Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System Shams Fathima M.Tech,Department of Computer Science Kakatiya Institute of Technology & Science, Warangal,India Abstract Wireless mobile ad-hoc network is an autonomous collection of mobile nodes that communicate over relatively bandwidth constrained wireless links. The network topology may change unpredictably and rapidly over time. Significant in establishing survivable, dynamic and efficient communication for emergency and rescue operations. There is no centralized control over the nodes or devices in the network. Certain network vulnerabilities are exploited by the attacker. The popular attacks in MANETS are DDOS, Black hole, Masquerade etc. The aim of the paper is to see how DDOS attack occur and the proposed technique blocks the path of attacker node. We consider end to end delay, packet drop rate as the parameters and build secure IDS. In addition to this, failure of nodes is the major problem in MANETS. An algorithm to prevent such node failures is also studied. Keywords Security attack, DDOS attack, MANETS, Intrusion Detection Systems. I. INTRODUCTION Mobile ad hoc network is a group of devices or nodes or terminals. It holds the capability to communicate using the wireless technology. It doesn t have the aid or control of any centralized system. This is an independent system in which nodes are connected by wireless links and send data to each other. The routing is done automatically. There are many security issues in MANETS. In order to solve them we need a system to detect an attack. IDS can be considered into two models: Signature based and anomaly based. In Signature based intrusion detection there are some previously S. Venkatramulu Associate professor, Department of Computer science Kakatiya Institute of Technology & Science, Warangal,India. detected patterns or signature. It is stored into the data base of the IDS. If any distraction is found in the network. The IDS will match it with the saved signature. If it is matched then IDS detects it. If the attack occurs and its signature is not present in the IDS database then IDS fails to detect the attack. For this, frequent updation of database is mandatory. To solve such problem anomaly based IDS is considered, in which firstly the IDS makes the normal profile of the network and then later on it compares the network by monitoring it. One of the most severe attacks to be considered in ad hoc network is DDOS attack. It is an attempt to make a network resource unavailable to its expected users. DDOS is coordinated attack on the availability of services at a network resource which is launched by sending huge amount of packets to the target node through the co-ordination of large amount of hosts and at the victim side this large traffic consumes the bandwidth and doesn t allow any other important packet to reach to the victim. II. RELATED WORK The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service. Wei-Shen Lai et al [1] proposed a scheme to monitor the traffic pattern in order to alleviate distributed denial of service attacks. Shabana Mehfuz1 et al [2] proposed a new secure poweraware ant routing algorithm (SPA-ARA) for mobile ad hoc networks that is inspired from ant colony optimization (ACO) algorithms such as swarm intelligent technique. Giriraj Chauhan and Sukumar Nandi [3] proposed a QoS aware on demand IJCSIET-ISSUE4-VOLUME3-SERIES3 Page 1
routing protocol that uses signal stability as the routing criteria along with other QOS metrics. Xiapu Luo et al [4] have presented the important problem of detecting pulsing denial of service (PDOS) attacks which send a sequence of attack pulses to reduce TCP throughput. Xiaoxin Wu et al [5] proposed a DOS mitigation technique that uses digital signatures to verify the legitimate packets and drop those packets that do not pass the verification. investigation scheme in which they use entropy-based detection mechanism against DDOS attacks in order to guarantee the transmission of normal traffic and prevent the flood of abnormal traffic. Qi Chen, Wenmin Lin, Wanchun Dou, Shui Yu [6] proposed a Confidence-Based Filtering method (CBF) to detect DDOS attack in cloud computing environment, where anomaly detection is considered and normal profile of network is formed at non attack period and CBF is used to detect the attacker at attack period. III. ATTACK ON AD HOC NETWORK inexistent 1-2 link which in fact is controlled by X. Node X can afterwards drop tunneled packets or break this link at will. Two intruder nodes X and X, connected by a either wireless or wired private medium. 2) Blackmail A malicious node uses its routing protocol to advertise itself for having the shortest path with minimum hops to the destination node whose data packet it wants to take away. In this way attacker node is always available to the nodes whose packets it wants to retain. 3) Sleep Deprivation In this type of attack, the resources of the specific node or nodes of the network are consumed by constantly keeping them engaged in routing decisions. The attacker node continually requests for either existing or non-existing destinations and forcing the neighbouring nodes to process and forward these packets and therefore consume batteries and network bandwidth obstructing the normal operation of the network. There are different types of attacks on ad hoc networks, some are described below: 1) Wormhole The wormhole attack is a severe kind of attack, which consists in recording the traffic from one region of the network and replaying it. It is replayed in a different region. This is carried out by an intruder node X located within transmission range of legitimate nodes 1 and 2, Here 1 and 2 are not themselves within transmission range of each other. Intruder node X tunnels control traffic between 1 and 2, without the modification presumed by the routing protocol, E.g. without stating its address as source in the packets header, so that X is invisible. This results in an extraneous 4) Black Hole A harmful or malicious node injects false route replies to the route requests it receives and advertising itself as having the shortest path to a destination. These fake replies can be fabricated to divert network traffic through the malicious node for eavesdropping and simply to attract all traffic to it in order to perform a denial of service attack by dropping the received packets. 5) Denial of Service Denial of service attacks are planned at complete disruption of routing information and therefore the whole operation of ad-hoc network destroys. IJCSIET-ISSUE4-VOLUME3-SERIES3 Page 2
