Comparative Study and Performance Evaluation of
various Intrusion Detection Schemes in MANET
Sanjeet Kaur
Computer Sc. and Engg.
MATS University
Raipur,India
Jeet_108@rediffmail.com
Mr. Nilmani Verma
Computer Sc. and Engg.
MATS University
Raipur, India
nilmaniv@matsuniversity.ac.in
Abstract— One of the major challenges in Mobile Adhoc
Networks (MANETs) is their security concerns in the deployment
of wireless networks. If the participating nodes cooperate in
routing without any malicious intention thus helping in
communication in MANET to function properly. The most
popular routing protocol used in MANET is reactive routing
protocol as to find out the route it uses for flooding the network.
The malicious node launch the flooding attack at the network
layer, it sends a large amount of control packets to the network,
the aim of this attack is to deplete the network resource like
bandwidth , battery power & thereby preventing the network
from providing services to the authorized users. This paper
describes the review of the different methods of detecting
flooding attacks in MANET and their proposed prevention
schemes on concluding node The results illustrate that the PDS
scheme gives better Packet Delivery Ratio as compared to other
schemes and SVM is the better detection scheme.
A modified version of AODV procol is RFAP scheme.
Since there is no remarkable scheme present in AODV
protocol to combat with RREQ Flooding Attack , RFAP is a
positive addition to this[2].Flooding attacks have dramatic
impact on Throughput , End-to-End Delay and Routing
Overhead on the network[3].
Keywords—MANET; AODV; RREQ; Flooding Attack; PDS;
RFAP; SVM;Reputation
In this paper a review work is analysed on various schemes
of detecting and preventing flooding attacks on MANET and
forensic analysis and analysis of other security attacks & DOS
attacks.
I.
INTRODUCTION
MANET is an adhoc network consisting of mobile nodes
that communicate with each other in a relatively bandwidth
constrained wireless links. MANET is a decentralized ,
infrastructure-less network where the wireless nodes can move
arbitrarily, & since these nodes are mobile , the network
topology changes in a high speed & is random over time.
MANET does not require any access points as compared to
wireless network . This makes them useful in lots of varied
applications, they are largely used in Military & in Rescue
operations. The other applications includes vehicle to vehicle
communication where the vehicles could communicate with
each other, keeping a safe distance between them as well as
collision warnings to the drivers. Disaster recovery & relief
activities where traditional wired network is already destroyed.
Entertainment, education and commercial where MANET’s are
used for connecting people.
Due to recurrent alteration of topologies of these networks,
special routing protocols for MANET are desired[4].A no. of
routing protocols were deliberated, but all fall into 3 major
categories: Proactive, Reactive and Hybrid routing protocols
[1].Flooding attacks are the results of sending fake RREQs
messages during the route discovery process in AODV reactive
routing protocol. Thus the various schemes studying flooding
attacks works with AODV protocol.
Detection techniques in MANET’s are divided into 2
primary categories –Signature Based and Anomaly Detection
[5].Each attack has a different pattern. In Signature based, the
network traffic is compared with the predetermined patterns of
known attacks. Any pattern that is matched is treated as an
attack. In Anomaly detection, firstly a model of normal traffic
is created , if the input traffic is deviated from the created
model , it is detected as anomaly. In [6] a clustering behavior
based technique is used to avoid the impact of RREQ flooding
attack in AODV protocol. This technique used is On-Demand.
The rest of the paper is organized as follows, In Section II
Problem Statement is presented & impact of flooding attacks
on MANET is discussed. Section III popular techniques of
removing Flooding Attacks have been discussed. In Section IV
Results & Discussion of various techniques are given. Section
V describes the conclusion.
II.
PROBLEM STATEMENT
Flooding attacks are one of the major security attacks
launched at the network layer by the malicious node. The
major concern of this attack is to deplete the network layer and
consume more resources and bandwidth over the network.
Flooding attacks can lead to DOS. Thus they are
considered as 7 included in Denial Of Service(DOS)
attacks.DOS attacks attempt to make the resources unavailable
to its authenticated or intended users.
The problem identified through various literature is that
MANET’s have various security threats due to Repudiation
that is no mutual trust between sender and receiver when
flowing the data packets. MANET’s have wireless links and
non secure boundaries due to which they are more prone to
link attacks .Flooding attacks in MANET affects the bandwidth
of the network ,as communication bandwidth gets fatigued by
the flooded RREQ packets.
