A Novel Intrusion Detection system to mitigate malicious attacks in MANET´s

A Novel Intrusion Detection system to mitigate malicious attacks in MANET's

C.S.ASIF BASHA¹, KOTALA SANTOSH KUMAR²

Abstract

The migration to wireless network from wired network has been a global trend in the past few decades. The mobility and scalability brought by wireless network made it possible in many applications. Among all the contemporary wireless networks, Mobile Ad hoc Network (MANET) is one of the most important and unique applications. On the contrary to traditional network architecture, MANET does not require a fixed network infrastructure; every single node works as both a transmitter and a receiver. Nodes communicate directly with each other when they are both within the same communication range. Otherwise, they rely on their neighbors to relay messages. The self-configuring ability of nodes in MANET made it popular among critical mission applications like military use or emergency recovery. However, the open medium and wide distribution of nodes make MANET vulnerable to malicious attackers. In this case, it is crucial to develop efficient intrusion-detection mechanisms to protect MANET from attacks. With the improvements of the technology and cut in hardware costs, we are witnessing a current trend of expanding MANETs into industrial applications. To adjust to such trend, we strongly believe that it is vital to address its potential security issues. In this paper, we propose and implement a new intrusion-detection system named Enhanced Adaptive Acknowledgment specially designed for MANETs. Compared to contemporary approaches, this paper demonstrates higher malicious-behavior-detection rates in certain circumstances while does not greatly affect the network performances.

Index Terms—Digital signature, digital signature algorithm (DSA), Mobile Ad hoc Network (MANET).

Introduction

What is MANET?

The term MANET (Mobile Ad hoc Network) refers to a multihop packet based wireless network composed of a set of mobile nodes that can communicate and move at the same time, without using any kind of fixed wired infrastructure. MANET is actually self organizing and adaptive networks that can be formed and deformed on-the-fly without the need of any centralized administration. Otherwise, a stand for “Mobile Ad Hoc Network”

A MANET is a type of ad hoc network that can change locations and configure itself on the fly. Because MANETS are mobile, they use wireless connections to connect to various networks. This can be a standard Wi-Fi connection, or another medium, such as a cellular or satellite transmission.

How MANET works?

The purpose of the MANET working group is to standardize IP routing protocol functionality suitable for wireless routing application within both static and dynamic topologies with increased dynamics due to node motion and other factors. Approaches are intended to be relatively lightweight in nature, suitable for multiple hardware and wireless environments, and address scenarios where MANETs are deployed at the edges of an IP infrastructure. Hybrid mesh infrastructures (e.g., a mixture of fixed and mobile routers) should also be supported by MANET specifications and management features. Using mature components from previous work on experimental reactive and proactive protocols, the WG will develop two Standards track routing protocol specifications:

-Reactive MANET Protocol(RMP)
-ProactiveMANETProtocol(PMP)

If significant commonality between RMRP and PMRP protocol modules is observed, the WG may decide to go with a converged approach. Both IPv4 and IPv6 will be supported. Routing security requirements and issues will also be addressed. The MANET WG will also develop a scoped forwarding protocol that can efficiently flood data packets to all participating MANET nodes. The primary purpose of this mechanism is a simplified best effort multicast forwarding function. The use of this protocol is intended to be applied ONLY within MANET routing areas and the WG effort will be limited to routing layer design issues. The MANET WG will pay attention to the OSPF-MANET protocol work within the OSPF WG and IRTF work that is addressing research topics related to MANET environments.

Existing System:

By definition, Mobile Ad hoc Network (MANET) is a collection of mobile nodes equipped with both a wireless transmitter and a receiver that communicate with each other via bidirectional wireless links either directly or indirectly. Unfortunately, the open medium and remote distribution of MANET make it vulnerable to various types of attacks.

