1. INTRODUCTION
1.1 Mobile Ad hoc Networks:The messy wired world now becomes smooth and clean atmosphere, due to use of wireless technology. The deployment cost, flexibility and less infrastructure makes the wireless technology, as the first choice for business, healthcare, education, war and many more fields of daily life. Wireless communication grouped into two main categories i.e. network with fixed infrastructure and network without fixed infrastructure [2].
1.2 Fixed Infrastructure Network:
This type of network has a central node which is called base station or access point and all the connections are completed through this central controller [2]. It is good choice for those areas where, there is no chance of wired communication such as, in rural areas. The most familiar example of a fixed infrastructure network is Public Land Mobile Network (PLMN). This may have several interfaces with the fixed network and every PLMN organization has its own management infrasture.1.3 Infrastructure-less Network:
The wireless network with no fixed infrastructure some time called Ad-hoc networks. Ad hoc is Latin meaning for this purpose. For more explanation the word ad-hoc refers as temporary or not permanent. The nodes belonging to this category of network participates for a while, than disconnected but the network remains up, for next time whenever they needed to participate, they do so. They are often established on-the-fly and for one-time or temporary use. Often this network included of a group of workstations or some other wireless devices which participate directly with each other to trade information. Some time ad hoc network is also infrastructure dependent, such type of ad hoc networks are called Wireless Mesh Network. If the participating nodes of an ad-hoc network can be moved anywhere, without any infrastructure, called Mobile Ad-hoc Network (MANET). The MANETs are the most demanding and role oriented network in today's society. Due to the most flexible network, it is the first choice among the allchoices of wireless networks, such as Rescue mission, battle field, disaster relief, mine site operation, electronic class room, emergency operation, healthcare.
The MANETs have some inherited issues but the most important is security. Number of research occurred in this area but still the technology is vulnerable and the MANETs are prone to attacks.
1.4 ATTACKS IN MANETS:
The MANETs experienced two major types of attacks i.e. active attacks and passive attack.1.4.1 Passive Attack:
Passive attack doesn't influence the functionality of a communication or connection, only perform the eavesdropping. Some time the recognition of this attack is very tedious. Spoofing is one of passive attack. Normally encryption techniques are used to mitigate passive attacks. There are two types of passive attack i.e. Traffic Analysis, Passive Eavesdropping.1.4.2 Active Attack:
The main intension of this attack is to penetrate into the system and disrupt the network resources. This attack may categorize into two categories that are internal and external attacks.1.4.2.1 External Attack:
In this type of attack the attacker attacks outside the network and not belonging within the network. Majority of time it is observed that the external attacks can easily be recognized.1.4.2.2 Internal Attack:
In Internal attack, the attacker belongs within the network and attacks the resources inside the network. Since the victim and attacker both are belonging to the same network, so some time it is more severe and difficult to find out the attacker.The main attack which consider in this paper is RREQ Flooding Attack in MANETs. Sometime this attack is also called Ad-hoc Flooding Attack (AFA).
1.4.3 Flooding Attack:
As proactive routing protocols have already all the routes for destination nodes, that's why it has no issue for RREQ Flooding type of attacks, but reactive protocols (like AODV, DSR) arrange the route when node want to communicate with other node. RREQ scheme present in reactive protocols, initiate Flooding attacks that may be RREQ Flooding or Data Flooding attacks. In RREQ flooding attack, the attackers generate many RREQ packets in unit time to unknown IP address. As the priority of RREQ packets is higher than data packets, so the RREQ disposes first, this scenario becomes honey pot for an attacker. In data flooding, the attacker first maintains the routes to destination node, then sends frequently the useless data packets, which engage the network and stop the processing of legitimate data packets [3].1.5 SECURITY IN MANETs:
Most of the studies in MANETs security classify three categories, that are key management, intrusion detection system (IDS) and Routing.1.5.1 Key Management:
Key management is a fundamental, challenging issue in securing MANETs.In one of literature the author explain that in conventional networks, deploying a robust and reliable security scheme such as Public Key Infrastructure (PKI) requires a central authority or trusted third party to provide fundamental security services including digital certificates, authentication and encryption. Designing and implementing any kind of security scheme requires a secret to set up a trust relationship between two or more communicating parties. For example, the ability of node A to trust node B could be achieved by a process that permits node A to verify that node B is genuine to a set of pre-imposed rules. This in turn could be achieved by permitting such genuine node to establish authenticated shared secrets that other nodes cannot. The process of establishing such authenticated shared secrets could be achieved by a suitable key management scheme. The fundamental security services provided by every key management system are key synchronism, secrecy, freshness, independence, authentication, confirmation and forward and backward secrecy. Conventional key management techniques may either require an online trusted server or not. Symmetric-key solutions, though neither is satisfactory. The first one is to preload all the nodes with a global symmetric key, which is vulnerable to any point of compromise. If any single node is compromised, the security of entire network is breached. Symmetric key techniques are commonly criticized for not supporting digital signatures because each key is known to only two nodes. This renders public key solutions more appealing for MANETs.1.5.2 Intrusion Detection System:
