Đang tải... (xem toàn văn)
The existing intrusion detection system has gives more network overhead to MANET. Here, we analyze and find a new efficient intrusion detection system Hybrid Cryptography Technique (BECDH) for reducing network overhead and enhance the security level of MANET.
ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 A Survey on Malicious Nodes in Mobile Ad hoc Network M.S.Subbulakshmi, M.Phil Research Scholar, Department of Computer Science, Erode Arts and Science College (Autonomous), Erode subbulaxmims@gmail.com S.J.Mohana, Assistant Professor & Head, Department of Computer Science, Erode Arts and Science College (Autonomous), Erode sjmohana@yahoo.co.in Abstract The wireless mobile ad-hoc networks is emerging technology has been protected by various systems such as firewall’s, Antivirus, and so on The MANET is not having any infrastructure or any centralized server to control entire networks Since every node should rely on other nodes intended for support into routing as well as forwarding packets to the destination The intermediate nodes might be in agreement to forward the packets although really crash or change them since they are misbehaving In this paper we have presented study about malicious nodes in mobile ad hoc network and brief description of some existing intrusion detection system The existing intrusion detection system has gives more network overhead to MANET Here, we analyze and find a new efficient intrusion detection system Hybrid Cryptography Technique (BECDH) for reducing network overhead and enhance the security level of MANET Keywords: Mobile Ad-hoc Network (MANET), Security, Enhanced Adaptive Acknowledgment (EAACK), Intrusion Detection System (IDS), Digital Signature Algorithm (DSA), Blowfish Elliptic Curve Diffie-Hellman Algorithm (BECDH) revenue they are eagerly matched towards use within severe otherwise explosive conditions MANETS have subsequently turned into an extremely prevalent examination theme and have been proposed for utilization in numerous regions, for example, rescue operations, strategic operations, ecological, checking, meetings, and so forth MANETS by their exceptionally nature are more helpless against assault than wired net-works The adaptability gave by the open show medium and the cooperativeness of the mobile devices (which have for the most part diverse asset and computational limits, and run ordinarily on battery force) presents new security dangers As a major aspect of normal danger administration we must have the capacity to distinguish these dangers and make proper move At times we may have the capacity to outline out specific dangers cost-adequately In different cases we may need to acknowledge that vulnerabilities exist and try to make proper move when we accept somebody is assaulting us Accordingly, intrusion detection is a basic piece of security for MANETS Intrusion Detection System Introduction Wireless networking is now the intermediate of choice for many applications Here adding up, recent developed systems agree to gradually more complicate functionality to exist in devices that are always minor, and consequently ever more movable Mobile ad hoc networks (MANETs) merge wireless communication by a elevated amount of node mobility Some degree of range wireless communication along with elevated node mobility earnings to the nodes should cooperate through every other to give crucial networking, among the fundamental network energetically varying to guarantee wants to be frequently met The energetic environment of the protocols to allow MANET process Intrusion is any situated of activities that endeavour to trade off the integrity, confidentiality, or availability of a resource [1] and an intrusion detection system (IDS) is a framework for the location of such intrusions There are three fundamental parts of IDS: data collection, detection, and response The data collection component is responsible for collection and pre-processing data tasks: transferring data to a common format, data storage and sending data to the detection module [2] IDS can use different data sources as inputs to the sys-tem: system logs, network packets, etc In the detection component data is analyzed to detect intrusion attempts and indications of detected intrusions are sent to the response component Intrusion detection can be classified based on audit data as either host-based or network-based A networkbased IDS captures and analyzes packets from network traffic while a host-based IDS uses operating system or 137 ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 application logs in its analysis Based on detection techniques, IDS can also be classified into three categories as follows [3]: Anomaly detection system, Misuse detection system, Specification-based detection Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data Any matched pattern is treated as an intrusion Like a virus detection system, it cannot detect new kinds of attacks Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol Then, it monitors the execution of the program with respect to the defined constraints IDS Techniques for Malicious Nodes in MANET The mobile ad hoc network is an infrastructure less network, so each node must rely on other nodes for cooperation in routing and forwarding packets to the destination The intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving The simulations in [4] show that only a few misbehaving nodes can degrade the performance of the entire system There are several existing techniques and proposed technique to detect such misbehavior in order to avoid those nodes [5, 6] 3.1 Existing IDS Techniques The existing intrusion detection system techniques are finding the malicious nodes but it has some problem of network overhead due to the number of malicious nodes are increased Here in this section, watchdog, TWOACK, AACK and EAACK techniques are explained 3.1.