directed for node accepting the RREP, with the objective to deduce

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

255

ISSN:2229-6093

the dubious information and the incidentally trusted zone in the route.

Fig 4: Reverse tracing phase

Initially an address P-list and a route information 𝐾𝐾𝑘𝑘 list is created,

𝑃𝑃 = {𝑛𝑛1 …𝑛𝑛𝑘𝑘 …𝑛𝑛𝑚𝑚 …𝑛𝑛𝑟𝑟}

𝐾𝐾𝑘𝑘 = {𝑛𝑛1 …𝑛𝑛𝑘𝑘}

So when a malicious node 𝑛𝑛𝑚𝑚 , replies with a false RREP, [2]this address P-list is recorded in the RREP. If the node 𝑛𝑛𝑘𝑘 receives the RREP, it will separate the P-list by the destination address n1 of the RREP in the IP field and get the address list 𝐾𝐾𝑘𝑘 = {𝑛𝑛1 …𝑛𝑛𝑘𝑘} , where 𝐾𝐾𝑘𝑘 represents the route information from source node 𝑛𝑛1 to destination node 𝑛𝑛𝑘𝑘 .[6] After that, node 𝑛𝑛𝑘𝑘 determines the differences between the address P-list and𝐾𝐾𝑘𝑘 list.

𝐾𝐾𝑘𝑘′ = 𝑃𝑃 − 𝐾𝐾𝑘𝑘

𝐾𝐾𝑘𝑘′ = {𝑛𝑛𝑘𝑘+1 …𝑛𝑛𝑚𝑚 …𝑛𝑛𝑟𝑟}

𝐾𝐾𝑘𝑘′ is stored in the RREP’s “Reserve field” and then they are reverted to the source node. The source node receives the RREP and the 𝐾𝐾𝑘𝑘′ list of the nodes which received the RREP.[15] In order to ensure that 𝐾𝐾𝑘𝑘′ does not come from the malicious node, the 𝑛𝑛𝑘𝑘 node after receiving the RREP compares

• A. the source address in the IP fields of the RREP;

• B. the next hop of 𝑛𝑛𝑘𝑘 in the 𝑃𝑃 = {𝑛𝑛1, . . . 𝑛𝑛𝑘𝑘 , . . . 𝑛𝑛𝑚𝑚 , . . .𝑛𝑛𝑟𝑟};

• C. one hop of 𝑛𝑛𝑘𝑘 ;

If A is not the same with B and C, then the received Kk

′ performs a forward back. Otherwise, 𝑛𝑛𝑘𝑘 have to just forward back the 𝐾𝐾𝑘𝑘′ that was produced by it. The trusted set T is given by,

𝑇𝑇 = 𝑃𝑃 − 𝑆𝑆

Where S is the Dubious path information

𝑆𝑆 = 𝐾𝐾1′ ∩ 𝐾𝐾2

′ …𝐾𝐾𝑘𝑘′

Reverse Tracing

1.Send RREQ1 2.if ( RREP1 == D true) \\ Here confirmation of the destination 3. System=1; \\ If found node then establishing the link. 4.else 5.if (Time > T1) \\ search till threshold time 6.end process; 7.else 8.send RREQ1 again; 9.end if 10. end if 11. if (W < T1) \\ w = packet delivery ratio drops 12.Send Bait RREQ2 13.else 14.end process 15.end if 16.if (RREP1 == true) 17.race Mech =1 ; \\ Starting the mechanism 18.else 19.end process; 20.end if ; 21.Initiate System; 22.DN detected; 23.DN = black listed; \\ malicious is black listed 24. Ack send to other neighbor nodes

C) Reactive Defense Step

After the above steps, the AODV based DSR route discovery process is activated.[13] When the route is established and if at the destination it is found that the packet delivery ratio significantly falls to the threshold, the detection scheme would be triggered again to detect for continuous maintenance and real-time reaction efficiency.[12] The threshold is a varying value in the range [85%, 95%] that can be adjusted according to the current network efficiency. The initial threshold value is set to 90%.

A dynamic threshold algorithm designed that controls the time when the packet delivery ratio falls under the same threshold[7]. If the descending time is shortened, it means that the malicious nodes are still present in the network. In that case, the threshold should be adjusted upward. Otherwise, the threshold will be lowered.