As the system become more complex, there are also more weaknesses, which lead to more security problems. Normally encryption and authentication uses first line of defense but IDS can be used as a second wall of defense to protect the network . IDS are not the part of any routing protocol but they develop separately by researchers to enhance the security of network system. Some time it is necessary to use any IDS with communication as a safeguard against attacks. In literature number of proposed IDS schemes are present for MANETs some are using intelligent agent such as ‘WIDS using My-AODV agent' , ‘NP-Based Trust worthy agent scheme'. Inone of literature, author discussed the architecture of IDS. In standalone IDS, one IDS execute in-dependly for each node, and each node has no knowledge about the other node. This architecture is more suitable for flat networks. This architecture is not popular IDS for MANETs. In contrast, in distributed IDS each node participates to detect the intrusion. This IDS architecture is more suitable for flat networks infrastructure. Other type of IDS is hierarchical IDS that fit for multilayer network infrastructure such way network divided into cluster and each cluster head responsible to communicate with other cluster head that may be a switch, router or a gateway. Each cluster head is locally in charge of its nodes and globally in charge of its cluster. One type of IDS has mobile agents that move within network. The agent normally performs only one specific or special task. The author here also discussed different intrusion detection method such that Watchdog and Pathrater, CONFIDANT, CORE, OCEAN, Cooperative Intrusion Detection System, Ex-Watchdog IDS. Finally he establishes a table for comparisons of these intrusion detection techniques that provide further exploration in the field of IDS. The experience has shown that avoidance techniques such as cryptography and authentication are not enough to overcome the intruders. There for the IDS system need is increased. Nearly all of the IDS are distributed and have a cooperative architecture. New attacks are increasing and they have to be detected before damage is caused in system or data. According to author the aim of an intrusion detection system is detecting attacks on mobile nodes or intrusion into the network. Intrusion detection systems, if well designed effectively can identify misbehaving activities and help to offer adequate protection. Therefore, an IDS system becomes effective to provide first line of defense in MANETs.1.5.3 Routing:
The MANETs routing can be classify into three main categories; Hybrid, Proactive and Reactive.1.5.3.1 Hybrid Routing:
Hybrid Routing Protocols combine Table Based Routing Protocols with On Demand Routing Protocols. They use distance-vectors for more precise metrics to establish the best paths to destination networks, and report routing information only when there is a change in the topology of the network. Each node in the network has its own routing zone, the size of which is defined by a zone radius, which is defined by a metric such as the number of hops. Each node keeps a record of routing information for its own zone. Zone Routing Protocol (ZRP) is an example of a Hybrid routing protocol. This uses the best features of both reactive and Proactive routing .1.5.3.2 Proactive Routing:
Proactive routing protocols have already all the routes for destination nodes that's why it has no issue for RREQ Flooding attack. Proactive routing normally uses link-state routing algorithms and has table-driven approach [2]. OLSR, DSDV, WRP are belonging to this categories.1.5.3.3 Reactive Routing:
It is also called on demand routing protocol. The route establish only on demand buy broadcasting RREQ from source node, in order to reduce routing loads . This type of routing has high chance for RREQ attacks specially RREQ Flooding attack. Usually use distance vector routing algorithm [2]. Disadvantages of on demand routing, are that latency is incurred before a destination is found and second, the route that is actually computed might not be optimal. Most popular routing protocols belonging to this category are Ad-hoc on demand Distance Vector (AODV), LAR, DSR. Since my thesis topic is RREQ Flooding attack in MANET by utilizing AODV protocol. So I would like to have an eye on this reactive protocol.1.5.3.3.1 Ad hoc On Demand Distance Vector routing protocol (AODV):
AODV is on demand routing protocol establish specially for MANETs. AODV is a relative of the Bellman-Ford distant vector algorithm [2]. Its builds on Destination-Sequenced Distance Vector (DSDV) to eliminate system wide broadcast. Localize the effects of local movements, as DSDV local movements have global effects. AODV is capable of both uni-cast and multicast routing. AODV forms trees which connect multicast group members. The trees are composed of the group members and the nodes needed to connect the members.
