Comparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks

Transcription

1 Comparison of Various Passive Distributed Denial of Service in Mobile Adhoc Networks YOGESH CHABA #, YUDHVIR SINGH, PRABHA RANI Department of Computer Science & Engineering GJ University of Science & Technology, Hisar INDIA # yogeshchaba@yahoo.com Abstract : In Mobile Adhoc Networks (MANET), various types of Denial of Service s (DoS) are possible because of the inherent limitations of its routing protocols. A distributed denial-of-service (DDoS) attack is a DoS attack which relies on multiple compromised hosts in the network to attack the victim. In this paper impact of and based Passive DDoS attack is evaluated by finding the packet delivery ratio, energy consumption and collisions by varying node mobility and number of attackers. Experiments are performed by implementing both types of attacks through simulation. It is found that the selfish node attack has more impact on network performance than packet dropping attack. Keywords:- DoS, DDoS, PDDoS, MANET, PDR,, Mobility 1 Introduction Mobile adhoc networks have properties that increase their vulnerability to attacks. Unreliable wireless links are vulnerable to jamming and their inherent broadcast nature, facilitate eavesdropping. Constraints in bandwidth, computing power and battery power in mobile devices can lead to application-specific tradeoffs between security and resource consumption of the device. By diverting the traffic towards or away from a node, incorrect forwarding, no forwarding at all, or other non-cooperative behavior, nodes can attack the network [1]. s in MANETs do not have any central base station to coordinate the transmission and authentication of packets so the delivery of data packets from source to destination nodes in the network is dependent on the cooperation of the (intermediate) nodes in the network [2]. In Mobile Adhoc Networks (MANETs) various types of Denial of Service s (DoS) are also possible because of the inherent limitations of its routing protocols. A denial-of-service (DoS) attack always attempts to stop the victim from serving legitimate users [3]. A distributed denial-of-service (DDoS) attack is a DoS attack which relies on multiple compromised hosts in the network to attack the victim. There are two types of DDoS attacks i.e. passive and active DDoS attacks. The First type of DDoS attack has the aim of attacking the victim node in order to drop some or all of the data packets sent to it for further forwarding even when no congestion occurs, which is known as Passive DDoS attack. The second type of DDoS attack is based on a huge volume of attack traffic, which is known as an Active DDoS attack [4]. One type of passive DoS attacks is selfish node attack in which node does not participate in network operation and it discard some or all of data packets sent to it without handling them properly even when no congestion occur [5]. Due to various new type of attacks security is becoming an important concept in MANET nowadays. Existing work relating to security measures in MANETs typically address the issue of malicious nodes in the network. Lin et. al. [6] presents a hardware based cache scheme to detect selfish nodes in mobile adhoc network, by monitoring the activities of the upper layer software and reports the misbehavior about the software to other mobile nodes in the network. But practically this implementation is difficult and has computing overheads. Miran et.al. [7] outlined a selfishness prevention protocol for Open MANETs. By using just one message that is periodically broadcasted by every node, it does not introduce a substantial overhead on the network or in the nodes. This work is on its early stages of development and requires experimentation evaluation over a network simulator, with different topologies and node movements. Balakrishnan et al. [8] describe the Drop as a serious threat to ISSN: ISBN:

2 operational mobile adhoc networks. They proposed a defense-in-depth strategy to secure mobile adhoc networks. Saraeian et.al. [9] have evaluated the performance of AODV Protocol under DDoS s in MANET. They defined AODV as most vulnerable protocol and the results shows that this type of attacks has high effect on such networks. Denko [1] has proposed Detection and Prevention of Denial of Service (DoS) s in mobile adhoc networks using Reputation-Based Incentive Scheme. Boppana et.al.[11] have evaluated a Statistical Technique to Mitigate Malicious Control s in adhoc networks and DoS attacks that exploit flooding of control packets cause severe performance degradation. Intrusion Detection of s in mobile adhoc networks has been investigated and examined how esom performs in classifying normal and abnormal behavior in mobile adhoc networks. But they did not proposed any prevention technique against the selfish node. Most of the research work proposes protocols to detect and avoid passive distributed denial of service attack without differentiating whether attack is packet dropping or selfish node attack. Few research papers uses the term packet dropping and selfishness attack as synonym. In this paper impact of and based Passive DDoS attack is evaluated separately by finding the packet delivery ratio, energy consumption and collisions by varying node mobility and number of attackers. Experiments are performed by implementing both types of attacks through simulation. The rest of the paper is organized as follows. The next section discusses the implementation of and Passive Distributed DoS Mechanism. Section III explains simulation scenario for evaluation of both types of passive distributed DoS attack. Section IV discusses results of impact of and based Passive DDoS attack. Finally conclusion is given in Section V. 2 Implementation of PDDOS Mechanism Passive Distributed Denial of Service attack is of two types : 2.1 Based PDDoS Mechanism: In packet dropping attack a node drops some or all of the data packets sent to it for further forwarding even when no congestion occur. An adversary can easily join the network or capture a mobile node and then start to disrupt network communication by silently dropping packets. Network congestion control mechanisms do not apply here since packets are not dropped due to congestion. Link layer acknowledgment, such as IEEE MAC protocol, can detect link layer break, but cannot detect forwarding level break. Although upper layer acknowledgment, such as TCP ACK, allows for detecting end-to end communication break, it can be inefficient and it does not indicate the node at which the communication breaks. Moreover such mechanism is not available in connectionless transport layer protocols, such as UDP. can be evaluated by monitoring the statistics FP (Forward Percentage) over a sufficiently long time period (T) by following formula: s actually forwarded FPm = s to be forwarded FP determines the ratio of forwarded packets over the packets that are transmitted to m node and that m should forward. If the denominator is not zero and FP i =, the attack is detected as Unconditional and m is identified as the attacker[11] Code for implementing attack is shown as shown below : if ((((node->nodeaddr)%5)==) && (node ->nodeaddr<= 7)) { drop(node); return; } This code is placed in different functions of aodv.pc file in simulator. Code above implements packet dropping attack by making node,5,1,.,7 as malicious. These nodes drop some or all data packets transmitted to it for further forwarding. 2.2 Based PDDoS Mechanism: In selfish node attack, the attacker do not participate in network operation even without congestion, which results neighbors node broadcasting packets again and again to this node. node is not serving as a relay to other nodes which are participating in the network. For instance, selfish nodes do not even send any HELLO messages and drop all packets even if they are sent to it. The victim will be out of service for legitimate traffic because selfish node is not responding at all. For attacks which target the bandwidth of the victim, the architecture of the victim network decides how large a volume of attack traffic is needed. Increasing the bandwidth of links and erasing bottleneck links in its own network can increase the ISSN: ISBN:

3 ability of a victim to tolerate selfish-based attacks [6]. Detection of selfish node attack can be done by monitoring the statistics LFP (Local Forward Percentage) over a sufficiently long time period L for each source s as is calculated below: s actually forwarded LFPsm = s to be forwarded If the denominator is not zero and the statistics is zero, the attack is selfish node attack targeted at s and m is identified as the attacker [11]. Code for implementing attack is shown as shown below: If ((((node->nodeaddr)%5)==) && (node->nodeaddr<= 7)) { return; } // discarding all request, reply or data packets 3 Experiment Setup The experimental setup (parameters) which is used to measure the performance of the network when packet dropping and selfish node based attacks are implemented is shown in table 1. GloMoSim which provides a scalable simulation platform for wireless networks, is used