International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 4, Issue 4, April 2015
ISSN 2319 - 4847
Security Mechanism for Malicious Node
Detection in Ad Hoc Networks
1.
Miss. Monal M. Rathor, 2. Prof. D. M. Dakhane
1. Master of Engineering Scholar Information Technology Department
Sipna College of Engg and Technology Amravati, India
2. Associate Professor Department of Computer Science & Engg
Sipna COET, Amravati, India
ABSTRACT
The security risk of a network against unknown zero day attacks has been thought of as one thing abysmal since software
system flaws square measure less foreseeable than hardware faults and therefore the method of finding such flaws and
developing exploits looks to be chaotic. during this paper, we tend to propose a unique security metric, k-zero day safety,
supported the amount of unknown zero day vulnerabilities. By sanctioning an instantaneous comparison of various security
solutions with relation to their relative effectiveness, a network security metric might offer quantitative evidences to help
security practitioners in securing laptop networks. However, analysis on security metrics has been hindered by difficulties in
handling zero-day attacks exploiting unknown vulnerabilities. In fact, the safety risk of unknown vulnerabilities has been
thought of as one thing abysmal attributable to the less foreseeable nature of software system flaws. This causes a serious
problem to security metrics, as a result of a safer configuration would be of very little price if it were equally prone to zero-day
attacks that\'s, the metric merely counts what percentage unknown vulnerabilities would be needed for compromising a
network quality, in spite of what vulnerabilities those may well be. we tend to formally outline the metric supported Associate in
Nursing abstract model of networks and attacks. we tend to then devise algorithms for computing the metric. Finally, we tend
to show the metric will quantify several existing practices in hardening a network.
Keywords :-Security metrics, network security, attack graph, network hardening
1. INTRODUCTION
Today’s vital infrastructures and enterprises progressively suppose networked pc systems. Such systems should
therefore be secured against potential network intrusions. However, before we will improve the safety of a network, we
tend to should be able to live it, since you cannot improve what you cannot live. A network security metric is
fascinating since it\'ll give a right away menstruation of however secure a network presently is, and the way secure it
might mean introducing new security mechanisms or configuration changes. Such a capability can create the trouble of
network hardening a science instead of Associate in Nursing art. Emerging efforts on network security metrics usually
assign numeric scores to vulnerabilities as their relative exploitability or chance. The assignment is typically supported
celebrated facts regarding every vulnerability (e.g., whether or not it needs Associate in Nursing genuine user account).
However, such a strategy is not any longer applicable once considering zero day vulnerabilities regarding that we\'ve no
previous data or expertise. In fact, a serious criticism of existing efforts on security metrics is that unknown zero day
vulnerabilities square measure illimitable. First, the data a couple of software package itself is\'t possible to assist as a
result of not like hardware faults, package flaws resulting in vulnerabilities square measure celebrated to be a lot of less
sure. Second, modeling adversaries is\'t possible either, as a result of the method of finding flaws and developing
exploits is believed to be chaotic. Third, existing metrics for celebrated vulnerabilities are\'t useful, as a result of they
live the issue of exploiting a celebrated vulnerability however not that of finding a zero day vulnerability.
The incapability of measurement unknown zero day vulnerabilities will doubtless diminish the worth of security
mechanisms since Associate in Nursing aggressor will merely step outside the implementation and do as he pleases.
what\'s the worth of a safer configuration, if it\'s equally at risk of zero day attacks? we tend to therefore constitute the
agnosticism that security isn\'t quantitative till we will fix all security flaws
We propose a unique security metric, k-zero day safety, to handle this issue. rather than trying to live that zero day
vulnerability is additional possible, our metric counts what number distinct zero day vulnerabilities square measure
needed to compromise a network quality one. a bigger range can indicate a comparatively safer network, since the
chance of getting additional unknown vulnerabilities all offered at identical time, applicable to identical network, and
exploitable by identical aggressor, are going to be lower. Supported Associate in Nursing abstract model of networks
and attacks, we tend to formally outline the metric and prove it to satisfy the 3 algebraically properties of a function.
We tend to then style algorithms for computing the metric. Finally, we tend to show the metric will quantify several
existing practices in network hardening and discuss sensible problems in instantiating the model.
