communications and networking

The node will send the packet to all its neighbors by the time it is created this packet is called the second phase packet.. By receiving the second phase packet each node creates a reco

in Computer and Information Science 120

Kouichi Sakurai Yang Xiao Gansen Zhao Dominik ´Sle˛zak (Eds.)

Communication

and Networking

International Conference, FGCN 2010

Held as Part of the Future Generation

Information Technology Conference, FGIT 2010 Jeju Island, Korea, December 13-15, 2010

Proceedings, Part II

1 3

Library of Congress Control Number: 2010940170

CR Subject Classification (1998): C.2, H.4, I.2, D.2, H.3, H.5

ISBN-10 3-642-17603-8 Springer Berlin Heidelberg New York

ISBN-13 978-3-642-17603-6 Springer Berlin Heidelberg New York

This work is subject to copyright All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks Duplication of this publication

or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965,

in its current version, and permission for use must always be obtained from Springer Violations are liable

to prosecution under the German Copyright Law.

Welcome to the proceedings of the 2010 International Conference on Future tion Communication and Networking (FGCN 2010) – one of the partnering events

Genera-of the Second International Mega-Conference on Future Generation Information Technology (FGIT 2010)

FGCN brings together researchers from academia and industry as well as ners to share ideas, problems and solutions relating to the multifaceted aspects of communication and networking, including their links to computational sciences, mathematics and information technology

practitio-In total, 1,630 papers were submitted to FGIT 2010 from 30 countries, which cludes 150 papers submitted to the FGCN 2010 Special Sessions The submitted papers went through a rigorous reviewing process: 395 of the 1,630 papers were ac-cepted for FGIT 2010, while 70 papers were accepted for the FGCN 2010 Special Sessions Of the 70 papers, 6 were selected for the special FGIT 2010 volume pub-lished by Springer in LNCS series Fifty-one papers are published in this volume, and

in-13 papers were withdrawn due to technical reasons

We would like to acknowledge the great effort of the FGCN 2010 International Advisory Board and Special Session Co-chairs, as well as all the organizations and

individuals who supported the idea of publishing this volume of proceedings, ing SERSC and Springer Also, the success of the conference would not have been

includ-possible without the huge support from our sponsors and the work of the Organizing Committee

We are grateful to the following keynote speakers who kindly accepted our tion: Hojjat Adeli (Ohio State University), Ruay-Shiung Chang (National Dong Hwa University), and Andrzej Skowron (University of Warsaw) We would also like to thank all plenary speakers for their valuable contributions

invita-We would like to express our greatest gratitude to the authors and reviewers of all paper submissions, as well as to all attendees, for their input and participation

Last but not least, we give special thanks to Rosslin John Robles and Maricel tanas These graduate school students of Hannam University contributed to the editing process of this volume with great passion

Thanos VasilakosKouichi SakuraiYang XiaoGansen ZhaoDominik ĝlĊzak

General Co-chairs

Alan Chin-Chen Chang National Chung Cheng University, Taiwan Thanos Vasilakos University of Western Macedonia, Greece MingChu Li Dalian University of Technology, China

Kouichi Sakurai Kyushu University, Japan

Chunming Rong University of Stavanger, Norway

Program Co-chairs

Yang Xiao University of Alabama, USA

Charalampos Z Patrikakis National Technical University of Athens, Greece Tai-hoon Kim Hannam University, Korea

Gansen Zhao Sun Yat-sen University, China

International Advisory Board

Wai-chi Fang National Chiao Tung University, Taiwan Hsiao-Hwa Chen National Sun Yat-sen University, Taiwan Han-Chieh Chao National Ilan University, Taiwan

Gongzhu Hu Central Michigan University, USA

Byeong-Ho Kang University of Tasmania, Australia

Aboul Ella Hassanien Cairo University, Egypt

Publicity Co-chairs

Ching-Hsien Hsu Chung Hua University, Taiwan

Houcine Hassan Polytechnic University of Valencia, Spain

Yan Zhang Simula Research Laboratory, Norway

Damien Sauveron University of Limoges, France

Irfan Awan University of Bradford, UK

Muhammad Khurram Khan King Saud University, Saudi Arabia

Publication Chair

Maria Lee Shih Chien University, Taiwan

Special Session Co-chairs

Hong Kook Kim Gwangju Institute of Science and Technology, Korea Young-uk Chung Kwangwoon University, Korea

Suwon Park Kwangwoon University, Korea

Kamaljit I Lakhtaria Atmiya Institute of Technology and Science, India Marjan Kuchaki Rafsanjani Shahid Bahonar University of Kerman, Iran

Dong Hwa Kim Hanbat University, Korea

Congestion Avoidance and Energy Efficient Routing Protocol for WSN

Healthcare Applications 1

Babak Esmailpour, Abbas Ali Rezaee, and Javad Mohebbi Najm Abad

An Efficient Method for Detecting Misbehaving Zone Manager in

MANET 11

Marjan Kuchaki Rafsanjani, Farzaneh Pakzad, and Sanaz Asadinia

Query Answering Driven by Collaborating Agents 22

Agnieszka Dardzinska

Attribute-Based Access Control for Layered Grid Resources 31

Bo Lang, Hangyu Li, and Wenting Ni

A Local Graph Clustering Algorithm for Discovering Subgoals in

Reinforcement Learning 41

Negin Entezari, Mohammad Ebrahim Shiri, and Parham Moradi

Automatic Skill Acquisition in Reinforcement Learning Agents Using

Connection Bridge Centrality 51

Parham Moradi, Mohammad Ebrahim Shiri, and Negin Entezari

Security Analysis of Liu-Li Digital Signature Scheme 63

Chenglian Liu, Jianghong Zhang, and Shaoyi Deng

An Optimal Method for Detecting Internal and External Intrusion in

Francesco Colace, Massimo De Santo, and Salvatore Ferrandino

Intrusion Detection in Database Systems 93

Mohammad M Javidi, Mina Sohrabi, and

Marjan Kuchaki Rafsanjani

A Secure Routing Using Reliable 1-Hop Broadcast in Mobile Ad Hoc

Networks 102

Seungjin Park and Seong-Moo Yoo

A Hybrid Routing Algorithm Based on Ant Colony and ZHLS Routing

Protocol for MANET 112

Marjan Kuchaki Rafsanjani, Sanaz Asadinia, and Farzaneh Pakzad

Decision-Making Model Based on Capability Factors for Embedded

Systems 123

Hamid Reza Naji, Hossein Farahmand, and Masoud RashidiNejad

Socio-Psycho-Linguistic Determined Expert-Search System (SPLDESS)