to perform the simulation. Table 1: Summary of Simulation Parameters Parameter Terrain Size Mobility Model Value 16 X 16 meters Random Waypoint [Min, Max] speeds ( ms -1, 2 ms -1 ) MAC Protocol Routing Protocol Nominal traffic type CSMA AODV Constant Bit Rate (CBR), 2 connections Number of s 1 Simulation Time 3 Minutes Following performance parameters are evaluated: Delivery Ratio (PDR): Number of successfully delivered legitimate packets as a ratio of number of generated legitimate packets. Total number of s received PDR = Total number of packets sent Number of Collisions: In a network, when two or more nodes attempt to transmit a packet across the network at the same time, a packet collision occurs. When a packet collision occurs, the packets are either discarded or sent back to their originating stations and then retransmitted in a timed sequence to avoid further collision. collisions can result in the loss of packet integrity or can impede the performance of a network. This metric is used to measure such collisions in the network. Energy Consumption: Total energy consumed in the network which is used for processing, forwarding, receiving packet etc. is energy consumption. It is measured in mwhr. Simulation experiments are performed to calculate above three parameters for following scenario in this paper attack for number of attackers varying from 2 to 12 and mobility varying from to 2 mts / sec. With packet dropping based passive DDoS attack for number of attackers varying from 2 to 12 and mobility varying from to 2 mts / sec. With selfish node based passive DDoS attack for number of attackers varying from 2 to 12 and mobility varying from to 2 mts / sec. 4 Results and Discussion Figure 1 show the effects of varying the number of attacking nodes in case of and Passive DDoS attack mechanism on PDR. The PDR of the network decreases rapidly when it is subject to attacks. When the number of attacker is, the network performance does not deteriorate. However, as the number of attackers increases, there are more packets (both legitimate and illegitimate) which compete for channel access in the shared wireless medium. This leads to a drop in the packet delivery ratio. Average PDR in case of no attack, packet dropping and selfish node based PDDoS is.915,.66 and.45 respectively. It is observed that PDR in case of is less as compared to. Delivery Ratio Number of ers Fig 1: Effect of varying number of attackers on PDR in case of and Figure 2 show the effects of varying the node mobility in case of and Passive DDoS attack mechanism on PDR. As node mobility increases, link breakages occur more frequently and ISSN: ISBN:

4 lead to route repairs and maintenance. This increases the overhead in the network, thus causing the network performance to deteriorate and packet delivery ratio (i.e. number of packets successfully transmitted) decreases. Average PDR in case of no attack, packet dropping and selfish node based Passive DDoS is.915,.52 and.23 respectively. It is clear that selfish node based Passive DDoS attack has greater effect on PDR as compared to attack. Figure 3 shows the effect of varying number of attackers on number of collisions in case of packet dropping and selfish node attacks. As the number of attackers increases, it causes increase in number of collisions i.e. packets are unable to reach at their destination. Average number of collisions in case of no attack, packet dropping and selfish node based Passive DDoS is 215, 289 and 865 per simulation time respectively. It is clear that collisions in case of attack are more as compared to dropping attack. Delivery Ratio Mobility Figure 2: Effect of varying node mobility on PDR in case of and. Number of Collisions Number of ers Figure 3: Effect of varying number of attackers on collisions in case of and Figure 4 shows the effect of varying node mobility on number of collisions in case of packet dropping and selfish node attacks. As the node mobility increases, link breakage occurs more frequently and this leads to the more collisions in the network. So, as the node mobility increases number of collisions also increases. Average number of collisions in case of no attack, packet dropping and selfish node based PDDoS is 27, 425 and 995 per simulation time respectively. It is clear that collisions in case of attack are more as compared to dropping attack. Number of Collissions Mobility Figure 4: Effect of varying node mobility on Number of Collisions in case of and Figure 5 shows the effect of varying number of attackers on energy consumption in case of packet dropping