t.':'1':!~t.'::;~;~a!~~.~':;"'~"1.~~,:iIrI:l.<"""'''',r':',,,,,,,~,,,'',,''~'~''~.''''-'~

",Page 1

CiiT - I, -=.=~"~'"~-::.::.'.~.~';... bringing the world IOCi1{{Y

~~4JiiI~ii$)¥tI"+_fiii1#:$._j_"_About us Subscription Review Committee Conferences Publications FAQ Contact

CiiT International Journal

Publication Menu About us Reviewers are Invited

• !:!91Jl~• ~jJ.do.t• ~QQt'l9;

Members Login

Us~rname.".._. ----'-"--'

Coimbatore Institute of Information Technology, Colmbatore is one of theleading Software Research Institute imparting Institute of more than 8 years of ~ Mail your profile tostanding to help the software industry meet its never-ending technical editor@_Ql!~$_I£i!(£thQ[Qchallenges. CiiT Research is dedicated to conducting both basic and appliedresearch in computer science and software engineering. The goals is to enhancethe user experience on computing devices, reduce the cost of writing andmaintaining software, and invent novel computIng technologies. CliT Researchalso collaborates openly with colleges and universities worldwide to broadlyadvance the field of computer science. '

Password

Adding feather to its cap, CiiT has started this porta! for journal publications thatc<lnbe used by students, research scholars and research scientists, to publishtheir work. The journals arc

!",Login,1

@al1ge Password

• CiiT International Journal of Artificial Intelligent Systems and MachineLearning.

• CiiT International Journal of Automation and Autonomous System.• CiiT International Journal of Biometrics and Bioinformatlcs.• CirT International Journal of Data Mining and Knowledge Engineering.• CilT International Journal of Digital Signal Processing.• CiiT International Journal of Fuzzy Systems.• OiT International Journal of Image Processing.• CiiT Imernational Journal of Networking and Communication Engine~ring• CiiT International Journal of Programmable Device Circuits and Systems.• CUTInternational Journal of Soft\'IIareEngineering and Technology.• CifT International Journal of Wireless Communication.

Web site and all contents@ Copyright CiiT , COilnbatore.,All rights reserved.

H brid A roach for Doe.ct;,on and Prevention of &lackhol0Attack in Mobile Adhoe Network

Coimhatlll;e Institute of Information TechnologyIntcrnntionn I ,lou rnals

('t!I1\,righl1"]!lj-~[t,,. t-Orfll

Tille of the paper:

Name of the Joumal:cii'l' Intemat;,onal Journal of Wireless c"",",unication

The CopyrighlTransfer ronn mllSI be duly signed by the author(s) and submitted alongwithlhe p(l!,er, For jointly authored papers, all the joint authors should sign or one of the

authors should sign as' authorized agClll for the others.

G Tlw authors transli:r the copyright of lhe paper to the publishers for the publications of

the paper in journal." -nle authors declare that the article submitted has not been published or submitted lor

the puhlicatidllS ill print or electronic versions. - -G The paper submined for the publications is author's original work and they have the

right \0 usc all purlS of the papers including \1\1 ligures and tables.o All the source of funding and Iinancial-support should becn indicllted in the paper.

Terms IlIld Conditions

SiglltlWre vf 1111tIuUllItllOrs ,l.Name of lhe authorr{Block tellers)

Authorized Signature _phtce/Date

Plae'CIDal.C."uthorized SignatureName of the author (Block letters)1..

I'lacefDutcAllthorized SignUl\lrc---_._--_.-Name of lhe aLilhor (l3Iueh Iellers)

4_Name of the author (mock lellers)

Authorized Signature PlaceJDale

Prabhu Rani Jato"r /22171201 IName (Block lctters) AUlhQl".cd Signalure Placc/Dilte I

N.I' II "" '''P'' ;, "" _ ,,,J '0' ,', P'b1;~';.' ,,,' " ,', p,hI""", ,hi••~~-shall become null and void.

Hybrid Approach for Detection andPrevention of Blackhole Attack in Mobile

Adhoc Network

CUT International Journal of Wireless Communication, Vol 3, No 6, August 2011

Prabha Ram*, Yogesh Chaba**, Yudhvir Singh****PhD (CSE) Research Scholar, NIMS University,Jaipur

**Associate Professor, Department of Computer Science & Engineering, GJUS&T, Hisar,***Assistant Professor, Depll. OfCSE, WET, MDU, Rohtak

*Prabha. r.b@gmail.com, * *)'o,?eshchaba({j)vahoo. com, * ** vlIdhvirsingl1@rediffmail.com,Abstract - In this paper, blackhole attack in mobile adhocnet'works have been investigated. Blackllok attack is theattack in which all traffic is redirected to a specific node,which may not forward any traffic to all other nodes. Thetest.bed is created and system is developed using AODV as abase routing protocol on the network simulator. Variousnetwork performance parameters i.~. throughput, packetdelivery ratio, collisi9ns etc. arc analyzed before and afterattack. There are two existing mechanisms: packet basedprevention, request based prevention and one hybridmechanism for preveptin~ blaekhole attack is proposed. Onimpleml.:lltationof blackholc attack the performance of thenetwork reduces, but after implementation of detection andprevention mechanisms the performance of MANETs Iimproves significantly and results shows that proposedhybridtcchnique is better thanexisting techniques.Keywords- AODV, Blackhole, Hybrid Prevention,MANET,PBPand RBP.

I. INTRODUCTION

Network is a collection of nodes, where nodes canpass information to each other. Mobile adhocnetwork is a type of network, where nodes are

wireless and mobile and forms a temporary networkwithout any centralized administration. The mobilenode enlists other hosts in forwarding a packet to itsdestination due to the limited transmission range ofwireless nctwork interfaces. All mobile node operatesin two ways one as a host and second as a routerforwarding packets for other mobile nodes in thenetwork, which may not be within the directtransmission range of each other......_-- _--- _--- _- _-- --_ _---_ _-- _-- _---- -

Manuscript received on July 19,2011, revit.:w completed on July 29,2011 and revised on 29, 2011.

Prabha Rani is doing research at NIMS University, Jaipur, India. E-Mail: Prabhaprabha.r.b@gmail.com

Yogesh Chaba is with Department ofCSE, GJ University of Science& Technology, Hisar, India. E.Mail: yogeshchaba@yahoo.com

Yudhvir Singh is with Department ofCSE, OJ University of Science& Technology, Hisar, India. E-Mail: yudhvirsingh@rediOinail.com

These nodes participate in an adhoc routing that allowsit to discover multi-hop paths through the network toother node. This concept of Mobile adhoc network isalso called. infrastructure-less networking. Mobilenodes in the network dynamically establish routingamong themselves to form their own network. So,JI:Iobile Adhoc ~etwork (MANET) is a collection ofcommunication .. devices or nodes that wish tocommunicate without any fixed infrastructure and' pre-determined orgllj1ization of available links. The nodesitself are responsible for dynamically discovering qthernodes to communicate or route to other nodes inMANET [I]. A special focus is given to MANE1j dueto their mobility and less resource constraints theyhold. Fig.1 illustrates an example of ad hoc network.The participating nodes act both as end hosts' androuters forwards traffic from the Source to thedestination host. With the proliferation of wirelessdevices, mobile' ad-hoc networking (MANET) hasbecome a very exciting and important technology.

