Add to collection(s) Add to saved
  1. No category
Uploaded by isani5005

2 - Developing an Efficient Hybrid Routing Protocol for - Copy

advertisement 
Proposed Hybridized Routing Protocol for
Mitigation of FloodingAttacks in MobileAd-HocNetworks
1
EHGadzama, 2IRSaidu
Department of Cyber Security
Nigerian Defence Academy, Kaduna, Nigeria
1,2
gadzamahe@nda.edu.ng
+2348126980414
rambo@nda.edu.ng
+2348034513644
ABSTRACT
Mobile Networks Ad-Hoc (MANET) are wireless communication technologies that connect mobile
devices such as phones, laptops, and smart devices by providing flexibility, seamless
communication, and mobility to all devices in the network. MANET is also a continuously selfconfiguring, infrastructure-less network of mobile devices connected wirelessly. Because there is
no central control infrastructure to monitor and control the devices that join the network, MANET
has security flaws. MANET is characterized by these security flaws, which make it vulnerable to
attacks such as denial of service attacks. Among the various attacks that exist in the MANET
environment, packet flooding is a common one that has a devastating effect on MANET nodes and,
if left undetected, can result in the entire network crashing. There is a requirement for data to be
kept secure and confidential. The separation of trusted nodes from malicious nodes, as well as the
protection of data packets from attackers, are the study goals in this work. To avoid unauthorized
access and detect malicious nodes, a highly secure Hybrid Trust-based Anonymous Authenticated
Routing Protocol (HTBAARP) is being developed to mitigate flooding assaults. This will be
accomplished by combining a Trusted Management Scheme (TMS) with a Modified Authenticated
Anonymous Routing Protocol (MAASR). To evaluate performance, simulation will be performed
using NS-2 in conjunction with MATLAB R2020a. The suggested method is predicted to increase
network throughput, packet delivery ratio and routing interruption by reducing routing delay and
overhead.
KEYWORDS:Mobile Networks, Flooding,Hybrid, Protocol,MANET,MaliciousNodes,Routing
1
procedure to regulate the trust level of each node in
the M ANET network. When participating nodes
in MANETs want to build a network with an
appropriate level of confidence, trust management
is required (Jin-Hee, 2010). These security flaws in
MANET deter people from using it, reducing the
enormous benefits it provides in terms of
flexibility, adaptability, and cost. Passive and
Active attacks are the two types of MANET
attacks.
INTRODUCTION
Infrastructure
wireless
networks
and
infrastructure-less wireless networks are the two
types of wireless communication networks.
Infrastructure wireless networks means that
communication between nodes is controlled
centrally, whereas infrastructure-less means that
communication between network nodes is
established through hop-to-hop, and this type of
network is also known as ad hoc network (Abu
Zant& Yasin, 2019). Because the connection
between neighbor nodes and end-user nodes does
not rely on infrastructure to form a network, and
nodes in an ad-hoc network communicate with
one another via multi-hop, all required services
such as forwarding, maintenance, routing, and
administration are performed by the nodes
themselves (Sandeep & Rajesh, 2014). MANET's
applications are numerous and growing, as more
gadgets become portable and capable of wireless
communication. However, when security and
communication integrity are critical, as they are in
medical and military applications, the lack of a
central control architecture that allows MANET to
adapt to diverse use scenarios is the key obstacle
(Gurung, 2017).
The attacker or attackers just gather information
about the network and other network nodes in
passive attacks, which do not affect the network's
operation or performance. Eavesdropping, traffic
analysis, and monitoring are examples of passive
attacks (Kumar et al, 2018). The attacker node's
goal during an active attack is to degrade network
performance, integrity, and security by discarding,
rerouting, changing, losing, or delaying packets in
the network. Spoofing, Black-hole, Gray-hole, and
Flooding attacks are some of the most common
active attacks in MANET (Kumar et al, 2018).
Among the different assaults that exist in the
MANET environment, packet flooding is a
common one that has a catastrophic effect on
MANET nodes and, if left undiscovered, can
result in the entire network failing (Mallikarjuna&
Anusha, 2020).