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker, watchdog and path rater, to be added on top of the standard routing protocol in adhoc networks A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop A path rater then helps to find the routes that not contain those nodes In DSR, the routing information is defined at the source node This routing information is passed together with the message through intermediate nodes until it reaches the destination Therefore, each intermediate node in the path should know who the next hop node is In addition, listening to the next hop's transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B The Figure shows how watchdog works Fig Watchdog Works Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C Consider now that A has already received a packet from S destined to D The packet contains a message and routing information When A forwards this packet to B, A also keeps a copy of the packet in its buffer Then, it promiscuously listens to the transmission of B to make sure that B forwards to C If the packet overheard from B matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line) It then removes the packet from the buffer However, if there's no matched packet after a certain time, the watchdog increments the failures counter for node B If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S Pathrater performs the calculation of the path metric for each path By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link reliability, which is collected from past experience Obtaining the path metric for all available paths, the path rater can choose the path with the highest metric In addition, if there is no such link reliability information, the path metric enables the path rater to select the shortest path too As a result, paths containing misbehaving nodes will be avoided However, those misbehaving nodes are not punished In contrast, they even benefit from the network In another word, they can use resources of the network other nodes forward packets for them, while they forward packets for no one, which save their own resources Therefore, misbehaving nodes are encouraged to continue their behaviors [4] Many MANET IDSs are either based on or developed as an improvement to the Watchdog scheme Nevertheless, as pointed out by Marti et al [4], the Watchdog scheme fails to detect malicious misbehaviors with the presence of the following: 1) ambiguous collisions 2) receiver collisions3) limited transmission power 4) false misbehavior report 5) collusion and 6) partial dropping 138 ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 3.1.2 TWOACK Aiming to resolve the receiver collision and limited transmission power problems of Watchdog, TWOACK detects misbehaving links by acknowledging every data packet transmitted over every three consecutive nodes along the path from the source to the destination Upon retrieval of a packet, each node along the route is required to send back an acknowledgment packet to the node that is two hops away from it down the route TWOACK is required to work on routing protocols such as Dynamic Source Routing (DSR) The working process of TWOACK is shown in Fig.2 Fig.2 TWOACK scheme Node A first forwards Packet to node B, and then, node B forwards Packet to node C When node C receives Packet 1, as it is two hops away from node A, node C is obliged to generate a TWOACK packet, which contains reverse route from node A to node C, and sends it back to node A The retrieval of this TWOACK packet at node A indicates that the transmission of Packet from node A to node C is successful Otherwise, if this TWOACK packet is not received in a predefined time period, both nodes B and C are reported malicious The same process applies to every three consecutive nodes along the rest of the route The TWOACK scheme successfully solves the receiver collision and limited transmission power problems posed by Watchdog However, the acknowledgment process required in every packet transmission process added a significant amount of unwanted network overhead Due to the limited battery power nature of MANETs, such redundant transmission process can easily degrade the life span of the entire network However, many research studies are working in energy harvesting to deal with this problem [7] ACKnowledge (ACK) Compared to TWOACK, AACK significantly reduced network overhead while still capable of maintaining or even surpassing the same network throughput The end-to-end acknowledgment scheme in ACK is shown in Fig In the ACK scheme shown in Fig, the source node S sends out Packet without any overhead except b of flag indicating the packet type All the intermediate nodes simply forward this packet Fig.3 ACK scheme Fig AACK Scheme When the destination node D receives Packet 1, it is required to send back an ACK acknowledgment packet to the source node S along the reverse order of the same route Within a predefined time period, if the source node S receives this ACK acknowledgment packet, then the packet transmission from node S to node D is successful Otherwise, the source node S will switch to TACK scheme by sending out a TACK packet The concept of adopting a hybrid scheme in AACK greatly reduces the network overhead, but both TWOACK and AACK still suffer from the problem