19-05-2012, 10:33 AM
A Dynamic Security Mechanism Of Leader Election For Intrusion Detection In MANET Using RBF
A Dynamic Security Mechanism.doc (Size: 161.5 KB / Downloads: 32)
Abstract
-In MANET, the leader election in the presence of selfish nodes for Radial Basis Function (RBF) based intrusion detection can be obtained. To balance the resource consumption among all nodes and prolong the lifetime of a MANET, nodes with the most remaining resources should be elected as the leaders. To Tackle the announce of selfish nodes in MANET, this method provides nodes with incentives in the form of reputations to encourage nodes in honestly participating in the election process. The amount of incentives is based on the Vickrey.
1 INTRODUCTION
The Mobile Ad Hoc Networks(MANET) have no fixed bottlenecks to deploy IDS rather than in the traditional networks [3]. Hence each node run on its own IDS and cooperate with other nodes inorder to provide security. This is very inefficient interms of resource consumption since the mobile nodes are energy limited.To overcome this problem,first divide the MANET into a set of 1-hop clusters and each cluster elects the leader node which provides IDS for the entire cluster. The election process can be done either by random model or connectivity-index based approach.Both these approaches aim to reduce the overall resource consumption IDS in the network.However, the nodes having different resources at any given time should be taken into account for each election.
Attacks to the financial, military, and energy sectors are increasing, requiring detection of illegal intrusions in advance to prevent the damage to the critical communication infrastructure. Large web sites adopt intrusion detection system (IDS) to protect
them from various attacks. Intrusion detection is to find attacks exploiting illegal uses or misuses. Basically, an IDS analyzes information about users’ behaviors from various sources such as audit trail, system table, and network usage data. Intruders find new ways to compromise systems each day. To understand what an IDS is, first one should know what intrusion and intruders are. Intrusion is the unauthorized attempt to access information, manipulate information, or render a system unreliable or unusable. To detect intrusions and to prevent them, one has to be aware of how an intruder can cause intrusions. IDS is the process of monitoring the events occurring in a computer system or network, and analyzing them for intrusions. A method has been adopted to implement IDS by processing the input vector with which will be given as inputs to the radial basis function. The output can be obtained with the help of the mobile agents.
1.1 Existing System
They proposed a solution for balancing the resource consumption of IDSs among all nodes while pre-venting nodes from behaving selfishly. To address the selfish behavior[1], they design incentives in the form of reputation to encourage nodes to honestly participate in the election scheme by revealing their cost of analysis. The cost of analysis is designed to protect nodes’ sensitive information (resources level) and ensure the contribution of every node on the election process (fairness). To motivate nodes in behaving normally in every election round, we relate the amount of detection service that each node is entitled to the nodes’ reputation value. Besides, this reputation value can also be used to give routing priority and to build a trust environment. The design of incentives is based on a classical mechanism design model, namely, Vickrey, Clarke, and Groves (VCG) [9]. The model guarantees that truth-telling is always the dominant strategy for every node during each election phase. On the other hand, to find the globally optimal cost-efficient leaders, a leader election algorithm is devised to handle the election process, taking into consideration the possibility of cheating and security flaws, such as replay attack. The algorithm decreases the percentage of leaders, single node clusters, maximum cluster size and increases average cluster size.Last but not least, we address these issues in two possible settings, namely, Cluster Independent Leader Election (CILE) and Cluster Dependent Leader Election (CDLE).
. PROBLEM STATEMENT
In a MANET, each node has an IDS and a unique identity. To achieve the goal of the most cost efficient nodes as leaders in the presence of selfish and malicious nodes, the following challenges arise: The resource level present in the node could be considered as the private information. As a result, the nodes can reveal fake information about their resources if that could increase their own benefits. Second, the nodes might behave normally during the election but then deviate from normal behavior by not offering the IDS service to their voted nodes.
So, consider MANET as an undirected graph G = (N,L) where N is the set of nodes and L is the set of bidirectional links. We denote the cost of analysis vector as C = {c1, c2, . . . ,cn} where n is the number of nodes in N. We denote the election process as a function eta(C, i) where eta(C, i) = 1 if a node i votes for a node a; eta(C, i) = 0, otherwise. We assume that each elected leader allocates the same budget B (in the number of packets) for each node that has voted for it. Knowing that, the total budget will be distributed among all the voting nodes according to their reputation. This will motivate the nodes to cooperate in every election round that will be held on every time TELECTION . Thus, the model will be repeatable. The objective of minimizing the global cost of analysis while serving all the nodes can be expressed by the following Social Choice Function (SCF):
LEADER ELECTION ALGORITHM
To run the election mechanism given in Section III, the leader election algorithm helps to elect the most cost-efficient leaders in the network. All the needed messages to establish the election mechanism are taken into consideration of cheating and presence of malicious nodes. Moreover, the addition and removal of nodes to/from the network due to mobility reasons also been vierified. Finally, the performance overhead is considered during the design of the given algorithm where computation, communication and storage overhead are derived.