Different types of routing protocols are used in
MANETs, each of which is tailored to the
network's
unique
characteristics
(Dhenakaran&Parvathavarthini, 2013). A routing
protocol is a standard that defines how nodes in a
wireless domain select how to route incoming
packets between nodes, according to Kumar &
Kumar (2012). (devices). Over the years, many
different MANET routing protocols have been
developed. There are three types of routing
protocols: proactive, reactive, and hybrid routing
protocols (Abdulleh et al., 2015). MANETs have
become one of the most popular areas of research
in recent years due to the problems they provide to
related protocols (Ankur & Prabhakar, 2013).
Early routing protocols, such as AODV, were
primarily concerned with how to efficiently route
data packets in MANETs without taking into
account the possibility of a malicious node
stealing or collecting network traffic information
(Wei, 2014). As a result, academics have placed a
high priority on developing an anonymous routing
protocol that can improve MANET security
(Paolo et al, 2017).
Active assaults are more dangerous and costly in
MANET (Hajiheidari et al, 2019) than passive
attacks, as they cause severe network performance
degradation, reduced throughput, and energy
consumption of legitimate nodes in the network,
lowering the network's overall lifespan. With the
widespread use of MANET technology in military
applications
for
fast
and
dependable
communication in training and combat situations,
civilian and paramilitary activities such as searchand-rescue operations, and other civilian and
paramilitary activities, the threat of active attacks,
particularly flooding attacks, is seen as capable of
derailing these vital operations.
The remainder of the paper is organized as
follows: Section two discusses the literature
review, while Section three discusses the study
methodologies. Section four contains the results
and discussion, while section five contains the
conclusion and future work.
ResearchProblem
Inadequate
provision
of
an
authorized
authentication of routing protocol that can identify
and mitigate all sorts of flooding assaults is one of
Nodes in the network must be logically trusted for
dependable communication and relationships. To
do this, the researchers used a trust management
2
the challenges connected with securing mobile adhoc networks (MANETs) owing to flooding
attacks. Many studies have demonstrated that the
majority of existing techniques suffer from routing
delay and overhead. The majority of current
techniques or protocols do not have the
aforementioned security elements, resulting in a
vulnerability in the MANET security system. In
addition, numerous researchers have worked to
improve MANET security by changing the
standard Ad-hoc On-Demand Distance Vector
(AODV) routing protocol. The majority of offered
solutions, on the other hand, do not examine
network packets in order to detect malicious or
illegitimate packets. As a result, a reliable system
that will improve MANET network performance
is required. The goal of the research project is to
create a hybrid routing protocol for MANET
flooding mitigation. This will be accomplished by
modifying an existing Authenticated Anonymous
Secured Routing Protocol (AASR), developing
and evaluating a trust-based management scheme,
combining the trust-management scheme with the
Modified Anonymous Authenticated Secured
Routing Protocol, evaluating the performance of
the developed hybrid routing protocol under
flooding attacks in terms of delay and packet
overhead, and finally implementing the protocol
using a test-bed.
attack plummeting strategy in MANET. The
authors' study includes a computation of average
node packet data gathered during regular unattacked operations and a comparison of the
average packet data to under-attack packet
conditions. When the packets received from a
particular node exceed the average expected from
legitimate nodes in the network, the suspicious
malicious node is blacklisted by its neighbor node,
and an Alarm message is sent to all other
neighboring nodes around the suspected malicious
node, instructing them to update their routing
tables with the new information about the
malicious node, effectively blacklisting the node
and disconnecting it from the network. The
simulation in NS-2 produced improved PDR,
throughput, and reduced overhead, according to
the results.
Mallikarjuna and Anusha (2020) worked on feature
extraction and classification model based on ANFIS
for an optimized and hybrid energy-conscious
routing model for effective detection of flooding
attacks in a MANET environment (Adaptive NeuroFuzzy Inference System). The retrieved feature was
trained and classified using the ANFIS classifier. To
identify flooding threats in MANETs, a security
mobile agent (SMA) linked with the AODV protocol
called security mobile agent-adhoc on-demand
routing protocol (SMA2AODV) was developed. To
minimize flooding assaults, the routing protocol
SMA2AODV model is combined with Ant
Colony Optimization (ACO) and Fitness Distance
Ratio Particle Swarm Optimization (FDR PSO).
ACO determines an energy-efficient route, while
FDRPSO optimizes all nodes that are energy
consumed. Energy was addressed as a function of
fitness in the hybrid ACO-FDR PSO optimization
technique. The NS-2 simulator was used in
conjunction
with
current
benchmark
methodologies to assess the performance
indicators in question.
LITERATURE REVIEW
Gurung (2017) proposed a new method for
preventing route request flooding in MANET. A
method known as the Mitigating Flooding Attack
Mechanism (MFAM) was employed in the
suggested solution to reduce the effect of a nonaddressed spoofing attacks. This approach relied
on the deployment of special nodes known as FIDS (Flooding – Intrusion Detection System),
which are configured in sniff mode to detect
traffic from neighboring nodes, evaluate it, and
interact with the rest of the network's nodes. The
MFAM is divided into three phases: dynamic
threshold computation (during which the RREQ
packet rate is set), confirmation phase (during which
the F-IDS confirms the intent of a suspicious node to
be malicious or legitimate, then informs the entire
network of the threat presence via an ALERT
package), and finally resetting phase (during which
the malicious node restrictions are lifted and node
status is set to neutral). NS-2.35 software is used to
model the mechanism.
Security mobile agents (SMA) were established
by Thanh and Thai (2017) to detect flooding
attacks. SMA2AODV, an enhanced protocol, is
proposed by including these SMAs into the
AODV protocol's discovery route procedure.
SMA agents are employed to collect data
throughout the training period to determine the
system's minimal timeslot (the time-slot required
to successfully discover a path from a source node
to a destination node) (). Before broadcasting the
RREQ packet received from the source node to
the neighbors, the node confirms its security after
Using the neighboring nodes database, Vimal and
Nigam (2017) suggested a flooding-based DDOS
3
the training phase. A flooding attack is deemed to
have occurred if the route discovery time-slot is
less than the system's minimum time-slot (), as the
attacker then adds to its black list. Nodes on the
black list will have their RREQ packets deleted.
The disadvantage of this strategy is that it is only
valid during the training period if no malicious
nodes exist.
eswithallnodeslegitimate.
b.
CreateaMANETscenariowithmultiplemobilenod
eswithmaliciousnode.
c. Developatrust-basedmanagementscheme
forMobileAdHocNetwork.
d.
Determineatrustvaluecalculationalgorithmviadire
ctandindirectobservation.
Wenchao and Li (2014) introduced a new
intrusion detection system in wireless sensor
networks based on the k-nearest neighbors (kNN)
classification algorithm to distinguish abnormal
from normal nodes by analyzing their behaviour.
The number of routing messages that can be
delivered over a period of time, the number of
nodes with various destinations in the sending
routing packets, and the number of nodes with the
same source node in the receiving routing packets
are all represented by an m-dimensional vector.
The research reveals that the system has a high
detection accuracy, however it doesn't explain
why or how the training datasets are created.
e.
Determineatrustthresholdfornoderejectionand
blacklisting.
iv. IntegratethetrustmanagementschemewiththeModifiedAnonymous
Authenticated
SecuredRoutingProtocol(MAASR)toobtainahybri
droutingprotocol:
a.
Determinethresholdfornetworkdelayandbufferingt
opreventincorrectnode
METHODS
ResearchDesign
rejectionandblacklisting.
The following is the design and development
strategy that will be used to achieve each of the
research work's objectives, as well as the
processes required to complete each activity:
b.
Compressandintegrateencryptedanonymousauthen
ticationpacketswithinthe
networkforeasyupdatingwithtrustmanagementsche
me.
i.
TomodifyandevaluatetheAuthenticatedAnonymous
SecuredRouting
Protocol(MAASR)forMobileAdHocNetwork.
v. Evaluate the performance of the developed
routing protocol under flooding attacks in terms
ofDelayand PacketOverhead.
ii.
Modifypacketheaderforanonymousonionencryptio a. Simulate the developed hybrid routing protocol
under flooding attacks, measureand compare
n as follows:
performance indices with non-hybrid routing
a.
protocol
like
AASR,MAASRandtrustGeneratepublickeysizeforeachparticipatingnod
basedprotocolalone.
einthenetwork.
b. ProposedHybridProtocol
b.
After merging the anonymous secured routing
Developasourceandintermediatenoderouterequ
protocol with a trust management system, the
est.
proposed hybrid routing protocol ensures a secure
c.
MANET that can detect and mitigate DDOS
Implementadestinationnodeverificationsequenc
assaults. Without jeopardizing network efficiency,
e.
speed, or performance, flooding attacks can be
easily identified and managed. This will be
iii.
accomplished by encrypting the public and private
EvaluatetheperformanceoftraditionalAASRandthemo
keys of each RREQ packet before broadcast, and
difiedMAASRprotocolsunderfloodingattacks:
all receiving intermediate nodes determining the
a.
sending node's trust value before processing the
CreateaMANETscenariowithmultiplemobilenod
received packet, with low trust values resulting in
4
blacklisting of nodes until their status is
dynamically updated as they change behavior. To
avoid flooding, nearby nodes disregard packets
from blacklisted nodes with low trust scores.
When a neighbor node has a high trust value, it
onion encrypts the packet and forwards it after
failing to decrypt it using private, indicating that
the message is not destined for it. The destination
node successfully decrypts the sent packet,
prepares, and sends RREP, which is subjected to
the same scrutiny and trust value verification at all
intermediate nodes, as well as onion encryption,
until it reaches the source node, which forwards
the data packet via the shortest established secured
route. This ensures the network's anonymity and
security. Figure 1 depicts a flowchart of the
overall proposed Hybrid Trust-based Anonymous
Authenticated
routing
system.
Figure1:ProposedHybridTrust-basedAnonymousAuthenticatedRoutingProtocol(
Start
Source Node Encrypt Anamolyzed RREQ
Source Broadcast RRFQ to Neighbour Nodes
Neighbour Nodes Received Packets
n
Neighbour Nodes Determine Trust Value from
Table
Neighbour Node Attempt Decryption of
RREQ
Prepare and send Data Packet through
Established Route
Finish
5
authenticated secured protocol (MAASR), trust
management scheme (TSM), and hybrid protocol
(HTBAARP). Table 1 summarizes the simulation
parameters.
Performance Evaluation by Simulation
The network simulation will be run in three
different
scenarios:
modified
anonymous
DataPresentation
Tables 2 and 3 show how the information will be
organized and examined. Each result will be
determined after a simulation of the existing
Authenticated Anonymous Secured Routing
Protocol (AASR), the modified Authenticated
Anonymous
Secured
Routing
Protocol
(MAASR), the trust management scheme
(TMS), and the proposed Hybrid Trust-based
Anonymous Authenticated Routing Protocol
(HTBAARP) in terms of the selected metrics
(throughput, delays, packet delivery ratio)
against
the
number
of
nodes
6
secure communication in MANETs.
RESULTS
The research effort will be set up in a real-life b.
scenario utilizing a communication enable
hardware device called Raspberry Pi, and the
explanation of the results will be based on the
observations collected graphically, which presents
result of the simulation.
c.
CONCLUSION
AASR modification will be developed to be
adaptable to different hybridization efforts which
can be used in other communication research
applications such as Vehicular Ad-Hoc Networks
or Wireless Sensor Networks.
Due to the severity of successful attacks like
flooding, leading to denial-of-service scenarios,
this research proposal presents a methodology to
develop a hybrid routing protocol to improve
security in MANET, which is a serious challenge
to the deployment of networking technology in
high-risk applications like military and critical
civilian infrastructure. The hybrid routing
protocol is designed to detect, mitigate, and
isolate rogue nodes while notifying the node's
status and trust level throughout the network
using a combination of a Modified Anonymous
Authentication Secured Routing Protocol and a
Trust-Based Management Scheme. This proposed
technique helps to increase network security
while assuring a short packet delivery latency and
little packet overhead across the network.
detection rates during RREQ flooding, Data
flooding, Error flooding, Hello flooding, and SYN
flooding.