1.5.3.3.2 Working of AODV:
When a source node needs a route to a particular destination, first it checks to see if it has a route, if not, it creates a route request (RREQ) packet and broadcast this message to its neighbor nodes also sets a time-out. This RREQ includes its own ID, a sequence number, destination address, last known sequence number for that destination, and a broadcast ID. Initially the neighbor nodes check their routing table to see if they have the same destination. But if they have no desire destination, they increment hop-count in the RREQ and broadcast the packet to their adjacent neighbor. In this way the RREQ packet forwards to other nodes of a network. If RREQ is lost means no response is received within the time-out, source node can re-generate the RREQ message to pre-specified additional number of attempts then it gives up. If the required destination is not received within the Time to Live (TTL) limits, the RREQ simply discards from the system. If the receiving node is the desired destination or has the route to the destination then the route reply (RREP) packet will be sent back to the source node. When this RREP packet travels back to the source node, routing entries for the destination node are created in each intermediate node on the way RREP packet. A HELLO message is generate periodically for the continued presence of the node. If node stops sending HELLO message, the neighbor can assume that the node has moved away or link is broke and link broken message is generated. In AODV, each router keeps route table entries with the destination IP address, destination sequence number, hop-count, next-hop ID and lifetime. The information provided by the table entries, used to route the data traffic.
1.5.3.3.3 Ways to Avoid Network Congestion in AODV:
AODV adopt three ways to avoid network congestion that are as follows:
- RREQ_RATELIMIT
- Set Up a Starting TTL
- Sequence number
1.5.3.3.4 AODV Uncooperative Nodes:
AODV has two types of uncooperative nodes i.e. malicious node and Selfish node [2]. The Malicious nodes either faulty or can't follow the protocol. It may be inherently malicious and try to attack. The selfish nodes are non-cooperative in certain network operations such as dropping of packet. Majority of times it is observed that the selfish node can't disturb the battery power only disturb the network operations.
1.5.3.3.5 Some Open Issues in MANET protocol, AODV:
- AODV doesn't provide any type of security and resource management is very poor, such that, if the intermediate node doesn't known the destination address, it will forward the RREQ to all the nodes[1][2]
- Performance decreases as the network area is increases [2]
- Since all nodes of a network cooperate, it creates vulnerability for security attacks.
- In literature, different schemes are present to mitigate attacks, but need more robust scheme to recover the node(s) after malicious activities.
- The weaknesses of AODV include its latency and scalability [2]
1.1 Problem Statement
Majority of proposed scheme for mitigating the RREQ Flooding attack can be failed to work well with higher node mobility.1.1.1 Explanation
For example in [1] Ping Yi introduced a scheme, flooding Attack Prevention (FAP), for mitigating the route request flooding attack on MANET. In this proposed scheme FIFO rule has changed with rule of processing priority and threshold values. Every node maintains the processing priority and threshold value to its neighbor nodes. The node priority for handling the RREQ is inversely proportion to its frequency of generating RREQ [Node priority ∞ 1/ freq. of generating RREQ]. If the number of RREQ increases in period time, the node priority for RREQ fell down and if the frequency of RREQ increases by threshold value, the receiving node will not entertain the incoming RREQ and also broadcast to its neighbor nodes to not entertain this particular node. This scheme is also called node suppression.1.1.2 Objection in Aforesaid
This scheme may work well in normal condition. But in the condition where node has higher mobility, the scheme will not work smoothly. Normal node with high mobility is treated as the malicious node. Since during continuous changing in the position, the ad hoc nodes require new routes, again and again, and only the way for route construction in AODV is to generate new RREQs. The flooding of RREQs level-down the node priority (according to the formula used in FAP, Node priority ∞ 1/ freq. of generating RREQ]).Suppose a particular mobile ad-hoc network, there are 5 nodes that participate in communication. During 15 minutes communication node ‘A' participate 2 RREQs in one second. After 15 minutes, suddenly condition changes and now node ‘A' RREQ increases by 10 RREQs per second, which are legitimate requests. But according to the FAP scheme, now the priority of node ‘A' RREQ decreases by 1/10. So, in this scenario, the other nodes of MANET may get more priority and disposes before node ‘A' which surely create a double disaster instead of relief.