Disadvantages of existing system:

Watchdog scheme fails to detect malicious misbehaviors with the presence of the following:

1) Ambiguous collisions.
2) Receiver collisions.
3) Limited transmission power.
4) False misbehavior report.
5) Collusion and
6) Partial dropping.

Proposed System:

In fact, many of the existing IDSs in MANETs adopt an acknowledgment-based scheme, including TWOACK and AACK.The functions of such detection schemes all largely depend on the acknowledgment packets. Hence, it is crucial to guarantee that the acknowledgment packets are valid and authentic. To address this concern, we adopt a digital signature in our proposed scheme named Enhanced AACK (EAACK).

Advantages of Proposed System:

Our proposed approach EAACK is designed to tackle three of the six weaknesses of Watchdog scheme, namely, false misbehavior, limited transmission power, and receiver collision.

Modules:

ACK implementation: It is a part of EAACK scheme aiming to reduce the network overhead when no network misbehavior is detected. The basic flow is if Node A sends a packet p1 to destination Node D, if the entire intermediate node is cooperative and successfully receives the request in the Node D.

Secure Acknowledgment (S-ACK): In the S-ACK principle is to let every three consecutive nodes work in a group to detect misbehaving nodes. For every three consecutive nodes in the route, the third node is required to send an S-ACK acknowledgment packet to the first node. The intention of introducing S-ACK mode is to detect misbehaving nodes in the presence of receiver collision or limited transmission power.

Misbehavior Report Authentication (MRA): The MRA scheme is designed to resolve the weakness of watchdog with respect to the false misbehavior report. In this source node checks the alternate route to reach destination. Using the generated path if the packet reaches the destination then it is concluded as the false report.

Digital Signature Validation: In all the three parts of EAACK, namely, ACK, S-ACK, and MRA, are acknowledgment-based detection schemes. They all rely on acknowledgment packets to detect misbehaviors in the network. It is extremely important to ensure that all acknowledgment packets in EAACK are authentic and untainted. Otherwise, if the attackers are smart enough to forge acknowledgment packets, all of the three schemes will be vulnerable.

HARDWARE CONFIGURATION:

-Processor - Pentium -IV
-RAM - 1 GB(min)
-Hard Disk - 40 GB

SOFTWARE CONFIGURATION:

-Operating system: Windows XP.
-Coding Language: C#, .Net.
-Tool: VISUAL STUDIO 2008.

Functional requirements:

illustration not visible in this excerpt

Nonfunctional requirements:

Performance Requirements: Good band width, less congestion on the network. Identifying the shortest route to reach the destination will all improve performance.

Safety Requirements: No harm is expected from the use of the product either to the OS or any data.

Product Security Requirements: The product is protected from un-authorized users from using it. The system allows only authenticated users to work on the application. The users of this system are organization and ISP administrator.

Software Quality Attributes: The product is user friendly and its accessibility is from the client. The application is reliable and ensures its functioning maintaining the ISP web service is accessible to the various organizations. As it is developed in .Net it is highly interoperable with OS that have provided support for MSIL (Server side). The system requires less maintenance as it is not installed on the client but hosted on the ISP. The firewall, antivirus protection etc is provided by the ISP.

Data Flow Diagrams:

illustration not visible in this excerpt

Conclusion & Future enhancements

Packet-dropping attack has always been a major threat to the security in MANETs. In this research paper, we have proposed a novel IDS named EAACK protocol specially designed For MANETs and compared it against other popular mechanisms in different scenarios through simulations. The results demonstrated positive performances against Watchdog, TWOACK, and AACK in the cases of receiver collision, limited transmission power, and false misbehavior report.

Furthermore, in an effort to prevent the attackers from initiating forged acknowledgment attacks, we extended our research to incorporate digital signature in our proposed scheme. Although It generates more ROs in some cases, as demonstrated in our experiment; it can vastly improve the network’s PDR when the attackers are smart enough to forge acknowledgment Packets. We think that this tradeoff is worthwhile when network security is the top priority. In order to seek the optimal DSAs in MANETs, we implemented both DSA and RSA schemes in Our simulation. Eventually, we arrived to the conclusion that the DSA scheme is more suitable to be implemented in MANETs.