Resource consumption is more because of flooded
nodes, limitation of storage requirements as because of fake
RREQ packets which flood the network leads to congestion in
network and overflow of route table in the intermediate nodes
so that the nodes cannot receive the new RREQ packets.
III TECHNIQUES
ATTACKS
FOR
MITIGATING
FLOODING
A. PDS-Profile Based Detection SchemeThis technique aims at detecting the flooding attack on
MANET. This approach detects the misbehaving nodes and
isolates them using a dynamic profile based traffic analysis.
The PDS approach has2 phases of operations Detection phase
and Isolation phase. The PDS system architecture is having a
set of modules which tries to quantify the normal behaviour of
the nodes and then identifies the abnormal behaviour of the
malicious nodes.
1)Flooding ModeIn this mode the attacker performs actively.In the network
few nodes are made malicious while the other nodes operate in
normal AODV mode. The malicious nodes starts sending the
fake and bogus RREQ packets without complying to the rate
limit parameter. As soon as the malicious node start sending
the packets, the normal functioning of the network degrades.
2)Detection ModeThis mode aims & concentrates on detecting the malicious
node which sends the bogus or fake RREQ packets. The Profile
table of each node stores the threshold value based on the rate
limit parameter. Each receiving node, before forwarding the
RREQ to its neighbour would check with its profile table. The
profile table is assumed to be password protected & it cannot
be accessed by the attackers. The threshold values stored in
profile tables are dynamic enough to detect the attackers as
soon as possible.
3)Isolation ModeThe attackers detected in the detection mode should be
isolated from participating in communication inside the
network. If attackers are not isolated they would continue with
their behaviour and thereby depletes the network resources and
decreases the network performance. The attackers detected are
made passive that is their radio interfaces(sending and
receiving) are made down so that they cannot actively
participate on the network.
4)Performance ModeFor normal AODV operation, flooding operation and
detection mode, the network parameters are captured.The
performance of the same is analysed so that the effect of
flooding attacks can be known and to know the effectiveness of
the proposed scheme.
B. Support Vector Machine(SVM) schemeIn this method initially the behaviour of every node is
collected and then the flooded malicious node is detected using
this data. This collected behavior of each node is passed
through the SVM and checked this to the threshold limit, to
find if the node cross the threshold limit they are detected as
malicious node. The parameters used for behavior
classification using SVM are:
1) Packet Delivery Ratio(PDR)
PDR= (Number of Packet's Transmitted)/ (Total Number of
Incoming Packets)
2) Control Overhead(CO)
CO=(Number of Control Packet’s Transmitted)/(Total
Number of Packets)
3) Packet Misroute Rate(PMIR)
PMIR=(Number of Packet's Misrouted)/ (Total Number of
Incoming Packets)
Prevention Method- For prevention of flooding attacks the
SVM will be installed on some node for the detection of
malicious node after detection this node broadcast the
acknowledgement message to all the other nodes, then all the
nodes update their routing table and delete the entries of the
malicious node .
C. Route Request Flooding Attack Prevention(RFAP)
SchemeThe RFAP is a scheme that mitigates the RREQ flooding
attack in MANET. This scheme first find the flooder or
malicious node, isolates it from the network , gives some
punishment and after reasonable punishment reconsiders the
node as an accuse node.
Majority of the schemes proposed by the researchers find
the attacker node then blacklist the node forever. The RFAP
scheme totally disagrees with the idea that if a node
misbehaves, just segregate it from the network. The scheme
believes that a flooder node may be misused by the intruder
and is normalized thereafter by changing its position
extraordinarily.The RFAP scheme is designed to provide
enough time to the malicious node to come to a normal routine.
The RFAP is an amended form of AODV protocol.
This scheme is specially designed for MANET that has higher
node mobility. The main objective of this scheme is the
recovery of malicious nodes after reasonable punishment. The
results illustrates that RFAP scheme has the ability to separate
the flooder node from the network more reliably than the
simple AODV.
D. Group Mobility for Defending MANET’s against Flooding
AttacksIn this a clustering behavior based technique is used for
avoiding the impact of RREQ flooding attacks in AODV
protocol. When mobility model is used in Group Mobility, they
have many advantages when the nodes are arranged in clusters.
