The existing intrusion detection system has gives more network overhead to MANET. Here, we analyze and find a new efficient intrusion detection system Hybrid Cryptography Technique (BECDH) for reducing network overhead and enhance the security level of MANET.
Trang 1A Survey on Malicious Nodes in Mobile Ad hoc Network
M.S.Subbulakshmi, M.Phil Research Scholar,
Department of Computer Science,
Erode Arts and Science College
(Autonomous), Erode subbulaxmims@gmail.com
S.J.Mohana, Assistant Professor & Head, Department of Computer Science, Erode Arts and Science College (Autonomous), Erode sjmohana@yahoo.co.in
Abstract
The wireless mobile ad-hoc networks is emerging
technology has been protected by various systems such
as firewall’s, Antivirus, and so on The MANET is not
having any infrastructure or any centralized server to
control entire networks Since every node should rely
on other nodes intended for support into routing as
well as forwarding packets to the destination The
intermediate nodes might be in agreement to forward
the packets although really crash or change them since
they are misbehaving In this paper we have presented
study about malicious nodes in mobile ad hoc network
and brief description of some existing intrusion
detection system The existing intrusion detection
system has gives more network overhead to MANET
Here, we analyze and find a new efficient intrusion
detection system Hybrid Cryptography Technique
(BECDH) for reducing network overhead and enhance
the security level of MANET
Keywords: Mobile Ad-hoc Network (MANET),
Security, Enhanced Adaptive Acknowledgment
(EAACK), Intrusion Detection System (IDS), Digital
Signature Algorithm (DSA), Blowfish Elliptic Curve
Diffie-Hellman Algorithm (BECDH)
1 Introduction
Wireless networking is now the intermediate of
choice for many applications Here adding up, recent
developed systems agree to gradually more complicate
functionality to exist in devices that are always minor,
and consequently ever more movable Mobile ad hoc
networks (MANETs) merge wireless communication
by a elevated amount of node mobility Some degree of
range wireless communication along with elevated
node mobility earnings to the nodes should cooperate
through every other to give crucial networking, among
the fundamental network energetically varying to
guarantee wants to be frequently met The energetic
environment of the protocols to allow MANET process
revenue they are eagerly matched towards use within severe otherwise explosive conditions
MANETS have subsequently turned into an extremely prevalent examination theme and have been proposed for utilization in numerous regions, for example, rescue operations, strategic operations, ecological, checking, meetings, and so forth MANETS
by their exceptionally nature are more helpless against assault than wired net-works The adaptability gave by the open show medium and the cooperativeness of the mobile devices (which have for the most part diverse asset and computational limits, and run ordinarily on battery force) presents new security dangers As a major aspect of normal danger administration we must have the capacity to distinguish these dangers and make proper move At times we may have the capacity
to outline out specific dangers cost-adequately In different cases we may need to acknowledge that vulnerabilities exist and try to make proper move when
we accept somebody is assaulting us Accordingly, intrusion detection is a basic piece of security for MANETS
2 Intrusion Detection System
Intrusion is any situated of activities that endeavour
to trade off the integrity, confidentiality, or availability
of a resource [1] and an intrusion detection system (IDS) is a framework for the location of such intrusions There are three fundamental parts of IDS: data collection, detection, and response
The data collection component is responsible for collection and pre-processing data tasks: transferring data to a common format, data storage and sending data to the detection module [2] IDS can use different data sources as inputs to the sys-tem: system logs, network packets, etc In the detection component data
is analyzed to detect intrusion attempts and indications
of detected intrusions are sent to the response component
Trang 2application logs in its analysis Based on detection
techniques, IDS can also be classified into three
