A REVIEW ON SECURE IDS AGAINST DDOS ATTACK PROBLEM IN MOBILE AD-HOC NETWORKS

Transcription

1 A REVIEW ON SECURE IDS AGAINST DDOS ATTACK PROBLEM IN MOBILE AD-HOC NETWORKS Mr. Shantanu Deshmukh 1, Mr. Sagar Kaware 2 1Mr. Shantanu V. Deshmukh, IT Department, JDIET Yavatmal, shantanu5544@gmail.com 2Mr. Sagar Kaware, IT Department, JDIET Yavatmal, sagarkaware26@gmail.com ABSTRACT Wireless Mobile ad-hoc network (MANET) is an emerging technology and proves a boon in the areas of critical situations such as battlefields and commercial applications such as building and traffic surveillance. MANET is a infrastructure less with no centralized controller exist and also each node in MANET is capable of routing. Each device in a MANET is independently free to move in any direction and can therefore change its connections with other devices commonly. So one of the major challenges wireless mobile ad-hoc networks face today is security, because no central controller exists. There are many security attacks in MANET and DDoS (Distributed denial of service) is one of the serious attacks among them. Our main aim is to detect DDoS attack and by not only detecting it we are much more interested in preventing DDoS attack and thus to overcome it. Keywords: Wireless mobile ad-hoc network, security attacks, IDS, challenge, DDoS attack. 1. INTRODUCTION Mobile Ad hoc network (MANET) is a group of two or more devices or nodes or terminals with a capability of wireless communications and networking which makes them able to communicate with each other without the support from of any centralized device. This is an autonomous system in which nodes are connected by wireless links and send data to each other. In Manet as there doesn t exist any centralized system so routing is done by node itself. Due to its mobility and self routing ability, there are many faults in its security areas. To solve the security issues we need an Intrusion detection system, which can be further divided into two models: Signaturebased intrusion detection system and anomaly-based intrusion detection system. In Signaturebased intrusion detection system there are some previously detected patron or signature are stored into the data base of the IDS if any disturbance is found in the network by IDS it matches it with the previously saved signature and if it is matched than IDS understand that there exist attack. But if there exists an attack and its signature is not in IDS database then IDS can t able to detect attack. To avoid this periodically updating of database is compulsory. To solve this problem second approach[2], anomaly based IDS is invented, in which firstly the IDS makes the normal profile of the network and put this normal profile as a base profile compare it with the existing monitored network profile. The benefit of this anomaly based IDS technique is that it can able to detect attack without having prior knowledge of attack. Intrusion attack is very easy to happen in wireless kind of network as compare to wired network. Serious attack to be considered in ad hoc network is DDoS attack. A DDoS attack carried out in a large scale well coordinated attack on the availability of services at a victim system or network resource. The DDoS attack is initiated by sending huge amount of packets to the target node through the co-ordination of large amount of hosts which are distributed all over in the network. At side of victim this large traffic consumes the bandwidth and not allows any other important packet reached to the victim device creates problem.

2 2. RELATED WORK Working with these issues of DDoS Attack wide range of related work has found including the new DOS attack,called Ad Hoc Flooding Attack(AHFA), results in denial of service attack when used against on-demand routing protocols for mobile ad hoc networks, such as AODV & DSR. Wei-Shen Lai et al [4] have proposed a scheme to monitor the traffic pattern in order to alleviate distributed denial of service attacks. Shabana Mehfuz1 et al [5] have proposed a new secure power -aware ant routing algorithm (SPA-ARA) for mobile ad hoc networks that is inspired from ant colony optimization (ACO) algorithms such as swarm intelligent technique. Giriraj Chauhan and Sukumar Nandi [6] proposed a QoS aware on demand routing protocol that uses signal stability as the routing criteria along with other QoS metrics. 3. ATTACKS ON AD-HOC NETWORK There are various attacks on ad hoc network which are as follows: 3.1 Wormhole The Wormhole attack is one of the most powerful attack on Ad-hoc networks. In wormhole attack two malicious nodes in the network are in cooperation [7]. At certain time instant one attacker suppose node A captures routing traffic at one point of the network and tunnels it to the another point of the network towards node B. Node B then selectively injects tunnelled traffic back into the network. Thus leads to wormhole attack.the solution to the wormhole attack are packet leashes. 3.2 Replay A replay attack occurs when attacker continuously listens the conversation and transaction between two nodes and while listening; the attacker puts the important message like password or authentication message and uses this message to attack the same target node in future pretending as real sender sending useful information. 3.3 Masquerade In Masquerade type of attack the intruder gains the privilege of any one system in the network as an authentic user by stolen user password through bypassing an authentication mechanism or through security gaps while intruding the system. 3.4 Black Hole In a black hole attack a malicious node injects false route replies to the route requests it and advertise itself as having the shortest path to a destination [8]. These fake replies can be fabricated to divert network traffic through the malicious node for eavesdropping, or simply attracts all traffic to it in order to perform a denial of service attack by dropping the received packets. 3.5 Blackmail This attack is relevant against routing protocols that use mechanisms for the identification of malicious nodes and propagate messages that try to blacklist the offender [10]. An attacker may fabricate such reporting messages and try to isolate legitimate nodes from the network. The security property of non-refusing can prove to be useful in such cases since it binds a node to the messages it generated [11]. 3.6 Routing Table Poisoning

