Upload
others
View
17
Download
0
Embed Size (px)
Citation preview
DETECTION OF PACKET FORWARDING MISBEHAVIOR IN
WIRELESS NETWORK
1 N.Karthikeyan
2 Dr.M.Ravindran
1
Research Scholar, Bharathiar University, Coimbatore-641 046.
2Associate Professor, Department of Computer Science, Government Arts College, Madurai.
Abstract – Wireless networks are susceptible to
having their effective operation compromised by a
variety of security attacks. Nodes may misbehave
either because they are malicious and deliberately
wish to disrupt the network, or because they are
selfish and wish to conserve their own limited
resources such as power, or for other reasons. The
wireless nature and inherent features of mobile ad
hoc networks makes them vulnerable to a wide
variety of attacks by misbehaving nodes. Such
attacks range from passive eavesdropping, where
a node tries to obtain unauthorized access to data
destined for another node, to active interference
where malicious nodes hinder network
performance by not obeying globally acceptable
rules. For instance, a node can behave maliciously
by not forwarding packets on behalf of other peer
nodes. This paper presents a mechanism that
enables the detection of nodes that exhibit packet
forwarding misbehavior.
Keywords: Misbehavior detection, Packet
forwarding, Routing misbehavior.
I. INTRODUCTION
In a wireless ad hoc network, all
individual nodes has to cooperate with each other
during packet forwarding primarily due to their
limited transmission range and the lack of
physical network infrastructure. Wireless ad-hoc
network provides the flexibility and scalability
where the nodes are not confined to geographical
restriction and are able to join or leave the
network freely and randomly. Therefore, wireless
ad hoc network has been widely deployed in
military, scientific research, mission-critical
operation and civilian application. Despite having
such benefits, wireless ad hoc network is
notorious for poor administration as the wireless
transmission is vulnerable to security attack.
Contrary to the conventional wireless network,
wireless ad hoc network does not have an absolute
control over the nodes behavior as they are owned
by multiple authorities. As a result, legitimate
packets may be dropped purposely by misbehaved
nodes and might disrupt the network if not taken
seriously.
The wireless nature and inherent features
of mobile ad hoc networks makes them vulnerable
to a wide variety of attacks by misbehaving nodes.
Such attacks range from passive eavesdropping,
where a node tries to obtain unauthorized access
to data destined for another node, to active
interference where malicious nodes hinder
network performance by not obeying globally
acceptable rules. For instance, a node can behave
maliciously by not forwarding packets on behalf
of other peer nodes. However, when a node
exhibits malicious behavior it is not always
because it intends to do so. A node may also
misbehave because it is overloaded, broken,
compromised or congested in addition to
intentionally being selfish or malicious.
Misbehavior can be divided into two categories:
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1350
ISSN:2229-6093
routing misbehavior (failure to behave in
accordance with a routing protocol) and packet
forwarding misbehavior (failure to correctly
forward data packets in accordance with a data
transfer protocol). This paper focuses on the
packet forwarding misbehavior. Our approach
consists of an algorithm that enables packet
forwarding misbehavior detection.
Our scheme detects misbehaving nodes
(whether selfish, malicious or otherwise) capable
of launching two known attacks: the simplest of
them is the black hole attack. In this attack a
misbehaving node drops all the packets that it
receives instead of normally forwarding them. A
variation on this is a gray hole attack in which
nodes either drop packets selectively (e.g.
Dropping all UDP packets while forwarding TCP
packets) or drop packets in a statistical manner
(e.g. dropping 50% of the packets or dropping
them with a probabilistic distribution). Both types
of gray hole attacks seek to disrupt the network
without being detected by the security measures in
place.
II. RELATED WORK
Felegyhazi et al. [1] presents a game
theoretic model to analyze the cooperation in both
dynamic and static scenarios. The simulation
result shows that cooperation solely based on the
self-interests of the nodes couldn't be realized in
practical and an incentive mechanism is needed.
In SORI [2] all nodes maintain a confidence level
table for them to exchange information with each
other and penalize the bad reputation selfish node.
They use one-way hashing to ensure the selfish
node couldn't impersonate other nodes in
improving its own reputation. However, a
malicious node can always fake the information
and keep condemning other innocent nodes and
eventually causing a chaos in the network. SMDP
[3] is a session-based detection protocol and it use
the principle of data flow conversation where the
data flow in and flow out from a node should
always be equal. At the end of each data session,
all the nodes along the path will send the total
packet they received to the previous hop and the
total packet they transmitted to the next hop. After
gathering all these transmission reports, all the
nodes will rebroadcast the sum of the packets to
the surrounding nodes. A node will be suspected
if the total transmission is much different from the
total reception. Digital signature has been used to
ensure no one can fake the integrity of the report.
However, the source can defame the next
forwarder by reporting an incorrect number of
total transmitted packets.