To increase the merits of our research work, we plan to investigate the following issues in our future research:

1) Possibilities of adopting hybrid cryptography techniques to further reduce the network overhead caused by digital signature;
2) examine the possibilities of adopting a key exchange mechanism to eliminate the requirement of redistributed keys;
3) Testing the performance of EAACK in real network environment instead of software simulation.

References Made From:

1. User Interfaces in C#: Windows Forms and Custom Controls by Matthew MacDonald.
2. Applied Microsoft® .NET Framework Programming (Pro- Developer) by Jeffrey Richter.
3. Practical .Net2 and C#2: Harness the Platform, the Language, and the Framework by Patrick Smacchia. 4. Data Communications and Networking, by Behrouz A Forouzan.
5. Computer Networking: A Top-Down Approach, by James F. Kurose.
6. Operating System Concepts, by Abraham Silberschatz.
7. M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H. Katz, A. Konwinski, G. Lee, D. A. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “Above the clouds: A berkeley view of cloud computing,” University of California, Berkeley, Tech. Rep. USB-EECS-2009-28, Feb 2009.
8. Amazon Web Services (AWS), Online at http://aws. amazon.com.
9. Google App Engine, Online at http://code.google.com/appengine/.
10. Microsoft Azure, http://www.microsoft.com/azure/.
11. 104th United States Congress, “Health Insurance Portability and Accountability Act of 1996 (HIPPA),” Online at http://aspe.hhs.gov/ admnsimp/pl104191.htm, 1996.
12. H. Harney, A. Colgrove, and P. D. McDaniel, “Principles of policy in secure groups,” in Proc. of NDSS’01, 2001.
13. [7]P. D. McDaniel and A. Prakash, “Methods and limitations of security policy reconciliation,” in Proc. of SP’02, 2002
14. [8]T. Yu and M. Winslett, “A unified scheme for resource protection in automated trust negotiation,” in Proc. of SP’03, 2003.
15. [9]J. Li, N. Li, and W. H. Winsborough, “Automated trust negotiation using cryptographic credentials,” in Proc. of CCS’05, 2005.
16.[10] J. Anderson, “Computer Security Technology Planning Study,” Air Force Electronic Systems Division, Report ESD-TR-73-51, 1972, http: //seclab.cs.ucdavis.edu/projects/history/.
17. [11]M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, and K. Fu,
18. “Scalable secure file sharing on untrusted storage,” in Proc. of FAST’03, 2003.
19. [12]E. Goh, H. Shacham, N. Modadugu, and D. Boneh, “Sirius: Securing remote untrusted storage,” in Proc. of NDSS’03, 2003.
20. [13]G. Ateniese, K. Fu, M. Green, and S. Hohenberger, “Improved proxy re-encryption schemes with applications to secure distributed storage,” in Proc. of NDSS’05, 2005.

Sites Referred:

http://www.sourcefordgde.com

http://www.networkcomputing.com/

http://www.ieee.org

http://www.almaden.ibm.com/software/quest/Resources/

http://www.computer.org/publications/dlib

http://www.ceur-ws.org/Vol-90/

http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msn home

illustration not visible in this excerpt

C.S.ASIF BASHA is a PG Student. He is doing Masters in computer science Engineering from Aryabhata Institute of Technology & Science with specialization in CSE.

illustration not visible in this excerpt

KOTALA SANTOSH KUMAR assistant Professor in CSE, Aryabhata Institute of Technology & Science received his M.tech degree in CSE.

[...]

¹ PG Student (M.Tech, CSE), Dept. of CSE, Aryabhata Institute of Science & Technology, Telangana, India

² Asst. Professor, Dept. of CSE, Aryabhata Institute of Science & Technology, Telangana, India