Figure 1 Adhoc Network

0974.9713/CIIT-IJ-1479/06/$20/$IOO CO201 I CiiT Published by the Coimbatorc Institute ofInfqrmation Technology,

II. BLACKHOLE ArrACK

CiiT International Journal of Wireless Communication, Vol 3, No 6,

However, MANET is more vulnerable thanwired networks. Existing security mechanismsdesigned for wired networks have to be redesigned inthis new environment [9]. In Blackhole attack all trafficis redirected to a specific node, which may not forwardany traffic to all other nodes. So the traffic is not ableto reach the destination node. There are variousJechniques for avoiding or eliminating the blackholeattack.

To know the work done in this area variousresearch papers were reviewed. Chaba e1. aI. [2] hasproposed two mechanisms: packet based preventionand request based prevention, these methods havesignificantly improves the performance againstblackhole attack, but has still some scope for earlydetection of blackhole attack. Sanjay Ramaswamy [4]propose a methodology for identifying multiple blackhole nodes cooperating as a group with slightlymodified AODY protocol by introducing Data RoutingInfonmation (DRI) Table and Cross Checking, but havenot done any theoretical or experimental analysis forproposed methodology. Chang [5J et. aI. propose adistributed and cooperative mechanism to tackle theblack hole problem, this mechanism is distributed andnodes in the protocol work cooperatively together sothat they can analyze, detect, and eliminate possiblemultiple black hole nodes in a more reliable fashion,but have a lots of overheads. Zhang et.al [6] has shownthat the Mobile Ad Hoc Networks can be secured withCertificate-less Public Keys. Latha et. al[7] hasprevented the black hole attack using a co-operativealgorithm (PCBHA), which is based on the use of'fidelity tables' and assigning fidelity levels to theparticipating node, which may change the behavior ofAODY routing algorithm, however it does not tellsabout route maintenance and number of collisions inthe network. Dulla et.aI. [8] discussed the collaborativetechnique for intrusion technique in mobile adhocnetworks and shows the effect of collaborating1cchniques to improve the performance of the network.Nguyen et.al.[9] has studied and shown the impact ofvarious attacks on the multicast routing protocols onMANET. Zhang et.al [I OJ has proposed the SIP: asecure inceptive protocol and shown that it is effectiveagainst selfishness attack in MAN ET. E1mar et.al. [I I]have detected black hole attacks in MANETs usingtopology graphs (theoretically).Parker et.al [12] showsthe threshold based intrusion detection in adhoc andsecure AODY network. Khalil et.al. [3] has proposedand analyzed the mitigation of wormhole attack inmobile adhoc networks. In literature so!ne of theauthors describe about intrusion detection s)'".~m andsome discussed the routing strategies. Some authorsdescribed about securing mobile adhoc network againstallacks and only few autli"!,, ,:: ., black hole attack.They have still limitatioll:; in tJ1~jr imph:mentation and

August 2011

low perfonnance e.g. more collisions, communicationor route maintenance overheads, end-to-end delays andlesser throughput/packet delivery ratio etc. In thispaper, we have implemented existing PBR and REPprevention mechanisms and proposed HP (HybridPrevention) mechanism with lesser number ofassumptions, as in almost realistic scenarios. Thispaper is divided in to five sections, Section I is theintroduction of our paper, section II discussed the blackhole attack and its detection mechanism, section IIIfocuses on the assumption taken and proposedprevention mechanisms, section IV discusses onexperimental setup and reports the results and finallythe conclusion is given in section V followed byreferences.

In this attack first a malicious node intrude in theMANET itself using a false identification and then tryto attract all the traffic of the whole network byclaiming a fres~ route to the destination and thenabsorb them without forwarding to the destination asshown in figure 2. This will disrupt the performance ofthe network almost completely. First, when a sourcenode wants to communicate with destination node, aRREQ is broad casted ~nitially. After broadcasting routerequest a number of route reply are returned to sourcenode from various paths. In case of AODY, a route isselected only of that node which has the greatestdestination sequence number. In this network node 20is acting as a blackhole node. So, being a large networkof 100 nodes first a Route Request (RREQ) is sent inthis manner so that it will reach up to 20 for every CBRlink. Then this node will try to return a maximumdestination- sequence number for getting its routeselected. Once the route via this node is selected, thepackets that reach to this node will not be forwarded tothe destination as shown in figure 2. So the code forblackhole implemented in GloMoSim is shown asbelow. This code is written in the aodv.pc file based 011

'C' language. The node address as 20 is changed in theRoutingAodvlnitiateRREQ function. The two functionsincluded in this ~de is described as follow:

• RoutingAodvlnitiateRREQ: Initiate a RouteRequest packet when no route to destination isknown.

• RoutingAodvRouterFunction: Determine therouting action to take for a the given data packetset the PacketWasRouted variable to TRUE if nofurther handling of this packet by IP is necessary.

0974-9713/CIlT-IJ-1479/06/$20/$IOO 0 20 II CiiT Published by the Coimbulore Institute of Information Technology

CiiT International Journal of Wireless Communication, Vol 3, No 6,

voidRoutingAodv Rou terFunction(G lomoN ode *node,Message *msg, NODE_ADDR destAddr,BOOL *packetWasRouted)1* There is no route to the destination and RREQhas not been sent *1else if (!RoutingAodvLookupBuffer(destAddr,

&aodv->buffei')){ RoutingAodvlnitiateRREQ(node, 20); }

GLOMO MsgFree(node, msg);- Figure 2: Code for implementing Blackbole Node

Attack.

A, DetectioJl (~l13lackhole AuackLet us now describe some notations of statistics(features) used in these rules. Here M is used torepresent the monitoring node and m the monitorednode.• # (*; m): the number of incoming packets on the

monitored node m.• # (m,*): the nllmb"r of outgoing packets from the

monitored node 01.'• # ([m),*): the number of outgoing packets of

which the monitored node m is the source.• # (*, [mJ): the number of incoming packets of

which the monitored node m is the destination.• # ([s), m): the number of incoming packets on m

of which node s is the source.• # (m, [dJ): the number of outgoing packets from m

of which node d is the destination.• # (m, n): the number of outgoing packets from m

of which n is the next hop.• # ([s], M, m): the number of packets that are

originated from s and transmitted from M to m.• # ([s], M, [mJ), the number of packets that are

originated from s and transmitted from M to m, ofwhich m is the final destination.