IV. SIMULATION BASED ANALYSIS This section describes the simulation tool,

parameters and simulation results. The

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

256

ISSN:2229-6093

performance of AODV routing protocols are evaluated on the basis of few performance metrics like throughput, energy and end-to-end delay. Simulations were conducted with the presence of (EnCBDS) based Black hole attack detection in MANET.

A. Simulation Tool In this paper, the simulation of AODV routing

protocols and EnCBDS with black hole Attack is done by using Network Simulator (NS-2) software due to its simplicity and availability. The NS instructions can be used to define the topology structure of the network and the motion of the nodes, to configure the service source and the receiver and to create the statistical data track file [9].

B. Simulation Parameters

TABLE I. SIMULATION PARAMETER

Simulator NS2.35

Routing Protocol AODV

Experiment Area 650m*650m

Mobile Nodes

Deployment

Random

Number of Nodes 50

Number of black hole 0 ~ 2

Type of Data

Communication

Constant Bit Rate

(CBR) Mbps

MAC Layer Protocol 802.11b

Radio Range 250m

Simulation time 50 sec

Traffic Source CBR

Packet Size 512

Mobility Model Random Way point

Node Speed(m/s) 10-50

Pause Time 40 sec

Channel data rate 2 Mbps

C. Simulation Results The impact of changing the speed, with which nodes move in an ad hoc network on the packet delivery ratio. Packet delivery ratio increases with increase in average node speed in RTT approximately 90% which remains almost same for all node speed. The Path Tracing shows a increase

of 30% in delivery ratio when the average node speed increases from 10m/s to 50m/s. Throughput: Throughput is the amount of total

number of packets delivered over the total

simulation time

Table 4.2: Throughput vs. Pause_time

TIME

(Seconds)

Throughput

(pkts)

CBDS EnCBDS

10 150 280

20 250 300

30 350 400

40 450 520

Table 4.2 depicts that the EnCBDS higher throughput than the CBDS that measured by 50 nodes

Fig 4.1: Throughput vs. Pause_Time

The graphical representation of throughput

comparison is shown in the figure 4.1. The graph

shows that the EnCBDS is better than the CBDS.

The capacity of the system is not saturated, and

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

257

ISSN:2229-6093

hence the EnCBDS throughput increases almost

linearly as the workload grow.

Energy Consumption:Energy Consumption is

defined as the average energy consumption on

ideal, sleep, transmits and received divided by the

total energy consumed.

Table 4.3 Energy vs. Pause_time

Pause Time

(sec)

Energy consumption

(Joules)

CBDS EnCBDS

10 25 15

20 30 25

30 40 35

40 45 40

Table 4.3 depicts that the EnCBDS consumes

lesser energy than the CBDS measured by 50 nodes

Fig 4.2: Energy vs. Pause_Time

The graphical representation of energy comparison

is shown in the figure 4.2 The graph shows that the

EnCBDS is better than the CBDS. The proposed

scheme has less energy consumption compared

than existing CBDS.

End to End Delay:The average time taken by a

data packet to arrive in the destination. It also

includes the delay caused by route discovery

process and the queue in data packet transmission.

Only the data packets that successfully delivered to

destinations that counted.

Table 4.3 End to End Delay vs. Pause_time

PAUSE TIME

(Seconds)

DELAY

(msec)

CBDS EnCBDS

10 200 150

20 280 220

30 400 350

40 450 400

Table 4.3 depicts that the EnCBDS minimizes end

to end delay than the CBDS measured by 50 nodes

Fig 4.3: End-to-End Delay vs. PauseTime

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

258

ISSN:2229-6093

The graphical representation of End-to-End delay

comparison is shown in the figure 4.3. The graph

shows that the EnCBDS is better than the CBDS.

The CBDS algorithm has higher mobility which

causes higher frequent link breakages, and leads to

more packet drops. But the EnCBDS algorithm has

lesser mobility so the packet dropping rate is very

less compared to CBDS algorithm.

V. CONCLUSION

In this paper, performance analysis of EnCBDS in

black hole attacks under different scenarios taking

Dynamic threshold based Algorithms are simulated

under NS2. Different performance metrics like

Throughput, Energy and Delay are used for

analysis. Simulation results are based on AODV

routing protocol by varying the number of nodes

simultaneously. It can be concluded that AODV

performs well than that of DSR. EnCBDS

calculation shows best results in throughput, energy

and end-to-end delay than path tracing approach.

