Detection and Prevention of Routing Attacks with NCPR Protocol …ijarece.org/wp-content/uploads/2014/08/IJARECE-VOL-3... · 2014. 8. 17. · DETECTION AND PREVENTION OF ATTACKS WITH

International Journal of Advanced Research in Electronics and Communication Engineering (IJARECE)

Volume 3, Issue 8, August 2014

940

All Rights Reserved © 2014 IJARECE

Abstract— Mobile ad hoc networks (MANETs) is a dynamic network which the mobile node does not have any

infrastructure. Link breakages exist due to its high mobility of

nodes which leads to frequent path failures and route

discoveries. In broadcasting mechanism, the mobile node

blindly rebroadcasts the first received route request, even if

there is no route to destination leads to broadcast storm

problem. Attacks are the main issues in Mobile ad hoc

networks such as DoS, Wormhole attacks etc. In this paper an

Attack Detection and Prevention algorithm (ADPA) is

implemented with Neighbor Coverage based Probabilistic

Rebroadcast Protocol (NCPR) for ensuring security along with

improved performance in the network. ADPA detects and

prevents the attacker nodes more effectively. The neighbor

coverage based probabilistic rebroadcast protocol, exploits the

neighbor coverage knowledge by rebroadcast delay and obtains

additional coverage ratio. Connectivity factor is defined and it

is combined with additional coverage ratio to set rebroadcast

probability. The neighbor coverage and probabilistic

mechanism significantly decreases the number of

retransmissions so as to reduce the routing overhead.

Index Terms— Additional coverage ratio, Attack Detection and

Prevention Algorithm, connectivity factor, Mobile ad hoc

Networks, rebroadcast delay, rebroadcast probability, shortest

path.

I. INTRODUCTION

Mobile Ad hoc network (MANET) is promising to solve

many challenging real-world problems, such as,

communication in emergency response system, military

field operation and oil drilling and mining Operation.

Dynamic topologies, Bandwidth-constrained, variable

capacity links, Energy-constrained operation, Limited

physical security are the several salient features of mobile

ad hoc networks. Due to these features, mobile ad hoc

networks are particularly vulnerable to denial of service

attacks launched through compromised node [13].

Security is one of the most challenging problems as the

operation environment of such network is usually

unpredictable and

Manuscript received Aug , 2014.

Radhu.R.Nair, Communication systems, Anna University/

Dhanalakshmi Srinivasan College of Engineering, Alappuzha, India.

Revathy.R.Nair, Electronics and communication, Kerala University/

Mount Zion College of Engineering for Women, Alappuzha, India,

the existing mechanisms such as routing protocols assume

a trusted environment. Hence any malicious behaviour

could

disrupt the normal operation of the networks [5]. Any

attacker or malicious node in the network can disturb the

whole process or can even stop it. Several attacks like,

wormhole, rushing etc [7] have been come into the picture

under which a genuine node behaves in a malicious

manner. It is quite difficult to define and detect such

behaviour of a node [4]. Mobile ad hoc network (MANET)

is an autonomous system of mobile nodes connected by

wireless links [2]. However, due to node mobility in

MANETs, frequent link breakages may lead to frequent

path failures and route discoveries [1]. Thus, reducing the

routing overhead in route discovery is an essential

problem. The conventional on demand routing protocols

use flooding to discover a route. They broadcast a Route

Request (RREQ) packet to the networks, and the broad

casting induces excessive redundant retransmissions of

RREQ packet [11].

MANET has no clear line of defense, so, it is accessible

to both legitimate network users and malicious attackers

[6]. In the presence of malicious nodes, one of the main

challenges in MANET is to design the robust security

solution that can protect MANET from various routing

attacks. Different mechanisms have been proposed using

various cryptographic techniques to countermeasure the

routing attacks against MANET. However, these

mechanisms are not suitable for MANET resource

constraints.