categories as follows [3]: Anomaly detection system,
Misuse detection system, Specification-based
detection
Anomaly detection systems: The normal
profiles (or normal behaviors) of users are
kept in the system The system compares the
captured data with these profiles, and then
treats any activity that deviates from the
baseline as a possible intrusion by informing
system administrators or initializing a proper
response
Misuse detection systems: The system keeps
patterns (or signatures) of known attacks and
uses them to compare with the captured data
Any matched pattern is treated as an intrusion
Like a virus detection system, it cannot detect
new kinds of attacks
Specification-based detection: The system
defines a set of constraints that describe the
correct operation of a program or protocol
Then, it monitors the execution of the program
with respect to the defined constraints
3 IDS Techniques for Malicious Nodes
in MANET
The mobile ad hoc network is an infrastructure less
network, so each node must rely on other nodes for
cooperation in routing and forwarding packets to the
destination The intermediate nodes might agree to
forward the packets but actually drop or modify them
because they are misbehaving The simulations in [4]
show that only a few misbehaving nodes can degrade
the performance of the entire system There are several
existing techniques and proposed technique to detect
such misbehavior in order to avoid those nodes [5, 6]
3.1 Existing IDS Techniques
The existing intrusion detection system techniques
are finding the malicious nodes but it has some
problem of network overhead due to the number of
malicious nodes are increased Here in this section,
watchdog, TWOACK, AACK and EAACK techniques
are explained
3.1.1 Watchdog and Pathrater
Two techniques were proposed by Marti, Giuli, and
Baker, watchdog and path rater, to be added on top of
the standard routing protocol in adhoc networks A
watchdog identifies the misbehaving nodes by
eavesdropping on the transmission of the next hop A
path rater then helps to find the routes that do not contain those nodes In DSR, the routing information is defined at the source node This routing information is passed together with the message through intermediate nodes until it reaches the destination Therefore, each intermediate node in the path should know who the next hop node is In addition, listening to the next hop's transmission is possible because of the characteristic of wireless networks if node A is within range of node B,
A can overhear communication to and from B The Figure 1 shows how watchdog works
Fig 1 Watchdog Works
Assume that node S wants to send a packet to node
D, which there exists a path from S to D through nodes
A, B, and C Consider now that A has already received
a packet from S destined to D The packet contains a message and routing information When A forwards this packet to B, A also keeps a copy of the packet in its buffer Then, it promiscuously listens to the transmission of B to make sure that B forwards to C If the packet overheard from B matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line) It then removes the packet from the buffer However, if there's no matched packet after a certain time, the watchdog increments the failures counter for node B If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S
Pathrater performs the calculation of the path metric for each path By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link reliability, which is collected from past experience Obtaining the path metric for all available paths, the path rater can choose the path with the highest metric
In addition, if there is no such link reliability information, the path metric enables the path rater to select the shortest path too As a result, paths containing misbehaving nodes will be avoided However, those misbehaving nodes are not punished
In contrast, they even benefit from the network In another word, they can use resources of the network other nodes forward packets for them, while they forward packets for no one, which save their own resources Therefore, misbehaving nodes are encouraged to continue their behaviors [4]
Many MANET IDSs are either based on or developed as an improvement to the Watchdog
scheme Nevertheless, as pointed out by Marti et al [4], the Watchdog scheme fails to detect malicious