3 Routing protocols maintain tables that hold information regarding routes of the network. In case of poisoning attacks the malicious nodes generate and send fabricated signaling traffic, or these nodes modifies legitimate messages from other nodes, thus to create wrong entries in the tables of the participating nodes [9]. For example, an attacker can send routing updates that do not correspond to actual changes in the topology of the ad hoc network. These attacks results in the selection of non optimal routes which are undesirable, the creation of hectic and time consuming routing loops, bottlenecks also even poisoning certain parts of the network. 3.7 Denial of Service Denial of service attacks aim at the complete disruption of the routing function and therefore the entire operation of the ad hoc network [9]. Specific instances of denial of service attacks include the routing table overflow and the sleep dispossessing torture. In a routing table overflow attacks the malicious node floods the network with bogus route creation packets in order to consume the resources of the participating nodes and disrupt the establishment of legitimate routes. The sleep dispossessing torture attack aims at the consumption of batteries of a specific node by constantly keeping it engaged in routing decisions. 3.8 Distributed Denial of Service In DDoS attack all nodes simultaneously attack on the victim node or network by sending them huge packets, this will totally consume the victim bandwidth and this will not allow victim to receive the important data from the network being used by attacker to attack. 4. DOS ATTACK SCENARIOS The DoS attacks which targets to resources can be grouped into three scenarios as mentioned in the paper referenced number [3]. 4.1 The first attack scenario targets Storage and Processing Resources. This is an attack that mainly targets to the memory, storage space, or CPU of the service provider. At such scenario the attacker node continuously sends the large block of data to the target node with a nuisance intention to deplete the storage of target node and leads to the disability of target node to send and receive data from other legitimate authentic nodes. 4.2 The second attack scenario targets energy resources, specifically the battery power of the service provider. As since the Ad-hoc Network is the mobile network mainly dependent on Battery for its operations. A malicious node may continuously send a bogus packet to a node having an intention to consume the battery and energy of victim moreover preventing other nodes from establishing a communication with the node. Ultimately leads to the disability of sharing data between legitimate authentic nodes in the network. 4.3 The third attack scenario targets bandwidth. At such the attacker node wants to waste the network bandwidth and disrupt connectivity. The Attacker node continuously sends packets with bogus source IP addresses of other nodes thereby overloads the network by consuming bandwidth of network. 5. CRITERIA FOR ATTACK DETECTION Herein the paper with reference number [1], the author uses thirteen mobile nodes and simulate through three different criteria NORMAL case, DDOS attack case and after IDS intrusion detection case. 5.3 Normal Case They set number of sender and receiver nodes and transport layer mechanism as TCP and UDP with routing protocol as AODV (ad-hoc on demand distance vector) routing. After setting all parameter they simulate the result through their simulator mechanism environment.

4 5.2 Attack Case In Attack module they create one node as attacker node whose some parameters are set like scan port, scan time, infection rate, and infection parameter, attacker node send probing packet to all other neighbor node which belong to the same radio range, when attacker node agree communication with weak node, then the probing packet sent by the attacker node to the weak node causes infection to weak node, after infection this infected node launch the DDOS (distributed denial of service) attack and infectto next other node the at such case gradually overall network has been infected. 5.3 IDS Case In IDS (Intrusion detection system) they set one node as IDS node, that node watch the all radio range mobile nodes if any abnormal behaviour comes to our network, first check the symptoms of the attack and find out the attacker node, after finding attacker node, IDS block the attacker node and remove from the DDOS attack. 6. ALGORITHM Create node =ids; Set routing protocol = AODV; // checking of network configurations If ((node in radio range) && (next hop! =Null) Capture load (all_node) // After gathering all information regarding all nodes the IDS node creates a normal profile which contains the information like type of packet, send and receive time of packet, packet drop time etc. Create normal_profile (Tsnd, Trcv, Tdrp) pkt_type; // AODV, TCP, CBR, UDP Time; Tsnd, Trcv, Tdrp, Threshold_parameter () If ((load<=max_limit) && (new_profile<=max_threshold) && (new_profile>=min_threshold)) No any attack; Else Attack in network; Find_attack_info (); Else Node required out of search area or destinationunreachable Find_attack_info () Compare normal_profile with each trace value If (normal_profile! = new trace_value) Check pkt_type;

