* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Performance Evaluation of Black hole Attack in MANET and
Survey
Document related concepts
Asynchronous Transfer Mode wikipedia , lookup
Distributed operating system wikipedia , lookup
Distributed firewall wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Backpressure routing wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Peer-to-peer wikipedia , lookup
Transcript
Performance Evaluation of Black hole Attack in MANET and Intrusion Detection System Authors RISHI RAJ BHARTI 1 1 M.Tech. Department of Computer Science & Engineering, United Collage of Engineering & Research, Allahabad, Uttar Pradesh, INDIA. Email-1 [email protected] 2 2 SHIVENDRA SINGH Assistant Professor Department of Computer Science & Engineering, United Collage of Engineering & Research, Allahabad, Uttar Pradesh, INDIA ABSTRACT: A Wireless ad-hoc network is a temporary network set up by wireless mobile computers (or nodes) moving arbitrary in the places that have no network infrastructure. Since the nodes communicate with each other, they cooperate by forwarding data packets to other nodes in the network. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. One of these attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. We simulated the black hole attack in various wireless adhoc network scenarios and have tried to find a response system in simulations. Keywords - MANET (Mobile ad hoc network), AODV(On-demand distance vector routing protocol), IDS(Intrusion detection system). I.INTRODUCTION Wireless ad-hoc networks are composed of autonomous nodes that are self- managed without any infrastructure. In this way, ad-hoc networks have a dynamic topology such that nodes can easily join or leave the network at any time. They have many potential applications, especially, in military and rescue areas such as connecting soldiers on the battle field or establishing a new network in place of a network which collapsed after a disaster like an earthquake. Ad-hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. Since the nodes communicate with each other without an infrastructure, they provide the connectivity by forwarding packets over themselves. To Support this connectivity, nodes use some routing protocols such as AODV (Ad-hoc On-Demand Distance Vector) [1], DSR (Dynamic Source Routing) and DSDV (Destination-Sequenced Distance-Vector). Besides acting as a host, each node also acts as a router to discover a path and forward packets to the correct node in the network. As wireless ad-hoc networks lack an infrastructure, they are exposed to a lot of attacks. One of these attacks is the Black Hole attack. In the Black Hole attack, a malicious node absorbs all data packets in itself. In this way, all packets in the network are dropped. A malicious node dropping all the traffic in the network makes use of the vulnerabilities of the route discovery packets of the on demand protocols, such as AODV. In route discovery process of AODV protocol, intermediate nodes are responsible to find a fresh path to the destination, sending discovery packets to the neighbor nodes. Malicious nodes do not use this process and instead, they immediately respond to the source node with false information as though it has fresh enough path to the destination. Therefore source node sends its data packets via the malicious node to the destination assuming it is a true path. Black Hole attack may occur due to a malicious node which is deliberately misbehaving, as well as a damaged node interface. II. AODV ROUTING PROTOCOL (AODV) routing algorithm is a routing protocol designed for ad hoc mobile networks. AODV is capable of both unicast and multicast routing. It is an on demand algorithm, meaning that it builds routes between nodes only as desired by source nodes. It maintains these routes as long as they are needed by the sources. Additionally, AODV forms trees which connect multicast group members. The trees are composed of the group members and the nodes needed to connect the members. AODV uses sequence numbers to ensure the freshness of routes. It is loopfree, self- starting, and scales to large numbers of mobile nodes. AODV builds routes using a route request / route reply query cycle. When a source node desires a route to a destination for which it does not already have a route, it broadcasts a route request (RREQ) packet across the network. Nodes receiving this packet update their information for the source node and set up backwards pointers to the source node in the route tables. In addition to the source node's IP address, current sequence number, and broadcast ID, the RREQ also contains the most recent sequence number for the destination of which the source node is aware. A node receiving the RREQ may send a route reply (RREP) if it is either the destination or if it has a route to the destination with corresponding sequence number greater than or equal to that contained in the RREQ. If this is the case, it unicasts a RREP back to the source. Otherwise, it rebroadcasts the RREQ. Nodes keep track of the RREQ's source IP address and broadcast ID. If they receive a RREQ which they have already processed, they discard the RREQ and do not forward it. As the RREP propagates back to the source, nodes set up forward pointers to the destination. Once the source node receives the RREP, it may begin to forward data packets to the destination. If the source later receives a RREP containing a greater sequence number or contains the same sequence number with a smaller hop count, it may update its routing information for that destination and begin using the better route. As long as the route remains active, it will continue to be maintained. A route is considered active as long as there are data packets periodically traveling from the source to the destination along that path. Once the source stops sending data packets, the links will time out and eventually be deleted from the intermediate node routing tables. If a link break occurs while the route is active, the node upstream of the break propagates a route error (RERR) message to the source node to inform it of the now unreachable destination(s). After receiving the RERR, if the source node still desires the route, it can reinitiate route discovery. III. BLACK HOLE ATTACK A Black Hole attack is a kind of denial of service where a malicious node can attract all packets by falsely claiming a fresh route to the destination and then absorb them without forwarding them to the destination. In an ad-hoc network that uses the AODV