Volume 4, Issue 4, April 2015
Page 171
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 4, Issue 4, April 2015
ISSN 2319 - 4847
2. ANALYSIS OF PROBLEM
The exact algorithmic program for computing the k-zero-day safety metric given in (Wang et al., 2010) initial derives a
logic proposition of every plus in terms of exploits by traversing the attack graph backwards. every conjunctive clause
within the mutually exclusive traditional kind (DNF) of the derived proposition corresponds to a lowest set of exploits
that together compromise the plus. In fact, the authors of (Wang et al., 2010) show that the matter of computing the kzero day safety metrics is NP-hard generally, so target the answer of a a lot of sensible downside. They claim that, for
several sensible functions, it\'s going to do to understand that each plus in an exceedingly network is k-zero-day safe for
a given price of k, despite the fact that the network could essentially be k0-zero-day safe for a few unknown k0 > k
(note that determinative k0 is intractable). Then, they describe an answer whose quality is polynomial within the size of
a zero-day attack graph if k could be a constant compared to the present size. However, there square measure cases
within which it\'s not satisfactory to only recognize k0 > k, however a lot of correct estimations or precise calculation of
the worth of k is desired. Moreover, those analyses square measure all supported complete zero-day attack graphs,
except for extremely giant networks, it\'s going to even be impracticable to get the zero-day attack graph within the
initial place. The metric then becomes impractical in such cases since there\'s very little we are able to say regarding
the worth of k. The same intractableness result suggests that no polynomial algorithmic program can seemingly exist
for computing the precise price of k. However, during this section we tend to show that a choice method should still
enable security directors to get smart estimations regarding k, and to calculate the precise price of k once it\'s much
possible. Our main objectives square measure threefold.
First, all the algorithms concerned within the call method are economical and have polynomial quality. Second, all the
algorithms can adopt associate on demand approach to attack graph generation, which can solely generate partial attack
graphs necessary for the analysis. Third, succeeding algorithms can apply the partial attack graph already generated
earlier within the call method, so any up the potency. With those optimizations, we are able to give an improved
understanding of zero-day vulnerabilities even for comparatively giant networks.
Specifically, in most sensible eventualities, security directors could merely wish to assess whether or not the network or
specific assets square measure secure enough. In such cases, knowing that k is larger than or up to a given bound l
could also be adequate. However, once it\'s been confirmed that k > l, a security administrator might want to understand
whether or not it\'s potential to cipher the precise price of k. Since the matter of computing the precise price of k is
defiant, this could solely be potential for comparatively little values of k. Therefore, we\'d like to estimate whether or
not k is a smaller amount than a sensible bound that represents obtainable procedure power. Finally, if this is often true,
then we are able to proceed to calculate the particular price of k in associate economical manner. Within the following,
we tend to finalize the 3 connected issues that form the idea of the higher than call method.
3. IMPLEMENTATION
3.1 Definition 1: Zero-Day Exploit : We define two types of zero-day exploits, for each remote service S, we define a
zero-day vulnerability Vs such that the zero-day exploit hvs, h, h0i has three pre-conditions, hs, h0i (existence of
service), hh, h0i (connectivity), and hp, hi (attacker’s existing privilege); this zero-day exploit has one post-condition
hp0, h0i where p0 is the privilege of service S on h0. for each privilege p, we define a zero-day vulnerability Vp such
that the zero-day exploit hvp, h, hi has its pre-conditions to include all privileges of remote services on h, and its postcondition to be p on h. We use E0 and C0 to denote the set of all zero-day exploits and the set of all their pre- and postconditions respectively, and we extend the functions pre() and post() accordingly.
3.2 Definition 2: Zero-Day Attack graph: Given an attack graph
, a set Eo of zero-day exploits, a
set Co of pre and post-conditions of exploits in Eo, a zero-day attack graph G* is the directed graph
3.3 Propose algorithm
Following are the steps which be used for implementation
Setp1: Nodes are divided into three categories; base station, cluster head and member nodes. Some arbitrary nodes are
selected as cluster heads and generation of cluster heads is left to the clustering mechanism (not dealt in this work).