The proposed attack detection and prevention algorithm

(ADPA) detects and prevents the attacks by using IP

address. The attack prevention algorithm maintains the IP

address history, Nodes entering into the network and also it

stores the IP address of each incoming nodes. If the IP

address of each incoming node is equal to the stored IP

history, then there is no attack. Each time the incoming

node tries to enter into the network, its history is

maintained. But, if the incoming node‟s tries to enter in the

network more than five times, it will get its IP address and

reads its MAC unique id. If this id of server is same as that

of client, it accepts the request from the client and sends a

response for the request. Else that node is placed in attacker

list and its access will be denied.The neighbor coverage

based probabilistic rebroadcast protocol, exploits the

neighbor coverage knowledge by rebroadcast delay and

thus obtains additional coverage ratio. Connectivity factor

Detection and Prevention of Routing Attacks

with NCPR Protocol for MANETs

Radhu.R.Nair, Revathy.R.Nair



ISSN: 2278 – 909X All Rights Reserved © 2014 IJARECE

941

is defined and it is combined with additional coverage ratio

to set rebroadcast probability.

II. RELATED WORKS

The goal of the security solutions for MANET is to provide

security services [4]. The MANET protocols are facing

different routing attacks [7] [5]. Broadcasting is an effective

mechanism for route discovery, but the routing overhead

associated with the broadcasting can be quite large,

especially in high dynamic networks [12],[9], [5], [8]. The

gossip-based approach, each node forwards a packet with a

probability [10].

III. DETECTION AND PREVENTION OF ATTACKS WITH NCPR

PROTOCOL

The Mobile Ad-Hoc Networks works by broadcasting the

information. Its broadcasting nature helps attacker, to spy

the network [6]. Many type of attack can be done on

MANETs. The Attack Detection and Prevention Algorithm

(ADPA) prevent such type of attacks. The prevention

algorithm maintains some data‟s such as the IP address

history, Nodes entering into the network and also it stores the

IP address of each incoming nodes. The arrival of each

incoming node is evaluated for each time. There will be no

attackers if the IP address of each incoming node is equal to

the stored IP history. History of incoming node is

maintained whenever the node tries to enter the network. If

the incoming node‟s tries to enter in the network more than

five times, it will get its IP address and reads its MAC unique

id. If this id of server is same as that of client, it accepts the

request from the client and sends a response for the request.

Else that node is placed in attacker list and its access will be

denied. In this way the algorithm detects and prevents the

attacks such as DoS and Worm hole attacks in mobile ad hoc

networks.

A. Rebroadcast Delay Calculation

To estimate how many its neighbors have not been

covered by the RREQ packet from s, when node ni receives

an RREQ packet from its previous node s, it can use the

neighbor list in the RREQ packet. To calculate this, the

Uncovered Neighbors set U(ni) of node is defined. It is

given below:

U(ni)=N(ni)-[N(ni)∩N(s)]-{s} (1)

Where N(s) and N (ni) are the neighbors sets of node s and

ni, respectively. s is the node which sends an RREQ packet

to node ni. The key to success for the neighbor coverage

based probabilistic rebroadcast protocol is the choice of a

proper delay [1] . The rebroadcast delay Td(ni) of node ni is

defined as follows:

Tp (ni) = 1- | N(s)∩N(ni) |

(2)

|N(s)|

)(nTMaxDelay= )(nT ipid (3)

Where Tp(ni) is the delay ratio of node ni, and MaxDelay is

a small constant delay. Its value is 0.01. Consider that node

nk has the largest number of common neighbors with node

s, according to (3). Then the node nk has the lowest delay

[1]. The node can set its own timer after determining the

rebroadcast delay.