These clusters form the backbone of the network. This
clustering technique is On-Demand , the node replies with the
RREP will be elected as cluster head. The behavior of each
node is calculated using the Reputation formula, on the basis of
which maximum no. of RREQ to be sent is decided for each
node. The formula used:
RAi = (RREPi+k) /RREQi
IV.
allowed_RREQi= RAi * max_RREQi
On the basis of calculated Reputation, the nodes are made
to send RREQs. A new parameter K is being introduced to
avoid clustering overhead, because some RREQ packets are
dropped due to cluster head bottlenecks.
The technique illustrates that any malicious node
cannot send packets at high rate because reputation value will
be less. A filtering scheme is used to avoid false detection in
which reputation of all nodes are calculated again after the
HELLO time interval, if a nodes reputation is 0 it will be
increased to 0.1. The reputation value increases if a node starts
behaving like a genuine node & it is given a chance to join the
network again as genuine node.
III.
The network layer is largely overwhelmed with different
security attacks due to the fact that MANET’s nodes acts as
hosts and routers at the same time and this requires cooperation
between nodes. It is discussed that the flooding attacks is one
of the major security attack in network layer of MANET and
various popular techniques for the detection and prevention of
flooding attacks in MANETs have been discussed in this paper.
REFERENCES
[1]
[2]
RESULTS & DISCUSSIONS
In this paper different techniques for mitigating the
flooding attacks on MANET’S have been discussed and the
table below shows the effect on Packet Delivery Ratio (PDR)
and compared the PDR of different techniques, when there are
number of attacking nodes present in the network.
[3]
Table I shows that the PDS scheme shows the best result ,it
detects the attacker as soon as the attacker node starts
exhibiting its abnormal behaviour.PDS detects and isolates the
attacker node efficiently with better PDR. The result also
shows that the SVM technique uses the best detection
algorithm.
[5]
TABLE I. EFFECT ON PDR
[7]
No. of
Attacking
Nodes
Technique 1
Technique 2
Technique 3
Technique 4
10
0.80
0.50
Avg PDR
0.25
20
0.85
0.40
Avg PDR
0.15
30
0.86
0.30
Avg PDR
0.1
40
0.90
0.28
Avg PDR
0.05
50
0.95
0.20
Avg PDR
0.01
CONCLUSION
[4]
[6]
Effect on PDR using different techniques
[8]
Meenakshi Patel, Sanjay Sharma and Divya Sharan ,“Detection and
Prevention of Flooding Attack Using SVM” , IEEE 2013
(CSNT)International Conference on Communication Systems and
Network Technologies.
Kashif Laeeq,”RFAP, A Preventive Measure against Route Request
Flooding Attack in MANETS”, Proceedings of Multitopic Conference
(INMIC), Dec 2012 IEEE 15th International Conference.
Mohamed A. Abdelshafy and Peter J.B King,” Analysis of Security
Attacks on AODV Routing”, Proceedings of Internet Technology and
Secured Transactions (ICITST) Dec 2013 IEEE,8th International
Conference.
Luis Girones Quesada, “Routing Protocol for MANET’s”,Norwegian
University of Science & Technology.
Fatemeh Barani and Sajjad Gerami ,” ManetSVM: Dynamic Anomaly
Detection using Oneclass Support Vector Machine in MANETs” ,
Proceedings of Information Security and Cryptology(ISCISC)2013
IEEE 10TH International Conference Aug 2013.
Taranpreet Kaur, Amanjot Singh Toor and Krishan Kumar Saluja ,”
Defending MANETs against Flooding Attacks for Military Applications
under Group Mobility”, Proceedings of 2014 RAECS VIET Panjab
University Chandigarh, 06 - 08 March, 2014 IEEE.
Sarah Ahmed & S.M. Nirkhi , ” A Fuzzy Approach for Forensic
Analysis of DDOS Attacks in MANET” , International Conference on
Computer Science and Information Technology, 10th, March 2013,
Hyderabad.
Bhuvaneshwari K and Dr. A.Francis Saviour Devaraj, “PDS- A Profile
based Detection Scheme for flooding attack in AODV based MANET”,
International
Journal
of
Security
,Privacy
and
Trust
Management(IJSPTM) vol 2,No.3,June 2013.