A. Objectives and Assumptions
To design the leader election algorithm, the following requirements are needed: (1) To protect all the nodes in a network, every node should be monitored by a leader. (2) To balance the resource consumption of IDS service, the overall cost of analysis for protecting the whole network is minimized.In other words, every node has to be affiliated with the most cost efficient leader among its neighbors. Our algorithm is executed in each node taking into consideration the following assumptions about the nodes and the network architecture:
• Every node knows its (2-hop) neighbors, which is reasonable since nodes usually maintain a table about their neighbors for routing purposes.
• Loosely synchronized clocks are available between nodes.
• Each node has a key (public, private) pair for establishing a secure communication between nodes.
• Each node is aware of the presence of a new node or removal of a node. For secure communication, we can use a combination of TESLA [30] and public key infrastructure. With the help of TESLA, loosely synchronized clocks can be available. Nodes can use public key infrastructure during election and TESLA in other cases. Recent investigations showed that computationally limited mobile nodes can also perform public key operations [13].
B. Leader Election
To start a new election, the election algorithm uses four types of messages. Hello, used by every node to initiate the election process; Begin-Election, used to announce the cost of a node; Vote, sent by every node to elect a leader; Acknowledge, sent by the leader to broadcast its payment, and also as a confirmation of its leadership. For describing the algorithm, we use the following notation:
• service-table(a): The list of all ordinary nodes, those voted for the leader node k.
• reputation-tableak): The reputation table of node a. Each node keeps the record of reputation of all other nodes.
• neighbors(a): The set of node a’s neighbors.
• leadernode(a): The ID of node a’s leader. If node a is running its own IDS then the variable contains a.
• leader(a): A boolean variable that sets to TRUE if node k is a leader and FALSE otherwise. Initially, each node a starts the election procedure by broadcasting a Hello message to all the nodes that are one hop from node k and starts a timer T1. This value of the node’s cost of analysis identifier (ID).
------------------------------------------------------------------------
Algorithm 1 (Executed by every node)
------------------------------------------------------------------------
/* On receiving Hello, all nodes reply with their cost */
1. if (received Hello from all neighbors)then
2. Send Begin-Election (IDa, costa);
3. else if(neighbors(a)=Ø) then
4. Launch IDS.
5. end if
On expiration of T1, each node ‘a’ checks whether it has received all the hash values from its neighbors. Nodes from whom the Hello message have not received are excluded from the election. On receiving the Hello from all neighbors, each node sends Begin-Election as in Algorithm 1, which contains the cost of analysis of the node and then starts timer T2. If node ‘a’ is the only node in the network or it does not have any neighbors then it launches its own IDS.
------------------------------------------------------------------------
Algorithm 2 (Executed by every node)
------------------------------------------------------------------------
/* Each node votes for one node among the neighbors */
1. if (∀ n _ neighbor(k), ∃ i _ n : ci ≤ cn) then
2. send V ote(IDa, IDi , costj_=i);
3. leadernode(a):= i;
5. end if
On expiration of T2, the node ‘a’ compares the hash value of Hello to the value received by the Begin-Election to verify the cost of analysis for all the nodes. Then node ‘a’ calculates the least-cost value among its neighbors and sends Vote for node
i as in Algorithm 2. The Vote message contains the IDa of the source node, the IDi of the proposed leader and second least cost
among the neighbors of the source node costj_=i.Then node ‘a’ sets node i as its leader in order to update later on its reputation. Note that the second least cost of analysis is needed by the leader node to calculate the payment. If node k has the least cost among all its neighbors then it votes for itself and starts timer T3.
------------------------------------------------------------------------
Algorithm 3 (Executed by Elected leader node)
------------------------------------------------------------------------
/* Send Acknowledge message to the neighbor nodes */
1. Leader(i) := TRUE;
2. Compute Payment, Pi;
3. updateservice−table(i);
4. updatereputation−table(i);
CONCLUSION AND FUTURE WORK
The solution motivated nodes to truthfully elect the most cost-efficient nodes that handle the detection duty on behalf of others. Moreover, the sum of the elected leaders is globally optimal. To achieve this goal, incentives are given in the form of reputations to motivate nodes in revealing truthfully their costs of analysis. Reputations are computed using the well-known VCG mechanism by which truth telling is the dominant strategy. We also analyzed the performance of the mechanisms in the presence of selfish and malicious nodes. To implement our mechanism, we devised an election algorithm with reasonable performance overheads. We also provided the algorithmic correctness and security properties of our algorithm. In future work, by changing the incentives based model can improve the intrusion detection with more efficiency. And also the work can be further improved by changing polynomial functions and high risk attacks can be obtained.