1.2 Is it really a problem?
In numerous papers, the authors pointed towards the same issue, few are listed below.- On demand routing protocols uses the route discovery process to obtain the route between the two nodes. In the route discovery the source node broadcast the RREQ packets in the network. Because the priority of the RREQ control packets is higher than data packet then at the high load also RREQ packet are transmitted. A malicious node exploits this feature of on demand routing to launch the RREQ flooding attack [3].
- In fixed threshold value schemes, normal node with high mobility is treated as the malicious node [3].
- The flooding attack introduce unnecessary broadcast messages into the network to hinder the normal operation of the network, the malicious node continuously sends a mass of route requests to force the neighbors to process these packets and therefore consume batteries and network bandwidth[literature].
- Most of the reactive protocols are prone to flooding attacks during their route discovery process. A malicious node may actively involve in the flooding attack by repeatedly sending RREQ [literature].
- Majority of the scheme present for mitigating the effects of flooding attack doesn't work well with higher node mobility [3].
- The ad hoc flooding attack can easily cause Denial-of-service (DoS) attacks in MANETs, by flooding many RREQs or data packets[literature]
- RREQ flooding attack can seriously degrade the performance of reactive routing protocols and affect a node in the following ways [literature].
- The buffer used by the routing protocol may overflow.
- The buffer used by the wireless network interface card may overflow due to the large number of RREQs to be sent.
- Reduce the lifetime of the network through useless RREQs transmissions as well as additional overheads of authenticating a large number of RREQs.
- In RREQ flooding attack, attacker sends excessive RREQs without considering RREQ_RATELIMIT in per second. In this way the network resources will be exhausted so that the node can't receive new RREQ packets [literature].
- In AODV protocol, a malicious node can send a large number of RREQs in a short period to destination node that does not exist in the network. No one will reply to the RREQs, these RREQs will flood the whole network. As a result, all of the node battery power, as well as network bandwidth will be consumed and could lead to denial of service [literature]
- Initiating large number of route requests to bogus destinations in order to exhaust the resources of the network [literature].
- AODV doesn't provide any type of security because if the intermediate node does not know the destination address, it will forward the Route Request to all the nodes [literature].
Significant works have been done in securing the ad hoc network. Some researches defined the method for secure routing but secure routing also can not able to handle the flooding attack [3]. The first flooding attack prevention (FAP) method was proposed in [1]. In this paper RREQ flooding and data flooding attack are discussed. That was the first papers which describe these types of attacks and their prevention [3]. The author proposed neighbor suppression method to avoid RREQ flooding attack and path cut off technique for mitigating data flooding attack. This technique prevents flooding attacks to some extent but the flooding packets still exists in the network [3].
This limitation of FAP is eliminated by [literature] proposed threshold prevention technique. If any node RREQ exceeds by predefined threshold value, the node refused to entertain the RREQs from the source node and assumed as an attacker. Packets come from attacker is discarded by the receiver node. The weakness of this scheme is if the attacker node knows in advanced about the threshold value, then this scheme can be failed and also some time the normal node with high mobility is treated as the malicious node.
In [literature], the author proposed the distributive approach to resist the flooding attack. He introduced two threshold values, RATE_LIMIT and BLACKLIST_LIMIT. If RREQ count of any node is less than the RATE_LIMIT then the request is processed otherwise check whether it is less then BLACKLIST_LIMIT, if yes then black list the node but if the count is greater than RREQ_LIMIT and less than BLACKLIST_LIMIT then put the RREQ in the delay queue and process after queue time out occurs. High mobility network can be handling by this scheme.
In [literature], the author used threshold tuple to analyze flooding attack in anonymous communication. The scheme consist three components: transmission threshold, blacklist threshold and white list threshold. If any node generates RREQ packets more than transmission threshold then its neighbor discards the packet if it crosses the transmission threshold more than blacklist threshold than it blacklist the node. But to deal with accidental blacklisting they defined white list threshold. If any node performs good for number of intervals equal to white listing threshold than it again start treating as a normal node.