Development with Multimedia Illustration Elements 130

Vasily Ponomarev

A Packet Loss Concealment Algorithm Robust to Burst Packet Loss

Using Multiple Codebooks and Comfort Noise for CELP-Type Speech

Coders 138

Nam In Park, Hong Kook Kim, Min A Jung, Seong Ro Lee, and

Seung Ho Choi

Duration Model-Based Post-Processing for the Performance

Improvement of a Keyword Spotting System 148

Min Ji Lee, Jae Sam Yoon, Yoo Rhee Oh, Hong Kook Kim,

Song Ha Choi, Ji Woon Kim, and Myeong Bo Kim

Complexity Reduction of WSOLA-Based Time-Scale Modification

Using Signal Period Estimation 155

Duk Su Kim, Young Han Lee, Hong Kook Kim, Song Ha Choi,

Ji Woon Kim, and Myeong Bo Kim

A Real-Time Audio Upmixing Method from Stereo to 7.1-Channel

Audio 162

Chan Jun Chun, Young Han Lee, Yong Guk Kim,

Hong Kook Kim, and Choong Sang Cho

Statistical Model-Based Voice Activity Detection Using Spatial Cues

and Log Energy for Dual-Channel Noisy Speech Recognition 172

Ji Hun Park, Min Hwa Shin, and Hong Kook Kim

3D Sound Techniques for Sound Source Elevation in a Loudspeaker

Listening Environment 180

Yong Guk Kim, Sungdong Jo, Hong Kook Kim, Sei-Jin Jang, and

Seok-Pil Lee

Integrated Framework for Information Security in Mobile Banking

Service Based on Smart Phone 188

Yong-Nyuo Shin and Myung Geun Chun

A Design of the Transcoding Middleware for the Mobile Browsing

Service 198

Sungdo Park, Hyokyung Chang, Bokman Jang, Hyosik Ahn, and

Euiin Choi

A Study of Context-Awareness RBAC Model Using User Profile on

Ubiquitous Computing 205

Bokman Jang, Sungdo Park, Hyokyung Chang, Hyosik Ahn, and

Euiin Choi

Challenges and Security in Cloud Computing 214

Hyokyung Chang and Euiin Choi

3D Viewer Platform of Cloud Clustering Management System: Google

Map 3D 218

Sung-Ja Choi and Gang-Soo Lee

Output Current-Voltage Characteristic of a Solar Concentrator 223

Dong-Gyu Jeong, Do-Sun Song, and Young-Hun Lee

Efficient Thread Labeling for Monitoring Programs with Nested

Parallelism 227

Ok-Kyoon Ha, Sun-Sook Kim, and Yong-Kee Jun

A Race Healing Framework in Simulated ARINC-653 238

Guy Martin Tchamgoue, In-Bon Kuh, Ok-Kyoon Ha,

Kyong-Hoon Kim, and Yong-Kee Jun

A K-Means Shape Classification Algorithm Using Shock Graph-Based

Edit Distance 247

Solima Khanam, Seok-Woo Jang, and Woojin Paik

Efficient Caching Scheme for Better Context Inference in Intelligent

Distributed Surveillance Environment 255

Soomi Yang

A System Implementation for Cooperation between UHF RFID Reader

and TCP/IP Device 262

Sang Hoon Lee and Ik Soo Jin

Study of Host-Based Cyber Attack Precursor Symptom Detection

Algorithm 268

Jae-gu Song, Jong hyun Kim, Dongil Seo, Wooyoung Soh, and

Seoksoo Kim

Design of Cyber Attack Precursor Symptom Detection Algorithm

through System Base Behavior Analysis and Memory Monitoring 276

Sungmo Jung, Jong hyun Kim, Giovanni Cagalaban,

Ji-hoon Lim, and Seoksoo Kim

The Improved 4-PSK 4-State Space-Time Trellis Code with Two

Transmit Antennas 284

Ik Soo Jin

A Study on Efficient Mobile IPv6 Fast Handover Scheme Using Reverse

Dongcheul Lee and Byungjoo Park

Automatic Image Quality Control System 311

Jee-Youl Ryu, Sung-Woo Kim, Seung-Un Kim, and Deock-Ho Ha

Programmable RF System for RF System-on-Chip 316

Jee-Youl Ryu, Sung-Woo Kim, Dong-Hyun Lee, Seung-Hun Park,

Jung-Hoon Lee, Deock-Ho Ha, and Seung-Un Kim

Development of a Mobile Language Learning Assistant System Based

on Smartphone 321

Jin-il Kim, Young-Hun Lee, and Hee-Hyol Lee

Implementation of the Sensor Node Hardware Platform for an

Automatic Stall Management 330

Yoonsik Kwak, Donghee Park, Jiwon Kwak, Dongho Kwak,

Sangmoon Park, Kijeong Kil, Minseop Kim, Jungyoo Han,

TaeHwan Kim, and SeokIl Song

A Study on the Enhancement of Positioning Accuracy Performance

Using Interrogator Selection Schemes over Indoor Wireless Channels 335

Seungkeun Park and Byeong Gwon Kang

A Fully Parallel, High-Speed BPC Hardware Architecture for the

EBCOT in JPEG 2000 343

Dong-Hwi Woo, Kyeong-Ryeol Bae, Hyeon-Sic Son, Seung-Ho Ok,

Yong Hwan Lee, and Byungin Moon

Implementating Grid Portal for Scientific Job Submission 347

Arun D Gangarde and Shrikant S Jadhav

A Comprehensive Performance Comparison of On-Demand Routing

Protocols in Mobile Ad-Hoc Networks 354

Jahangir khan and Syed Irfan Hayder

Preserving Energy Using Link Protocol in Wireless Networks 370

Anita Kanavalli, T.L Geetha, P Deepa Shenoy, K.R Venugopal,

and L.M Patnaik

Trust Based Routing in Ad Hoc Network 381

Mikita V Talati, Sharada Valiveti, and K Kotecha

Routing in Ad Hoc Network Using Ant Colony Optimization 393

Pimal Khanpara, Sharada Valiveti, and K Kotecha

Non-repudiation in Ad Hoc Networks 405

Purvi Tandel, Sharada Valiveti, K.P Agrawal, and K Kotecha

The Vehicular Information Space Framework 416

Vivian Prinz, Johann Schlichter, and Benno Schweiger

Effectiveness of AODV Protocol under Hidden Node Environment 432

Ruchi Garg, Himanshu Sharma, and Sumit Kumar

Prevention of Malicious Nodes Communication in MANETs by Using

Mumajjed Ul Mudassir and Adeel Akram

Fault Tolerant Implementation of Xilinx Vertex FPGA for Sensor

Systems through On-Chip System Evolution 459

S.P Anandaraj, R Naveen Kumar, S Ravi, and S.S.V.N Sharma

Author Index 469

Multiple Object Tracking in Unprepared Environments Using

Combined Feature for Augmented Reality Applications 1

Giovanni Cagalaban and Seoksoo Kim

Study on the Future Internet System through Analysis of SCADA

Systems 10

Jae-gu Song, Sungmo Jung, and Seoksoo Kim

A Novel Channel Assignment Scheme for Multi-channel Wireless Mesh

Networks 15

Yan Xia, Zhenghu Gong, and Yingzhi Zeng

Threshold Convertible Authenticated Encryption Scheme for

Hierarchical Organizations 23

Chien-Lung Hsu, Yu-Li Lin, Tzong-Chen Wu, and Chain-Hui Su

An Active Queue Management for QoS Guarantee of the High Priority

Service Class 37

Hyun Jong Kim, Jae Chan Shim, Hwa-Suk Kim,

Kee Seong Cho, and Seong Gon Choi

A Secured Authentication Protocol for SIP Using Elliptic Curves

Cryptography 46

Tien-ho Chen, Hsiu-lien Yeh, Pin-chuan Liu,

Han-chen Hsiang, and Wei-kuan Shih

New Mechanism for Global Mobility Management Based on MPLS

LSP in NGN 56

Myoung Ju Yu, Kam Yong Kim, Hwa Suk Kim,

Kee Seong Cho, and Seong Gon Choi

A Fault-Tolerant and Energy Efficient Routing in a Dense and Large

Scale Wireless Sensor Network 66

Seong-Yong Choi, Jin-Su Kim, Yang-Jae Park, Joong-Kyung Ryu,

Kee-Wook Rim, and Jung-Hyun Lee

Network Management Framework for Wireless Sensor Networks 76

Jaewoo Kim, HahnEarl Jeon, and Jaiyong Lee

FDAN: Failure Detection Protocol for Mobile Ad Hoc Networks 85

Haroun Benkaouha, Abdelkrim Abdelli, Karima Bouyahia, and

Yasmina Kaloune

Interference Avoiding Radio Resource Allocation Scheme for Multi-hop

OFDMA Cellular Networks with Random Topology 95

Sunggook Lim and Jaiyong Lee

Topology Control Method Using Adaptive Redundant Transmission

Range in Mobile Wireless Sensor Network 104

MyungJun Youn, HahnEarl Jeon, SeogGyu Kim, and Jaiyong Lee

Timer and Sequence Based Packet Loss Detection Scheme for Efficient

Selective Retransmission in DCCP 112

BongHwan Oh, Jechan Han, and Jaiyong Lee

Transposed UL-PUSC Subcarrier Allocation Technique for Channel

Seung-Kook Cheong and Dae-Sik Ko

Experimental Investigation of the Performance of Vertical Handover