The proposed solution's effectiveness will be
assessed in terms of high malicious
REFERENCES
Abdulleh, M.N., Yussof, S. and Jassim, H. S.
(2015). Comparative Study of Proactive,Reactive
and Geographical MANET Routing Protocols.
Communications and Network,125137.DOI:http://dx.doi.org/10.4236/cn.2015.72012
.
Abu Zant, M., & Yasin, A. (2019). Avoiding and
Isolating Flooding Attack by
EnhancingAODVMANETProtocol(AIF_AODV).
SecurityCommunicationNetworks,
Ankur, O. B. and Prabhakar, L. R. (2013).
MANET:
History,
Challenges
andApplications.InternationalJournalofApplicatio
norInnovationinEngineering&Management(IJAIE
M).(2), 9,ISSN2319–4847.
EXPECTEDCONTRIBUTIONTOKNOWLED
GE
This research work is intended to give a
comprehensive knowledge-base for other
researchers in the field of Mobile Ad-Hoc
Network (MANET) based on the literature
review and study:
Gurung, S. (2017). A novel approach for
mitigating route request flooding attack
inMANET.WirelessNetworks.doi:10.1007/s11276
-017-1515-0
a. A hybrid routing protocol will be designed for more
7
Dhenakaran, S., &Parvathavarthini, A. (2013). An
overview of routing protocols in mobilead-hoc
network. International Journal of Advanced
Research in Computer
ScienceSoftwareEngineering, 3(2).
Paolo P., Luca C., & Dario M. (2017). An
Anonymous inter-networks Routing Protocol
fortheinternetofThings,JournalofCyberSecurityan
dMobility.6(2),127-146.
Sandeep, S., & Rajesh M. G (2014) A Cross
Layer Approach for Intrusion Detection
inMANETs, International Journal of Computer
Applications Buddha University
GreaterNoida,India. 93(9), 0975 –8887
Hajiheidari, S., Wakil, K., Badri, M.,
&Navimipour, N. J. (2019). Intrusion
detectionsystems in the Internet of things: A
comprehensive investigation. Journal of
ComputerNetworks,160,165-191.
Jin-HeeC.,AnanthramS.,&IngRayC(2010)Asurveyontrustmanagementformobile
Adhocnetworks.IEEECommunicationsurvey&Tut
orials, 1-22.
Thanh, & Thai Ngoc, (2017). Routing protocol
reduces the harm of flooding attacks in mobile ad
hoc network,” Journal of Communications, 12(7),
371–378.
Kumar,S.andKumar,J.(2012).Comparativeanalysi
sofproactiveandreactiveroutingprotocols in
mobile ad-hoc networks (MANET): Journal of
Information and
OperationsManagement.ISSN:0976–7754&EISSN:0976–7762,3(1),92-95
Vimal, V., & Nigam, M. J. (2017).Plummeting flood
based distributed-DoS
attacktoupsurgenetworksperformanceinadhocnetworksusingneighborhoodtabletechnique.Pa
perpresentedattheTENCON,IEEERegion10
Conference.
Kumar,V.V.,&Ramamoorthy,S.(2018).Secureadh
ocon-demandmultipathdistancevector routing in
MANET. Paper presented at the Proceedings of
the InternationalConferenceonComputingand
CommunicationSystems.
WeiY.(AnonymousRoutingprotocolwithAuthentic
atedkeyEstablishmentinwirelessAd Hoc
Networks. international Journal of Distributed
Sensor Networks, 1-10
DOI:http://dx.doi.org/10.1155/2014/222350.
Mallikarjuna N & Anusha K (2020). An
optimized and Hybrid Energy Aware
RoutingModel for Effective Detection of
Flooding Attacks in MANET Enviroment,
ResearchSquare,VIT-university,Chennai, India.
Wenchao L., P. & Li, J. (2014) , “A New
Intrusion Detection System Based on KNN
Classification Algorithm in Wireless Sensor
Network,” Journal of Electrical and Computer
Engineering, 2014(8), Article ID 240217.
8
Related documents
Modeling of a horizontal active magnetic bearing system with uncertainties... deterministic form Abstract
Modeling of a horizontal active magnetic bearing system with uncertainties... deterministic form Abstract
Download
advertisement