• # ([5], [dJ), the number of packets received on themonitored node (m) which is originated from sanddestined to d.

• # ([s], M', m),the number of control packets thatare originated from s and transmitted from M to m.

• # ([s], M', [mJ), the number of control packets thatare originated from s and transmitted from M to m,of which m is the final destination.

• TTF: Time Threshold Factor

These statistics are computed over a feature-samplinginterval, denoted as L,. In addition, we often need thesame set of statistics that are computed over a longerperiod. These longer.teml statistics can be computeddirectly from basic features by aggregating them inmultiple feature sampling intervals. We useFEATUREL to denote the aggregated FEATURE overa long period P. We always assume that time interval

August 2011

P is multiples of L" for simplicity. For example, thenotion #\*,m) are computed by summing up all #(*;m)in UL, rounds of feature sampling intervals. Detectionrule for blackhole node attack based on these statisticsis described here. In the Blackhole attack the statisticsforward percentage over a time period of L ismonitored. The total number of packets that arereceived by M and M should forward. The totalnumber of packets sent by M's I-hop neighborhood (N(M» and is not destined for another neighbor or M. Ifall such packets are being absorbed by M for asufficient longer period, or more precisely. Based onthe GFP, a blackhole can be detected and M isidentified as the attacking or misbehaving node. Notethat the statistics must be collected on M locally. Thedetection of blackhole may be infeasible if M ismalicious and the attacker has total control of M so Ii

thatthe detection modules can be disabled.

. I

III. PREVENTION TECHNIQUES I

A. AssumptionsIn order for this whole system to work some factorshave to be true. The assumptions that are effectiveduring the. implementation of this system are notfarfetched or unrealistic and can be easily realized in anad hoc networking environment. Specifically.assumptions are the f~lowing:• Every link between the participating nodes is

bidirectional.• Nodes operate in promiscuous mode, meaning that

they can listen to their neighbors' transmissions.• We assume that when initiating the attack, the

attacker can use a use a fake address but does notchange it dynamically. If attackers change itsaddress quite often a neighbor can identify thismisbehavior effectively.

After implementing the blackhole node attacks theperformance of the network is affected badly. Toovercome the effect of these attacks on theperformance of the network the following two ex;istingand one proposed techniques are implemented.

B. Packet Based PreventionAfter implementing the blackhole attack the destihationaddress is changed by the forged node addre~s. Toincrease the performance of the network over theblackhole attack, a technique that compares the numberof control packet transmitted and data packettransmitted is implemented. The following notationsare used to describe the rule:

#L«(sl, M', m) + #L(lS), M', [mil >L«S], M, m) + # L«sl. M, [mil +TTF

Based on this rule the forged address is changed by theoriginal destination address so that the number of data

0974.9713/CllT-IJ-1479/061$20/$100 (Q 20 11 CiiT Published by the Coimbatore Institute of Information Technology

CiiT International Journal of Wireless Communication, Vol 3, No 6, August 2011

Table 1: Simulation Parameter.Parameter Value Descrivtion

Simulation 10 Maximum executiontime Minutes timeTerrain 1200m, Physical area inDimensions X which the nodes are

1200m DlacedNumber of 100 Nodes participatingNodes in the networkTraffic Model CBR Constant Bit Rate

link used (20connections)

Node Vnifor Node placemeniPlacement m DolicvMobility 0-25 Speed of node with

(mls) which they aremovine.

MAC-Protocol CSMA MAC layer protocolused

Routing AODV Routing protocolProtocol used

of reply.packet sent. Therefore, it is obvious for anormal communication number of data packettransmitted should be greater than the number ofcontrol packet transmitted. But after theimplementation of Blackhole attack it appears that thenumber of data packet transmitted are less than thenumber of control packet transmitted. If numbets ofrequest packet sent are greater than the number of ~eplypacket sent and time threshold factor then the f~rgedaddress is changed by the original address. Thenumbers of route request packets are generated morewhereas number of route reply generated are less incomparison of without attacking the network. Thisshows that our network is under attack. To overcomethis problem the destination address which is changedby fictitious address during the Blackhole node attackwill now have to be replaced with original address.

IV. EXPERIMENTAL SETUPThis section describes the scenario with all the networkparameter, which is used for simulation. These are thesimulation parameters and there respective values,which are used to examine the performance of thenetwork as shown in table 1.

A. Performance Evaluation MetricsThe following performance metrics are chosen toevaluate the impact of the blackhole node attack.• Packet Delivery Ratio (PDR): It is the ratio of

number of data packets actually sent to the datapackets actually received by the destination. It isselected to evaluate the percentage of deliveredpackets without and with attack mechanism. This

D. Proposed Hybrid Prevention

After implementing the Blaekhole attack thedestination address is changed by the forged nodeaddress. To increase the performance of the networkover the Blackhole attack, a technique that comparesthe number of control packet transmitted, data packettransmitted and request packets transmitted isimplemented. The following notations are used todescribe the rule:

(# L(lsl, M, 01) > # L(lsl, M, im/) + TTF) IIL({si,M', m) + #L({sj, M', 1m/) > # \Is), M, m)

+ # \isl, M, 1m/) + TTF)Based on this rule the forged address is changed by theoriginal destination address so that the number of datapacket will reach at their original destination. Thellumber of control packet transmitted is the sum ofnumber of request packet sent and the sum of number

packet will reach at their original destination. Thenumber of control packet transmitted is the sum ofnumber of request packet sent and the sum of numberof reply packet sent. Therefore, it is obvious for anormal communication number of data packettransmitted should be greater than the number ofcontrol packet transmitted. But after theimplementations of blackhole attack it appears that the• numbers of data packet transmitted are less than thenumber of control packet transmitted. So to overcomethis difficulty the destination address, which is- changed, by forged address will now have to replacewith original address.

C. Request Based Prevell/iOIlThe second way to increase the perfomlance of thenetwork by trying to circumvent the blackhole node isaccomplished by perfornling the comparison of numberof request packet sent to number of reply packet sent.Here total number of request sent is compared with thetotal number of reply packet sent and threshold timefactor. The following rule is used to change thefictitious address with the original address.

# L(ls), M, 01) > # L(lsl, M, 1m/) + TTF

If numbers of request packet sent are greater than thenumber of reply packet sent and time threshold factorthen the forged address is changed by the originaladdress. The numbers of route request packets aregenerated more whereas numbers of route replygenerated are less in comparison of without attackingthe network. This shows that our network is underattack. To overcome this problem the destinationaddress, which is changed, by fictitious address duringthe blackhole node attack will now have to be replacedwith original address.