Inone of literature, the author proposed a new technique for preventing flooding attack. This scheme is based on trust value they categorized the nodes in three categories, i.e. friends (most trusted), acquaintance (trust value more than stranger and less then friends) and stranger (non trusted). If any node receives the RREQ packets then cheeks the relationship and based on that it checks for the threshold value if it is less than the threshold then forward the packet otherwise discard the packet and blacklist the node. This scheme is not work properly in high node mobility.
In one of literature, the author proposed Route Request Flooding Defense (RRFD), to mitigate the RREQ flooding attack. The RRFD consist of three components: RREQ binary exponential back off, route discovery cycle (RDC) binary exponential back-off and fast recovery. In RREQ binary exponential bakeoff, each node will ensure that its neighbor follows a binary exponential bakeoff when sending RREQ in a RDC. If RREQ are sent faster than what is allowed, excess RREQs are dropped.
In literature, author proposed a scheme named Flooding Attack Prevention (FAP) to combat with ad hoc flooding attacks, especially RREQ flooding attack. The main idea for proposed scheme is, if all neighbor nodes, around a malicious node, refused to communicate then that node can be totally cut-off from the entire network. The author suggested name neighbor suppression for this scheme. To find the attacker in neighbor suppression scheme, each neighbor node counts the RREQ, if the rate of RREQ exceeds some predefined threshold value than it shows the attacker node, all neighbor of that attacker will not entertain any packets com from attacker node.
3. ISSUES AND PROBLEMS:
MANETs are emerging technology it is great binder for future and present technology. Number of fields are mapped their network to MANET and numerous rest of fields are weighting to shift on this category of network. The popularity graph of ad hoc networks is extremely high. In many aspects the network is vulnerable. Many schemes are proposed for MANETs security but still the technology required more robust scheme for combat the attacks, particularly the Flooding attack, which is one of the most severe MANETs attack. There are several issues, such as routing, scalability, quality of service and security that need to be solved before implementing these network technologies in practice.Some major issues related to MANETs are discusses below:
3.1 MANETs Routing Protocol Performance:
Due to dynamic topology and infrastructure less communication Mobile Ad-hoc networks (MANETs) suffer a challenging problem for QoS routing.In literature, the author analyzes the performance of fuzzy based priority scheduler in MANET. The fuzzy scheduler uses three input variables and one output variable. The linguistic variables associated with the input variables are low, medium and high. For output variable, priority index and five linguistic variables are used. The three input variables have 27 combinations and the corresponding outputs. To illustrate one rule, if (expiry time is low) and (data rate is low) and (queue length is low), then priority index is low. Similarly other rules are framed. Hence a scheduling discipline can be used to transmit the packets before its expiry, which improves the QoS of the network.
In literature, the author proposed multipath routing scheme, called Multipath On-demand Routing (MORT) that provides better performance and scalability by computing multiple route in single route discovery. The main idea of MORT is to minimize the route break recovery overhead. It works on the principle that higher performance can be achieved by recording more than one feasible path. This scheme provides multiple routes on the intermediate nodes on the primary path to destination along with source node. Even if the primary path is disturb, data can be pass through alternate available route without waiting to discover new route. MORT can enhance the routing performance.
3.2 Trust worthy Scheme in MANETs:
In many aspects, the mobile ad hoc environments are un-trusted, such as attacks or some time data management architecture that encountered devices and information obtained from them are not surely trustworthy.A novel NP-based trustworthy agent scheme is proposed inliterature, to fight the attacks specially DoS attacks and improved the trustworthy in ad hoc networks. This NP-based trustworthy agent based on network processor, utilizes fully hardware multithread and save power. One of the hardware threads uses as trustworthy agent to do security computing, while other threads do other network processing such as packets forwarding. Threads are created as trustworthy agent by the need of AODV routing. When there is RREQ-RREP stream in network, there is a related security agent to monitor the stream by intrusion detection algorithm. This scheme improve the trustworthy of ad hoc routing protocol such that AODV.
In one of literature, the author proposed a trustworthy data management framework named ‘Trust-Based Framework' for personal mobile devices in ad hoc environments. The main idea of data management framework is to enhance the trustworthiness of resources. The proposed scheme shows global view of the social network in the individual mobile devices, packs, and neighborhoods in the social network. The scheme chooses to represent trust using continuous value in the interval [0, 1].the history or neighboring trusted devices define the trustworthiness of a peer. Devices are categories as trusted offender and unknown. If a device shows malicious behavior, devices in the neighborhood can effect an immediate response by rejecting further resources to the misbehaving entity.