misbehaviors with the presence of the following: 1) ambiguous collisions 2) receiver collisions3) limited transmission power 4) false misbehavior report 5) collusion and 6) partial dropping
Trang 33.1.2 TWOACK
Aiming to resolve the receiver collision and limited
transmission power problems of Watchdog, TWOACK
detects misbehaving links by acknowledging every
data packet transmitted over every three consecutive
nodes along the path from the source to the destination
Upon retrieval of a packet, each node along the
route is required to send back an acknowledgment
packet to the node that is two hops away from it down
the route TWOACK is required to work on routing
protocols such as Dynamic Source Routing (DSR) The
working process of TWOACK is shown in Fig.2
Fig.2 TWOACK scheme
Node A first forwards Packet 1 to node B, and then,
node B forwards Packet 1 to node C When node C
receives Packet 1, as it is two hops away from node A,
node C is obliged to generate a TWOACK packet,
which contains reverse route from node A to node C,
and sends it back to node A The retrieval of this
TWOACK packet at node A indicates that the
transmission of Packet 1 from node A to node C is
successful Otherwise, if this TWOACK packet is not
received in a predefined time period, both nodes B and
C are reported malicious The same process applies to
every three consecutive nodes along the rest of the
route
The TWOACK scheme successfully solves the
receiver collision and limited transmission power
problems posed by Watchdog However, the
acknowledgment process required in every packet
transmission process added a significant amount of
unwanted network overhead Due to the limited battery
power nature of MANETs, such redundant
transmission process can easily degrade the life span of
the entire network However, many research studies are
working in energy harvesting to deal with this problem
[7]
3.1.3 AACK
Based on TWOACK, Sheltamiet al Proposed a
new scheme called AACK Similar to TWOACK,
AACK is an acknowledgment-based network layer
scheme which can be considered as a combination of a
scheme called TACK (identical to TWOACK) and an
end-to-end acknowledgment scheme called
ACKnowledge (ACK) Compared to TWOACK, AACK significantly reduced network overhead while still capable of maintaining or even surpassing the same network throughput The end-to-end acknowledgment scheme in ACK is shown in Fig 3 In the ACK scheme shown in Fig, the source node S sends out Packet 1 without any overhead except 2 b of flag indicating the packet type All the intermediate
nodes simply forward this packet
Fig.3 ACK scheme
Fig 3 AACK Scheme
When the destination node D receives Packet 1, it is required to send back an ACK acknowledgment packet
to the source node S along the reverse order of the same route Within a predefined time period, if the source node S receives this ACK acknowledgment packet, then the packet transmission from node S to node D is successful Otherwise, the source node S will switch to TACK scheme by sending out a TACK packet The concept of adopting a hybrid scheme in AACK greatly reduces the network overhead, but both TWOACK and AACK still suffer from the problem that they fail to detect malicious nodes with the presence of false misbehavior report and forged acknowledgment packets [8]
3.1.4 EAACK
EAACK (Enhanced Adaptive Acknowledgment) [9]
is designed to tackle three of the six weaknesses of Watchdog scheme, namely, false misbehavior, limited transmission power, and receiver collision In a typical example of receiver collisions, shown in Fig 4, after node A sends Packet 1 to node B, it tries to overhear if node B forwarded this packet to node C; meanwhile, node X is forwarding Packet 2 to node C
Fig.4 Receiver collisions
Trang 4In the case of limited transmission power, in order
to preserve its own battery resources, node B
intentionally limits its transmission power so that it is
strong enough to be overheard by node A but not
strong enough to be received by node C, as shown in
Fig 5
In such case, node A overhears that node B has
successfully forwarded Packet 1 to node C but failed to
detect that node C did not receive this packet due to a
collision between Packet 1 and Packet 2 at node C
Fig.5 Limited transmission power
For false misbehavior report, although node A
successfully overheard that node B forwarded Packet 1
to node C, node A still reported node B as
misbehaving, as shown in Fig 6
Fig.6 False misbehavior report