that they fail to detect malicious nodes with the presence of false misbehavior report and forged acknowledgment packets [8] 3.1.4 EAACK EAACK (Enhanced Adaptive Acknowledgment) [9] is designed to tackle three of the six weaknesses of Watchdog scheme, namely, false misbehavior, limited transmission power, and receiver collision In a typical example of receiver collisions, shown in Fig 4, after node A sends Packet to node B, it tries to overhear if node B forwarded this packet to node C; meanwhile, node X is forwarding Packet to node C 3.1.3 AACK Based on TWOACK, Sheltamiet al Proposed a new scheme called AACK Similar to TWOACK, AACK is an acknowledgment-based network layer scheme which can be considered as a combination of a scheme called TACK (identical to TWOACK) and an end-to-end acknowledgment scheme called Fig.4 Receiver collisions 139 ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 In the case of limited transmission power, in order to preserve its own battery resources, node B intentionally limits its transmission power so that it is strong enough to be overheard by node A but not strong enough to be received by node C, as shown in Fig In such case, node A overhears that node B has successfully forwarded Packet to node C but failed to detect that node C did not receive this packet due to a collision between Packet and Packet at node C 3.2 Proposed IDS Technique The object of the proposed intrusion detection technique is to enhance the strength of the security and also solve the network overhead problem in the mobile ad hoc network In this proposed work, an innovative approach called hybrid cryptography technique is introduced, because it is desired to communicate data with high security 3.2.1 Hybrid Cryptography Technique (BECDH) Fig.5 Limited transmission power For false misbehavior report, although node A successfully overheard that node B forwarded Packet to node C, node A still reported node B as misbehaving, as shown in Fig Hybrid Cryptography Technique incorporates a combination of asymmetric and symmetric encryption to benefit from the strengths of each form of encryption These strengths are respectively defined as speed and security In this proposed work, create hybrid cryptography algorithm of combine Blowfish algorithm for symmetric and Elliptic Curve DiffieHellman for asymmetric The figure shows the encryption and decryption process of hybrid cryptography Blowfish Elliptic Curve Diffie-Hellman Algorithm (BECDH) BECDH Encryption BECDH Decryption Blowfish Decryption Blowfish Encryption Fig.6 False misbehavior report Due to the open medium and remote distribution of typical MANETs, attackers can easily capture and compromise one or two nodes to achieve this false misbehavior report attack EAACK is consisted of three major parts, namely, ACK, secure ACK (S-ACK), and misbehavior report authentication (MRA) The results demonstrated positive performances against Watchdog, TWOACK, and AACK in the cases of receiver collision, limited transmission power, and false misbehavior report Furthermore, in an effort to prevent the attackers from initiating forged acknowledgment attacks, incorporated digital signature Although it generates more ROs in some cases, it can vastly improve the network’s PDR when the attackers are smart enough to forge acknowledgment packets The EAACK scheme produces more routing overhead when the number of malicious nodes is increased Because of generation and verification of digital signature requires considerable amount of time So, for frequent exchange of messages the speed of communication will reduce Shared Secret Key A C K Elliptic Curve DiffieHellman Encryption Sender Side Routing of Packets Elliptic Curve DiffieHellman Decryption Receiver Side Fig.7 Process of Hybrid Cryptography Technique (BECDH) In this scheme, the sender before sending the acknowledgment packets to the receiver, first encrypt these packets by blowfish algorithm The encrypted information is again encrypted by ECDH algorithm for improve the security In receiver side, the receiver does same operations for decrypting the acknowledgment 140 A C K ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 packets but in reverse order The ECDH algorithm first decrypts the encrypted message after that the blowfish again decrypts the message Finally the receiver receives the original acknowledgment packets This scheme detects the malicious nodes with low routing overhead and it can also improve the packet delivery ratio compared with the existing techniques Comparative Study The table shows the comparative study of the various existing IDS techniques and proposed IDS technique is used to detecting the malicious nodes in MANET Table Comparative Study of Different IDS Techniques S.No Intrusion Detection Techniques Watchdog and Pathrater Algorithm / Protocols Advantages Disadvantages Dynamic Source Routing Protocol To improve the throughput of network with the presence of malicious nodes Fails to detect malicious misbehaviors with the presence of the following: 1) ambiguous collisions 2) receiver collisions 3) limited transmission power 4) false misbehavior report 5) collusion 6) partial dropping TWOACK Dynamic Source Routing Protocol To resolve the receiver collision and limited transmission power problems of Watchdog The acknowledgment process required in every packet transmission process added a significant amount of unwanted network overhead AACK Dynamic Source Routing Protocol Compared to TWOACK, AACK significantly reduced network overhead while still capable of maintaining or even surpassing the same network