Algorithms between WiFi and UMTS Networks 137

Stefano Busanelli, Marco Martal` o, Gianluigi Ferrari,

Giovanni Spigoni, and Nicola Iotti

Next Generation RFID-Based Medical Service Management System

Architecture in Wireless Sensor Network 147

Randy S Tolentino, Kijeong Lee, Yong-Tae Kim, and Gil-Cheol Park

A Study on Architecture of Malicious Code Blocking Scheme with

White List in Smartphone Environment 155

Kijeong Lee, Randy S Tolentino, Gil-Cheol Park, and Yong-Tae Kim

An Authentication Protocol for Mobile IPTV Users Based on an

RFID-USB Convergence Technique 164

Yoon-Su Jeong and Yong-Tae Kim

Design of a Software Configuration for Real-Time Multimedia Group

Communication; HNUMTP 172

Gil-Cheol Park

Recognition Technique by Tag Selection Using Multi-reader in RFID

Environment 180

Bong-Im Jang, Yong-Tae Kim, and Gil-Cheol Park

UWB-Based Tracking of Autonomous Vehicles with Multiple

Receivers 188

Stefano Busanelli and Gianluigi Ferrari

Information System for Electric Vehicle in Wireless Sensor Networks 199

Yujin Lim, Hak-Man Kim, and Sanggil Kang

Maximizing Minimum Distance to Improve Performance of 4-D PSK

Modulator for Efficient Wireless Optical Internet Access and Digital

Modulation 207

Hae Geun Kim

Implementation of the Vehicle Black Box Using External Sensor and

Networks 217

Sung-Hyun Back, Jang-Ju Kim, Mi-Jin Kim, Hwa-Sun Kim,

You-Sin Park, and Jong-Wook Jang

Implementation of a SOA-Based Service Deployment Platform with

Portal 227

Chao-Tung Yang, Shih-Chi Yu, Chung-Che Lai,

Jung-Chun Liu, and William C Chu

A Mobile GPS Application: Mosque Tracking with Prayer Time

Synchronization 237

Rathiah Hashim, Mohammad Sibghotulloh Ikhmatiar, Miswan Surip,

Masiri Karmin, and Tutut Herawan

Author Index 247

T.-h Kim et al (Eds.): FGCN 2010, Part II, CCIS 120, pp 1–10, 2010

© Springer-Verlag Berlin Heidelberg 2010

Congestion Avoidance and Energy Efficient Routing Protocol for WSN Healthcare Applications

Babak Esmailpour1, Abbas Ali Rezaee2, and Javad Mohebbi Najm Abad1

1 Islamic Azad University-Quchan Branch, Iran

2

Faculty of Payame Noor University, Mashhad, Iran

babakes@gmail.com, a_rezaee@pnu.ac.ir, javad.mohebi@gmail.com

Abstract Recent advances in wireless sensor technology facilitate the

develop-ment of remote healthcare systems, which can significantly reduce the healthcare cost The use of general and efficient routing protocols for Healthcare wireless sensor networks (HWSN) has crucial significance One of the critical issues is to assure the timely delivery of the life-critical data in the resource-constrained WSN environment Energy, and some other parameters for HWSN are consid-ered here In this paper, a data centric routing protocol which considers end to end delay, reliability, energy consumption, lifetime and fairness have been taken into account The Proposed protocol which is called HREEP (Healthcare REEP) provides forwarding traffics with different priorities and QoS requirements based

on constraint based routing We study the performanceof HREEP using

differ-ent scenarios Simulation results show that HREEP has achieved its goals

Keywords: Clustering, Healthcare Application, Congestion Avoidance,

Routing Protocol, Wireless Sensor Networks

1 Introduction

Healthcare aware wireless sensor networks (HWSN) following wireless sensor works have received great attention nowadays Additive applications of these net-works lead to an increase in their importance Accessibility to low cost hardware such

net-as CMOS camernet-as and microphones hnet-as caused the expansion of healthcare aware wireless sensor networks HWSN consists of wireless nodes which can transmit healthcare relevant traffic in addition to sensing healthcare relevant events By devel-oping hardware, equipping small nodes with necessary devices is possible now [1,2] Protocols which are designed for WSN lose a proportion of their efficiency if di-rectly used for HWSN But they still have so many similar characteristics With re-spect to HWSN characteristics, their protocols should be designed in cross layer man-ner [3] Many of those characteristics are mentioned below:

- Application dependency: Designing HWSN protocols is completely pended on its application Application characteristics determine goals and crucial parameters

de Energy consumption efficiency: like wireless sensor networks nodes, nodes which are designed for healthcare aware wireless sensor networks also have limited primary energy resources and they mostly can’t be recharged (or recharging node’s energy is not economically commodious) so energy consumption is still considered as a fundamental parameter

- Capability of forwarding data with different real time requirements: for ferent reasons traffics with different priorities are forwarded in healthcare

dif-aware wireless sensor networks Protocols should be capable of sending the

traffics simultaneously and as a result each traffic achieves its own real time requirements

- The ability of sending data with different reliabilities: healthcare aware less sensor networks’ traffics need different reliabilities These networks

wire-protocols should be capable of sending these traffics

In this paper, we focus only on the issue of Routing in healthcare WSNs In particular,

we focus on large-scale medical disaster response applications The Proposed col HREEP (Healthcare REEP) which is a data centric routing protocol takes end to end delay, reliability, energy consumption, network lifetime and fairness into consid-eration As is known, all of the aforementioned parameters are not independent; for example energy consumption and network lifetime are inversely related The main goal of the proposed protocol is to control these parameters using constraint based routing process Parameters which are important for HREEP are also important for wireless sensor networks, too But with respect to the fact that HWSNs are a subset of WSNs, parameters are more commensurate with HWSN [4]

proto-Depending on their application, the delay parameter has different importance for HWSNs In real time applications, information should reach destination in an appro-priate time otherwise its importance decreases (in hard real time application receiving data out of legal interval is valueless) Another point worth mentioning is that differ-ent data types have different delay thresholds; therefore network reaction should be commensurate with data types Energy consumption, lifetime and fairness are relevant parameters to protocol’s energy efficiency Indeed life time increment is the essential goal; however two main elements for increasing lifetime is consuming energy effi-ciently and performing fairness The aim to perform fairness is consuming energy of network nodes fairly When network node’s energy has less variance, network life-time will be prolonged To perform fairness, nodes’ energy should be used equally If one part of a network is used more than other parts, its energy will decrease sooner than others and then the network will be partitioned If a network is partitioned, its energy consumption increases severely Using different paths to send data to sink makes the fairness performance better When network lifetime is prolonged, appar-ently we can use its services longer [5]

