Security attack in MANET .black holes

CHAPTER 3

PROPOSED WORK

This Chapter discuses about the basic security attack in MANET .black hole attack is that kind of attack which occurs in Mobile d-Hoc network (MANET). It also describes the Proposed Solution to this problem.

3.1 Problem Statement

In AODV Protocol black hole is also the type of DoS attack. A black hole attack can be achieved by a single-node or by several nodes in collusion. A single-node black hole attack forges the sequence number and hop count of a routing message in order to forcibly acquire the route, and then eavesdrop or drop all data packets that pass. Fig. 3.1depicts the behaviour of a black hole attacks, wherein source node S is intended to establish a route to destination node D. In an AODV [12] routing protocol, a source node S would broad-cast a Route Request (RREQ) packet to search for destination node D; the normal intermediate nodes would receive and continuously broadcast the RREQ message, rather than the black hole node As shown in Fig. 1(a), the black hole node would directly reply through an RREP with an extremely largest sequence number and minimum hop count i.e. 1 to source node S. When node receiving RREQs from normal nodes, the destination node D would also select a route which is minimal hop count, and then, return a Route Reply (RREP) packet, as shown in Fig. 1(b). According to the AODV protocol design, a source node would select the latest (largest sequence number) and shortest route (minimal hop count) to send data packets upon receipt of several RREPs packets. Thus, a route via a black hole node would be selected by node S. The black hole node will then eavesdrop, or directly drop the entire packet which is received from the node S, as shown in Fig. 1(c). Moreover, when a black hole attack occur by two malicious nodes, is referred to as a cooperative black hole attack, as shown in Fig. 1(d). The difference of a single malicious node lies in that, after obtaining the route, B1 may select either it directly drop the data packets or send data packet to malicious node B2, enabling B2 to eavesdrop or drop all the packets. The main purpose of separating the packets dropped by B1 is to reduce the probability of being discovered.

{a} RREQ flooding {b} RREP Replying

{c} Single black hole attack {d} cooperative black hole attack

Figure 3.1 Black Hole Attack In MANET

In networking, black holes refer to places in the network where incoming traffic is silently discarded (or "dropped"), without informing the source that the data did not reach its destination. These black hole nodes are invisible and can only be detected by monitoring the lost traffic. So, it is named as black hole. A black hole attack or packet drop attack is a type of denial of service attack accomplished by dropping packets. The attack can be accomplished either selectively (e.g. by dropping packets for a particular network destination, a packet every n packets or every t seconds).

MANETs are generally used for communication during natural disasters, on the battlefield, and business conferences, which illus-trates the importance of guaranteed safety of data transfer between two nodes, thus, more secure routing protocols [3-4] have been recently proposed. Most secure routing protocols are de-signed to prevent hazards to safety properties, such as: (1) identity authentication and non-repudiation; (2) availability of resources; (3) internality; and (4) confidentiality and privacy. By forging a routing message, a black hole attack is intended to scramble the route, and then, further eavesdrop or drop the packets, posing a possible threat to safety properties (2), (3), and (4). Due to its easy-to-operate behaviour, a black hole attack is common in MANETs, making it very important to efficiently prevent black hole attacks.

3.2 Proposed Solution

Black hole attack is that kind of attack which occurs in MANET. In black hole attack, a malicious node uses its routing protocol in order to advertise itself for having the shortest path to the destination node or to the packet it wants to intercept. In AODV Protocol black hole is also the type of DoS attack. A black hole attack can be achieved by a single-node or by several nodes in collusion. A single-node black hole attack forges the sequence number and hop count of a routing message in order to forcibly acquire the route, and then eavesdrop or drop all data packets that pass. To Prevent or detect a black hole node in network, We use a Support Vector Machine (SVM) to detect the black hole node in network environment.SVM classified the node according to their trustworthiness of the node in an automated manner. In our approach are behavioural based i.e. SVM machine classified the node according to their behaviour.

The behavioural data collection module is responsible for the collection of node behaviours and formation of behavioural dataset. In this approach, a node’s behaviour is described in terms of the ratio of the amount of this behaviour over the total amount of packets that the node has received, such as Packet Drop Rate (PDR), Packet Modifications Rate (PMR).

Network Simulations are used to generate behavioural dataset and train a SVM classified. Because the adversaries and their misbehaviours are pre-defined in these simulations, the behavioural data are collected and then labelled according to the ground truth regarding adversaries. The trained SVM classifier can then be distributed and deployed to mobile devices to classify nodes in MANETs in which they participate. The Behavioural Data Collection module on each node first observes and records the behaviours of their neighbours’. It also receives and integrates node behaviours reported by other nodes.

Proposed Method used the idea of threshold mechanism for better approximation of black hole nodes in MANET AODV scenario.

3.3 SVM Parameters

The trained SVM classifier classified the node according to their behaviour of a particular node. SVM classifier applies on each node in network, trained the node and identified the misbehaviour node of the network.