Figure 1: Rebroadcast delay calculation

B. Rebroadcast Probability Calculation

The RREQ packets from the nodes which have lowered

rebroadcast delay may listen to the node which has a larger

rebroadcast delay. According to the neighbor list in the

RREQ packet from nj, the node ni could further adjust its

UCN set [1]. Then, the U(ni) can be adjusted as follows:

U(ni)=U(ni)-[U(ni)∩N(nj)] (4)

The RREQ packet received from node nj is discarded

after adjusting the U(ni). To determine the order of

disseminating neighbor coverage knowledge to the nodes

which receive the same RREQ packet from the upstream

node, the rebroadcast delay is used [1]. The additional

coverage ratio of node ni is (Ra (ni)), which is defined as

follows:

|)N(n|

|)U(n|)(n R

i

i

ia (5)

This equation indicates the ratio of the number of nodes

that are additionally covered by this rebroadcast to the total

number of neighbors of node ni. To keep the probability of

network connectivity approaching 1, [3] a heuristic formula

is used: ∣N (ni)∣ . Fc (ni) ≥ 5.1774 . Then define the

minimum Fc (ni) as a connectivity factor, which is given by:



942


|)N(n|

N )(n F

i

c

ic (6)

Where Nc = 5:1774 log n, and n is the number of nodes in

the network. From (6), it is observed that Fc(ni) is less than

1, when ∣N(ni)∣ is greater than Nc. The rebroadcast probability Pre (ni) of node ni:

Pre(ni)=Fc(ni).Ra(ni) (7)

Where, set the Pre(ni) to 1,if the Pre (ni) is greater than 1, The

rebroadcast probability is defined with the following

reason. From the additional coverage ratio Ra, it can be

determine that how many neighbors should receive and

process the RREQ packet.

Figure 2: Rebroadcast Probability Calculation

C. Attack Detection and Prevention Algorithm

Step 1: Initialize the Process Step 2: Maintain the IP address History=H;

Step 3: Nodes enter into the Network=U;

Step 4: Store the Each Incoming node‟s IP address=I;

Step 5: Check each time U,

If (I==H)

{

No Attacks

}

Else If (I




943

Figure 3: Flowchart of ADPA

D. Simulation Parameters

Table 1 Simulation Parameters

Simulation Parameter Value

Simulator NS-2(v2.34)

Topology Size 1200 1200 m

Number of Nodes 350

Transmission Range 250 m

Interface Queue Length 50

Traffic Type CBR

Packet Size 512 bytes

Packet Rate 4 packets/sec

Min Speed 1 m/sec

Max Speed 5 m/sec

E. Performance Analysis

To evaluate the performance of Attack Detection and

Prevention Algorithm (ADPA) with NCPR Protocol, it is

compared with some other protocols such as AODV and

DPR. It is simulated by using NS-2 simulator version 2.34.

The Neighbor Coverage based probabilistic rebroadcast

protocol [1], which is an optimization scheme for reducing

the overhead of RREQ packet in route discovery. Various

performance parameters are evaluated.

Normalized Routing Overhead: It is the ratio of the total

packet size of control packets (include RREQ, RREP,

RERR, and Hello) to the total packet size of data packets

delivered to the destinations.

Packet Delivery Ratio: It is the ratio of the number of data

packets successfully received by the Constant Bit Rate

(CBR) destinations to the number of data packets generated

by the CBR sources.

Average End-To-End Delay: It is the average delay of

successfully delivered Constant Bit Rate (CBR) packets

from source to destination node. It includes all possible

delays from the CBR sources to destinations.

IV. RESULTS

The figure 4 shows the attacker node which tries to enter

into the network. The ADPA maintains the IP address

history, Nodes entering into the network and also it stores the

IP address of each incoming nodes. It checks for each time

whether any nodes entering into the network.

.

Figure 4: NAM window with attacker node

The figure 5 shows the NAM window with the attacker

node normal nodes enters into the network. The ADPA

checks the IP address of each incoming node. The normal

node‟s IP will be equal to the stored IP history. So the



944


normal incoming nodes can enter the network. It does not

cause any attack.