3.3 Security Challenges & Attacks in MANETs:
The best utilization of MANETs is in war, emergency, disaster management, healthcare etc. Unfortunately the MANETs security is still vulnerable. There are major loopholes in MANET security, and any attacker can easily breach the obstacle of security.e he hhhIn one of literature, a survey is conducted for routing attacks in MANETs, their attacks and the counter measure against attacks. This paper also describes some most dangerous MANET attacks. Flooding attack in which the network resources are consumed to handle the RREQ packets com from attacker with unknown destination address. In Black-hole attack, the malicious node sends the fake routing information to the other nodes, and turns the normal packets through malicious node, that further controlled by the attacker. Other attack is Wormhole attack, in which a pair of colluding attackers record packets at one location and replay them at another location using a tunnel with high speed network. Author also provided some solution of these attacks, such that for Flooding attack he suggested the threshold values and if the RREQ value increases by the given threshold value, then the node consider as attacker. In one of literature, the author claims that the major challenges that a routing protocol undergo for ad hoc network are mobility of nodes, resource constraints, error-prone channel state and hidden and exposed terminal problems.
3.4 IDS System in MANET:
Authentication and cryptography are not much suitable for secure mobile ad-hoc networks. Any proper intrusion detection system is vital to an ad-hoc network. Majority of intrusion detection are distributed and have cooperative architecture. By implementing suitable IDS, dangerous attacks can be stop or mitigate before activation. Some proposed IDS associated with existing protocols like AODV, and others are working as independent architecture associated with mobile nodes. It is essential to explore and analyze the attacks before developing IDS because an attacker may attacks on IDS and break its security to penetrate into the system.
In literature, proposed a cooperative Distributed Intrusion Detection system to protect the AODV against DOS and sequence number modification in RREQ packets. The basic ideology of CDID is that, the malicious nodes have no IDS agent. The CDID architecture bases on six components. If RREQ of any node is noticed greater than the threshold; it will keep that node in blacklist. Otherwise reset the number of RREQ. This scheme can mitigate the DOS attack. The proposed scheme identifies any modification of sequence number in RREQ by utilizing the feature of AODV protocol, the flooding of RREQ. The AODV drops the surplus RREQ if it has previously received a RREQ with the same broadcast id and source address. The CDID scheme checks whether the sequence number of rebroadcast RREQ is equal to the sequence number of the same RREQ that stored in current node before AODV drop surplus RREQ packets. If two sequence numbers are different, it is consider as abnormality. The CDID uses validate control message. VREQ (Validate Request) to solve this issue. The IDS agent will send VREQ packet with pre-alarm state (state = 0) to node that has higher sequence number. According to the assumption of proposed scheme that malicious nodes have no IDS agent so, within the given period, no reply message of VREQ indicates that the node is malicious otherwise it will consider as normal node.
In one of literature, the author proposed an IDS scheme. The main idea of proposed scheme is to introduce an agent named my-AODV, to handle various attacks on current AODV MANET routing protocol. The proposed system is divided into three modules, each module divided into two main part i.e. detection and recovery part. Detection part is further divided into two parts i.e. normal mode and attack mode. if any intruder detected, place it isolated and then recovery process starts. In this way scheme first detects smartly the malicious node then checks its performance and finally if node showing gentle behavior, place it in previous position.
3.5 Data Flooding Attack & Their Prevention:
The existing protocols for MANETs are particularly performance-less at the time of flooding attacks or packets drop attacks. Mobile users devices anywhere and at any time to access multimedia data that are large amount of packets, so data flooding prevention is real challenge in ad-hoc mobile networks. Some techniques are discussed here for mitigating the flooding attack.In literature, a behavior-based trace-back mechanism is introduced to identify the origin and stop flooding attack. The proposed scheme is based on the concept that the legitimate node refuse to forward attack packets. Only malicious node continuously generating and forwarding attack packets. The proposed scheme has used the concept of merit and demerit. Suppose node A receives a packet from its neighbor node B, if A judges that this is an attack packet, A will refuse to forward this packet, regard B as a suspicious node, and record a demerit point for B. but if A receives a normal packet from B, A will record B a merit and decrease B's demerit level by one. Finally if B's demerit exceeds a given threshold, A confirms B as a malicious node. Once any node diagnoses as malicious node the proposed scheme countermeasure, and refuses to forward any packet from this malicious node and isolates this node from the network.
In literature, author proposed a scheme for preventing the flooding attack. Each incoming packets first pass through the rate-limitation component then transmitted to the next-hop neighbor. Rate limitation component at every node has three different threshold values i.e. α, β, and γ. After deployment, each node maintains a threshold for other nodes. According to these threshold values further communication handles and identify the flooding attack.
The author in one of literature, totally disagree with the concept of threshold value, in the schemes of mitigating flooding attack. According to him, in this way the throughput of burst traffic may decrease and slow down the communication. He proposed Period-based Defense Mechanism (PDM), with the main idea behind the proposed scheme is enhancing the throughput. PDM scheme is based on periods and uses a blacklist to prevent the data flooding attack. The scheme uses W periods for the data transmission, and checks data packet floods at the end of each period. In this way the throughput can be enhanced of burst traffic.
3.6 Preventive Measures against RREQ Flooding Attack in MANETs:
The process of route finding in ad hoc reactive routing protocols are vulnerable and any intruder can easily flooding the RREQ packets to the network result to exhausted the network resources or disrupt the normal function of communication.In [3], the authors proposed a scheme, extent of friendship between the nodes, to prevent the ad hoc network from RREQ Flooding attack. In this scheme, all the participating nodes are categories into friend (most trusted), acquaintance (trusted) and stranger (not trusted) nodes, by trust estimator. Now different threshold values are set, friend nodes have the higher threshold value then acquaintance and stranger nodes have lesser threshold value. If the value of RREQs increases by the predefined threshold value then further RREQs from the origin node are ignored and dropped.
Route Request Flooding Defense (RRFD) is proposed in literature, for solving the RREQ flooding attacks in ad hoc networks. The RRFD consist of three components: RREQ binary exponential back off, route discovery cycle (RDC) binary exponential back-off and fast recovery. In RREQ binary exponential backoff, each node will ensure that its neighbor follows a binary exponential backoff when sending RREQ in a RDC. If RREQs are sent faster than what is allowed, excess RREQs are dropped. In RDC binary exponential backoff, each node will ensure that its neighbor follows binary exponential backoff when initiating another RDC. After each successful RDC, the waiting time between successive RDCs will be doubled. To implement RRFD, each node maintains an entry in a RREQ database for every unique pair of originator and destination nodes. When a RREQ is received, it search RREQ database for an entry. If an entry is not found, it creates a new entry, start a new RDC and rebroadcast the RREQ.
Threshold Prevention (TP) scheme is proposed in literature, for handle the RREQ flooding attack in MANETs. The Threshold Prevention (TP) method is based on threshold value, if the RREQ values exceeds with given threshold value, then the RREQ will drop.
In one research paper, Ping yi again proposed a more enhance Flooding Attack Prevention (FAP) technique to combat RREQ flooding attack, on MANETs. The scheme is based on the idea that if all neighbor nodes, around a malicious node, refused to communicate then that node can be totally cut-off from the entire network.
In one research paper, the author proposed Distributed Security Scheme for Ad hoc Networks. The author planned minor modifications to the existing AODV routing protocol (RFC 3561). The scheme shifts the responsibility to monitor RREQ_RATELIMIT parameter on the node's neighbor. In this way the problem of RREQ flooding attack can be monitored.
In [1], the author proposed a scheme for mitigating data and route request flooding attacks, named Flooding Attack Prevention (FAP). He mentioned that in AODV protocol, nodes handle the RREQ packets according to the rule of FIFO, which itself welcome the flooding attacks. In proposed scheme FIFO rule has changed with rule of processing priority and threshold value. Every node maintains the processing priority and threshold value to its neighbor nodes. The node priority for handling the RREQ is inversely proportion to its frequency of generating RREQ. i.e.
Node priority ∞ 1 / freq. of generating RREQ
If the number of RREQ increases in period time, the priority of that node fell down and if the frequency of RREQ increases by threshold value, the receiving node will not entertain the incoming RREQ and also broadcast to its neighbor not to entertain this particular node. In this way RREQ flooding attacks can be mitigate. This process of handling flooding RREQ is called node suppression. The FAP scheme uses path cutoff to handle data flooding attack.