Following Metrics will be used in black hole detection and prevention they are listed below-

• Packet Delivery Ratio (pkt_dr)
• Packet Modification Ratio (pkt_mr)
• Packet miss routed ratio (pkt_mir)
• Hop count (hc)
• Timestamp (ts)
• No. of RREQ transmitted by node
• No. of RREP transmitted by node

3.4 Proposed Algorithm

In Propose Work we use AODV (Ad-Hoc On Demand Distance Vector Routing) Protocol for Black hole Detection. First we will set-up 25 nodes simulation, in NS-3 and generate data of routing information. This routing information passed in SVM to find malicious node through MATLAB using SVM Train Function in MATLAB.

On-Demand (Dynamic) Ad hoc On-Demand Distance Vector (AODV) Routing is a routing protocol for mobile ad hoc networks (MANETs) and other wireless ad-hoc networks. In reactive routing protocol, it establishes a route to a destination only when its require i.e. only on demand. In contrast, the most common routing protocols of the Internet are proactive routing protocol, meaning they find routing paths independently of the usage of the paths. AODV is also called a distance-vector routing protocol. AODV avoids the counting-to-infinity problem of other distance-vector protocols by using sequence numbers on route updates, a technique pioneered by DSDV. AODV is capable of both unicast and multicast routing.

Proposed algorithm has two parts to detect black hole in AODV using NS-3 integrated with SVM (MATLAB).

1. Collecting behavioural statistics.
2. Following lines of code has been used to collect individual nodes transmission behavior-

Call flowmonitor_ns3 ();

1. EXTARCT following using DOM (Data Object Module) and flowmonitor_ns3()

1. Packet Delivery Ratio (pkt_dr)
2. Hop count (hc)
3. Timestamp (ts)
4. No. of RREQ transmitted by node
5. No. of RREP transmitted by node

*f and g is also called control overhead

3 .Classify nodes by applying SVM (Support Vector Machine)

Procedure:

flowmonitor_ns3()

{

monitor->SerializeToXmlFile ("hybrid_mbqs.xml", true, true);

monitor->CheckForLostPackets(Seconds(duration));

Ptr<Ipv4FlowClassifier> classifier =

DynamicCast<Ipv4FlowClassifier>(flowmon.GetClassifier());

std::map<FlowId, FlowMonitor::FlowStats> stats = monitor->GetFlowStats();

std::map<FlowId, FlowMonitor::FlowStats>::const_iterator i;

for (i=stats.begin(); i != stats.end(); i++)

{

Ipv4FlowClassifier::FiveTuple t = classifier->FindFlow(i->first);

std::cout << "Flow " << i->first << " ( " << t.sourceAddress <<" --> " << t.destinationAddress << " ) " << std::endl;

std::cout << "delaySum : " << i->second.delaySum << std::endl;

std::cout << "delaySum : " << i->second.lastDelay << std::endl;

std::cout << "jitterSum : " << i->second.jitterSum << std::endl;

std::cout << "Tx Packets : " << i->second.txPackets << std::endl;

std::cout << "Rx Packets : " << i->second.rxPackets << std::endl;

//std::cout << "Lost Packets : " << i->second.lostPackets << std::endl;

std::cout << "TX Bytes : " << i->second.txBytes << std::endl;

std::cout << "RX Bytes : " << i->second.rxBytes << std::endl;

std::cout << " Throughput: " << i->second.rxBytes * 8.0 / (i->second.timeLastRxPacket.GetSeconds() - i->second.timeFirstTxPacket.GetSeconds())/1024/1024 << " Mbps\n ";

}

//Ipv4FlowClassifier::FiveTuple t = classifier->FindFlow (i->first);

std::cout << " Time first Rx: " << (i->second.timeFirstRxPacket) << "\n";

std::cout << " Time last Rx: " << (i->second.timeLastRxPacket)<< "\n";

std::cout << " Sender bit-rate: " << (i->second.txBytes * 8)/(double ((i->second.timeLastTxPacket -i->second.timeFirstTxPacket).GetSeconds())) << " bps\n";

std::cout << " Average delay: " << (i->second.delaySum).GetSeconds()/(double (i->second.rxPackets)) << " s\n";

std::cout << " Average jitter: " << (i->second.jitterSum).GetSeconds()/(double (i->second.rxPackets - 1)) <<" s\n";

std::cout << " Average received packet size: " << (i->second.rxBytes)/(double (i->second.rxPackets)) << " byte\n";

std::cout << " FlowMonitor Packets lost: " << (i->second.lostPackets) << " packets\n";

std::cout << " Actual Packets lost: " << (i->second.txPackets -i->second.rxPackets) << " packets\n";

std::cout << " Actual Packet loss: " << (i->second.txPackets - i->second.rxPackets)/(double (i->second.txPackets)) << "\n\n";

std::cout<<"------------------------"<<std::endl;

}

1