0974-9713/CJIT-IJ-1479106/$20/$100 iC 20 I I CiiT Published by the Coimbatore Institute of Information Technology

August 2011

PBPTechnique

,",*-RBPTechnique

-+-NormalAODV

___ Blackhole

Attack

10 15 20 255

Node Mobility Speed(m/5)

o~ 1<=' 0.8~ ..~ 0.6~ 0.4_ 0.2]!u 0~

Deliverv Ratio with Varvin~ Node Mobilitv Sneed.MOBILITY PACKET DELIVERY RATIO <PDRl(METRS ormal Blackhole Packet Base Request HybridISEC.) ODV Attack Prevention Based Prevenl

(PBP) Preventio on (HPn IRBPI

5 0.916 0.170 0.677 0.659 0.76010 0.904 0.164 0.645 0.650 069415 0.881 0.152 0.622 01608 0.66020 0.865 0.138 0.586 0.557 0609

25 0.842 0.121 0.558 0.503 0.556

Table 2: Effect of Prevention TechniquesImplemented for Blackhole attack on Packet

is the best parameter to evaluate the performanceof a network.

PDR("') Total number of Packet Received10:= ----------- .100

Total number of Packet Sent

• Number of Collisions: When two or more nodeswant to transmit data packets without sensing orlistening the transmission channel, and if there isalready congestion on the channel, then a collisionstate occurs. In collision either the contents of thedata packets are modified or the contents arecompletely lost and the data packet is of no use forthe destination. So the source has to transmit thosedata packets again to the destination. This metric isused to measure that how many collisions occursduring the transmission.

• Energy Consumption: It is the total energyconsumed from the initiatilization of sendingpackets to the end of transmission. It is measuredin mWhr.

There is only one node, which may act as a blackholenode in a network. So in this attack, the effect ofnetwork performance based on increasing number ofattackers and with the. mobility speed of the nodesparticipating in the network will be analyzed.

CiiT International Journal of Wireless Communication, Vol 3, No 6,

B. Evaluation of Prevention TechniquesTo increase the performance of network affected by theblackhole attack, an effective prevention technique isimplemented. The prevention of balckhole attack isdone by three techniques or ways:• PEP OR Control Packet Transmitted vis Data

Packet Transmitted.• REP OR Number of Request Sent vis Number of

Reply Sent.• HP OR Control and Request Packet Transmitted

vis Data and Reply Packet TransmittedIn this section the performance of network bymeasuring the packet delivery ratio, number ofcollisions after the implementation of preventions ofthis attack is shown.

1n Table 2 and Fig. 3 packet delivery ratio isshown with respect to mobility speed of nodes. First ofall the packet delivery ratio of the network is measuredwithout attack, which is around 88.16% and afterimplementation of blackhole attack it is hardly 14.9%.However packet delivery ratio in the network by usingPER, REP and HP prevention techniques increases toaround 61.76%, 59.54% and 65.58% respectively.

Figure 3: Effect of Pr~vention Techniques Implementedon Packet Delivery Ratio with Varying Node MobilitySpeed.Table 3 and Fig. 4 show the effect of preventiontechniques implemented on the number of collisionsthat take place in the network. As the moving speed ofnodes increases in a network their respective number ofcollisions also increases. The effect on the number ofcollisions of the network is measured for 10 minutestime, which is around 251 and then afterimplementation of blaekhole attacks these are around772. However number of collisions in the network byimplementing PER, REP and HP prevention techniquereduces to 565, 586 and 554 respectively. Figure 4illustrates this more evidently.

Table 3: Effect of Prevention TechniquesImplemented for Blacl,hole attack on Number ofCollisions with Varvin~ Node Mobilitv Sneed.

MOBlLlTV NUMBER OF COLLISIONS PER NETWORKMETER/SEC) Blackhole Packet Request Hybrid

Norma Attack Based Based PreventionAODV Prevention Prevention (HPJ

(I'BPl 'RBI"5 192 698 506 553 49210 224 725 526 571 50915 260 763 56t 598 55020 275 803 593 603 59725 308 872 640 609 622

0974.9713/CIlT-lJ.1479/06/$20/$100 10 2011 CiiT Published by the Coimbatore Institute of Information Technology

CiiT International Journal of Wireless Communication, Vo13, No 6,

Table 4: Effect of Prevention TechniquesImplemeuted for B1ackhole attack on Energy

August 2011

V. CONCLUSIONThis paper investigates the effect of blackhole ~ttackon MANETs. In blackhole attack the destinationaddress is changed by the forged node address.! Thisdisrupts the performance of the network almostcompletely in which all traffic gets redirected to aspecific node, which may not forward any traffic at all.To increase the performance of the network over theblackhole attack, a technique that compares the n~mberof control packet transmitted, data packet transrrlitted,reply packets, acknowledge packets and requestpackets hybrid prevention and based on rules andstatistics has been ~mplemented by redirecting thetraffic to avoid the blackhole attack. The system isdeveloped and tested using AODV as a base routingprotocol on the network simulator. Various para~eters .Le. throughput, packet delivery ratio, collisions etc.were analyzed to see the performance of the networkbefore and after attack by using two existingmechanisms: packet based prevention and requestbased prevention and one mechanism is proposed Le.hybrid prevention technique for preventing blackholeattack. When blackhole attack is implemented theperformance of the network reduces, but afterimplementation of detection and preventionmech,lIlisms the performance improves. The packetdelivery ratio improves after implementing PBP,: RBPand HP by 62%, 60% and 66% respectively arid thenumbers of collisions get reduced to 565, 586 and 554from 772 per 10 minutes simulation time. It is observedthat there is very little change in energy consumptionas energy consumption for normal AODV, Blackholeattack, PBP, RBP and Proposed HP preventiontechniques implemented are 6.2692, 6.2562, 6.26286.2602 and 6.2608 mWHr respectively

ACKNOWLEDGMENT

Grant received from University Grant Commission,New Delhi to Dr. Yogesh Chaba (PI) under \"IajorResearch Project is duly acknowledged.

The results show that proposed HP techniques is ableto enhance the performance over previous techniquesagainst Blackhole attack. The performance shown inof various techniques [4][5] is lower than the proposedHP technique. As results discussed in PBP and, RBP. ,

techmques [14] are around 5% lesser than proposed HP. technique. In topology graph based technique [II] thepacket delivered hardly reaches to 60%, which arc alsolesser 5% to 7% as compared to HP technique. Co-operative prevention [7] has good packet delivery forsome cases but has higher overheads (link bre~kage,routing overheads, control packets etc.) as compared toHP technique.