protocol, a black hole node pretends to have fresh enough routes to all destinations requested by all the nodes and absorbs the network traffic. When a source node broadcasts the RREQ message for any destination, the black hole node immediately responds with an RREP message that includes the highest sequence number and this message is perceived as if it is coming from the destination or from a node which has a fresh enough route to the destination. The source assumes that the destination is behind the black hole and discards the other RREP packets coming from other nodes. The source then starts to send out its data packets to the black hole trusting that these packets will reach the destination. IV. IMPLEMENTING IDSAODV PROTOCOL To minimize the effect of black hole node and improve the packet delivery ratio we modify the AODV protocol as IDSAODV. Therefore, we cloned the “aodv” protocol, changing it to “idsaodv” as we did “blackholeaodv” before. As the black hole send an RREP message without checking the tables, it is more likely for the first RREP to arrive from the Black Hole. The IDSAODV Protocol will check the RREP packet from Black Hole node for minimum path to destination and maximum destination sequence number. The IDSAODV Protocol will discard the first RREP packet from Black Hole node and choose second RREP packet that comes from destination. The IDSAODV Protocol will find another path to destination ,other than Black Hole path. To analyse the black hole we changed the receive RREQ function (recvRequest) of the blackholeaodv.cc file but to implement the solution we had to change the receive RREP function (recvReply) and create RREP caching mechanism to check the RREP from Black Hole. To see the effect of IDSAODV we configure the nodes as IDSAODV Protocol and observed the performance parameters. We used same scenarios as we used for normal AODV and BLACKHOLEAODV to do the comparison. V. SIMULATION PARAMETERS Simulator Ns2(2.35) Routing Protocol AODV Packet Size 512 Network Area 1180*500 No of Node 10,20,30 Traffic Generator CBR Speed 2.0m/s Agent UDP V1. Performance Parameters with AODV With One Black Hole Parameters 10Node 20 Node 30 Node Sent Packet 1349 1349 1349 For without Black Hole Scenario (Normal AODV) the Packet Delivery Ratio is between 94 to 99%.For with Black Hole Scenario (Standard Parameters) the Packet Delivery Ratio is almost 25%.For IDSAODV Scenario the Packet Delivery Ratio is improved between 50 to 70%. Received Packet Drop packet 173 442 658 VI.CONCLUSION 1176 907 691 In this paper, we analyzed the effect of Black Hole in AODV network. For this we implemented an AODV protocol that behaves as Black Hole in NS2. Having simulated the black hole attack , we saw that the packet loss is increased in ad-hoc network. The Black Hole Attack affects the overall network connectivity and causes data loss in network. Throughput 102.20 241.02 320 V2. Performance Parameters with IDSAODV With One Black Hole Parameters 10Node 20 Node 30 Node Sent Packet 1349 1349 1349 Received Packet 390 647 702 Drop packet 959 702 647 Throughput 203.46 381.56 391.55 Therefore to minimize the black hole effect, we implemented IDSAODV protocol .The IDSAODV protocol will improve the packet delivery ratio and minimize the data loss. The advantage of this approach is the implemented protocol does not make any modification in packet format hence can work together with AODV protocol. Another advantage is that the proposed IDSAODV does not require any additional overhead and require minimum modification in AODV protocol. a) Throughput VII.FUTURE WORK When the same network was simulated under attacked condition the throughput of the network was found to be decreasing. Following screenshots are the evaluated throughput from the simulation of network under blackhole attack with single attacker. Throughput = Total no. of packet received Total no. of packet sent We simulated the Black Hole Attack in the Ad-hoc Networks and investigated its affects. In our study, we used the AODV routing protocol. But the other routing protocols could be simulated as well. All routing protocols are expected to present different results. Therefore, the best routing protocol for minimizing the Black Hole Attack may be determined. Our solution tries to eliminate the Black Hole effect at the route determination mechanism of the AODV protocol that is carried out before the nodes start the packets. Additionally, we used UDP connection to be able to count the packets at sending and receiving nodes. If we had used the TCP connection between nodes, the sending node would be the end of the connection, since ACK packets do not reach the sending node. This would be another solution for finding the Black Hole Node. This takes place after the route determination mechanism of the ADOV protocol and finds the route in a much longer period. Our solution finds the path in the AODV level. Finding the black hole node with connection oriented protocols could be another work as a future study. Fig 1: Throughput graph under AODV & IDSAODV attacks. VIII.REFERENCES [1] P. Yau and C. J. Mitchell, “Security Vulnerabilities in Adhoc Network”. [2] G. Vigna, S. Gwalani and K. Srinivasan, “An Intrusion Detection Tool for AODV-Based Ad hoc Wireless Networks”, Proc. of the 20th Annual Computer Security Applications Conference (ACSAC’04). [3] P. Ning and K. Sun, “How to Misuse AODV: A Case Study of Insider Attacks Against Mobile Ad-Hoc Routing Protocols”, Proc.of the 2003 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY., June 2003. [4] S. Marti, T. J. Giuli, K. Lai and M. Baker, “Mitigating Routing Misbehavior in Ad Hoc Networks”, Proc. 6th Annual Int’l. Conf. Mobile Comp. and Net., Boston, MA. pp. 255-265. August 2000. [5] C. E. Perkins, E. Beliding-Royer, and S. Das, “Ad hoc on-demand distance vector (AODV) routing,” IETF Internet Draft, MANET working group, Jan. 2004. [6] H. Deng, W. Li, and D. Agrawal, Routing security in wireless ad-hoc network,IEEE Communications Magazine, vol. 40, no. 10 (2002). [7] T. Franklin, “Wireless Local Area Networks”, Technical Report http://www.jisc.ac.uk/uploaded_documents/WirelessLA NTechRep.pdf. 25 July 2005. [8] J. Reynold, “Going Wi-Fi”, Chapter 6, The Wi-Fi Standards Spelled out, Pg. 77. [9] T. Franklin, “Wireless Local Area Networks”, Technical Report http://www.jisc.ac.uk/uploaded_documents/WirelessLA NTechRep.pdf. 25 July 2005. [10] J. Reynold, “Going Wi-Fi”, Chapter 6, The Wi-Fi Standards Spelled out, Pg. 77. [11]http://certifications.wifi.org/wbcs_certified_products. php 25 July 2005.