throughput It is crucial to guarantee that the acknowledgment packets are valid and authentic EAACK Digital Signature Algorithm 1.To solve the three weaknesses of Watchdog scheme, false misbehavior, limited transmission power, and receiver collision 2.To prevent the attacker from forging acknowledgment packets Number of malicious nodes is increased, this scheme produces more network overhead Hybrid Cryptography Technique Blowfish Elliptic Curve Diffie-Hellman Algorithm To solve the network/routing overhead problem of EAACK Give more security to MANET compared with other schemes 141 ISSN:2249-5789 M S Subbulakshmi et al , International Journal of Computer Science & Communication Networks,Vol 4(4),137-142 Conclusion As the use of mobile ad hoc networks (MANETs) has increased, the security in MANETs has also become more important accordingly Historical events show that prevention alone, i.e., cryptography and authentication are not enough; therefore, the intrusion detection systems are brought into consideration In this survey, we have given different existing intrusion detection techniques and also introduce new innovative intrusion detection technique Hybrid Cryptography (BECDH) for finding malicious nodes in MANETs Finally, we have justified that hybrid cryptography technique (BECDH) is better intrusion detection system for mobile ad hoc network while compared with other existing intrusion detections systems References [1] Y Zhang, W Lee, and Y Huang, “Intrusion Detection Techniques for Mobile Wireless Networks," ACM/Kluwer Wireless Networks Journal (ACM WINET), Vol 9, No 5, September 2003 [2] T Anantvalee and J Wu, “A Survey on Intrusion Detection in Mobile Ad Hoc Networks,” in Wireless/Mobile Security New York: Springer-Verlag, 2008 [3].N Kang, E Shakshuki, and T Sheltami, “Detecting misbehaving nodes in MANETs,” in Proc 12th Int Conf iiWAS, Paris, France, Nov 8–10,2010, pp 216–222 [4] N Kang, E Shakshuki, and T Sheltami, “Detecting forged acknowledgements in MANETs,” in Proc IEEE 25th Int Conf AINA, Biopolis,Singapore, Mar 22–25, 2011, pp 488–494 [5].K Liu, J Deng, P K Varshney, and K Balakrishnan, “An acknowledgment-based approach for the detection of routing misbehavior in MANETs,” IEEE Trans Mobile Comput., vol 6, no 5,pp 536–550, May 2007 [6] Tapan P Gondaliya1, Maninder Singh, “Intrusion detection System for Attack Prevention in Mobile Ad-hoc Network, “ International Journal of Advanced Research in Computer Science and Software Engineering,Volume 3, Issue 4, April 2013 [7] Dr S S Tyagi ,Aarti ,”Study of MANET: Characteristics, Challenges, Application and Security Attacks,”International Journal of Advanced Research in Computer Science and Software Engineering,Volume 3, Issue 5, May 2013 [8] Alex Hinds, Michael Ngulube, Shaoying Zhu, and Hussain Al-Aqrabi A Review of Routing Protocols for Mobile Ad-Hoc NETworks (MANET)International Journal of Information and Education Technology, Vol 3, No 1, February 2013 [9]A Al-Roubaiey, T Sheltami, A Mahmoud, E Shakshuki and H Mouftah, “AACK: Adaptive Acknowledgment Intrusion Detection for MANET with Node Detection Enhancement”, in 24th IEEE International Conference on Advanced Information Networking and Applications, 2010 [10] M G Zapata, “Secure Ad Hoc On-Demand Distance Vector (SAODV) Routing," ACM Mobile Computing and Communication Review (MC2R), Vol 6, No 3, pp 106-107, July 2002 [11] Y Hu, A Perrig, and D B Johnson, “Ariadne: A secure On-Demand Routing Protocol for Ad hoc Networks," Proceedings of the 8th Annual International Conference on Mobile Computing and Networking (MobiCom'02), pp 1223, September 2002 [12] S Bansal and M Baker, “Observation-Based Cooperation Enforcement in Ad hoc Networks," Research Report cs.NI/0307012, Stanford University, 2003 [13]Y Zhang, W Lee and Y Huang, “Intrusion Detection Techniques for Mobile Wireless Networks,” ACM/Kluwer Wireless Networks Journal (ACM WINET), Vol 9, No 5, September 2003 [14]Chlamtac, I., Conti, M., and Liu, J J.-N.” Mobile ad hoc networking: imperatives and challenges” Ad Hoc Networks, 1(1), 2003, pp 13–6 [15] M Frodigh, P Johansson and P.Larsson.”Wireless ad hoc networking: the art of networking without a network”,Ericsson Review,No.4, 2000, pp 248-263 [16] Belding-Royer,E.M and C.K Toh, 1999.“A review of current routing protocols for ad-hoc mobile wireless networks”.IEEE Personal Communication magazine [17] PriyankaGoyal, VintiParmar and Rahul Rishi, “MANET: Vulnerabilities, Challenges, Attacks, Application”, IJCEM International Journal of Computational Engineering & Management, Vol 11, January 2011 [18] E Surya and C Diviya, “A Survey on Symmetric Key Encryption Algorithms”, International Journal of Computer Science & Communication Networks, Vol 2(4), 475-477 [19] P Q Nguyen and I E Shparlinski, “The insecurity of the Digital Signature Algorithm with partially known nonces”, Preprint, 2000, 1-26 [20] D Hakerson, A Menezes, and S Vanston , “Guide to Elliptic Curve Cryptography,” Springer-Verlag, NY (2004) 142 ... International Conference on Advanced Information Networking and Applications, 2010 [10] M G Zapata, “Secure Ad Hoc On- Demand Distance Vector (SAODV) Routing," ACM Mobile Computing and Communication... [8] Alex Hinds, Michael Ngulube, Shaoying Zhu, and Hussain Al-Aqrabi A Review of Routing Protocols for Mobile Ad- Hoc NETworks (MANET)International Journal of Information and Education Technology,... Y Hu, A Perrig, and D B Johnson, “Ariadne: A secure On- Demand Routing Protocol for Ad hoc Networks," Proceedings of the 8th Annual International Conference on Mobile Computing and Networking (MobiCom'02),