References

[1] P.V.Jani, “Security within Ad-Hoc

Networks,” Position Paper, PAMPAS

Workshop, Sept. 16/17 2002.

[2] G.kalpana and Dr.M.Punithavalli,

“Realiable broadcasting using efficient

forward node selection for mobile ad hoc

network”, the international arab journal of

information technology, vol. 9, no.4 july

2012.

[3] C.E.Perkins and E.M.Royer, “Ad-Hoc On

Demand Distance Vector Routing,”

Proceedings of the 2nd IEEE Workshop on

Mobile Computing Systems and

Applictions, pp.90-100, Feb, 1999.

[4] C.M barushimana, A.Shahrabi,

“Comparative Study of Reactive and

Proactive Routing Protocols Performance

in Mobile Ad-Hoc Networks,” Workshop

on Advance Information Networking and

Application, Vol. 2, pp. 679-684, May,

2003.

[5] M.Abolhasan, T.Wysocki, E.Dutkiewicz, “

A Review of Routing Protocols for Mobile

Ad-Hoc Networks,” Telecommunication

and Infromation Research Institute

University of Wollongong, Australia, June,

2003.

[6] G. A. Pegueno and J. R. Rivera, “Extension

to MAC 802.11 for performance

Improvement in MANET”,

KarlstadsUniversity, Sweden, December

2006

[7] S. Lu, L. Li, K.Y. Lam, L. Jia, “SAODV: A

MANET Routing Protocol that can

Withstand Black Hole Attack.,”

International Conference on Computational

Intelligence and Security, 2009.

[8] Jian-Ming Chang, Po-Chun Tsou, Isaac

Woungang, Han-Chieh Chao, and Chin-

Feng Lai, Member, IEEE.“Defending

Against Collaborative Attacks by Malicious

Nodes in MANETs: A Cooperative Bait

Detection Approach” IEEE Systems

Journal,2014

[9] S.B.Aneith Kumar, S.AllwinDevaraj,

S.AllwinDevaraj J. Arunkumar.“Efficient

Detection of Denial of Service Attacks in

MANET” International Journal of

Advanced Research in Computer Science

and Software Engineering, ,Volume 2,

Issue 5, May 2012Bing Wu, Jianmin Chen,

Jie Wu, MihaelaCardei.“A Survey on

Attacks and Countermeasures in Mobile Ad

Hoc Networks” Wireless/Mobile Network

Security, Springer, 2006

[10] Mohammad Al-Shurman, Seong-Moo Yoo,

Seungjin Park. “Black Hole Attack in

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

259

ISSN:2229-6093

Mobile Ad Hoc Networks ” ACMSE’04,

April 2-3, 2004

[11] Yi Tan, ShamikSengupta,Member, IEEE

and K.P. Subbalakshmi,Senior Member,

IEEE. “Analysis of Coordinated Denial-of

Service Attacks in IEEE 802.22 Networks”

August 13, 2010

[12] Kemal Bicakci, BulentTavli, “Denial-of-

Service attacks and countermeasures in

IEEE 802.11 wireless network”

ELSEVIER, 28 september 2008,pp- 931–

941

[13] Zhenqiang Ye, Srikanth V. Krishnamurthy,

Satish K. Tripathi, “A Framework for

Reliable Routing in Mobile Ad Hoc

Networks”, IEEE 2003

[14] Nen-Chung Wang and Si-Ming Wang, “An

Efficient Location-Aided Routing Protocol

for Mobile Ad Hoc Networks” 11th

International Conferenc e on Parallel and

Distributed Systems (ICPADS'05), IEEE

2005

[15] VasilHnatyshin, Malik Ahmed, Remo

Cocco, and Dan Urbano, “A Comparative

Study of Location Aided Routing Protocols

for MANET” IEEE 2011

[16] K. Biswas and Md. Liaqat Ali, “Security

threats in Mobile Ad-Hoc Network”,

Master Thesis, Blekinge Institute of

Technology” Sweden, 22nd March 2007

V Abinaya et al, Int.J.Computer Technology & Applications,Vol 7(2),253-260

IJCTA | March-April 2016 Available online@www.ijcta.com

260

ISSN:2229-6093