Figure 5: Attacker node and Normal

Nodes

The figure 6 shows the prevention of attacker node by

ADPA. If the incoming node‟s tries to enter in the

network more than 5 times, it will get its IP address and

reads its MAC unique id. If this id of server is same as

that of client, it accepts the request from the client and

sends a response for the request. Else that node is placed

in attacker list and its access will be denied

Figure 6: Prevention of attacker node

F. Varied nodes with various performance metrics

The normalized routing overhead with varied number of

nodes is shown in figure 7. The RREQ traffic is reduced as

the NCPR protocol increases the packet size of RREQ

packets; it reduces the number of RREQ packets more

significantly. Compared with the conventional AODV

protocol, the overhead is reduced by above 45.9 percent in

the NCPR protocol. The overhead is reduced by above 30.8

percent when the NCPR protocol is compared with the

DPR protocol. When network is dense, the NCPR protocol

reduces overhead by above 74.9 percent and 49.1 percent

when compared with the AODV and DPR protocols,

respectively [1].

Figure 7: Normalized Routing Overhead with Varied

Number of Nodes

Average end to end delay with varied number of nodes is

shown in figure 8. The MAC collision rate of conventional

AODV is more severe. Thus the retransmission increases.

It incurs severe end to end delay. NCPR reduces end to end

delay by above 60.8 percent when compared with AODV.

When compared with DPR, NCPR reduces delay by above

46.4 percent on average [1].

Figure 8: Average end to end delay with varied number of

nodes

The packet delivery ratio with varied number of nodes is

shown in figure 9. The MAC collision rate of AODV is

excess. So, it leads to packet drops. It reduces packet delivery

ratio [1]. When AODV and DPR are compared with NCPR,

the packet delivery ratio of NCPR is increased by above 11.9

percent and 3.7 percent respectively.




945

Figure 9: Packet delivery ratio with varied number of

nodes

G. Performance Evaluation of ADPA

The performance of NCPR protocol with various

performance metrics is evaluated. It is found from the

results that the Attack detection and prevention algorithm

for attacks prevents attacks in mobile ad hoc network. Thus

it ensures secure routing. It is found that it increases

throughput. The figure 10 shows the xgraph of throughput

with prevention algorithm and throughput without

prevention algorithm. The result shows that the NCPR

protocol with prevention algorithm increases the

throughput of the network.

Figure 10: Received Packets with Time

The packet loss rate of NCPR protocol with Detection

and prevention algorithm of attacks is shown in the figure

11. The NCPR protocol with attack prevention and

detection algorithm increases the network performances.

When compared with the NCPR protocol with prevention

algorithm, the packet loss rate of NCPR protocol without

prevention has more packet loss rate.

Figure 11: Packet Loss Rate with Varied Nodes

The delay of NCPR protocol with varied nodes is

shown in the figure 12. The NCPR protocol with attack

detection and prevention algorithm reduces the end to

end delay when it is compared with NCPR protocol

without prevention algorithm.

Figure 12: End to End Delay with Varied Nodes

V. CONCLUSION

The services based on ad hoc networks have been

increased with development in computing environments.

Due to the physical characteristic of both the environment

and the nodes, wireless ad hoc networks are vulnerable to

various attacks such as DoS attacks and wormhole attacks. In

such types of attacks, it is executed by two malicious nodes

causing serious damage to networks and nodes. The

detection and Prevention of wormholes and DoS attacks in ad

hoc networks is still considered to be a challenging task. In

order to protect networks such types of attacks, previous

solutions require specialized hardwares. Thus, the proposed



946


algorithm in this paper is to detect and prevent Dos and

wormhole attacks without any special hardwares

mechanism. The proposed Attack detection and prevention

algorithm ensures secure routing and improves the

performance of mobile ad hoc networks. The NCPR protocol

disseminates the neighbor coverage knowledge and includes

additional coverage ratio and connectivity factor. A new

scheme is used to dynamically calculate the rebroadcast

delay, which is used to determine the forwarding order. A

rebroadcast probability is introduced to reduce the number of

rebroadcasts of the RREQ packet, to improve the routing

performance. This approach significantly decreases the

number of retransmissions so as to reduce the routing

overhead. Apart from conventional routing protocol, it

eliminates broadcast storm problem. The attack detection

and prevention algorithm is incorporated with NCPR

protocol for secure routing with improved performance.

REFERENCES

[1] Zhang X.M, Wang E.B, Xia J.J, and Sung D.K, “Neighbor Coverage based Probabilistic Rebroadcast for Reducing Routing Overhead in

Mobile Ad hoc Networks‟, IEEE transactions on mobile computing, vol

12, No.3, march 2013.

[2] Chadha M.S, Joon.R, Sandeep „Simulation and comparison Of AODV,

DSR and AOMDV routing protocols in MANETs’, International journal

of advanced research in Computer Engineering & Technology, Vol 2, No

3, July 2012.

[3] Zhang X.M, Wang E.B, Xia J.J, and Sung D.K,(2011) , „An Estimated Distance Based Routing Protocol for Mobile Ad Hoc Networks,‟ IEEE

Trans. Vehicular Technology, Vol. 60, no. 7, pp. 3473-3484.

[4] Mohini.G, A. kanungo, „A novel defense IPS scheme against wormhole

attack in MANET’, International journal Of computer application

(0975-8887) volume 79,no-17, October 2013

[5] Shilpa.J, Sumeet.A, „A novel paradigm: Detection and Prevention of Wormhole attack in Mobile Ad hoc Networks‟, International journal of

Engineering Trends and Technology, volume 3,Issue 5 2012

[6] Kumar. S, Pahal. V, Garg.S, „Wormhole Attack in Mobile Ad Hoc Networks: A Review‟, Engineering Science and Technology an

International Journal, ISSN 2250-3498, Vol 2, No 2, April 2012

[7] “Security in Mobile Ad-Hoc Networks” Yongguang Zhang and Wenke Lee, , in Book Ad Hoc Networks Technologies and Protocols, (Springer),

(2005).

[8] S.Y. Ni, Y.C. Tseng, Y.S. Chen, and J.P. Sheu, “The Broadcast Storm

Problem in a Mobile Ad Hoc Network,” Proc. ACM/IEEE MobiCom, pp.

151-162, 1999.

[9] J.D. Abdulai, M. Ould-Khaoua, and L.M. Mackenzie, “Improving

Probabilistic Route Discovery in Mobile Ad Hoc Networks,” Proc.IEEE

Conf. Local Computer Networks, pp. 739-746, 2007.

[10] Z. Haas, J.Y. Halpern, and L. Li, “Gossip-Based Ad Hoc Routing,”

Proc. IEEE INFOCOM, vol. 21, pp. 1707-1716, 2002.

[11] AlAamri.H, Abolhasan.M, and Wysocki .T, (2009), „On Optimizing Route Discovery in Absence of Previous Route Information in

MANETs,‟ Proc. IEEE Vehicular Technology Conf. (VTC), pp. 1-5.

[12] Chen .J, Lee Y. Z, Zhou. H, Gerla. M and Shu.Y (2006), „Robust Ad Hoc

Routing for Lossy Wireless Environment,‟ Proc. IEEE Conf.

Military Comm. (MILCOM‟06), pp1-7

[13] S. Corson ， J. Macker ， Mobile Ad hoc Networking (MANET):

Routing Protocol Performance Issues and Evaluation Considerations，

RFC 2501，January 1999.

Radhu. R. Nair received the B.E

degree in Electronics and

communication engineering under

Anna University, Chennai in 2012. She

completed her master of Engineering

in Communication Systems under

Anna University Chennai in 2014. She

has published papers in International

Journals and presented papers in

various National and International

Conferences She is interested in

Wireless Ad Hoc and Sensor Networks.

Revathy.R.Nair, is currently working

toward her BTech degree in Electronics

and Communication Engineering

under Kerala University. Her research

interests include wireless networks.

Documents

Detection and Prevention of Routing Attacks with NCPR Protocol …ijarece.org/wp-content/uploads/2014/08/IJARECE-VOL-3... · 2014. 8. 17. · DETECTION AND PREVENTION OF ATTACKS WITH