PBP Technique

-+-NormalAODV

___ Blackhole

Attack

. PBPTechnique

---+- Normal AODV

____ BlackhoJe Attack

'--'X-- RBP Technique

____ ProposedHP

TechnIque

10 16 20 25Node Mobllity Speed Im/s)

~c 1000.Qw 800~'0 600u~ 4000~w 200.0E 0,z

[ 6.28

S 6.27..• •~ .2 6.26w~:I 6.25!8 6.24

Figure 4: Effect of Prevention Techniques Implementedon Number of Collisions with Varying Node MobilitySpeed.

5 10 15 20 25Node Mobility Speed (m/s) -7<.- RBP

Technique

Finally, in this section of evaluation of results,the behavior of energy consumption in the network ischecked. As the mobility speed of nodes increases theenergy consumption also increases. Table 4 and Fig. 5show the effect of energy consumption with thevarying node mobility. A comparison study of normalAODV, Blackhole attack, PBP, RBP and Proposed HPprevention techniques implemented are 6.2692, 6.2562,6.2628 6.2602 and 6.2608 mWHr respectively andshown with the help of Fig. 5 and indicates thatproposed technique is better than other techniques.

Figure 5; Effect of Prevention Techniques Implementedfor Blaekhole attack on Energy Consumption withVarying Node M~bility Speed.

Consumntion with Varvir •• Node Mobilitv SneedMOBILITY ENERGYCONSU""TION 'MWHR\(METERS Blaekhole Packet Request Hybrid

ISEC) Normal Attack Based Bused PreventioniAODV Prc\-'cntion Prevention (HP)

'PUP) muP)5 6.263 .6.253 6.259 6.258 6.258

10 6,265 6.255 6.260 6.258 6.259

15 6.269 6.256 6.262 6,259 6.261

20 6,272 6.257 6.265 6,261 6.262

25 6,277 6.260 6.268 6265 6.264

0974-9713/CIIT-IJ-1479/06/$20/$IOO <0 20 II CiiT Published by the Coimbatorc Institute of Information Technology

CiiT International Joumal ofWirelcss Communication, Vol 3, No 6,

REFERENCES[I] Anuj Joshi, Pallavi and Poonam Singh, "Security Threats in

Mobile Ad Hoc Network", S-JPSEl', ISSN 2229-71 I I,VoL I, Issue 2,125-129, (2010).

[2] Yudhvir Singh, Yogesh Chaba; Detection and Prevention ofBlackhole Attack in Mobile Ad Hoc Network; In proceedingof IEEE International Conference on Advance ComputingConference, IACC 2009; March 6-7, 2009; pp 2668.2672(2009)

[3] Iss.a, K~;llil, Saurabh B;lgC!li, Ness 13. Shroff "MobiWorp:M.lllgatlOn of the wormhole attack in mobile multihopwIreless networks", Ad Hoc Networks, Elsevier, Volume 6,Issue 3, May 2008, Pages 344-362 (2008).

[4] Sanjay Ramaswamy, Huirong Fu, ManoharSreekantaradhya, John Dixon and Kendall Nygard,"Prevention of Cooperative Black Hole Attack in WirelessAd Hoc Networks", Proceedings of the InternationalConference on Wireless Networks, Lus Vegas, (2003).

[5] Chang Wu Yu, Tung-Kuang Wu, Rei Heng Cheng, and ShunChao Chang, "A Distributed and Cooperative Black HoleNode Detection and Elimination mechanism for Ad HocNetworks",- PAKDD 2007 Workshops, Springer-VerlagBerlin Heidelberg, LNA14819, 2007, pp. 538-549.

[6J ~anch~o Zhan~, Wei Liu, Wenjing Lou, Yuguang Fang,Secunng Mobile Ad Hoc Networks with CertificatelessPublic Keys", IEEE Transactions on Dependable and SecureComputing, Vol. 3, NO.4, (2006).

[7] Latha Tamilselvan, Dr. V Sankaranarayanan, "Prevention ofCo-Operative Black Hole Attack In MANET", Journal OfN~two.rks, Vol. 3, NO.5, May 2008, pp-13-20 (2008).

[8] Nmgnnla Marchang, Raja Datta, "Collaborative techniquesfor intrusion detection in mobile ad-hoc networks" Ad HocNetworks, Elsevier, Volume 6, Issue 4, June 2008, Pages508-523 (2008)

[9J Hoang Lan Nguyen, "A study of different types of attacks onmulticast in mobile ad hoc networks", Ad Hoc Networks,Elsevier, Vol. 6, Issue J, January 2006, Pages 32-46 (2006).

[10] Yancha~.Zh~g, Wenjing Lou, and Yuguang Fang, "SIP: asecure lllcentlve protocol against selfishness in mobile adhoc networks", IEEE Wireless Communications andNetworking Conference (WCNC'04), Atlanta Georgia(2004). ' ,

[II] Elmar Gerh.lfds-Padilla, Nils Aschenbruck, Peter MartiniMarko Jahnke, Jens rolle, "Dclo.'cting Black Hole Attacksin Tactical MANETs using Topology Graphs", Proc. of 3"1iEEE confercnce on Network Security, (2007).

[12] A. Patwardhan, J. Parker, M. Iorga, A. Joshi, T. Karygiannis,Y. Yesha, "Threshold-based intrusion detection in ad hocnetworks and secure AODV" Ad Hoc Networks, Elsevier,Volume 6, 2008, Pages 578-599 (2008).

Prabhll Rani received degree of MTechComputer Science & Engincring fromMDU Rohtak. She is purusing PhD inComputer Sc. & Engg. Her research areasare Computer Networks and Mobilecommunication. She is working asLecturer in Computer Science &Engineering at OITM, Hisar. She has

. published i8 papers in national andlllternalional journals and conferences of repute.

AuguslzOlI

Systems from BITS Pilani and PhD degree from GJUST, HISAR. Heis working as Associate Professor in Deptt of Computer Sc. & Engg,Guru Jumbheshwur University of Science & Technology, HISAR. Heworked as Chainnan, Deptt of CSE, Guru Jambheshwar Universityof Science & Technology, HISAR for three years. His Research areasure Computer Networks and mobile communication. He haspublished more then 80 papers in national and international journalsand conferences of repute including IEEE, Springer and ScienceDir~ct Journals. He is Principal Investigator of two major r~searchprOjects funded by All India Council for Technical Education andUniversity Grants Commission, INDIA in the area of NetworkSecurity and Ubiquitous. He is also Deputy Coordinator of SAPproject funded by University Grant Commission. He has va~tinternational exposure as he has visited different universities andresearch institutions in USA. UK and China for academicassignm.ents, He is also recipient of "Young Scientist Award" bylnternatlOnal Academy of Physical Sciences for year 2002.

