Date post: | 23-Oct-2014 |
Category: |
Documents |
Upload: | naren-v-tada |
View: | 104 times |
Download: | 0 times |
April 7, 2023 1
Neighbor Defense Technique to Mitigate Flood Attack in MANETs
Guided By- Dr. Savita Gandhi & Mr. Nirbhay ChaubeyPrepared By- Naren Tada & Srushti Trivedi
At
Department of Computer Science,Rollwala Computer Centre,
Gujarat University, Ahmedabad-380009
Dissertation Phase-II
April 7, 2023 2
Overview
Introduction to MANETs
Fundamental working of AODV
Types of possible attacks in AODV
About Flood attack
Motivation to prevent Flood attack
Algorithm for Neighbor Defense Technique to Mitigate Flood
Attack (NDT)Flow chart for NDT
Current working status
Future work
April 7, 2023 3
Characteristics•Operating without a central coordinator •Multi-hop radio relaying •Frequent link breakage due to mobile nodes •Constraint resources (bandwidth, computing power…)•Instant deployment
Challenges of Manets•Routing•Security and Reliability•Quality of Service (QoS)•Inter-networking•Power Consumption•Location-aided Routing
Characteristics and Challenges of MANETs
April 7, 2023 4
MANETs Routing Protocols
Reactive Protocols (AODV,DSR,TORA)
•Finds a route on demand
•Flooding the network with Route Request packets
Proactive Protocols (DSDV,OLSR)
•Maintains fresh lists of destinations and their routes
•Periodically distribute routing tables
Hybrid Protocols (ZRP)
•Combines the advantages of proactive and of reactive routing
•Initially established with some proactively prospected routes
•Then serves the demand from additionally activated nodes through
reactive flooding
April 7, 2023 5
Fundamental working of AODV
Reactive/On – demand
Main Two Processes:
1. Route Discovery
2. Route Maintenance
April 7, 2023 6
Merits•Does not need any central administrative system•Reduce the control traffic messages overhead•Reacts relatively fast to the topological changes•Saves storage place as well as energy
Demerits•Can gather only a very limited amount of routing information•A long path is more vulnerable to link breakages and requires high
control overhead•Has no security measures built in•Vulnerable to various kinds of attacks•Two main types of uncooperative nodes: malicious and selfish
Merits & Demerits of AODV
April 7, 2023 7
Types of possible attacks in AODV
Different ways of malicious node to attack
•Sending fake messages several times
•Fake routing information
•Advertising fake links to disrupt routing operations
Blackhole attack
Flooding attack
Link spoofing attack
Wormhole attack
Colluding misrelay attack
A Review of Current Routing Attacks in Mobile Ad Hoc Networks -- Rashid Hafeez Khokhar, Md Asri Ngadi and Satria Mandala
April 7, 2023 8
About Flood AttackLiterature Work
A New Routing Attack in Mobile Ad Hoc Networks -- Ping Yi, Zhoulin Dai, Shiyong Zhang, Yiping Zhong from Department of Computing and Information Technology, Fudan University, Shanghai, China
•The attacker selects many IP addresses which are not in the
networks
•No node can answer RREP packets for these RREQ
•The attacker successively originates mass RREQ messages for
these void IP addresses
•The attacker will resend the RREQ packets without waiting
for the RREP or round-trip time
April 7, 2023 9
Performance Analysis of Flooding Attack Prevention Algorithm in MANETs
-- Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao•All the nodes in an ad hoc network are categorized as friends,
acquaintances or strangers
•A trust estimator -- a function of various parameters
•friends (most trusted), acquaintances (trusted) and strangers
(not trusted)
•Xrs, Xra, Xrf be the RREQ flooding threshold for a stranger,
acquaintance and friend node respectively, Xrf > Xra > Xrs
•Yrs, Yra, Yrf be the DATA flooding threshold for a stranger,
acquaintance and friend node respectively then Yrf > Yra > Yrs
April 7, 2023 10
Flood attack and its consequences The attacker node-1 and node-8
They flood the RREQ messages at particular time interval
Their neighbor nodes don’t know the route to that destination so
rebroadcast RREQ
Attacker constantly inject false
RREQ packets into the network
Due to false generation, attacker
can introduce a new DOS attack
to exhaust the communication
bandwidth and node resource so
that the valid communication
cannot be kept
April 7, 2023 11
Motivation to prevent Flood Attack
AODV is very conservative about sending RREQ packet in network
After sending request packet there is some waiting time for RREP
to come - RREP_WAIT_TIME = 1 second
There is RREQ_RETRIES = 3 for network wide search - after
exceeding this value MAX_RREQ_TIMEOUT = 10 sec
Malicious node will misuse all these properties and flood its own
fake request in network.