The Proposed protocol is composed of the following 4 phases; request tion, event occurrence report, route establishment and data forwarding The rest of the paper is organized as follows: in section 2 related works will be discussed In section 3, HREEP is presented in detail In section 4, we will evaluate proposed protocol efficiency and finally in section 5 we conclude the paper

dissemina-2 Related Works

HREEP is a data centric protocol Data centric protocols are a major part in different routing protocols in wireless sensor networks [2, 3] Many successful routing proto-cols are presented for WSNs and HWSNs hitherto Directed Diffusion and SPIN are two famous routing protocols for WSNs, which have received attention In both, re-quests are disseminated in network and routing is done based on data type Each of the aforementioned protocols is improved many times, as they are known as family; for example [7] SPIN has many flows; for example it is not scalable, it is not energy efficient and etc

Healthcare aware wireless sensor networks routing protocols uses different ods to perform their tasks HREEP makes routes based on network conditions and traffic requirements at the same time The Proposed protocol has used many of ideas

meth-which are pointed to in REEP [8] REEP protocol has different phases like other data

centric protocols The Mentioned phases are: Sense event propagation, Information event propagation and Request event propagation In Sense event propagation phase sink sends its requests to all of the network nodes In Information event propagation phase each node sends its sensed data to the sink In next phase which is entitled Re-quest event propagation sink responses to all of the nodes which send their sensed data and during this communications routes are established This plan phasing is al-most similar to data centric routing protocols [9][10][11]

3 The Proposed Protocol

Data centric protocol HREEP is composed of the following 5 different phases: quest Propagation dissemination, event occurrence report, route establishment, data forwarding and route recovery The Proposed protocol structure is shown in fig.1 In phase 1, sink floods its request to entire network nodes Phase 1 will be discussed in section 3.1 Then four other phases, event occurrence report, route establishment, data forwarding and route recovery, are presented in details in sections 3.2, 3.3, 3.4 and 3.5 respectively

Re-We have designed the proposed protocol based on healthcare aware wireless sensor networks characteristics These networks are used for different applications [6] Using one network for different applications is economical, because different applications are performed using one hardware infrastructure and this leads to a decrease in cost Pro-posed protocol can send traffics with different QoS requirements For more tangible

Phase1: Request

Propagation

Phase2: Event Report EstablishingPhase3: Route

Phase4: Data Transmission

Phase5: Route Recovery

Fig 1 Proposed protocol structure

discussion, we will present an example Assume that HWSN is used to monitor one patient There are two traffics in the mentioned network To monitor vital limbs, high priority report should send to sink through network But for other events (for example periodical events to monitor other limbs), network nodes use low priority traffic

3.1 Request Dissemination Phase

In this phase sink should flood its requests to entire network nodes Following points should be considered for this phase packets:

- Priority of used application; in HWSN a network may be used for forwarding more than one traffic with different characteristics Therefore, traffic priority should be specified before forwarding

- Time; it is possible that many packets which belong to one application are propagated through network in different times Therefore, forwarding time should be specified in all packets Furthermore, many of request have life-time; when lifetime expires the aforementioned request is not valuable any more

- Destination nodes geographical confine; this field is not vital for application that the requests should be sent to the entire network nodes

- Request specification; each request contains destination nodes task and the way they should react to the event

3.2 Event Occurrence Report Phase

When Request dissemination phase is done, the entire network nodes know their task When a node senses an event relevant to its task, it should report the sensed event features to the sink Node should necessarily regard all the specifications which are outlined in task characteristics in its report so that the sink can react properly

In this phase the relevant information to the occurred event will be sent to the sink but sending of the fundamental information relevant to the event will be done in the data sending phase Furthermore the very phase paves the way for providing packet routing With this end in mind a packet will be created by a node and the relevant data

to the sensed event will be located there Through sending the packet to the sink the necessary routing tables will be provided for the aim of data routing in the nodes The final routing will be executed in the route establishment phase Indeed in the second phase in each node the completion of the final routing will be done by gathering all the essential information in each node in the form of permanent routing table This act will end in the creation of routing tables for each specific node in the third phase When an event is sensed by a node, according to its task it should be reported to the sink The node will send the packet to all its neighbors by the time it is created (this packet is called the second phase packet) If the nodes are aware of their situa-tions the packet will be sent to the neighbors who are far closer than the sending node

to the sink Although this matter leads to a decrease in the protocol’s energy sumption, considering the need for localization process, it can’t be implemented everywhere It is to be noted that in the application which the request should be sent

con-to one part of the network the nodes are certainly aware of their situations

By receiving the second phase packet each node creates a record in a routing table which is titled the second phase table In this record the packet’s priority (compatible with traffic priority and the specified event), source node, sending node, the length of the traversed path, the numbers of traversed hops are kept In the proposed protocol each node owns an ID which is located in the entire sent packet The traversed route is the sum of the routes the packet has taken from the source node to the current node After inserting a record, the node will send a packet to all its neighbors This proce-dure will continue until the packet reaches the sink We have to bear in mind having more than one record is more likely from one certain source node in the second phase table This is due to the different routes which a node can be reached by the second phase packet but the packets which have the same field will be ignored

At the end of the second phase each node owns a routing table named the second phase table which will be used for determining the final route in the third phase The records of the second phase table dictate the possible ways between the specified node and the event sensor source node

3.3 Route Establishment Phase

After the sink received all the second phase packets, it sends back and acknowledge packet (this packet is called the third packet phase) to the source node announcing to send all its gathered data to the sink It is possible for an event to be sensed by more than a sensor node At this stage according to the sent data by the source node, the sink chooses one or more nodes for the final data sending In the second phase packet, each packet specifies its own sensing accuracy For instance, in the healthcare appli-cations, the received vital signals specify the sensing accuracy According to men-tioned notes a sensor should be chosen for reporting the sensed events After choosing the source node, the third phase packet will be sent to its destination

As the third phase packet traverses the path, it creates the third phase table in the middle nodes The third phase routing table is the final routing table which made the sent data routing possible from the source node The sending acknowledgement de-pends on the sensed event priority Two different acknowledgements are considered, acknowledgement for high priority (real time traffic) and acknowledgement for low priority (non real time traffic)

The sink evaluates the second phase routing table for sending the ment with high priority The first record will be chosen for the sending acknowl-edgement The second phase packets will be located in the second phase routing table according to the time Whenever a node receives the second type packet, it will locate

acknowledge-it in the first available record In fact the order of records´ numbers in the second phase routing table specifies the order of the time which they were received Due to the great importance of time for real time applications the first record of the second phase table will be chosen It is worth mentioning that the first record was first cre-ated in terms of time But records selection in the source node is always of great im-portance The only records will be considered that their source node is the very node which is chosen by the sink

Every node constitutes two tables in the second phase Phase three routing table, for high priority traffics and routing table for low priority traffics During this phase, these two tables are completed When a node in phase three receives a packet with

high priority, a record for that in the routing table of phase with a high priority is created In this table the following parameters are placed: The sending node, the re-ceiving node, the source node and the type of function According to what was men-tioned, every node chooses the first record from the routing table in phase two as the next hop for the packet in phase three with high priority This process continues until the packet arrives at its source In fact, at the end of the third phase in the third phase non real time routing table, for every source one record is placed

Concepts which were mentioned in current section concerned traffic with a high priority In the rest of the section finding low priority table in phase three will be elucidated The sink considers the records relating to the source, among the routing records of phase two For each of the records the probability of P i is calculated through the formula (1):

i

P HC

TD

TD is the field which includes the length of the record path and HC is the number of the path hops of the record P i is the probability of record selection as the next hop, for the third phase packet with low priority After determining P i for each record with the specified source node, two records will be chosen randomly (according to the probability) then the third phase packet with low priority will be sent for them Select-ing different ways is to achieve fairness in energy consumption of network nodes Without considering the priority all the traffic will be sent via one fixed path; similar

to mechanism which is used in REEP protocol This prevents the fairness from being achieved in energy consumption of network nodes

Each node registers the node in the routing table with low priority and in the next stage by the use of the same procedure with the sink the next two hops will be chosen and the third phase packet will be sent to them In the record of non real time third phase table all the packet characteristics will be registered In the following picture the relevant pseudo code to the third phase is presented

3.4 The Data Forwarding Phase

At the end of the third phase the real time and non real time routing table will be ated Each node owns a real time and non real time third phase routing table

cre-The source node (the event sensor node) depending on the type of event sensed can send its data to the sink once it has received real time acknowledgement (the real time third phase packet) and non real time acknowledgement (the non real time ac-knowledgement) As was mentioned earlier, all the nodes including the source nodes have both types of routing tables The third phase real time routing table is used to send real time data and the third phase non real time routing table to send non real data

For every source in the third phase real time routing table in the direction of the sink, there is only one record Every node by receiving the real time traffic from the specified node sends the data to the next hop using that record However, in the non real time routing table of phase three for every source there will be more than one

record in the table Every record has oneP j, the choice of the next hop depends on theP j The larger theP jof a record is, the higher the chances of its selection are Ultimately, one record will be selected as the next hop and the data will be sent to it

3.5 Route Recovery Phase

During data transmission phase congestion may happen especially near sink (near sink nodes are those nodes close to the sink) We use a simple strategy on the near-sink nodes to save energy and avoid congestion at the same time We use field

hop_count in every packet as our specific label field Hop count indicates how far

away this packet is from the sensing field (patient body) Every forwarding node

updates the label field by increasing one (hop_count = hop_count +1) As our

pack-ets and command are going in the same tout, so in an intermediate node we use this parameter in the algorithm below in upstream data packet and downstream commands

To change path, node sends a control packet for its neighbors If its neighbor energy

is above threshold and has other path it changes the path This saves energy in near

sink nodes and avoids congestion As a result network life time get better

4 The Evaluation of the Performance of the Proposed Protocol

In this section the performance of the proposed protocol HREEP is examined The protocol REEP is a known protocol in the area of wireless sensor networks Both the protocols HREEP and REEP have been implemented in the Opnet [12] simulator and their performance depending on various scenarios were investigated In Figure 2 net-work topology is shown

As observable in fig.2 we have considered each body as a cluster In each cluster a cluster head is determined Cluster head has higher amount of resources rather than other cluster members

Firstly we will examine two protocols in terms of the performance of energy In figure 3 the lifetime of the network for different rates has been drawn The rates of the horizontal axis relate to the production rate by the source node In other words, in the fourth phase the sending rate of data is taken to be different and for every rate the lifetime of the network has been calculated

As can been seen in figure 3, for the rates under 50(packet/sec) the difference tween the lifetimes of the protocols is noteworthy For example the life time of the network using HREEP for data rate 10 equals 7 time unit and while using REEP equals 1.5 time unit This means prolonging the lifetime of the network by more than

be-100 percent

In figure 4, fairness in the consumption of energy of the network nodes is examined The horizontal axis is the sending rate of data and the horizontal axis is the parameter which calculates the variance of the energy of network nodes through formula 2

1

2

(2)

Fig 2 Network Topology

The higher the amount of the Dev for a protocol, the less success the protocol has achieved success in maintaining balance in the energy consumption of nodes since the variance of energy nodes has increased As can be seen in figure 4 the HREEP has a lower variance The nodes the variance of HREEP shows a 25 percent variance de-crease The parameters of network lifetime and variance are in some way dependent

If we can keep better balance in the energy consumption of nodes the lifetime of the network increases under the same conditions

Another fundamental parameter which is considered in this protocol is the end to end delay Delay is a parameter which is crucially important for the healthcare aware wireless sensor networks In figures 5 and 6, HREEP and REEP are compared in terms of delay The delay presented in figures 5 and 6 concerning this section are related to the sensed data delay and do not include control data As can be seen in the figures 5 the end to end delay for real time traffic in HREEP (HREEP_RT) is less than the end to end delay for non real time traffic (HREEP_NRT) By comparing numbers in figures 5 and 6 we can easily conclude that delay for HREEP-RT is less than REEP; and REEP delay and HREEP-NRT delay are almost similar

The reaction of protocols in the beginning of the graphs of figures 5 and 6 show the marked increase of delay for HREEP-RT, HREEP-NRT and REEP The reason for this is congestion in routers for the purpose of sending the remaining packets of phase two When all the packets of phase two sent, the delay approaches stability In a stable

Fig 3 Lifetime comparison between HREEP

and REEP

Fig 4 Comparison fairness between

HREEP and REEP

Fig 5 Delay comparison between

HREEP-NRT and HREEP-RT

Fig 6 Delay for REEP

condition the delay of REEP and HREEP-NRT are seen to be very close And the delay of HREEP-RT is significantly lower than them RT or real time traffic is the kind of traffic which requires low delay But NRT traffic has considerably lower sensitivity to delay than The goal of the protocol is to send the real time traffic with

as low delay as possible and to send the non real time traffic with an acceptable level

of delay The vertical axis relates to delay and the horizontal axis to the time of packets generation

5 Conclusion

In this article a Congestion Avoidance routing protocol for the healthcare wireless sensor networks was presented The proposed protocol was data-driven and event driven when a sensor in patient body alarm and comprised several various phases The first phase of HREEP was designed to disseminate the demands of the sink The

other phases of HREEP are respectively event occurrence report, the route

establish-ment, data forwarding and route recovery Generally, the proposed protocols have taken into account several parameters including the parameters of end to end delay, reliability, energy consumption, the lifetime of the network and fairness in energy consumption Finally, utilizing simulation, the performance of HREEP protocol was evaluated The results of the simulation show that Proposed routing protocol

conscious of the proposed service quality has achieved its ends, which were to control the aforementioned parameters

References

1 Tubaishat, M., Madria, S.: Sensor Networks: An Overview IEEE Potentials, 20–23 (2003)

2 Akyildiz, I.F., Su, W., Sankarasubramaniam, W., Cayirci, E.: A Survey On Sensor works IEEE Communication Magazine, 102–114 (2002)

Net-3 Al-Karajki, J.N.: Routing Techniques in Wireless Sensor Networks: A Survey IEEE , The Hashemite University Ahmed E Kamal, Lowa State University (2004)

4 Stankovic, J.A., Cao, Q., Doan, T., Fang, L., He, Z., Kiran, R., Lin, S., Son, S., Stoleru, R., Wood, A.: Wireless sensor networks for in-home healthcare: Potential and challenges In: Proc High Confidence Medical Device Software Systems (HCMDSS) Workshop (2005)

5 Baker, C.R., Armijo, K., Belka, S., Benhabib, M., Waterbury, A., Leland, E.S., Pering, T., Wright, P.K.: Wireless sensor networks for home health care In: Proc 21st International Conf Advanced Information Networking Applications Workshops, AINAW 2007 (2007)

6 Aziz, O., Lo, B., King, R., Yang, G.Z., Darzi, A.: Pervasive body sensor network: An proach to monitoring the post-operative surgical patient In: Proc IEEE International Workshop Wearable Implantable Body Sensor Networks, pp 13–18 (2006)

ap-7 Akkaya, K., Younis, M.: A Survey on Routing Protocols for Wireless Sensor Networks Department of Computer Sciences and Electrical Engineering University of Maryland, Annual ACM/IEEE (2000)

8 Zabin, F., Misra, S., Woungang, I., Rashvand, H.F.: REEP: data-centric, energy-efficient and reliable routing protocol for wireless sensor networks IET Commun 2(8), 995–1008 (2008)

9 Gharavi, H., Kumar, S.P.: Special Issue on Sensor Networks and Applications ings of the IEEE 91(8) (2003)

Proceed-10 Shnayder, V., Chen, B.R., Lorincz, K., Thaddeus, R.F., Jones, F., Welsh, M.: Sensor works for Medical Care Harvard Univ., Tech Rep TR-08-05 (2005)

Net-11 Wood, A., Virone, G., Doan, T., Cao, Q., Selavo, L., Wu, Y., Fang, L., He, Z., Lin, S., Stankovic, J.: ALARM-NET: Wireless Sensor Networks for Assisted-Living and Residen-tial Monitoring Dept Computer Science, Virginia Univ., Tech Rep CS-2006-11 (2006)

12 http://www.opnet.com

T.-h Kim et al (Eds.): FGCN 2010, Part II, CCIS 120, pp 11–21, 2010

© Springer-Verlag Berlin Heidelberg 2010

An Efficient Method for Detecting Misbehaving Zone

Manager in MANET

Marjan Kuchaki Rafsanjani1, Farzaneh Pakzad2, and Sanaz Asadinia3

1 Department of Computer Engineering, Islamic Azad University Kerman Branch,

Kerman, Iran kuchaki@iauk.ac.ir

Abstract In recent years, one of the wireless technologies increased

tremen-dously is mobile ad hoc networks (MANETs) in which mobile nodes organize themselves without the help of any predefined infrastructure MANETs are highly vulnerable to attack due to the open medium, dynamically changing net-

work topology, cooperative algorithms, lack of centralized monitoring, management point and lack of a clear defense line In this paper, we report our progress in developing intrusion detection (ID) capabilities for MANET In our proposed scheme, the network with distributed hierarchical architecture is parti-

tioned into zones, so that in each of them there is one zone manager The zone manager is responsible for monitoring the cluster heads in its zone and cluster heads are in charge of monitoring their members However, the most important problem is how the trustworthiness of the zone manager can be recognized So,

we propose a scheme in which “honest neighbors” of zone manager specify the validation of their zone manager These honest neighbors prevent false accusa-

tions and also allow manager if it is wrongly misbehaving However, if the manger repeats its misbehavior, then it will lose its management degree There-

fore, our scheme will be improved intrusion detection and also provide a more reliable network

Keywords: Collaborative algorithm, Honest neighbors, Intrusion detection,

Zone manager, Mobile Ad hoc Network (MANET)

1 Introduction

A mobile ad hoc network is a wireless network with the characteristics of organization and self-configuration, so that it can quickly form a new network without the need for any wired network infrastructure Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays The network topology frequently changes due to the mobility of mobile nodes as they move in, or move out of their network vicinity [1],[2] Thus, a

self-MANET is a collection of autonomous nodes that form a dynamic multi-hop radio network with specific purpose in a decentralized manner [1] Due to this special char-acteristic, MANETs experience more vulnerability that brings more security concerns and challenges compared to other networks Moreover due to their open medium, dynamically changing network topology and lacking central monitoring and absence

of a clear line of defense, MANET is particularly vulnerable to several types of tacks like passive eavesdropping, active impersonation and denial of services An intruder that compromises a mobile node in MANET can destroy the communication between the nodes by broadcasting false routing information, providing incorrect link state information and overflowing other nodes with unnecessary routing traffic infor-mation One way of securing a mobile ad hoc network is to apply prevention method such as encryption and authentication, but past experiments have shown that encryp-tion and authentication as intrusion prevention are not sufficient So, the need arises for a second wall of defense as intrusion detection system [2],[3]

at-The idea is that when a MANET being intruded, if an intrusion detection system is existed, it could be detected as early as possible, and the MANET could be protected before any extensive harm can be done Research efforts are going on to develop Intrusion Detection Systems (IDS) to detect intrusion, identify the misbehaving nodes, and isolate them from the rest of the network Moreover, the presence of a detection system will discourage misbehaving nodes from attempting intrusion in future Although, it is likely that the intruder will think twice before he attempts to break in it, again in future [4] However, in most of IDSs, monitoring nodes or cluster heads is supposed to be valid nodes in order to initiate IDS and response systems But

in real world this idea is different and we can face to misbehaving or malicious toring nodes or cluster heads (We consider malicious node as misbehavior node.)

moni-In this paper, we focus on finding misbehaving monitoring node or malicious

clus-ter heads So, if these nodes have been misbehavior nodes then they can send false

information to other nodes or report an innocent node as destructive In our proposed scheme, The network is partitioned to zones with one zone manager which is respon-sible to monitor on cluster heads in its zone, but the most important problem is how can specify the integrity of zone manager which is done by “honest neighbors” of zone manager Also we detect compromised nodes in a cluster based on Algorithm for Detection in a Cluster (ADCLU) which is also used by zone manager for detecting malicious cluster heads [4]

The rest of this paper is organized as follows: In the next section, we review some related work in intrusion detection for MANETs In Section 3, we present and explain our intrusion detection scheme In Section 4, we conclude this paper with a discussion

on future work

2 Preliminaries

There are three typical architectures for an intrusion detection system (IDS): alone, distributed and cooperative, and hierarchical IDS architecture [5] Moreover, there exists another classification which is combination of these architectures called hybrid architecture

stand-In the stand-alone IDS architecture every node runs an intrusion detection system agent and every decision made is based only on information collected at local node, since there is no cooperation among nodes in the network like Watchdog technique [6] The merits of this architecture have no network overhead for the intrusion detec-tion process such as audit data exchange Moreover, this system could reduce the risk where attackers accuse legitimate nodes misbehaving in purpose to have those nodes excluded from the network [7] However, this architecture has limitations to be im-plemented in real environment because in most types of attacks, information on each individual node might not be enough to detect intrusions In addition, since every node runs IDS, resources are required in every node Therefore, this scheme is not suitable for nodes with limited resources Furthermore, due to the lack of node coop-eration, this scheme may fail to detect a misbehaving node in the presence of (a) am-biguous collision, (b) receiver collision, (c) limited transmission power, (d) false misbehavior, (e) collusion, and (f) partial dropping [6] Finally, this scheme hasn’t security protection