Yudhvir Singh received the 8.E. degree inComputer Sc. & Engg in First Class from CRState College of Engg, Murthal, Sonepat. Heobtained his MTech degree in Software Enggfrom TIET Patiala and PhD degree' fromGuru Jambheshwar University of Science &Technology, HISAR. He is working as

" , Assistant Professor in Deptt of Computer Sc.. & Engg, Guru Jambheshwar University of

SCIence & Technology, HISAR. His Research areas are ComputerNetworks and Mobile communication. He has published more then65 papers in national and international journals and conferences. Heis ~o.P~incipal Investigator of major research projects funded byUmverslty Grants Commission, INDIA in the area of NetworkSecurity: He is also recipient of "Young Scientist Award" byInternatIOnal Academy of P~ysical Sciences for year 20 1O.

Dr Yogesh Chuba received the DE degreein Computer Sc. & Engg withDISTINCTION from MarathwadaUniversity, Aurangabad in year 1993. Heobtained his MS degree in Sothvare

79/06/$20/$10010 20 II CiiT Published by the Coimbutore Institute of Information Technology

"

prabha prabha <prabha.r.b@gmail.com>

2 messages____ .__~ L

_________________ ' ._. I

Editor <editor@ciitresearch.org> Fri, Jul 29, 2011 at 2:57 ~M

To: 'ciiccbe@yahoo,co.in

cur -IJ-2192-Paper Review Comments-CHT InternationalsJournals

Dear Author(s),

Orr behalf of the CiiT-Ed-Board,' we are very happy to inform you that yourpaper has been accepted for publication. Based on the referees' comments, thea er can onl be acce ted after the authors have made si nificant im rovements

on it.

Submit your final copy of manuscript on or before 08/08/2011.

Please" make~lcareful revision for the manuscript according to thereferee's conunents/suggestions and provide a revision note describing yourresponse and changes made to the comments. The final recommendation foracceptance will be based on further MINOR/MAJOR revision and the finalinclusion will be subject to the approval of the journal's editorial board.

We would be grateful if you could take a _priority to complete therevision within 5 days since we are running a little bit behind the schedule.Please observe .the Publisher's instructions for preparing your manuscript.See below. The final manuscript (camera ready paper) must be electronicallymailed to us on or before 8th August, 2011. If you have any questions,

please mail us.

<Note This mail contains an attachment, please see review results as

attachment>

Thank you for your support.

Best Regards,

CiiT IJ- Editorial Board

-~-----~--~--------------------------------------------~-----------------------------~-----------------------~Note: Authors are advised to strictly follow the format of CiiT Journals

Instructions to Author

(1) Use only Times New Roman font for all figures/table/graphs etc.,

https:/ /mail,google.com/maill?lli-2&ik~44d09ccc3d&vieW=Pt&search=inbox&th= 13... 09-08-2011

!I1

Page 2 or 3

(2) Figures/tables should be numbered from 1.

(3) Use Math Equation Editor to Type Equation (In Microsoft word 2003, option found in InsertMenu~Object~Microsoft Equation 3.0) q

(4) Mention the author affiliations as first page footnotes. (You can find footnote option in Microsoft "Word [lnsert~Reference~Footnotel.) I ,

. (5) Use Frames for Title and author names. (If possible paste it from template document).

(6) Use only formal photograph with professional biography of authors (Don't give personal detailssuch as hobbies etc.,).

For more information, we have attached the "CiiT _Journal_Formal" with this mail. Please find the!attachment.

If you are the beginner for CiiT International Journal Format, Please download the format instructionfile: http://ciitresea rch.org/down 10ads/CiiT-Format -for-beg inners.pdf

____ M _

ICoimhatore Institute of Information Technology I ,I #16, 1st Floor I Sathyamoorthy Road IRa111nagarI Coimbatorc - 6410091 Tamilnadu I India

I Phone - 0422- 43778211 editor@ciitresearch.org I www.ciitresearch.org

-----------_._---------------_ .._._----_ ..,,"prabha prabha <prabha,r,b@gmail.com>To: Editor <editor@ciitresearch.org>

Dear Sir,

I am here by submitting the desired as per comments of reviewer.I am resubmitting it again.

Kindly accept it for you you kind consideration

ThanksRegards

Prabha Rani[Quoted text hidden]

tiiI' Prabha_paper.docCJ 377K

Tue, Aug 9, 2011 aI12:0,3 PM

9: • (;j) • ~ ~ • PIP. Sffcry. T••••• f}. ~"- --- ".~

011~IwIU ot .h. eUT.r"._rli. "'" .n •••ry ,,~ .0 lllt"'ZlO YC'<IUl•• :l"IIlf _r ,..,r-.> .eo.pUfl ref ""11.11••••u"". BH!f an rM !!f!"H' £l!!!!m.~ It.. p!p!tcan on" btKm!l!s! j!!trrtbt PU!hm h!Yt!!!!!ft .lqnff!cmt!mppy!f!!t!!t! on It

CHT~J.2192.paper Review Comments.cUT Internationals Journals'-'"EIIlIlDt~1dl.orpro;ca_~CIO.

Du.A<CIorl,J.

:f!o......c:rr.u.n91-'--;.~:(n~~.w_w.-.,.:..-.00 l"t:~(m"~~o.1.WI~~""",,,-..<toh'Hm~~~-.r-.on l~JeG-.:cr...m2:;.;..."~C--..ci_ .__

SllJlrI..lt,..,..., U ••••I OOM'CIt •••••••••odpt 00>or boAt,,", OD/ODnOll.

Fl•••• _to< c.nt-.l, n ••hi ••••tn d•• ...."•••"u~•• 0<:0",","0' "' .'" nr. •.•••••••••••.••••I•.~ •• I.".•• - ~r""l<l<!••• yuu", _. "'e"'rl.lllnO ~ ••r nOPO~•• ~.(l eM...,.,.•••". eo .1•• _ ••o.. rhll Iu.-l •.•~u= to~ "'CI~""" "111 '" D•••" 0•• hrt1lu~ rn1.d ••••_ .Ill U••.•! 1""1'''1",, "111 tl ''''':1.' .0 the .t-preTll or U11,o••;mol'. ~nrlU _r-4.

"'" """11:1 '" "'•••• hi if ye'\I CO-Jill ub .• I'rloury .'" e=.I ••• '". "'"11"" wHII.I","'r' At.•.•• ~ u. nmu.::", .• lIUle tol. ~Il>d the e~.m.1t. '1 •••• "he"" til.hll>l1''''r', UlHn:nIOlU to. pteJl.r.lG'J l'll'I>' ~~rJ.pl;. see btl •••••n:e tlul •••••••eup.

1_ •• u..,... popnl ~. ~ rl«U'""lQlU7 •••.lIe.:! eo .". ",. ••• "'ten 8tt1 "'9-', 1011.It "'" ""•••':tY 1fI!"'lC., pi ••••••• .1.1 IIlI.