and selfish node attacks. As the number of attackers increases energy consumption decreases because node dropping attack node drops the packets those has to send to it for further forwarding even when no congestion occur. This node does not send packet to the destination node in order to save energy i.e. why energy decreases. In case of selfish node, as the number of attackers increases energy consumption increases because selfish node attack involves attacker sending large volumes of traffic to a victim node, to congest the victim node s network bandwidth and route does established. To establish the routes in the network requires lots of energy. Thus, it can predict that as the number of attacker increases energy consumption also increases. Average energy consumption in case of no attack, packet dropping and selfish node based PDDoS is , and mwhr respectively. Energy consumption in case of attack and dropping attack is almost same. Energy Consumptions Number of ers Figure 5: Effect of varying number of attackers on Energy Consumption in case of and ISSN: ISBN:

5 Figure 6 shows the effect of varying node mobility on energy consumption in case of dropping and selfish node attack. As the node mobility increases, link breakage occurs more frequently, this leads to the more route repair and maintenance. So, more energy is consumed in route repair or to establish new path. Hence, as the node mobility increases energy consumption also increases. Average energy consumption in case of no attack, packet dropping and selfish node based Passive DDoS is , and mwhr respectively. Energy consumption in case of attack and dropping attack is almost same. Energy Consumptions Mobility Figure 6: Effect of varying node mobility on Energy Consumption in case of and 5 Conclusion This paper implemented two types of Passive DDoS based attack mechanisms ( Based PDDoS and Based DDoS ). Impact of and based Passive DDoS attack is evaluated by finding the packet delivery ratio, energy consumption and collisions by varying node mobility and number of attackers through simulation based experiments. It is found that selfish node based PDDoS attack have greater impact on network performance. PDR in case of node based Passive DDoS attack is less then in case of attack. Performance of networks in terms of collisions is better in case of packet dropping passive DDoS attack as numbers of collisions in case of selfish node based passive DDoS attack are more. Performance of networks in terms of energy consumption is almost same in both the cases. ACKNOWLEDGEMENT The financial assistance provided by Univ. Grant Commission, New Delhi in the form of Major Research Project to Dr. Yogesh Chaba (PI) is acknowledged with thanks. References: [1] Kamanshis Biswas and Liaket Ali, Security Threats in Mobile Ad Hoc Network, Master Thesis, Thesis no: MCS-27:7 (March 22, 27). [2] Vesa Kärpijoki, Security in Ad Hoc Networks, Technical Report: HUT TML 2, Helsinki University of Technology (2). [3] Stephen M. Specht et al., Distributed Denial of Service: Taxonomies of s, Tools, and Countermeasures, Proc. 17th International Conference on Parallel and Distributed Computing Systems, pp (Sep 24). [4] Felix Lau and Stuart H Rubin, Distributed Denial of Service s, Proc IEEE ICSMC, pp (24). [5] Andrim Piskozub, Denial of Service and Distributed Denial of Service s, Proc. TCSET 22, Ukraine (February 18-23, 22) [6] H. Lin, J.G. Delgado-Frias, S. Medidi, Using a Cache Scheme to Detect s in Mobile Ad Hoc Networks, Proc. Communications, Internet, and Information Technology (27). [7] Hugo Miran, Lu ıs Rodrigues, Friends and Foes: Preventing ness in Open Mobile Ad Hoc Networks, IEEE International Workshop on Mobile Distributed Computing, USA (May 23). [8] V. Balakrishnan, V. Varadharajan, Drop : A Serious Threat to Operational Mobile Ad Hoc Networks, Proc. Networks and Communication Systems (25). [9] Shideh Saraeian, Fazllolah Adibniya, Mohammad GhasemZadeh and.seyedazim Abtahi, Performance Evaluation of AODV Protocol under DDoS s in MANET, Proc. World Academy of Science, Engineering and Technology, Volume 33, ISSN , pp (28). [1] Mieso K. Denko, Detection and Prevention of Denial of Service (DoS) s in Mobile Ad Hoc Networks using Reputation-Based Incentive Scheme, Journal Systemics, Cybernetics and Informatics, Volume 3 - Number 4, pp 1-9. [11] Rajendra V. Boppana, Saman Desilva, Evaluation of a Stastical Technique to Mitigate Malicious Control s in Ad Hoc Networks, Proc. International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM'6), IEEE Computer Society (26) ISSN: ISBN: