ids

Acknowledgement Based Intrusion DetectionSystem in Mobile Ad-Hoc Networks using EAACK

CHAPTER 1

INTRODUCTION

There are currently two variations of mobile wireless networks infrastructure and Infrastructure

less networks. The infrastructured networks, also known as Cellular network, have fixed and

wired gateways. They have fixed base stations that are connected to other base stations through

wires. The transmission range of a base station constitutes a cell. All the mobile nodes lying

within this cell connects to and communicates with the nearest bridge (base station). A hand off

occurs as mobile host travels out of range of one Base Station and into the range of another and

thus, mobile host is able to continue communication seamlessly throughout the network.

Example of this type includes office wireless local area networks (WLANs).

A Network is defined as the group of people or systems or organizations who tend to

share their information collectively for their business purpose. In Computer terminology the

definition for networks is similar as a group of computers logically connected for the sharing of

information or services (like print services, multi-tasking, etc.). Initially Computer networks

were started as a necessity for sharing files and printers but later this has moved from that

particular job of file and printer sharing to application sharing and business logic sharing. These

networks may be fixed (cabled, permanent) or temporary. A network can be characterized as

wired or wireless. Wireless can be distinguished from wired as no physical connectivity between

nodes are needed.

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes, a kind of

a wireless network where the mobile nodes dynamically form a network to exchange information

without utilizing any pre-existing fixed network infrastructure. For a MANET to be constructed,

all needed is a node willing to send data to a node willing to accept data. Each mobile node of an

ad-hoc network operates as a host as well as a router, forwarding packets for other mobile nodes

in the network that may not be within the transmission range of the source mobile node. Each

node participates in an ad-hoc routing protocol that allows it to discover multi-hop paths through

the network to any other node.


The other type of network, Infrastructureless network, is known as Mobile Ad NETwork

(MANET). These networks have no fixed routers. All nodes are capable of movement and can be

connected dynamically in arbitrary manner. The responsibilities for organizing and controlling

the network are distributed among the terminals themselves. The entire network is mobile, and

the individual terminals are allowed to move at will relative to each other. In this type of

network, some pairs of terminals may not be able to communicate directly to with each other and

relaying of some messages is required so that they are delivered to their destinations. The nodes

of these networks also function as routers, which discover and maintain routes to other nodes in

the networks. The nodes may be located in or on airplanes, ships, trucks, cars, perhaps even on

people or very small devices.

Fig 1.1 : Ad Hoc Network

The chief difference between ad hoc networks is the apparent lack of a centralized entity within

an ad hoc network. There are no base stations or mobile switching centers in an ad hoc network.

The interest in wireless ad hoc networks stems from of their well-known advantages for certain

types of applications. Since, there is no fixed infrastructure, a wireless ad hoc network can be

deployed quickly. Thus, such networks can be used in situations where either there is no other

wireless communication infrastructure present or where such infrastructure cannot be used

because of security, cost, or safety reasons.


Ad-hoc networks were mainly used for military applications. Since then, they have

become increasingly more popular within the computing industry. Applications include

emergency search and rescue operations, deployment of sensors, conferences, exhibitions, virtual

classrooms and operations in environments where construction of infrastructure is difficult or

expensive. Ad-hoc networks can be rapidly deployed because of the lack of infrastructure.

1.1 Intrusion Detection System (IDS)

An Intrusion Detection System (IDS) is a device or software application that monitors network

and/or system activities for malicious activities or policy violations and produces reports to a

Management Station. Intrusion prevention is the process of performing intrusion detection and

attempting to stop detected possible incidents. Intrusion detection and prevention systems

(IDPS) are primarily focused on identifying possible incidents, logging information about them,

attempting to stop them, and reporting them to security administrators. In addition, organizations

use IDPSs for other purposes, such as identifying problems with security policies, documenting

existing threats, and deterring individuals from violating security policies. IDPSs have become a

necessary addition to the security infrastructure of nearly every organization.

fig 1.2 : ids in network


IDPSs typically record information related to observed events, notify security administrators of

important observed events, and produce reports. Many IDPSs can also respond to a detected

threat by attempting to prevent it from succeeding. They use several response techniques, which

involve the IDPS stopping the attack itself, changing the security environment (e.g.,

reconfiguring a firewall), or changing the attack’s content.

Hence we need IDS in our regular use of network. as it may protect us from malicious activities

which are invisible to us but they are lightly or severely harmful for us . so IDS is important for

home user, server, workstations, govt security portal etc.

1.3 Characteristics of MANET:

Dynamic Topologies: Since nodes are free to move arbitrarily, the network topology may

change randomly and rapidly at unpredictable times. The links may be unidirectional

bidirectional.

Bandwidth constrained, variable capacity links: Wireless links have significantly lower

capacity than their hardwired counterparts. Also, due to multiple access, fading, noise, and

interference conditions etc. the wireless links have low throughput.

Energy constrained operation: Some or all of the nodes in a MANET may rely on batteries. In

this scenario, the most important system design criteria for optimization may be energy

conservation.

Limited physical security: Mobile wireless networks are generally more prone to physical

security threats than are fixed- cable nets. The increased possibility of eavesdropping, spoofing,

and denial-of-service attacks should be carefully considered. Existing link security techniques

are often applied within wireless networks to reduce security threats. As a benefit, the

decentralized nature of network control in MANET provides additional robustness against the

single points of failure of more centralized approaches.


CHAPTER 2

SYSTEM ANALYSISA Mobile Ad-hoc NETwork (MANET) is an infrastructure-less network consisting of self-

configuring mobile nodes connected by wireless links. Nodes rely on each other to store and

forward packets. The self-configuring ability of nodes in MANET made it popular among critical

mission applications like military use or emergency recovery, network security is of vital

importance However, the open medium and wide distribution of nodes make MANET vulnerable

to malicious attackers. Furthermore, MANETs are highly vulnerable for passive and active

attacks because of their open medium, rapidly changing topology, lack of centralized monitoring.

Encryption and authentication solutions, which are considered as the first line of defense, are not

sufficient to protect MANETs from packet dropping attacks In this case, it is crucial to develop

efficient intrusiondetection mechanisms to protect MANET from attacks. An intrusion detection

system (IDS) is a device or software application that monitors network activities for malicious

activities or policy violations and produces reports to a management station. An intrusion

detection system (IDS) is a device or software application that monitors

network activities for malicious activities or policy violations and produces reports to a

management station. A new intrusion detection system named Enhanced Adaptive

Acknowledgement (EAACK) specially designed for detecting malicious nodes in MANETs,

which provides more secure, valid and authentic data transmission This technique for intrusion-

detection will be used to enhance the proposed system performance merits by reducing the power

consumption, reduced network delays and improved efficiency in MANETs with secure and

authentic data transmission using more efficient hybrid cryptography techniques.

2.1 objectives

The main objectives of the intrusion detection system are as follows

Detecting attacks: Such a system detects security threats and attacks and when they happen,

by providing real-time network monitoring. We will devlope such a system that will easily can


detect the intruders present in the network and would not affect the rest of the network

communication.

Offer information: If this system detects an attack, then it will put forward information about

the attack i.e. which type of attack has been occurred in search for the remedies for such attacks.

Take corrective steps: Once an attack is detected by the system, the active systems also take

measure to tackle the attack and take some corrective or preventive steps..

Storage: It also stores the events either locally or otherwise in case of an attack.

A good system model: It is designed for MANETs which will detect intruders.

2.2 . current FrameworkMany noteworthy contributions are done in area of the wireless networks for intrusion detection

by many researchers.Some of them can be discussed here.

1. Watchdog is used for improving the throughput of network in the presence of malicious nodes.

It detects the misbehavior by listening to the next hop’s node But it has some weaknesses which

are improved in next technologies.

2. The TWOACK is the next IDS which somewhat reduced the shortcomings in watchdog. It

acknowledges every data packet over network between three consecutive links and detects

misbehaving links. It is used to reduce the two limitations of Watchdog technique i.e. receiver

collision and limited power transmission

3. AACK is Acknowledgment based scheme it may be consider as combination system of an

Enhanced TWOACK (E-TWOACK) scheme and End-to- End Acknowledgment scheme. They

also described the AODV protocol and the black hole attacks.


CHAPTER 3

SYSTEM DESIGNThe proposed system will adopt a new hybrid cryptography technique and will help to further

reduce the network overhead and delay. In cryptography, public-key cryptosystems are

convenient in that they do not require the sender and receiver to share a common secret in order

to communicate securely (among other useful properties). However, they often rely on

complicated mathematical computations and are thus generally much more inefficient than

comparable symmetric-key cryptosystems. In many applications, the high cost of encrypting

long messages in a public-key cryptosystem can be prohibitive. A hybrid cryptosystem is one

which combines the convenience of a public-key cryptosystem with the efficiency of a

symmetric-key cryptosystem. Also it will adopt more effective key exchange mechanism to

eliminate the requirement of predistributed keys and reducing the parameters. The architecture of

this system can be shown in the figure given below.

Fig3.1 : The Proposed System Architecture

In the above fig3.1. the acknowledgement system present here is used for acknowledging the

transmission control flow and uses various security techniques for encryption and decryption of

data. The intrusion detection system is used for detecting the malicious nodes present during

http://en.wikipedia.org/wiki/Symmetric-key_cipher

http://en.wikipedia.org/wiki/Public-key_cryptography

http://en.wikipedia.org/wiki/Cryptography


communication in the network and if any malicious or misbehaving node is found it will send the

misbehaving report to the source node otherwise it will directly send the encrypted packet to the

destination node.

fig 3.2:hybrid crypto system

3.1 methodology to be employedA new intrusion detection system flow diagram is designed to detect the malicious nodes present

in the network. It is shown in the following diagram figure 3.3. It is 8 step acknowledgement

plus detection mechanism.

The following steps demonstrates the actual control flow of system during data packet

transmission All these above steps are repeated while sending data packet in between any source

and the destination node.


1. Source node sends request to destination if it is available or not.

2. Destination node sends ACK to source node of it is available.

3. Source requests to destination for its signature for checking is it malicious node or not

4. Destination send its signature to base station

5. Base station verifies the signature

6. Source receives a challenge packet ACK from Destination for signature verification

7. Encrypted data is sent from source to destination.

8. ACK of receipt of data is sent from destination to source.

Fig.3.3: System control flow diagram

3.2 PHASES OF THE PROPOSED IDS

The following are the phases with the help of which we can complete our IDS.

a. Network Formation: In this phase the nodes and their ranges are decided

b. Request/ Response: This helps in sending requests and response between the communicating

nodes and also the acknowledgements.


c. Base Station Request/ Response: This helps in sending requests and response between the base

node and the other node and also the acknowledgements receipt.

d. Data Encryption/ Decryption: It help in encryption or decryption of the data sent through

packets.Various algorithms are present for both encryption and decryption. For this we will use

the more efficient hybrid cryptography algorithm.

e. Result phase: In this phase we will check for the efficiency of our intrusion detection system

on the basis of certain parameters like delay, throughput and energy consumption by the system.

3.3 EXPECTED OUTCOME

Proposed system will adopt an intrusion detection system which helps in secure and authentic

data transmission with low power consumption, reduced network delays and improved efficiency

of MANETs.


conclusionWith IDS techniques that are used in MANETs to trap the intruders in the network. From this

study it is conclude that packet-dropping attack has always been a major threat to the security in

MANETs. The functions of such intrusion detection schemes all largely depend on the

acknowledgment packets. Hence, the proposed IDS may guarantee that,. The acknowledgement

packets are valid and authentic with more secure data packet transmission. and The proposed

IDS system will reduce the energy consumption and delays in network with less routing

overhead during data packet transmission and also enhance the efficiency of MANETs. Hence

IDS is very important and useful for our security. So for uninterruptedly using the network and

computer system we must use an IDS , which will not only protects us but also gives useful

information about intruder, saves our time and money either directly or indirectly.


REFERENCES[1] Ms Pallavi N. Ratnaparkhi, Mr.Ravindra D. Kale, Acknowledgement Based Intrusion

Detection System in Mobile Ad-Hoc Networks using EAACK International Journal of

Engineering Research & Technology (IJERT) , Vol. 3 Issue 4, April - 2014

[2] R. H. Akbani, S. Patel, and D. C. Jinwala, ―DoS attacks in mobile ad hoc networks: A

survey, in Proc. 2nd Int. Meeting ACCT, Rohtak, Haryana, India, 2012

[3] Elhadi M. Shakshuki, Nan Kang, and Tarek R. Sheltami, A Secure Intrusion-Detection

System for MANETs, IEEE Transactions On Industrial Electronics, Vol. 60, No. 3, March 2013.

[4] Ms.Sonali P. Botkar, Mrs. Shubhangi R. Chaudhary, ―An Enhanced Intrusion detection

System using Adaptive Acknowledgment based Algorithm,‖ in World Congress on Information

and Communication Technologies, 2011.

ids

Documents

Transcript of ids