Adaptive Local Route Optimization Technique withMultiple MAP Environments in Hierprchical Mobile

IPv6 Networks

CiiT International Journal of Networking and Communication Engineering, Vol 3, No 4, March 2011' . .I 223

Yudhvir Singh, Yogesh Chaba, Rajesh Kumar and Prabpa Rani

The aim of introducing the hierarchical mobilitymanagement model in Mobile IPv6 is to enhance theperformance of Mobile IPv6 while minimising the impact onMobile IPv6 or other IPv6 protocols. It also supports FastMobile IPv6 handovers to help Mobile Nodcs achieveseamless mobility. There are two types of CoAs, a regionalcare of address (RCoA).and Link care of address (LCoA). AnRCoA is an address obtained by the mobile node from thevisited network. An RCoA is an address on the MAP's subnet[3.]. It is auto-configured by the mobile node when receivingthe MAP oplion. The LCoA is the on-link CoA configurcd ona mobile node's interfacp based on the prefix advertised by itsdefault router. However, in this memo LCoA is used 10distinguish it from the RCoA The MN sends a Local BindingUpdate to the MAP in order to establish a binding between theRCoA and LCoA A mobile node entering a MAP domain willreceive Router adverti~meftts containing information aboutone or more local MAPs. The MN can bind its current location(on-link CoAl with an address on the MAP's subnet (RCoA).Acting as a local HA" the MAP wiII receive all packets onbehalf of the mobile nqde it is serving and will encapsulateand forward them directly to the mobile node's Currentaddress. If the mobile ~ode changes its current address withina local MAP. donwiI! (L9oA), it .only needs to register the newaddress with the MA\'. Hence, only the Regional CoA(RCoA) needs to be registered with correspondent nodes andthe HA The RCoA dqcs not change as long as the MNmoves within a MAP domain. This makes the mobile node'smobility transparent to ,correspondent nodes it communicateswith. ~

The rest of the pap'V is organised as follows: Section IIdescribes the basic A~RO technique used in HierarchicalMobile IPv6 networks "I'd other related techniques, Section IIIdiscusses, ,about the woposed technique that implementsMultiple MAP envirqnment. Section IV describes theSimulation results cajculated using ns2. In section Vconclusion of paper is given.

II. RELATEDWORK

A MAP domain's boundaries are defined by the AccessRouters (ARs) advertising the MAP information to theattached mobile nodes the MAP can help in providingseamless mobility for <the mobile node as it moves t1.omAccess Router I (ARlI) to. Access Router 2(AR2), whilel.:011l111Unicatingwith the correspondent node. A multi-levelhierarchy is not required for a higher handover performance

iKeywordS--ALRO, ALROMMAP, HMIPv6, MAP

Ahslract-.wi1vfax is an acronym meaning WorldwideInteroperabilily for Microwave Access (WiMax), WiMa'{ based onWireless Metropolitan Area Networking (WMAN) standardsdeveloped by the IEEE 802.16 group. The IEEE 802. I6 standard wasdeveloped to deliver Non-Line-of-Sight (NLoS) cOllllectivity betweena subscriber sti.ltionand bil.';Cstillion with typical ccll rudius of threeto ten kilometres. A frequently IP handover plays vcry important roleto increase the performance 'Of network in WiMax. HMlPv6(Hierarchical Mobile lPv6) basically reduces the overhead ofsignalling overhead as well as latency of handoff which is associatedwith the MIPv6. ALRO(Adaptive Local Route Optimization)technique that implements within th,e single MAP (Mobility AnchorPoint) envirorunent optimizes the route at the SMR predefinedthreshold vulue. An enhanced version of ALRO teciUliqueimplemented with Multiple MAP domain is proposed in this paper. Itis fOWldthat ALRO scheme implemented in HMlPv6 Protocol with!he multiple MAP environment improves the network performance'.ascompared to basic ALRO scheme.

1. INTRODUCTION

HIERARCHICAL Mobile IPv6 (HMIPv6) was proposedby Internet Engineering Task Force (IETF) to mitigate

the high signaliing overhead, that is incurred in Mobile IPv6networks when mobile nodes (MNs) perform frequenthandoffs. Mobile IPv6 alio,vs nodes to move within theInternet topology while maintaining reach-ability and on-going connections between J!lob~.lc and correspondent nodes[IJ. To do this a mobile node sends Binding Updates (BUs) toits Home Agent (HA) and ali Correspondent Nodes (CNs) itcOllllllunicates with, eWlY time it moves. In HMIPv6networks, a mobility anchor point (MAP) has been introducedin order to handle binding update (BU) p~cedures due tohandoffs within a MAP domain in a localized manner, whichreduces the amount of network,,:,widc, signalling tramc formobility management [2]. A MAP is essentially a Local HomeAgent.

Manuscript received on February 17,2011, review completed on March 01,2021 and revised on March 07. 2011.

Yudhvir Singh is wilh Depanmenl of eSE. OJ University of Science &Teclmology. Hisar, India. E.MaiJ: yudhvirsjogh@cediJImail.cQmYogesh Chuba is with Department of eSE, OJ Universily of Science &

TechnoJogy. Hisar, India. E-Mail: yogesbrlmb:1I1i1)'jlhQp cornRajcsh Kaswan is with Department of eSE, JYOli Vidhyupccth Women

Universty. Jaipur. E-Mail: I1ljeshlthynl100,CQ,inPmbh<lRani is with Om Institute of Technology & ManagclTlelll, Ill:•.."

lndi3. E-Mail: Prabha mbh3.r b@gmaj! COlD

Digital Object Idenlitier No: NCE03201 J 012.

0974-9713/CIIT-U-J479106/$20/SI 00 0 201 J CiiT Published,by the Coimbutore lnslitute oflnfonnation TechnoJogy

Tue, Aug 9, 2011 at 9:27 PM

Iprabha prabha <prabha.r.b@gmail.com>

11

Page I of I,jj,

-----------_._ •._.- ,,----

paper accept~nce1 message .

computer science <ajcsiteditor2011@gmail.com>To: prabha prabha <prabha.r.b@gmail.com>

Dear Author,

'.unUll] - paper acccptance. ' .

Your manuscript has been provisionally accepted for publication in July Vol 1 (1) issue of ASIANJOURNAL OF COMP~TER SCIENCE AND INFORMATION TECHNOLOGY (AJCSIT). Our eminentreviewer board has recommended it for publication and JPRO team heartily congratulates you.