6) Distributed Denial of Service A DDOS attack is a form of DOS attack but difference is that DOS attack is performed by only one node and DDOS is performed by the combination of many nodes. The Nodes in the network attack on the victim node or network simultaneously by sending them huge packets, which will totally consume the victim bandwidth and this will not allow victim to receive the important data from the network. Intrusion Detection case. In the Normal Case, We set the number of sender and receiver nodes and transport layer mechanism is TCP and UDP. After setting all the parameters we simulate the results through simulator. In the Attack Case, We create one node as intruder node and it sends probing packets to the nodes which are in the radio range. If any weaker node with is nearby or with in the radio range then the attacker node communicates and launches 7) Rushing Attack This attack is the one which result in denial of services when it is used against all previously published on-demand ad-hoc network routing protocol. Rushing attack exploits this duplicate suppression mechanism by quickly forwarding route discovery packet to gain access to the forwarding group. DDOS attack. Thereby infecting the entire network In IDS we set one node as IDS node, that node watches the all radio range mobile nodes if any abnormal behaviour occurs in the network, It first checks the symptoms of the attack and finds out the attacker node.after finding attacker node, IDS blocks the attacker node and remove from the DDOS attack. In addition to detecting and blocking 8) Masquerade The intruder gains the privilege of any one system as an authenticate user by stolen user password, through finding security gaps in programs, or through bypassing the authentication mechanism. DDOS attack from the network, other problem in Ad hoc networks is the failure of nodes. To prevent this, A wireless network can get divided into multiple connected components due to the failure of some of its nodes, which is called a cut. In this article we also try to solve the problem of detecting IV. PROPOSED METHOD DDOS attack is the main problem in MANATS and as well as in wireless sensor networks. We assume that a mobile ad hoc network contains two or more than two mobile devices that communicate with each other through intermediate nodes, each node contain routing table, in our proposal we use AODV routing protocol in all normal module, attack module and IDS (intrusion detection system). In this paper we simulate the three condition results Normal time, Attack time and IDS module time using NS-2 simulator. NS-2 is flexible since cuts by using remaining nodes of a wireless network. We can do this by following(i) Every node to detect when the connectivity to a specially designated node has been lost, and (ii) One or more nodes (which are connected to the special node after the cut) to detect the occurrence of the cut. Every node needs to communicate with only those nodes that are within its communication range. The algorithm depends on iterative computation of a fictitious electrical potential of the nodes. We can demonstrate the efficiency of the this algorithm through Simulations. it generates graphs. Here we use eighty mobile nodes and simulate through three different criteria NORMAL case, DDOS attack case and after IJCSIET-ISSUE4-VOLUME3-SERIES3 Page 3
V. SIMULATION ENVIRONMENT The simulation is implemented in Network Simulator. Here NS-2 Simulator is used. It is simply an event driven simulation tool that has proved useful in studying the dynamic nature of communication networks. Simulation of wired and wireless network functions and protocols (e.g: routing algorithms, TCP, UDP) can be done using NS2 Simulator. This Simulator provides users with a way of specifying such network protocols and simulating their corresponding behaviours. Due to its flexibility it has gained popularity. Performance Metrics: In our simulations we use several performance metrics. The following are considered. Throughput: Number of packets sent in per unit time. Packet Delivery fraction: The ratio between the number of packets sent by source to number of packets correctly received. End to End Delay:It is average end to end latency of data packets. Simulation Parameters Protocol AODV number of nodes 80 routing protocol DSR traffic type CBR number of traffic TCP/UDP connections node movement random types of attack DDOS According to performance analysis in all the three cases. We observe that DDOS definetly effects the network. In case of attack we observe routing load is high and Packet deliver fraction goes low. We can observe that in the below graphs after the simulation results. Packet Delivery Ratio: This is the ratio between the numbers of packets sent by sender to the number of packets received by destination nodes. Fig 1: This graph shows the drop in the packet delivery ratio VI. CONCLUSION The proposed mechanism in the paper eliminates the need for a centralized authority which is not practical in ad hoc network. The results demonstrate the presence of DDOS attack and the packet loss. The present mechanism can also be applied for securing the network from other routing attacks by changing the security parameters. The problem of detecting cuts can be considered by the remaining nodes of a wireless networks. By this, we can achieve more effective and secure networks. REFERENCES [1]Wei-Shen Lai, Chu-Hsing Lin, Jung-Chun Liu, Hsun-Chi Huang, Tsung-Che Yang: Using Adaptive Bandwidth Allocation Approach to Defend DDoS Attacks, International Journal of Software Engineering and Its Applications, Vol. 2, No. 4, pp. 61-72 (2008) [2]ShabanaMehfuz, Doja,M.N.: Swarm Intelligent Power-Aware Detection of Unauthorized and Compromised Nodes in MANETs, Journal of Artificial Evolution and Applications (2008) IJCSIET-ISSUE4-VOLUME3-SERIES3 Page 4
[3]Giriraj Chauhan,Sukumar Nandi: QoS Aware Stable path Routing (QASR) Protocol for MANETs, in First International Conference on Emerging Trends in Engineering and Technology,pp. 202-207 (2008). [4] Xiapu Luo, Edmond W.W.Chan,Rocky K.C.Chang: Detecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals, EURASIP Journal on Advances in Signal Processing (2009) [5]Xiaoxin Wu, David,K.Y.Yau, Mitigating Denial-of-Service Attacks in MANET by Distributed Packet Filtering: A Game theoretic Approach, in Proceedings of the 2nd ACM symposium on Information, computer and communication security, pp 365-367 (2006) [6]Qi Chen, Wenmin Lin, Wanchun Dou, Shui Yu CBF: A Packet Filtering Method for DDoS Attack Defence in Cloud Environment, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing. ISBN: 978-0-7695-4612-4.2011 IJCSIET-ISSUE4-VOLUME3-SERIES3 Page 5