Due to the open medium and remote distribution of
typical MANETs, attackers can easily capture and
compromise one or two nodes to achieve this false
misbehavior report attack
EAACK is consisted of three major parts, namely,
ACK, secure ACK (S-ACK), and misbehavior report
authentication (MRA) The results demonstrated
positive performances against Watchdog, TWOACK,
and AACK in the cases of receiver collision, limited
transmission power, and false misbehavior report
Furthermore, in an effort to prevent the attackers
from initiating forged acknowledgment attacks,
incorporated digital signature Although it generates
more ROs in some cases, it can vastly improve the
network’s PDR when the attackers are smart enough to
forge acknowledgment packets
The EAACK scheme produces more routing
overhead when the number of malicious nodes is
increased Because of generation and verification of
digital signature requires considerable amount of time
So, for frequent exchange of messages the speed of
communication will reduce
3.2 Proposed IDS Technique
The object of the proposed intrusion detection technique is to enhance the strength of the security and also solve the network overhead problem in the mobile
ad hoc network In this proposed work, an innovative approach called hybrid cryptography technique is introduced, because it is desired to communicate data with high security
3.2.1 Hybrid Cryptography Technique (BECDH)
Hybrid Cryptography Technique incorporates a combination of asymmetric and symmetric encryption
to benefit from the strengths of each form of encryption These strengths are respectively defined as speed and security In this proposed work, create hybrid cryptography algorithm of combine Blowfish algorithm for symmetric and Elliptic Curve Diffie-Hellman for asymmetric The figure shows the encryption and decryption process of hybrid cryptography Blowfish Elliptic Curve Diffie-Hellman Algorithm (BECDH)
Fig.7 Process of Hybrid Cryptography Technique
(BECDH)
In this scheme, the sender before sending the acknowledgment packets to the receiver, first encrypt these packets by blowfish algorithm The encrypted information is again encrypted by ECDH algorithm for improve the security In receiver side, the receiver does same operations for decrypting the acknowledgment
BECDH Encryption
Blowfish Encryption
Elliptic Curve Diffie-Hellman Encryption
A C
of Packets
Blowfish Decryption
Elliptic Curve Diffie-Hellman Decryption
BECDH Decryption
Sender Side
Receiver Side
A C
K
Shared Secret Key
Trang 5packets but in reverse order The ECDH algorithm first
decrypts the encrypted message after that the blowfish
again decrypts the message Finally the receiver
receives the original acknowledgment packets This
scheme detects the malicious nodes with low routing overhead and it can also improve the packet delivery ratio compared with the existing techniques
4 Comparative Study
The table shows the comparative study of the various existing IDS techniques and proposed IDS technique is used to detecting the malicious nodes in MANET
Table 1 Comparative Study of Different IDS Techniques
S.No
Intrusion Detection Techniques
Algorithm /
1 Watchdog and
Pathrater
Dynamic Source Routing Protocol
To improve the throughput of network with the presence of malicious nodes
Fails to detect malicious misbehaviors with the presence of the following:
1) ambiguous collisions 2) receiver collisions 3) limited transmission power 4) false misbehavior report 5) collusion
6) partial dropping
2 TWOACK Dynamic
Source Routing Protocol
To resolve the receiver collision and limited transmission power problems of Watchdog
The acknowledgment process required in every packet transmission process added a significant amount of unwanted network overhead
Source Routing Protocol
Compared to TWOACK, AACK significantly reduced network overhead while still capable of maintaining or even surpassing the same network throughput
It is crucial to guarantee that the acknowledgment packets are valid and authentic
Signature Algorithm
1.To solve the three weaknesses
of Watchdog scheme, false misbehavior, limited transmission power, and receiver collision
2.To prevent the attacker from forging acknowledgment packets
Number of malicious nodes is increased, this scheme produces more network overhead
5 Hybrid
Cryptography
Technique
Blowfish Elliptic Curve Diffie-Hellman Algorithm
1 To solve the network/routing overhead problem of EAACK
2 Give more security to MANET compared with other schemes
Trang 6
5 Conclusion
As the use of mobile ad hoc networks (MANETs)
has increased, the security in MANETs has also
become more important accordingly Historical events
show that prevention alone, i.e., cryptography and
authentication are not enough; therefore, the intrusion
detection systems are brought into consideration In
this survey, we have given different existing intrusion
detection techniques and also introduce new innovative
intrusion detection technique Hybrid Cryptography
(BECDH) for finding malicious nodes in MANETs
Finally, we have justified that hybrid cryptography
technique (BECDH) is better intrusion detection
system for mobile ad hoc network while compared
with other existing intrusion detections systems
References
[1] Y Zhang, W Lee, and Y Huang, “Intrusion Detection
Techniques for Mobile Wireless Networks," ACM/Kluwer
Wireless Networks Journal (ACM WINET), Vol 9, No 5,
September 2003
[2] T Anantvalee and J Wu, “A Survey on Intrusion
Detection in Mobile Ad Hoc Networks,” in Wireless/Mobile
Security New York: Springer-Verlag, 2008
[3].N Kang, E Shakshuki, and T Sheltami, “Detecting
misbehaving nodes in MANETs,” in Proc 12th Int Conf
iiWAS, Paris, France, Nov 8–10,2010, pp 216–222
[4] N Kang, E Shakshuki, and T Sheltami, “Detecting
forged acknowledgements in MANETs,” in Proc IEEE 25th
Int Conf AINA, Biopolis,Singapore, Mar 22–25, 2011, pp
488–494
[5].K Liu, J Deng, P K Varshney, and K Balakrishnan,
“An acknowledgment-based approach for the detection of
routing misbehavior in MANETs,” IEEE Trans Mobile
Comput., vol 6, no 5,pp 536–550, May 2007
[6] Tapan P Gondaliya1, Maninder Singh, “Intrusion
detection System for Attack Prevention in Mobile Ad-hoc
Network, “ International Journal of Advanced Research in
Computer Science and Software Engineering,Volume 3,
Issue 4, April 2013
[7] Dr S S Tyagi ,Aarti ,”Study of MANET:
Characteristics, Challenges, Application and Security
Attacks,”International Journal of Advanced Research in
Computer Science and Software Engineering,Volume 3,
Issue 5, May 2013
[8] Alex Hinds, Michael Ngulube, Shaoying Zhu, and
Hussain Al-Aqrabi A Review of Routing Protocols for
Mobile Ad-Hoc NETworks (MANET)International Journal
of Information and Education Technology, Vol 3, No 1,
February 2013
[9]A Al-Roubaiey, T Sheltami, A Mahmoud, E Shakshuki
and H Mouftah, “AACK: Adaptive Acknowledgment
Intrusion Detection for MANET with Node Detection
Enhancement”, in 24th IEEE International Conference on
Advanced Information Networking and Applications, 2010
[10] M G Zapata, “Secure Ad Hoc On-Demand Distance
Vector (SAODV) Routing," ACM Mobile Computing and
Communication Review (MC2R), Vol 6, No 3, pp 106-107,
July 2002
[11] Y Hu, A Perrig, and D B Johnson, “Ariadne: A secure On-Demand Routing Protocol for Ad hoc Networks,"
Proceedings of the 8th Annual International Conference on Mobile Computing and Networking (MobiCom'02), pp
12-23, September 2002
[12] S Bansal and M Baker, “Observation-Based
Cooperation Enforcement in Ad hoc Networks," Research Report cs.NI/0307012, Stanford University, 2003
[13]Y Zhang, W Lee and Y Huang, “Intrusion Detection
Techniques for Mobile Wireless Networks,” ACM/Kluwer Wireless Networks Journal (ACM WINET), Vol 9, No 5,
September 2003
[14]Chlamtac, I., Conti, M., and Liu, J J.-N.” Mobile ad hoc
networking: imperatives and challenges” Ad Hoc Networks,
1(1), 2003, pp 13–6
[15] M Frodigh, P Johansson and P.Larsson.”Wireless ad hoc networking: the art of networking without a
network”,Ericsson Review,No.4, 2000, pp 248-263
[16] Belding-Royer,E.M and C.K Toh, 1999.“A review of current routing protocols for ad-hoc mobile wireless
networks”.IEEE Personal Communication magazine
[17] PriyankaGoyal, VintiParmar and Rahul Rishi,
“MANET: Vulnerabilities, Challenges, Attacks,
Application”, IJCEM International Journal of Computational Engineering & Management, Vol 11, January 2011
[18] E Surya and C Diviya, “A Survey on Symmetric Key Encryption Algorithms”, International Journal of Computer Science & Communication Networks, Vol 2(4), 475-477
[19] P Q Nguyen and I E Shparlinski, “The insecurity of the Digital Signature Algorithm with partially known
nonces”, Preprint, 2000, 1-26
[20] D Hakerson, A Menezes, and S Vanston , “Guide to
Elliptic Curve Cryptography,” Springer-Verlag, NY (2004)