The Secure Routing Protocol (SRP) [4]
and Authenticated Routing for Ad hoc Networks
(ARAN) [5] assume the existence of a priori
relationships in a network: in the case of SRP
between the two communicating nodes, and for
ARAN between each node in the network and a
certificate server. Both protocols perform an end-
to-end authentication and intermediate nodes are
not allowed to reply to route requests even if they
know a route to the destination. However, a priori
relationships in MANETs may not exist. These
approaches secure the path discovery and
establishment functionality of routing protocols
and our approach complements them by securing
the data forwarding functionality. The routing
protocol proposed in [6] offers resilience to
disruption or degradation of the routing service by
an algorithm that allows the detection of a
malicious link after log n faults have occurred on
a path, where n is the hop length of the path. In
[7] each node is able to detect signs of intrusion
locally and neighboring nodes collaborate to
further investigate malicious behavior. In both
these approaches a node uses its own data to
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1351
ISSN:2229-6093
identify another node as an intruder. In contrast,
in our approach a node detects anomalies in
packet forwarding based on data acquired by other
nodes in the network as well as on its own data,
thus potentially obtaining a more balanced
evaluation of a node’s behavior.
III. SYSTEM MODEL
3.1. Assumptions and Terminologies
We assume the wireless ad hoc network is
well established and all the nodes interested to
communicate with the base station for some
reason e.g., Internet access. Since most of the
packets °owing upward to the base station, we can
assume it resembles some type of hierarchical
network. In addition, the central authority can be
trusted absolutely and it has no incentive to
misbehave. The base station is the central
authority of the network and it has good
knowledge of the topology of the network.
Besides, we assume all the missing packets are
mainly caused by the misbehavior of the nodes.
Misbehaved node and misbehaver are used
interchangeably to refer to the node who does not
forward packet properly and/or posses a bad
intention in defaming other innocent nodes by
exploiting the existing protocol.
3.2. Attack Model
We consider the packet losses are mainly
due to the misbehaved nodes in network. Thus,
we further classify misbehaved nodes as the
selfish nodes and the malicious nodes. Selfish
nodes always consider about their own benefits
only and refuse to forward legitimate packets
from others. Normally, we term this kind of
misbehavior as packet drop attack. Malicious
nodes are spiteful nodes with intention to degrade
the network performance by defaming other
innocent nodes. We name this type of attack as
reputation attack.
IV. DESIGN CONSIDERATION
Most of the detection mechanisms fail to
serve the primary purpose due to their improper
penalization method and the ambiguous
accusation. For simple illustration, 16 nodes are
deployed in grid and all the nodes in the network
send data packet to the base station (node a)
periodically (see Figure-1). The links in the
network represents the connectivity of the nodes.
Node k is a misbehaved node that drops node p's
legitimate packets. In this case, only node l, o and
p are able to detect node k's misbehavior (by using
promiscuous listening) and they will penalize
node k by dropping its packet in return. However,
their penalization is useless as node k relies its
upstream nodes (node j, f, and g) to forward its
data packets to node a. For convenience, we name
this issue as improper penalization as the
penalization is not executed by all the surrounding
nodes of the misbehaved node.
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1352
Figure – 1: Simple 16 nodes in a Grid
ISSN:2229-6093
Another similar issue is the
ambiguousness of the accusation where a node is
unsure about the truthfulness of the accusation
report sent by a neighbouring node. The
accusation may be sent by a malicious node who
intends to disgrace other innocent node(s).
Assuming node l is penalizing node k as it is
dropping node p packet. Node k can revenge back
by telling node g and h that node l is a
misbehaved node. In this case, node l hardly can
defend for itself as node g and h are not aware of
the node k misbehavior at downstream.
V. DETECTION AND ACCUSATION
Firstly, the victim node accuses a
misbehaved node by sending a secret accusation
report to the base station through a steady route
and subsequently the base station will assign a set
of random k agents which are the neighbouring
node of the accused node (except the accuser
itself) to investigate the accusation. These agents
investigate the suspected nodes by sending
dummy packet with the accuser identity such that
the suspected node could not aware of the
investigation process. Then, these investigation
agents will observe the response of the suspected
node and send back the result to the base station
for further action secretly. The base station will
gather sufficient feedbacks and the conviction is
based on the majority vote. Once the misbehaved
node is convicted, its identity will be included in
the base station blacklist table and sent to all the
nodes in the network.
Eventually, the detected misbehaving
node(s) will be isolated from the network until the
penalization period over. Our proposed approach
has overcome the issues mentioned above in the
sense that the accusation of the victim is taken as
the reference whereas the final conviction is based
on the feedback of the random appointed
investigation agents. Hence, the probability of the
reputation attack is kept to a very low degree.
Moreover, only the central authority can issue the
blacklist table for all the nodes to execute the
penalization together and thus the detected
misbehaver(s) will be recognized and isolated at
network-wide.
VI. RESULTS AND DISCUSSION
Consider 50 static nodes sending data in a
network of size 1000 x 1000 meter. We assume
all the dropped packets are mainly caused by the
misbehaved nodes instead of the link error. The
shortest path algorithm was used to search for the
next route to forward the data to base station.
Figure-2 (a): Seflish nodes network
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1353
ISSN:2229-6093
Figure-2 (b): Malicious nodes network
The above Figure-2 (a) and (b) shows the
detection effectiveness against the selfish nodes
and malicious nodes threats. This could achieve a
high correct detection percentage in an ideal
network where only a small number of selfish
nodes existed in the network. As the number of
selfish nodes increases, correct detection degrade
but the false positive detection is still kept to zero
percentage.
In real world, multiple of malicious nodes
might exist in network that threatened the
innocent nodes. The increasing number of
malicious nodes will augment the false positive
detection in the network (Figure-2(b)). In other
words, more of innocent nodes is defamed by
malicious nodes. Meanwhile, the correct detection
percentage is increasing too as the independent
malicious nodes mistakenly accuses each other.
Next, we examine the influence of the amount of
investigators for the detection effectiveness. In an
ideal selfish nodes existence network, the number
of the investigators has no significant influence to
detection effectiveness as selfish nodes do not
defame other innocent nodes. However, in a
malicious nodes existence network, we observed
that the higher number of investigator agents
could reduce the false positive detection
percentage in the network. The correct detection
percentage is slightly reduced as some part of the
network may have insufficient agents to complete
the investigation.
VI. CONCLUSION
Wireless networks rely on the
uninterrupted availability of the wireless medium
to interconnect participating nodes. However, the
open nature of this medium leaves it vulnerable to
multiple security threats. Anyone with a
transceiver can eavesdrop on wireless
transmissions, inject spurious messages, or jam
legitimate ones. We propose a simple yet
effective scheme to identify misbehaving
forwarders that drop or modify packets in wireless
networks.
REFERENCES
1. Felegyhazi, M., J.P. Hubaux, and L. Buttyan,
“Nash equilibria of packet forwarding strategies
in wireless ad hoc networks”, IEEE Transactions
on Mobile Computing, pp. 463-476, 2006.
2. He, Q., D. Wu, and P. Khosla, “SORI: A secure
and objective reputation based incentive scheme
for ad hoc networks”, Proc. of IEEE Wireless
Communications and Networking Conference
(WCNC2004), 2004.
3. Fahad, T., D. Djenouri, R. Askwith, and M.
Merabti, “A new low cost sessions-based
misbehavior detection protocol (SMDP) for
MANET”, AINA Workshops, Vol. 1, pp. 882-
887, 2007.
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1354
ISSN:2229-6093
4. P. Papadimitratos, and Z. J. Haas, “Secure
routing for mobile ad hoc networks”, Proceedings
of the SCS Communication Networks and
Distributed Systems Modeling and Simulation
Conference, pp. 193-204, 2002.
5. K. Sanzgiri, B. Dahill, B. N. Levine, C.
Shields, and E. M. Belding-Royer, “A secure
routing protocol for ad hoc networks”,
Proceedings of the 10th IEEE International
Conference on Network Protocols, pp. 78-87,
2002.
6. B. Awerbuch, D. Holmes, C. Nita-Rotaru, and
H.Rubens, “An on-demand secure routing
protocol resilient to Byzantine failures”,
proceedings of the 3rd
ACM Workshop on
Wireless Security, pp. 21-30, 2002.
7. Y. Zhang, and W. Lee, “Intrusion detection in
wireless ad-hoc networks”, Proceedings of the 6th
ACM International Conference on Mobile
Computing and Networking, pp. 275-283, August
2000.
8. P. Papadimitratos, and Z. Haas, “Secure data
communication in mobile ad hoc networks”, IEEE
Journal on Selected Areas in Communications,
vol. 24, issue 2, pp. 343-356, 2006.
9. J. Kong, P. Zerfos, H. Luo, S. Lu, and L.
Zhang, “Providing robust and ubiquitous security
support for mobile ad-hoc networks”, Proceedings
of the 9th
IEEE International Conference on
Network Protocols, pp. 251-260, 2001.
10. L. Zhou, and Z. Haas, “Securing ad hoc
networks”, IEEE Network Magazine, vol. 13,
issue 6, 1999.
11. S. Marti, T. J. Giuli, K. Lai, and M. Baker,
“Mitigating Routing Misbehavior in Mobile ad
hoc networks”, Proceedings of the 6th
ACM
International Conference on Mobile Computing
and Networking, pp. 255-265, 2000.
12. R. Rao, and G. Kesidis, “Detecting malicious
packet dropping using statistically regular traffic
patterns in multi-hop wireless networks that are
not bandwidth limited”, Proceedings of the 2003
IEEE Global Telecommunications Conference,
vol.5, pp. 2957-2961, 2003.
N Karthikeyan et al, Int.J.Computer Technology & Applications,Vol 5 (3),1350-1355
IJCTA | May-June 2014 Available [email protected]
1355
ISSN:2229-6093