Each cluster head knows about its member nodes, while every member node knows its cluster head. Base station stores
information of all sensor nodes (including cluster heads). The base station maintains complete topological information
about cluster heads and their respective members. • Base station is powerful enough and cannot be compromised like
other nodes of the network.
Step2: For deploying the nodes in the network, we generate a unique fingerprint for each sensor node. It addressed by
combining relative nodes information through a superimposed s-disjunct code and this is preloaded in each node. Due
to this each node seems unique from other one. Basically this fingerprint remains secret throughout the process.
Volume 4, Issue 4, April 2015
Page 172
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 4, Issue 4, April 2015
ISSN 2319 - 4847
Step3: A public key N generation by the base station is done after the deployment. Basically this key is used by any two
nodes at a given time while communicating. Here base station is third party whereas sender node is prover and
receiving node verifier. Each node is assigned a fingerprint which is used as a private key (secret key). Prover and
receiver share the public key. Now from base station secret key of the prover from the base station is requested by
verifier. The base station will generate a secret code v = s2modN (where s is finger print of the prover and N is the
public key). The value of v is given to the verifier on its request [13].Fingerprint is never shown or transmitted in the
network directly during this entire communication process. By using ZKP for k times per communications verifier will
continues the authentication process which includes number of verification rounds. Failure of prover for authentication
of itself in any one of the k rounds, then it becomes a compromised node. For more effectiveness of protocol it must be
passed through large number of rounds. The number s remains private within the domain of the prover. Thus makes it
computationally infeasible to derive s from v given
v = s2modN
S = finger print of prover
N = public key
In our model, the finger print of a node never gets transmitted and thus intruder not haves chance to identify them.
Even if the attacker tries to generate a finger print in some brute force method, it will not be able to escape the check as
every time a new public key N and a new random challenge question will be used. In this attack, an intruder tries to
replay the earlier Communication and authenticate itself to the verifier. But, with our model verifier will be sends
different values each and every time in communication, replaying earlier communication.
Fig.1 Adhoc base communication
In above fig there is 0 to 50 nodes are available in the adhoc network. Here node 0 is source node and node 50 is
destination node. In orange color node is the sending path for communication from source to destination. In red color
node are the malicious node and its drop the packet from given path. And in blue color node there is mutual
communication for securing path for sending data.
Public Key = O(n)
4. RESULTS GRAPH
"Energy " are used to describe the relationship between energy output of a system and the energy inputs needed to
operate it. XGRAPH is a general purpose x-y data plotter. Xgraph can be used to plot the bandwith of given nodes
through the adhoc network.
Energy: ER = Eo / Ei
Eo = energy output
Ei = energy input
Graphs will be shown of Energy consume between each node to data transfer.
Volume 4, Issue 4, April 2015
Page 173
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 4, Issue 4, April 2015
ISSN 2319 - 4847
Energy Comparison graphs In Attack (red color) and In Defense (green)
Throughput
In computer technology, throughput is the amount of work that a computer can do in a given time period. In computer
networks, good put is the application level throughput, i.e. the number of useful bits per unit of time forwarded by the
network from a certain source address to a certain destination
Transmission
Time
=
File
Size
/
Bandwidth
(sec)
Throughput = File Size / Transmission Time (bps)
Throughput comparison graph In Attack (red color) and In Defense (green)
5. CONCLUSION
We proposed a new security model to address Vulnerability. We used the concept of zero knowledge protocol which
ensures non-transmission of crucial information between the prover and verifier. The proposed model uses finger print
based on s-disjunct code together with ZKP to detect Vulnerability and avoid Vulnerability.
REFERENCES
[1] P. Ammann, D. Wijesekera, and S. Kaushik, “Scalable, Graph- Based Network Vulnerability Analysis,” Proc.
Ninth ACM Conf. Computer Comm. Security (CCS ’02), pp. 217-224, 2002.
[2] D. Balzarotti, M. Monga, and S. Sicari, “Assessing the Risk of Using Vulnerable Components,” Proc. ACM
Second Workshop Quality of Protection (QoP ’05), pp. 65-78, 2005.
[3] S.M. Bellovin, “On the Brittleness of Software and the Infeasibility of Security Metrics,” IEEE Security and
Privacy, vol. 4, no. 4, p. 96, July/Aug. 2006.