If attacker is out of control it will flood the entire network and
degrade the performance of manets very high extent.
Only very reliable method is - not to rebroadcast this fake RREQ by
neighbor.
April 7, 2023 12
Algorithm for Neighbor Defense Technique to Mitigate Flood Attack
(NDT)Two lists are maintained in every node which are neighbor of the requester one is Broody list and RREQ_count table
1. Broody list will keep the record for malicious node which floods the request. Flood Timer has taken for generating Dummy packet by the attackers.
Malicious node 1 idMalicious node 2 idMalicious node 3 id
2. RREQ_count table will keep track of number of request come from each neighbor in particular interval.
RREQ_ID RREQentry TimeStampRequester1 Id 5 0.34566Requester2 Id 1 0.55346
April 7, 2023 13
Timers used in simulation
FloodTimer
• In order to inject FAKE Request packet by malicious node in the
MANETs, used flood timer which is continuously send the
request as value 0.009 sec
CacheTimer
• In order to check Request table entry for the expire time as well
as count for the request to check whether to exceed peak or not
as the value 0.002
April 7, 2023 14
The Algorithm:
if(CacheTimer out)then
Erase RREQ_Count table entries if(RREQester is in broodyList)then
Drop the packet if ((RREQester is neighbor) && (there is no entry in RREQ_Count table))then
Add the RREQentry for this RREQ in RREQ_Count table
if(RREQentry >PickValue)then
Put the RREQester in broodyList!
April 7, 2023 15
Flow chart for NDT(While adding entry in table for receive packet)
If the requester is in broody list?
In Receive Request process
BroodyList(Malicious node
entrys)Drop This packet
yes
No
If the requester is very neighbor?
Do the rest receive request processNo
Is the requester is in RREQ_count
table?Yes
RREQ_count table
Increment the Requester’s entry
in the RREQ_count list
Yes
Add the entry of requester in the
RREQ_count list and increment the count
value of request
No
Stop processing packet
End of adding request entry
April 7, 2023 16
If the Cache Timer time out
Yes
Check the Request count entry’s expiry
time
In Waiting state for event to trigger
Flush the entry of the request count
tableYes
Request count table
Check the entry’s exceed the peakValue?
Put the requester in the
BroodyList
Yes
No
Proceed further
Start
While flushing the Entry in request_count table
April 7, 2023 17
Prerequisite for NDT1. As the detection only done by very neighbor of the attacker, it
can not be possible without enabling the HELLO packet of nodes.
2. Peak_value, Cache interval and Flood interval should be synchronize with each other according to MANET’s nature and application .
Prerequisite for NDT & Current working status
Current working status
1. Implemented flood attack
2. Tested the proposed algorithm(NDT) for small network
3. 4-nodes and 1-node as malicious node .tcl
4. 25-nodes with 1 malicious node and 3 malicious nodes .tcl
5. Reading taken with attack and without attack .awk and .sh
April 7, 2023 18
Simulation SetupNo. Simulation Parameter
Parameter Parameter Value1 Simulator NS-2.332 Simulation Area 1000m X 1000m3 MAC Protocol IEEE 802.114 Mobile Nodes 255 Antenna Type Omni antenna6 Propagation Model Two Ray Ground7 Number of Connections 58 Packet Size 512 byte9 Routing Protocols AODV10 Data Traffic CBR (UDP)11 Simulation Time 100 Sec
12 Number of Malicious Node 1,3
13 Pausetime 0,5,10,15,20 ms14 Flood Interval 0.009 sec15 Cache Interval 0.002 sec16 Peak Value 7(no of request)17 Entry Expiry time CURRENT_TIME + 0.05
April 7, 2023 19
Simulation Setup - 25 nodes with 1 malicious node and 5 connections10 Different scenarios with pause time – 0, 5, 10, 15 and 20 ms
0 5 10 15 2005
101520253035404550
NDTAODVPlainAODV
PDF vs Pause Time
Pause Time
0 5 10 15 200
1020304050607080
NDTAODVPlainAODV
PDR vs Pause Time
Pause Time
PDR
0 5 10 15 2002468
101214161820