The second type of architecture is a distributed and cooperative model Zhang and Lee [8] have proposed the intrusion detection system in MANETs should also be distributed and cooperative Similar to stand-alone architecture, every node partici-pates in intrusion detection and response by having an IDS agent running on them An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive through voting mechanism [2]

The merits of this architecture are such as follow: Network overhead can be duced by exchanging data only when it is needed The lack of completeness of the local audit data can also be compensated by asking the intrusion status in neighboring nodes Although the IDS can overcome some limitations presented in the stand-alone IDS, it has the following problems First, cooperative intrusion detection may lead to heavy communication and calculation between nodes, causing degradation in network performance Second, the sharing data between trusted nodes is not in general true since there are a lot of possible threats in a wireless network environment [7]

re-Hierarchical intrusion detection systems architectures have been designed for multi-layered ad hoc network infrastructures where the network is are divided into smaller sub-networks (clusters) with one or more cluster heads that are responsible for the intrusion detection in the networks Therefore, these cluster heads act as manage points which are similar to switches, routers, or gateways in traditional wired net-works Each IDS agent runs on every node Also it is responsible for detecting intru-sion locally by monitoring local activities A cluster head is responsible locally for its node as well as globally for its cluster, e.g monitoring network packets and initiating

a global response when network intrusion is detected [2],[3],[7]

This type of architecture is the most suitable architecture in term of information completeness Moreover, the idea of reducing the burden of hosting IDS agent in some nodes helps the system to conserve overall energy However, this has to be paid for the network overhead to form clusters and audit data exchange, not to mention the relatively long detection time as the data exchange is needed to perform the detection

Moreover, malicious nodes that are elected as cluster heads could result to the tation of the networks

devas-In the zone-based IDS proposed in [9], the network is partitioned into overlapping zones Every node in a zone (intra-zone node) sends an alert message to a gateway node (inter-zone node) with alert flooding and the gateway node will send out an alarm message at a fixed interval representing the zone Zone-based IDS can-not detect intrusion in real time because its gateway generates alarms only at a fixed interval

non-Furthermore, in MANET intrusion detection system there are two types of decision making including collaborative decision making and independent decision making In collaborative decision making, each node participates actively in the intrusion detec-tion procedure Once one node detects an intrusion with strong confidence, this node can start a response to the intrusion by starting a majority voting to determine whether attack happens [8] On the other hand, in the independent decision making framework, certain nodes are assigned for intrusion detection [10] These nodes collect intrusion alerts from other nodes and decide whether any node in the network is under attack These nodes do not need other nodes’ participation in decision making [2],[3]

3 The Proposed Scheme

Our scheme is inspired form the collaborative techniques for intrusion detection in mobile ad hoc networks, which use collaborative efforts of nodes in a neighborhood

to detect a malicious node in that neighborhood [4]

The first step of our scheme is based on Marchang et al.’s technique (ADCLU gorithm) [4] which is designed for detection of malicious nodes in a neighborhood of nodes, in which each pair of nodes may not be in radio range of each other, but where there is a node among them which has all the other nodes in its one hop vicinity This neighborhood is identical to a cluster [11] This technique uses message passing be-tween the nodes A node called the monitoring node initiates the detection process Based on the messages that it receives during the detection process, each node deter-mines the nodes it suspects to be malicious and send votes to the monitoring node The monitoring node upon inspecting the votes determines the malicious nodes from among the suspected nodes [4]

al-In this scheme, authors assumed that the initiating node of this algorithm i.e., the monitoring node is not malicious and when the monitoring node initiates the detection process by sending out a message to the other nodes, the malicious nodes have no way of knowing that a detection algorithm is in progress

So, if these nodes have been misbehavior nodes then they can send false

informa-tion to other nodes, report an innocent node as destructive or do not initiate the tion process Therefore, it is important that a monitoring node has been a valid node This shortcoming also viewed in many distributed or hierarchical or hybrid intrusion detection systems

detec-In our scheme, the network is divided to zones with one zone manager in each zone which is responsible to monitor cluster heads in its zone Zone manager is the heart of the controlling and coordinating with every node in the zone It maintains the configu-ration of the node, record the system status information of each component, and make

the decisions Also monitoring of cluster heads can be done by zone manager via expanding the ADCLU algorithm

The second step of our scheme is allocated for detecting a misbehaving zone manager in which zone manager neighbors should control its activity and report any misbehaving This scheme creates reciprocal term between nodes in multi level hierarchical

3.1 Detecting Malicious Cluster Heads Based on ADCLU

The ADCLU algorithm [4] can be used to detect malicious nodes in a set of nodes, which forms a cluster, which is defined as a neighborhood of nodes in which there a node, which has all the other nodes as its 1-hop neighbors as shown in Fig 1 To pre-sent the algorithm we make the following assumptions: The wireless links between the nodes are bi-directional When the monitoring node initiates the detection process, the malicious nodes have no way of knowing that a detection algorithm is in progress

Fig 1 A neighborhood (cluster) in a MANET consisting of 5 nodes: an edge between two

nodes denotes they are within radio range of each other

Step 1: The monitoring node, M broadcasts the message RIGHT to its neighbor nodes asking them to further broadcast the message in their neighborhood

PA≠ RIGHT, then B sends a vote for node A being a suspected node to M

B M: (VOTE; A)

Step 5: On receipt of the votes in step 4, the monitoring node does the following:

I Accept only distinct votes from each of the nodes (By distinct votes, we mean that the monitoring node can accept at most one vote about a suspected node from any node)

1

II Let NA be the number of votes received for node A If NA ≥ k, mark node A as malicious (The monitoring node also gives its vote k is the threshold value.)

Zone manager also can use this algorithm for detecting the cluster heads work properly or not But for detecting a validation of zone manager we propose a distrib-uted scheme to controls the zone manager, investigate its operation, the zone manger

is isolated if any misbehaving has been observed and selection of new zone manager

is accomplished

3.2 Detecting Valid Monitoring Zone Manager

The first zone manager can be selected randomly or by consideration the routing table

in DSR Then an IDS agent would be installed on the neighboring nodes of zone manager and each node runs an IDS independently However, nodes would cooperate with each other to detect some ambiguous intrusions Neighboring nodes must know each other and trust to each other to identify the precision of their decisions

The creation of a trusted community is important to ensure the success of MANET operations A special mechanism needs to be deployed to enable nodes to exchange security associations between them In addition, this mechanism is able to speed up the creation process of a trusted community in the network Each node needs to meet and establish mutual trust with other nodes which requires a lot of time and effort The reliance concept proposed in this study makes this process simpler and faster by providing a secure platform for nodes to exchange their security associations This ongoing trust exchange process between nodes without doubt could lessen the amount

of anonymous communication, and thus lead to the creation of a trusted community in the networks [12]

A secure platform must be provided in which each node needs to build its own trusted neighbors lists In fact, this module is created first by virtual trust between nodes and based on the good reputation of other nodes through experiences Each node promiscuously listen to its neighbors transmissions which is located in its one hop vicinity and also it is a neighbor of zone manger These nodes decrease its neighbor reputation degree if it has seen any misbehaving such as dropping packets, modifying messages and the reputation will be increased if it forwards packets with-out any modification In addition, each activity of their neighbors can be viewed form routing tables After the neighbor`s node reputation degree gain the threshold value it will be registered in “honesty neighbors” list

