RFAP, A Preventive Measure against Route Request Flooding Attack in MANETS

Kashif Laeeq Asst. Professor, Dept. of Computer Science

Federal Urdu University of Arts, Science & Technology, Karachi, Pakistan kashiflaeeq@fuuast.edu.pk, kashiflaeeq@yahoo.com

Abstract— The operations of Mobile Ad-hoc Networks (MANETs) are still insecure due to some reasons. One of the main reasons is insecure routing protocol. Generally ad-hoc network operations utilize reactive routing protocol such as AODV, to complete their routing needs. The route construction phase of this protocol is vulnerable; the malicious node easily disrupts the communication. In one case malicious node sends bulk route request (RREQ) packets to void addresses that occupy the network resources. This type of attack is called RREQ Flooding Attack (RFA). There are various schemes to mitigate the RFA but they are inadequate towards mitigating the attack. One of the main issues present in majority of proposed solutions is not to recover malicious node after punishment. This paper introduces RFAP, a scheme for mitigating the RREQ flooding attack in MANET by utilizing AODV protocol. The RFAP is an amended form of AODV. The scheme is specially design for MANET that has higher node mobility. Recovery of malicious nodes after reasonable punishment is the main objective of the scheme. Simulations are performed using NS-2 simulator and results are presented. These results illustrate that RFAP has ability to separate the flooder node from the network with more reliable as compare to simple AODV.

Keywords- Flooding attack; MANETs; Attack; RFAP; AODV; Reactive Routing

I. INTRODUCTION The deployment ease, flexibility and less infrastructure

makes the wireless technology, as the first choice for business, education, healthcare, war and many other fields of our today life. Generally this technology grouped into two main categories i.e. network with fixed infrastructure and network without fixed infrastructure [4][21]. In fixed infrastructure the network has a central node some time called base station which is responsible for all connections [4]. Wireless network with no fixed infrastructure some time called an ad hoc network that refers as temporary or not permanent. The nodes of ad hoc network participate for a while, than disconnected but the network remains up, for next time whenever they required participating, they do so. This type of network has no fixed router other than wireless mesh networks, that some time may have fixed router. If the participating nodes of an ad hoc

network can be moved anywhere, without any infrastructure, called mobile ad hoc network (MANET). The MANETs are the most demanding and role oriented wireless network in today’s society [21]. The MANETs mostly use either proactive or reactive routing protocols. But in literature we also have hybrid protocols such as Zone Routing Protocol that utilizes the best feature of both reactive and proactive routing [21]. The reactive routing also called on demand routing protocol. This type of routing has high probability for route request (RREQ) attacks specially RREQ flooding attack during their route discovery process. A malicious node may actively involved in flooding attack by repeatedly sending RREQs [1][3][9].

Figure 1. MANET Environment

II. RFAP SCHEME OVERVIEW Route request Flooding Attack Prevention (RFAP) is a scheme for mitigating the RREQ flooding attack in MANET. The scheme first finds the flooder node, isolates it from the network, gives some punishment and after reasonable punishment re-considers the node as accuse nodes. Since there is no remarkable scheme present in Ad-hoc On Demand Distance Vector (AODV) protocol specially to combat with RREQ flooding attack, RFAP is a positive addition. The RFAP scheme is modified version of AODV protocol.

A. What is New in RFAP Majority of the schemes or methodologies proposed by researchers in this domain focuses only to find the attacker node than blacklist the node forever. Few of them de-blacklist the node after a long time or after tremendous efforts shown by the node. Truly speaking the MANETs nodes are mobile, and some time in emergency or for any valid reason the node

978-1-4673-2252-2/12/$31.00 ©2012 IEEE

may show very quick movements. Due to higher node mobility, a node may ask for new routes again and again that are legitimate RREQs but majority of in-hand schemes consider these conditions as RREQ flooding attack and blacklist the node for life time or for a very long time. The RFAP scheme totally disagrees with the idea that if a node misbehaves or find in malicious activities, just segregates it from the network. The scheme believes that a flooder node may be misused by some intruder and normalize thereafter or by extraordinary changing its position that may be in emergency condition. Keeping these facts in consideration, RFAP scheme is designed to provide enough time to blunderer to come to a dutiful life. The punishment is totally dependent on the severity of malicious activity. After every punishment a node has chance for showing gentle behavior even after Life Imprisonment Time-out. Majority of time, the RREQ flooding attack works in two ways either the node generates multiple RREQs on void id with maximum TTL value or a flooder uses same flooding technique but stops after sending few RREQs, then after some time again generates the same fake RREQs. The RFAP scheme has ability to stop and isolate both types of attack with no extra burden on the network resources.

B. Assumptions • All nodes of a network are mobile. • The network has no particular topology • The network has no central controller • All nodes of network act like a controller and peer to peer

at the same time. • For communication node utilizes the reactive routing

protocol such as AODV. • For joining or exit nodes must follow the protocol

standard. • For transport layer functions, network may be use TCP or

UDP • In RFAP γ > β > α, and their values are variables which

depends on the life-time of network. • Threshold value (TV) is also variable which depend on

system bandwidth such that Min. Trans. < = Threshold Value <= Max. Trans. <= Bandwidth

• Power in m watt for generating a route request is equivalent to number of route requests count.

• The RFAP scheme focuses only rqueue.cc file and rest of AODV files work normal way.

C. How Scheme Works The RREQ Flooding Attack Prevention (RFAP) scheme is based on the real scenario of the world, in which ad-hoc mobile nodes consider as human. When a person comes in this world he must has to follow some laws, same as RFAP

scheme, nodes must follow some threshold value for generating RREQs in a unit time, just like a law. If someone breaks the law he/she gets punishment, same in RFAP if the node breaks the predefine threshold value, it gets punishment. If anyone breaks the law very first time the punishment may be less in some place, same rule is followed by the scheme the scheme. If any node disobeys the law very first time, it gets less punishment. The severity of punishment increases with the increment in numbers of disobeying the rule. The RFAP scheme uses the terminologies very similar to daily life, for example if a node disobeys the rule very first time the node gets punishment of being isolated from the network for some time and any RREQ for that time period will not be entertained; in our methodology this is shown by Custody List. During Custody List if the node again breaks the law, isolation time will be increased; in our methodology this is represented by Jailers List. If the node detained in Custody List starts showing gentle behavior, the node will be released and the RREQ will be entertained but it will be under observation for sometime i.e. released on bail. If during observation time, node’s RREQs again supersede the threshold value, node will be isolated for a longer time; in RFAP scheme this will be represented by Life Imprisonment. After Life Imprisonment time out, all nodes will be released and sent back to lead a normal life. If in Jailer List node behaves itself before the predefined life imprisonment time, it will be released with observation. Misbehaving of node during observation time will send it again in jailer list for life imprisonment. The scheme refreshes all nodes after Life Imprisonment time-out because the scheme believes that if in MANET a node shows malicious activities it is not necessary it will be doing the same after certain time.

D. Methodology of RFAP Scheme 1. BEGIN 2. Set the threshold value (TV) for participating nodes such

that Min. Trans. < =TV<= Max. Trans. <= Bandwidth [In our methodology this is called LAW for participating nodes.]

3. Within threshold limit, process RREQs in normal way. [If you are not breaking LAW, no one punish you]

4. If node RREQs-count exceed by predefine threshold limit, break the LAW, then go to next step else go to step 3.

5. Keep that node in CUSTODY LIST, where isolate that node for few time say α-time (like 5 sec) and not process any RREQs for that time period

If Within CUSTODY LIST Total RREQs-count in unit time > Threshold-Limit

Then go to next step else go to step 7. 6. Keep that node in JAILER LIST, where isolate that node

for more time say β-time(like 10 sec.) such that β>α, and not process any RREQ comes from that node

If Within JAILER LIST

Total RREQs-count in unit time > Threshold-Limit Then go to the step 8 else go to step 7.

7. Release from CUSTODY LIST and place in OBSERVATION, where node status become as normal node and process all RREQ packets come from that node but just observe that node for few time say 2α time

If Within OBSERVATION time

Total RREQs-count in unit time > Threshold-Limit Then go to next step else go to the step 3.

8. Keep that node in LIFE IMPRISONMENT LIST for more punishment, isolate that node from the network and not process any RREQs come from that node for longer time say γ-time (like 15 minutes)

9. After γ-time out, refresh all nodes from LIFE IMPRISONMENT LIST and make node status as normal node, go to step 3.

10. END

Figure 2. How RFAP works

E. Methodology of RFAP Scheme

III. SIMULATION RESULTS For proof of our methodology we used NS-2.34 simulator to analyze the performance of proposed scheme. For our simulation we used network layer protocol AODV as a base protocol. For transportation of important packets, the transport layer protocol TCP is used. With TCP some non important communications are developed with UDP. Total 10 mobile nodes are used for showing communication. A 600 x 600 meter square area is taken for network area. We compare the performance of original AODV protocol with proposed scheme in presence of RREQ Flooding attack. Our simulation is based on the parameters that is present in the following simulation parameters table

A. Simulation Environment In our simulation a node starts at a random position, waits for the pause time, and then moves to other position. The velocity sets between 0 m/s to maximum speed of 2.0 m/s.

B. Traffic Scenario In our simulation the total participating nodes are 10, among them node 8 is consider as malicious nodes. At beginning all nodes are start to communicate with each other in normal way means the RREQs count is under the threshold value. Suddenly node 8 flooding the void RREQs without considers the RREQs RATE-LIMIT. Our scheme, as described earlier, combats this flooder node and protects the network against this flooding attack.

C. Simulation Parameters Examined Protocol AODV Total no. of nodes 10 Simulation time 13 sec. Max. Velocity 2.0 m/s

Pause time 0 to 150 ms Simulation area 600 x 600 m2

Bandwidth 100 Mbps Payload 20 Mb

Max. packets / sec. 64 No. of malicious

node 3

Mobility model Random waypoint Data packet size 512

D. Simulation Screen Capture

Node 8 is flooding again and again so finally protocol isolates it from the network.

E. Performance Results

The above graph demonstrates the behavior of AODV without prevention at the time of flooding in terms of retransmission for different node route requests packets.

These graphs show the behavior of proposed AODV at the time of flooding in terms of retransmission for different node routes request packets. The graph shows that at the time of RREQ Flooding attack the normal AODV shows anomalous behavior just by obeying all the RREQs come from malicious node 8. The curve shows that the protocol only carry outs the request and doing nothing else. After applying the RFAP scheme, the graph shows the great protection against RREQ Flooding attack. The proposed AODV not entertain the excessive amount of void route request which save the network resources.

IV. FUTURE WORK AND CONCLUSIONS Indeed, no one can deny the pivotal role of MANETs in

society despite of the prevailing vulnerability of such networks. Mostly MANETs are using reactive routing protocol which is inherently prone to attacks particularly RREQs flooding attack. In literature there are numerous schemes present to combat with attackers. One of the main issues present in majority of proposed solutions is not to recover malicious node after punishment. This paper proposes the novel scheme, RFAP, a scheme for mitigating the RREQ flooding attack in MANET by utilizing AODV protocol. The result shows that the RFAP scheme can easily single out the attacker node and protect the network resources from RREQ flooding attack. Indeed the actual AODV protocol can generate inoperative result at the time of flooding and its only execute the route requests again and again which result the network resources jam. In contrast the RFAP scheme works intelligently at the time of flooding. Graph shows tremendous protection at the time of flooding, the scheme only entertain the legitimate route request. The RFAP scheme can’t stop the illegal or malicious data packets. In

future we will broaden the scope of the scheme to combat with data flooding attack. We will also improve our modification in AODV and make it well define by testing the scheme in real environment.

REFERENCES [1] Chen Hongsong, Wang Zhaoshun, Zeng Guangping and Liu Hongwei,“Using Network Processor to Establish Trustworthy Agent Scheme for AODV Routing Protocol” Wireless Personal Communications (2007) 42:49–62 DOI 10.1007/s11277-006-9166-y. [2] Tiranuch Anantvalee and Jie Wu, “A Survey on Intrusion Detection in Mobile Ad Hoc Networks” Wireless Network Security Signals and Communication Technology, 2007, Part II, 159-180, DOI: 10.1007/978-0-387-33112-6_7. [3] Trang Cao Minh, Hyung-Yun Kong,”Design of a cooperative distributed intrusion detection system for AODV” ICUCT'06: Proceedings of the 1st international conference on Ubiquitous convergence technology, 2006. [4] Georgy Sklyarenko [MatrNr.: 3935701], “AODV Routing Protocol” Institut f¨ur Informatik,Freie Universit¨at Berlin,Takustr. 9, D-14195 Berlin, Germany. [5] Ping Yi, Zhoulin Dai, Yiping Zhong, Shiyong Zhang,” Resisting Flooding Attacks in Ad Hoc Networks”Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’05) 0-7695-2315-3/05, IEEE, 2005. [6] Prof.S.P. Setti et. al. / International Journal of Engineering Science and Technology “Implementation of Fuzzy Priority Scheduler for MANET and Performance Analysis with Reactive Protocols” Vol. 2(8), 2010, 3635-3640, ISSN: 0975-5462 3635. [7] N.Jaisankar and R.Saravanan, “An Extended AODV Protocol for Multipath Routing in MANETs”, IACSIT International Journal of Engineering and Technology, Vol.2, No.4, ISSN: 1793-8236, August 2010. [8] Yinghua Guo, Sylvie Perreau, “Trace Flooding Attack in Mobile Ad Hoc Networks” 1-4244-1502-0/07, 2007 IEEE, ISSNIP 2007. [9] Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao, “Performance Analysis of Flooding Attack Prevention Algorithm in MANETs”, World Academy of Science, Engineering and Technology 56 2009. [10] Balakrishnan, V.; Varadharajan, V.; Tupakula, U.; Moe, M.E.G. ,” Mitigating Flooding Attacks in Mobile Ad-hoc Networks Supporting Anonymous Communications” The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications (AusWireless 2007),0-7695-2842-2/07 © 2007. [11] Kim, H.; Chitti, R.B.; Song, J.; “ Novel Defense Mechanism against Data Flooding Attacks in Wireless Ad Hoc Networks” Consumer Electronics, IEEE Transactions on May, 2010, IEEE Consumer Electronics Society. [12] Anand Patwardhan, Filip Perich, Anupam Joshi, Tim Finin and Yelena Yesha, “Querying in Packs: Trustworthy Data Management in Ad Hoc Networks” International Journal of Wireless Information Networks ,Volume 13, Number 4, 263-274, DOI: 10.1007/s10776-006-0040-3. [13] Zhi Ang Eu and Winston Khoon Guan Seah, “Mitigating Route Request Flooding Attacks in Mobile Ad Hoc Networks” Chong and K. Kawahara (Eds.): ICOIN 2006, LNCS 3961, pp. 327 – 336, 2006.© Springer-Verlag Berlin Heidelberg 2006. [14] Hongmei Deng; Wei Li; Agrawal, D.P.; “Routing security in wireless ad hoc networks” IEEE Communications Magazine, October 2002, 10.1109/MCOM.2002.1039859. [15] Bo-Cang peng and Chiu-Kuo Liang, “Prevention techniques for flooding attacks in ad hoc networks” source is Google scholar. [16] Kannhavong, B.; Nakayama, H.; Nemoto, Y.; Kato, N.; Jamalipour, A.; “A SURVEY OF ROUTING ATTACKS IN MOBILE AD HOC NETWORKS” IEEE Wireless Communications, October 2007 [17] D.Gada, R.Gogri, “A distributed security scheme for ad hoc network”, Magazine Crossroad, Volume 11, issue 1, September 2004, ACM New York, USA. [18] Marjan Kuchaki Rafsanjani, Ali Movaghar, and Faroukh Koroupi, “Investigating intrusion detection systems in MANET and comparing IDSs for detecting misbehaving nodes” World Academy of Science, Engineering and Technology. [19] Abdul Hadi Abd Rahman, Zuriati Ahmad Zukarnain, “ Performance comparison of AODV, DSDV and I-DSDV routing protocols in mobile ad hoc networks” European Journal of Scientific Research ISSN 1450-216X Vol.31 No.4 (2009), pp.566-576 [20] V. Madhu Viswanatham and A.A. Chari, “An approach for detecting attacks in mobile ad-hoc networks” Journal of Computer Science 4 (3): 245-251, 2008, ISSN 1549-3636, © 2008 Science Publications [21] Ajay Jangra, Nitin Goel, Priyanka & Komal Bhatia, “security aspects in mobile ad hoc networks (MANETs): A big picture” International Journal of

Electronics Engineering, 2(1), 2010, pp. 189-196. [22] Santhosh Krishna B.V, Mrs.Vallikannu A.L, “Detecting malicious nodes for secure routing in MANETs using reputation based mechanism” International Journal of Scientific & Engineering Research, Volume 1, Issue 3, December-2010 1,ISSN 2229-5518, IJSER © 2010 [23] Ping Yi, Zhoulin Dai, Shiyong Zhang, Yiping Zhong “A new routing attack in mobile ad hoc networks” International Journal of Information Technology Vol. 11 No. 2, 2005 [24] Shishir K. Shandilya, Sunita Sahu, “A trust based security scheme for RREQ flooding attack in MANET” International Journal of Computer Applications (0975 – 8887), Volume 5– No.12, August 2010 [25] EDUARDO DA SILVA, ALDRI L. DOS SANTOS, AND LUIZ CARLOS P. ALBINI, “Identity based key management in mobile ad hoc networks: technique and applications”, IEEE Wireless Communications, October 2008 [26] Rajesh Deshmukh, Asha Ambhaikar, “Performance comparison of AODV, DSDS and 1-DSDV routing protocols in mobile ad hoc networks”International Journal of Computer Applications, Volume 11-No. 8, December 2010. [27] C.Wei, L.Xiang, B.yuebin and G.Xiaopeng, “A New Solution for Resisting Gray Hole Attack in Mobile Ad Hoc Networks,” Second International Conference on Communications and Networking in china, pp.366-370, Aug, 2007. [28 ]Kashif Laeeq, Khalid Khan, “Performance Study of Approaches for Detecting Attacks in Ad Hoc Wireless Networks” Journal of Computing, Volume-3-Issue-2, pp.45-52, February-2011. [29] Kashif Laeeq, “Security Challenges & Prevention in Wireless Communication” International Journal of Scientific & Engineering Research, Volume 2, Issue 5, pp.1-8, May-2011. [30] W.Wang, Y.Lu and K.Bhargava, “On Vulnerability and Protection of Ad Hoc On Demand Distance Vector Protocol”, IEEE Proc. ICT, Vol.1, pp 357-382, 2003.