NDTAODVPlainAODV
Avg. Throughput vs Pause Time
Pause Time
Avg
Throughput
0 5 10 15 200
5001000150020002500
NDTAODVPlainAODV
NRL vs Pause Time
Pause Time
NRL
Result_with1_5_25.xls
April 7, 2023 20
Simulation Setup - 25 nodes with 3 malicious nodes and 5 connections10 Different scenarios with pause time – 0, 5, 10, 15 and 20 ms
0 5 10 15 200
102030405060
NDTAODVPlainAODV
PDF vs Pause Time
Pause Time
0 5 10 15 200
1020304050607080
NDTAODVPlainAODV
PDR vs Pause Time
Pause Time
PDR
0 5 10 15 2002468
101214161820
NDTAODVPlainAODV
Avg. Throughput vs Pause Time
Pause Time
Avg
Throughput 0 5 10 15 20
05000
1000015000200002500030000350004000045000
NDTAODVPlainAODV
NRL vs Pause Time
Pause Time
NRL
Result_with3_5_25.xls
April 7, 2023 21
Simple AODV and NDT without attack
0 5 10 15 20767880828486889092
NDTAODVPlainAODV
PDF vs Pause Time
Pause Time
0 5 10 15 2002468
101214161820
NDTAODV
PlainAODV
PDR vs Pause Time
Pause Time
PDR
0 5 10 15 203.53.63.73.83.9
44.14.24.34.4
NDTAODVPlainAODV
NRL vs Pause Time
Pause Time
NRL
0 5 10 15 20323334353637383940
NDTAODVPlainAODV
Avg. Throughput vs Pause Time
Pause Time
Avg
Throughput
Result_without_5_25.xls
April 7, 2023 22
Future workStill require to simulate NDT for more number of nodes and
different number of malicious nodesWill add RREP and RERR flooding attackWill prevent RREP and RERR flooding
Further ImprovementsIn order to give complete isolation Broody list should be broadcast
by defense node as early as possible(Raising alarm technique). Packet should be queue for some time in order to prevent early
flow by attacker.(Before detection with early flow detection method)QoS (quality of services)
Conclusion derived from graphsWithout attack and low mobility NDT and Plain works similar.Performance improved in all parameter in NDT with attack.Drastic change in graph can be seen due to flow leak in NDT
because of overhead.
April 7, 2023 23
Disadvantage of NDT1. According to Peak_value of network maintain by each node, sloppy
attack still be possible if attacker has chosen flooding interval little bit large but effective.
2. As the MANETs is very dynamic in nature, topology can still be vary and neighbour of attacker will be changed, flow can be leaked and flood can be possible until the new neighbour find the attacker.
Advantage of NDT 1. The attack is defended by very neighbour of attacker2. The list and cache is only maintained by neighbour of attacker for
only some periodic time, after the cache timer out record will be flush.
3. Node will not be isolated completely from network after detection, perhaps it will still be part of the network and can do some cooperation
4. No further impersonation can be made as the neighbour maintains the list malicious node with help of its neighbour list.
April 7, 2023 24
Files changed for proposed algorithm
ns-2.33/aodv/aodv.cc
ns-2.33/aodv/aodv.h
Changed .tcl file
Generated different scenario files for different pause time
April 7, 2023 25
References1. C. Perkins, E. Belding-Royer, S. Das, “RFC3561 of ad hoc on-demand
distance vector (aodv) routing” University of Cincinnati, July 20032. “A Review of Current Routing Attacks in Mobile Ad Hoc Networks” --
Rashid Hafeez Khokhar, Md Asri Ngadi and Satria Mandala from International Journal of Computer Science and Security, volume (2) issue (3)
3. “A New Routing Attack in Mobile Ad Hoc Networks” -- Ping Yi, Zhoulin Dai, Shiyong Zhang, Yiping Zhong, Department of Computing and Information Technology, Fudan University, Shanghai, China, International Journal of Information Technology Vol. 11 No. 2
4. “Performance Analysis of Flooding Attack Prevention Algorithm in MANETs” -- Revathi Venkataraman, M. Pushpalatha, and T. Rama Rao from World Academy of Science, Engineering and Technology, 56, 2009
5. http://elmurod.net/?p=196 “Adding Malicious Node to AODV”
April 7, 2023 26
Thank you !
Questions??