In addition, these direct neighbors would be exchanged their “honesty neighbors”

to create a new set of associate nodes, namely indirect honesty neighbors (implicit

trust) So, a ring of “honest neighbors” can surround the zone manager and control its

activity as shown in Fig 2 It is clear evidently zone manager also exists in their trusted neighbors If each of these nodes misbehaves or acts maliciously the reputa-tion degree will be degraded and then it will be omitted from “honest neighbors” list

if this degree is lower that threshold value

This process has not been required that all IDSs of neighboring nodes were active and in fact some of them can go to sleep mode If one node detects that zone manager

is misbehaving, it will send an alert to its honest neighbors, the modules in the ing state will be activated, changing from the sleeping state to the running state to initiate their IDSs and cooperate in zone manager intrusion detection If they also

sleep-observed zone manager misbehavior send warning to altogether and cut off their

communications with zone manager, simultaneously, the warning will be send to the

cluster heads Then cluster heads can run ADCLU to dismiss zone manager with strong evidence

B

C

D E

F G

A

Legend:

Zone manager Honest neighbors Communication link

Ring of honest neighbors

A sample of indirect

trust between nodes

Fig 2 Honest neighbors model for detecting misbehaving zone manager

After the removal of zone manager, new manager should be selected; the simpler and faster process is the honesty neighbors select a node which has lower misbehaving or higher reputation rate as zone manager

4 Simulation Results

Our algorithm was simulated using the GloMoSim Simulator In the base scenario,

250 nodes are placed in an area of 2000 m ×2000 m with 4 sections1000 m×1000 mand 16 clusters In this model, each node selects a random destination within the simulation area and the nodes move uniformly according to the waypoint mobility model with a maximum speed of 10 m/s The time of simulation was 300s and the used routing protocol was DSR The data traffic was generated by 10 constant bit rate (CBR) sources, with sending rates of single 1024 bytes every second We use the 802.11 protocol at the MAC layer The radio propagation range is set to 250m and the data rate is 2 Mbit/s

Message loss was considered by random selection of messages at various steps of the algorithm 20 percentages of nodes considered malicious nodes The malicious nodes were selected at random and were made to drop or modify all the messages that they were to forward In view of our algorithm, they send WRONG messages

Figs 3–5 show the end to end delay, delivery ratio and overhead respectively once the nodes have no mobility

Fig.3 shows the end to end delay of our algorithm in comparison to ADCLU and DSR protocol Our algorithm produces higher end to end delay results than the other protocols In general, DSR protocol runs better than other algorithms in simple envi-ronments Although this protocol doesn’t operate any detection and response process

so the delay is less than others

On the other hand, our protocol is more complicated than ADCLU, so the higher delay is clear

Consider Fig.4, the delivery ratio of our proposed scheme is better than the other two protocols If maximum number of messages are passed and received successfully

it has two meanings, whether there exist no attacks in the networks or the attack has been identified and fixes Considering 20 percent of simulated nodes are malicious and this indicates the correct functioning of our algorithm to deal with invaders Fig.5 shows the overhead per true received packets between our proposed algo-rithm, ADCLU and DSR Our proposed method has a lower level rather than AD-CLU This shows that despite of existence of attacks, our algorithm can deliver more packets to destination

In general, packet delivery ratio and overhead have an inverse relationship So when the overhead is higher the delivery ratio will be lower, and the lower overhead results in higher delivery ratio

end to end delay

0 0.005 0.01 0.015 0.02

ADCLU the proposed method DSR

Fig 3 End to end delay without mobility

Fig 4 Packet delivery ratio without mobility

Fig 5 Overhead per true received packets without mobility

Figs 6–8 show the end to end delay, delivery ratio and overhead respectively when nodes move with maximum speed of 10m/s

According to figures, our proposed scheme has better functioning despite of movement of nodes

end to end delay

0.01 0.015

ADCLU the proposed method DSR

Fig 6 End to end delay with maximum speed 10m/s

Fig 7 Packet delivery ratio with maximum speed 10m/s

Fig 8 Overhead per true received packets with maximum speed 10m/s

5 Conclusion and Future Work

In this paper, we have proposed a scheme to improve IDS for MANET This scheme aims to minimize the overheads and maximize the performance of network and to provide a degree of protection against the intruder In our proposed scheme, we focus

on reliability of zone manager which is done by its honesty neighbors As follow, the development of the schemeis: the network is divided to zones with one zone manager which is the monitor of the cluster heads in its zone The validation of zone manager

is accomplished by its honesty neighbor that is neglected in many IDS techniques In most of these techniques, monitoring node is a valid node, but if monitoring node be a misbehaving node, it can refuse initiating intrusion detection algorithm or accuse an innocent node as destructive So, these honest neighbors prevent false accusations, and also allow zone manager to be a manager if it is wrongly misbehaving However,

if manger repeats its misbehavior, it will lose its management degree Our scheme can apply for developing a sophisticated intrusion detection system for MANET This experiment emphasizes the importance of validation of zone manager for running IDS algorithms, which is neglected in latest researches Our simulation results show that the algorithm works well even in an unreliable channel where the percentage of loss

3 Fu, Y., He, J., Li, G.: A Distributed Intrusion Detection Scheme for Mobile Ad hoc works In: 31st Annual International Computer Software and Applications Conferences (COMPSAC 2007), vol 2, pp 75–80 IEEE Press, Beijing (2007)

Net-4 Marchang, N., Datta, R.: Collaborative Techniques for Intrusion Detection in Mobile hoc Networks J Ad Hoc Networks 6, 508–523 (2008)

Ad-5 Brutch, P., Ko, C.: Challenges in Intrusion Detection for Wireless Ad hoc Networks In: Symposium on Applications and the Internet Workshops (SAINT 2003 Workshops), pp 368–373 IEEE Press, Florida (2003)

6 Marti, S., Giuli, T.J., Lai, K., Baker, M.: Mitigating Routing Misbehavior in Mobile Ad hoc Networks In: 6th Annual International Conference on Mobile Computing and Net-working, pp 255–265 ACM, New York (2000)

7 Arifin, R.M.: A Study on Efficient Architecture for Intrusion Detection System in Ad hoc Networks M.SC Thesis, repository.dl.itc.u-okyo.ac.jp/dspace/bitstream/2261/ /K-01476.pdf, pp 1–53 (2008)

8 Zhang, Y., Lee, W., Huang, Y.: Intrusion Detection Techniques for Mobile Wireless works J Wireless Networks 9, 545–556 (2003)

Net-9 Sun, B., Wu, K., Pooch, U.W.: Alert Aggregation in Mobile Ad hoc Networks In: 2nd ACM Workshop on Wireless Security (WiSe 2003), pp 69–78 ACM, New York (2003)

10 Anantvalee, T., Wu, J.: A Survey on Intrusion Detection in Mobile Ad hoc Networks In: Xiao, Y., Shen, X., Du, D.Z (eds.) Wireless/Mobile Network Security, vol 2, pp 159–

180 Springer, Heidelberg (2007)

11 Huang, Y., Lee, W.: A Cooperative Intrusion Detection System for Ad hoc Networks In: ACM Workshop on Security in Ad Hoc and Sensor Networks (SASN 2003), pp 135–147 ACM, New York (2003)

12 Razak, A., Furnell, S.M., Clarke, N.L., Brooke, P.J.: Friend-Assisted Intrusion Detection and Response Mechanisms for Mobile Ad hoc Networks J Ad Hoc Networks 6, 1151–

1167 (2008)