5 Count unknown pkt_type; Arrival time; Sender_node; Receiver_node; Block_Sender_node (); /*sender node is confirmed as attacker node */ In an algorithm proposed by paper with reference [1] firstly they create an IDS node in which they set AODV as a routing protocol. Then after the creation of IDS node they checks the network configuration and perform one condition to capture lode by finding that the node is in its radio range and also the next hop is not null, then capture all the information regarding nodes. Else nodes are out of range or reside on a destination which is unreachable. On having this information IDS node creates a normal profile which contains information like type of packet, packet type in our consideration algorithm the author uses AODV protocol, time of packet send and receive and threshold. After creation of normal profile and threshold checking is done in the network i.e.whether the network load is smaller than or equal to maximum limit and new profile is smaller than or equal to maximum threshold and new profile is greater than or equal to minimum threshold then there is no any kind of attack present. Else wise there may an attack in the network and find the attack. For finding out the attack compare normal profile with each new trace point value i.e. check packet type, count unknown packet type, arrival time of packet, sender node of packet, receiver node of packet. And after detection of any anomaly or unusual thing found in that parameters then block that packet sender node treat it as (attacker node) which can disturb whole network; eliminate the attacker node and safeguard the system. 7. CONCLUSION The proposed mechanism as in the reference paper [1] eliminates the need for a centralized trusted authority which is not practical in Ad-hoc kind of network. This mechanism protects the network through an algorithm which well organized, fully planned and distributed also carrying localized procedure. This mechanism can also be applied for securing the network from other routing attacks by changing the security parameters in accordance with the nature of the attacks to avoid and secure the overall MANET. REFERENCES [1] Prajeet Sharma, Niresh Sharma and Rajdeep Singh: Using Secure intrusion detection system to prevent DDoS Attack in mobile Ad-hoc Network, International Journal of Computer Applications ( ) Volume 41 No.21, March [2] D. E. Denning, An Intrusion Detection Model," IEEE Transactions in Software Engineering, vol. 13, no. 2, pp , USA, [3] Mieso K. Denko: Using Reputation-Based Incentive Scheme Detection and Prevention of Denial of Service (DoS) Attacks in Mobile Ad Hoc Networks, systemics, cybernetics and informatics volume 3 - number 4. [4] Wei-Shen Lai, Chu-Hsing Lin, Jung-Chun Liu, Hsun-Chi Huang, Tsung-Che Yang: Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks, International Journal of Software Engineering and Its Applications, Vol. 2, No. 4, pp (2008) [5] ShabanaMehfuz, Doja,M.N.: Swarm Intelligent Power-Aware Detection of Unauthorized and Compromised Nodes in MANETs, Journal of Artificial Evolution and Applications (2008)

6 [6] Giriraj Chauhan,Sukumar Nandi: QoS Aware Stable path Routing (QASR) Protocol for MANETs, in First International Conference on Emerging Trends in Engineering and Technology,pp (2008). [7] Yih-Chun Hu, Adrian Perrig, and David B. Johnson., Packet Leashes A Defense against Wormhole Attacks in Wireless Ad Hoc Networks In Proceedings of the Twenty-Second Annual Joint Conference of the IEEE Computer and Communications Societies (INFOCOM 2003), April 2003 [8]Mohammad Al-Shurman and Seong-Moo Yoo, Seungjin Park, Black Hole Attack in Mobile Ad Hoc Networks ACMSE 04, April 2-3, 2004, Huntsville, AL, USA. [9] I. Aad, J.-P. Hubaux, and E-W. Knightly, Denial of ServiceResilience in Ad Hoc Networks, Proc. MobiCom, [10] Patroklos g. Argyroudis and donal o mahony, Secure Routingfor Mobile Ad hoc Networks, IEEE Communications Surveys & Tutorials Third Quarter [11] Karan Singh, R. S. Yadav, Ranvijay International Journal of Computer Science and Security, Volume (1): Issue (1) 56