For online maintenance of your research/review paper at our website (kindly deposit a nominal fee ofRS.1500/ Deposit the money in Following account

BANK - State Bank Of IndiaAcoount Holder Name: - Santosh SharmaNc No. 031292616582Branch - SBI halduchor lalkua Nanital ultarakhand.IFSC Code: SBINOOq~~67

o As soon as the requisite online maintenance fee is deposited we will confirm your publication inforthcoming issue. please mail the scan soft copy of receipt and copy right form.

Keep contributing to A~CS:IT

For further information you may contact the undersigned.Email: ajcsiteditor2011@gmail.com.www.innovativejournal.in/index.php/ajcsitWith Best Wishes, " '''IT ....._... _,; .•,__,,,. II

,

"

Regards,Publishing Manager "ASIAN JOURNAL qF CC;:>MPUTERSCIENCE AND INFORMATION TECHNOLOGY

•. "1

:...;~,,'.". ~'

"j

"

",1

I

j, ,

IAttack Prevention Methods for DDoS Attacks in MANets. . 1

Neeraj 'Sharma*, Yogesh Chaba**, Yudhvir Singh**~t Prabha Rani* I

*Research Scholar, NIMS University, Jaipur, **Associate Professor (CSE), GJUS&T Hisar,***Associate Professor (CSE), UIET, MDU Rohtak. 1 '

,yogeshchaba@yahoo.com, yud hvirsi ngh@rediffmail.com, prab ha.t. b@gmail.com.

Abstract: MANET has no clear line of defence so it is accessible'to both legitimate network

users and malicious attackers. In the presence of malicious nodes, one of the main challenges

in MANET is to design the robust security solution that can protect MANET from various

routing al/acks. DijJerent mechanisms have been proposed using various cryptographic

techniques to countermeasure the routing al/acks against MANEr. However, thesf!

mechanism:; 'are 'nbl lUltabie for 'MANET ~~source 'constraints, I.e., limited bandwidth anb,

bal/ery power because they introduce heavy traffic1loadto exchange and verifYing keys. 1hthis study, the f:urr~nt security issues in MANET are inve~tigated. Particularly, the

, .' '.

researchers have: examined dijJerent routing al/acks such as flooding, black hole, link

spoofing attacks and some detection methods like profile-based d'jtection specification-based

detection as well as existing soiutions to protect MANET protocols.•

Keywords: - MANET, DDoS Attack, Security, Prevention Methods.

1. INTRODUCTION

A mobile ad hoc network (MANET) is a spontaneous,network tha~canbeestablished with np

fixed infrastI;\lctUf:!'\',TR,i~means that 'Ill its nodes behave as rputers and take part in its

discovery and m~ll~enance of routes to other nodes iI), the netw,ork Le. nodes within each

other's radio range pommunicate directly via wireless links, while\ those that are further apart

use other nodes,Ui>rel'lYs. Its routing protocol has to be able to cope with the new challenges

that a MANET ~reates, such as nodes mobility, security maint~nance, quality of service,

limited bandwidth and limited power supply. These challenges set new demands on MANET. ,routing protocols. There are different major issues and sub-issues involving in MANET such

as routing, multicasting/broadcasting, location service, clustering, mobility management,!

TCPIUDP, IP add~essing, multiple access, radio interface, bandwidth management, power

management, security, fault tolerance, QoS/multimedia and standards/products. Currently,,, I

the routing, power management, bandwidth management, radio interface and security are hot

topics in MANET research.

'I

. ,

I

..•I

"

,

," '" ~"'\~ i'-~-f

, 'j" I;

,.',","

III

I1

I

.', .

ijI

WORMHOLE ATTACK AVOIDANCE TECHNIQUE IN1\10BILE ADHOC NETWORKS

j

WORMHOLE ATTACK AVOIDANCE .TECHNIQUE INMOBILE ADHOC NETW0lU<S

iPrabhaRani*,Deepika**, Neeraj Sharma*, Yogesh Chaba**"', YudhvirSingh****,

*Research Scholar, NIMS University, Jaipur, **Research Scholar i(MTech CSE),GJUS&T, Hisar***Associate Professor (CSE), GJUS&T Hisar, ****Associate Professor (CSE), VIET, MDU Rohtak.

yogeshchaba@yahoo.com, yudhvirsingh@rediftmail.com, prabha.r. b@gmail.com.. ,

Abstract: Security is an essential service for wired and wireless network communication. This work concerned with aparticularly sever security attack that affects the ad hoc networks routing protocols, called "wormhole attack". There are manysolutions to detect and prevent this attack like packet leashes, cluster base, hop count analysis etc. This paper also proposes anew technique for wormhole avoidance. Proposed technique has been implementfd with NS2 simulator over the DSR(Dynanlic Source Routing) protocol. This technique for wormhole avoidance addres~es the malicious nodes and avoids theroutes having wormhole node~ w.it~out affecting the overall performance of the ne~ork. The performance metrics used forevaluating network performance arejiller. throughput and end to end delay.Key words: MANET, Wormhole, DSR, Network Security

!

JI INTRODUCTION

With the rapid development in wireless teclmology, ad hoc networks have emerged in many forms. These networks operate inthe license free frequency band and do not require any investment in infrastructure, inaking them attractive for military andselected Commercial applications. However, there are ,many unsolved problems in ad hoc networks; securing the networkbeing one of the major conceJ,11s.iAd hoc networks are vulnerable to attacks due to Il)an, reasons; amongst them are lack ofsecure boundaries, threats from compromised nodes inside the netw,ork, lack of centralized management facility, restrictedpower supply, scalability etc. . '.

A particularly severe secud!)', att~.ck is the wormhole attack. During the attack a mlllicious node captures packets from onelocation in the network, and tunnels them to another malicious node at a distant poin1j.which replays them locally. The tunnelCan be established in many .wPys, such as through an out-of-band hidden channel (e.g., a wired link), packet encapsulation, orhigh powered transmission. This tunnel makes the tunneled packet arrive either soone~ or with less number of hops comparedto the packets transmitted Over normal multihop routes. It creates the i1Jusion that th~ two end points of the tunnel ar~ veryclose to each other. [6] (15] .

,,,~-------_._----------------~---

H~h speed off-ehanneUink

Fig.l Example of wormhole

Here Fig. I shows an example of wormhole attack. A network under a wormhole attabk. Intruders A and B are connected byan off-channel link (i.e. wired or satellite link), which they Use to tunnel network data from one end of the network to theother. Without a wormhole, nodes 7 and 3 are 4 hops apart, - their messages to each other should go through nodes 2, 6, and 5.When intruders A and B activate a wormhole, nodes 7 and 3 are able to directly overlfear each others' messages, and are 'leadto believe they are immediate neighbors. Once this happens, all further communications between nodes 3 and 7 will be goingthrough the wormhole link introduced by A and B. [14]

Karpagam, JCS, Vol 6, Issue J, 20 J J