[4] M. Dacier, “Towards Quantitative Evaluation of Computer Security,” PhD thesis, Institut Nat’l Polytechnique de
Toulouse, 1994.
[5] E.W. Dijkstra, “A Note on Two Problems in Connection with Graphs,” Numerische Mathematik, vol. 1, pp. 269271, 1959.
Volume 4, Issue 4, April 2015
Page 174
International Journal of Application or Innovation in Engineering & Management (IJAIEM)
Web Site: www.ijaiem.org Email: editor@ijaiem.org
Volume 4, Issue 4, April 2015
ISSN 2319 - 4847
[6] J. Doob, Measure Theory. Springer-Verlag, 1994.
[7] C. Dwork, “Differential Privacy,” Proc. 33rd Int’l Colloquium Automata, Languages and Programming (ICALP
’06), vol. 2, pp. 1-12, 2006.
[8] N. Falliere, L.O. Murchu, and E. Chien, “W32.Stuxnet Dossier,” Symantec Security Response, 2011.
[9] M. Frigault, L. Wang, A. Singhal, and S. Jajodia, “Measuring Network Security Using Dynamic Bayesian
Network,” Proc. Fourth ACM Workshop Quality of Protection (QoP ’08), 2008.
[10] A. Greenberg, “Shopping for Zero-Days: A Price List for Hackers’ Secret Software Exploits,” Forbes, Mar. 2012.
[11] H. Holm, M. Ekstedt, and D. Andersson, “Empirical Analysis of System-Level Vulnerability Metrics through
Actual Attacks,” IEEE Trans. Dependable Secure Computing, vol. 9, no. 6, pp. 825- 837, Nov. 2012.
[12] J. Homer, X. Ou, and D. Schmidt, “A Sound And Practical Approach to Quantifying Security Risk in Enterprise
Networks,” technical report, Kansas State Univ., 2009.
[13] N. Idika and B. Bhargava, “Extending Attack Graph-Based Security Metrics and Aggregating Their Application,”
IEEE Trans. Dependable and Secure Computing, vol. 9, no. 1, pp. 75-85, Jan./Feb. 2012.
[14] K. Ingols, M. Chu, R. Lippmann, S. Webster, and S. Boyer, “Modeling Modern Network Attacks and
Countermeasures Using Attack Graphs,” Proc. Ann. Computer Security Applications Conf. (ACSAC ’09), pp.
117-126, 2009.
[15] S. Jajodia, S. Noel, and B. O’Berry, “Topological Analysis of Network Attack Vulnerability,” Managing Cyber
Threats: Issues, Approaches and Challenges, V. Kumar, J. Srivastava, and A. Lazarevic, eds., Kluwer Academic,
2003.
[16] A. Jaquith, Security Merics: Replacing Fear Uncertainity and Doubt. Addison Wesley, 2007.
[17] S. Jha, O. Sheyner, and J. Wing, “Two Formal Analysis of Attack Graph,” Proc. 15th Computer Security
Foundation Workshop (CSFW’ 02), 2002.
[18] D. Leversage and E. Byres, “Estimating a System’s Mean Time-to- Compromise,” IEEE Security and Privacy, vol.
6, no. 1, pp. 52-60, Jan./Feb. 2008.
[19] W. Li and R.B. Vaughn, “Cluster Security Research Involving the Modeling of Network Exploitations Using
Exploitation Graphs,” Proc. IEEE Sixth Int’l Symp. Cluster Computing and Grid (CCGRID ’06), p. 26, 2006.
[20] R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham, “Validating and
Restoring Defense in Depth Using Attack Graphs,” Proc. IEEE Conf. Military Comm. (MILCOM’ 06), pp. 981990, 2006.
[21] J. McHugh, “Quality of Protection: Measuring the Unmeasurable?” Proc. ACM Second Workshop Quality
Protection (QoP ’06), pp. 1-2, 2006.
AUTHOR
Prof. Dhanajay D. Dakhane Associate Professor Department of Computer Science and Engineering Sipna
College of Engineering And Technology, Amravati, India.
Miss. Monal M. Rathor Master of Engineering Scholar Information Technology Department Sipna
College of Engg and Technology Amravati, India
Volume 4, Issue 4, April 2015
Page 175