3.6.1 RREQ Flooding Attack:
The MANETs are particularly vulnerable to DOS attacks, launched through compromised nodes or any attacker. The DOS attack against on demand routing protocols for MANETs are called Ad-hoc Flooding Attack [1]. The ad-hoc flooding attack is a new type of attack, introduced in 2005 by Ping Yi in his paper "Resisting Flooding Attacks in Ad-hoc Networks" [1]. Basically the ad-hoc flooding attack is a DOS attack against all on-demand ad-hoc network routing protocols such as AODV or DSR. In this attack, an attacker either sends a penalty of route request packets (RREQ Flooding Attack) for a node ID generally who is not in the network to consume the bandwidth of the network. In ad-hoc network the path discovery process is based on the flooding of route request. To reduce the network jam, AODV protocol uses some methods like RREQ-RATELIMIT or TTL value setup. In the Ad-hoc Flooding attack, the attacker node will violate these rules to exhaust the network resource. In this attack the intruder first find those IP that's not exist in the network, then flooded massive numbers of RREQ for those void IP address without obeying the RREQ-RATELIMIT in per second. No node replies the route, so the reverse route in the route table of the nodes will be conserved for a very long period of time. Also attacker no waited for RREP just flooding the RREQ to void IP. Therefore in ad-hoc flooding attack the whole network completely full with RREQ packets, threw by attacker. The storage of route table is limited so if mass RREQ packets are coming, the route table will not entertain the other legitimate RREQ.3.6.2 Root Causes of RREQ Flooding Attack:
As in MANET security, most of the studies classify three categories i.e. Key Management, Routing and IDS. The MANETs routing may classify three broader categories which are reactive, proactive and hybrid. In reactive routing, on demand routing is performed such that Ad-hoc On Demand Routing Protocol (AODV) or Dynamic Source Routing (DSR). The on demand routing protocols have two phases for ad-hoc communication i.e. route construction phase and route maintenance phase. In rout construction phase, the protocol creates a route from the source to destination node. In route maintenance phase, the route is maintained or sometimes re-builds a route between sources to destination nodes. For creating a route from source to destination, source node first checks its neighbor and if the route exist, immediately a route establish between sources to destination node. But if the destination node is not the direct neighboring node of destination, then it generates the RREQ message and broadcast RREQ to all its neighbor nodes. If the destination node is not in their neighboring nodes then this neighboring node further broadcast to other nodes, even the destination is find or packet TTL will expire (become zero) and RREQ discards form the system. On demand routing protocols adopt some ways to avoid network congestion, Such as RREQ-RATELIMIT, setup a starting TTL value and Sequence number. The AODV (RFC 3561) allows 10 RREQs per second [17] but if the RREQ > RREQ-RATELIMIT, it will not entertain and discard. But this restriction of rate limit can be override or disable [Reason-1 for RREQ flooding attack]. The malicious node overrides the restriction and set the RREQ-RATELIMIT to very high number or some time disabling it. This permits to flood the fake RREQs. The following different ways may be possible for RREQ Flooding attack.- Malicious node sends bulk RREQ without considering RREQ-RATELIMIT to any particular node [very less dangerous]
- Malicious node sends bulk RREQ without considering RREQ-RATELIMIT to as many as possible nodes IP-addresses of a network[less dangerous]
- Malicious node sends bulk RREQ without considering RREQ-RATELIMIT to random IP-addresses in which few may be or may be not exist in the network [Dangerous].
- Malicious node sends bulk RREQ without considering RREQ-RATELIMIT to IP-addresses that are not in the network [most dangerous][mostly RREQ Flooding attack launch in this way].
One more reason for RREQ Flooding attack is, in AODV route protocol, the node disposes the RREQ packet according to the rule of "first-in, first-out"(FIFO). If the RREQ packets are not dealt with, the hind RREQ packets can't received. Just as this rule, the excessive RREQ packets which have arrived nodes ahead from the attacker will prevent the nodes from receiving later RREQ packets[2].[Reason-3,RREQ flooding attack]
One more reason for RREQ Flooding attack is, AODV itself prevented the sending of same RREQ by checking broadcast id, but the attacker can pass this checking process easily by generating broadcast id increasingly [3]. [Reason-4, RREQ flooding attack]
{ 0 comments... Views All / Send Comment! }
Post a Comment