19-09-2014, 10:58 AM
A Secure Intrusion detection system against DDOS
attack in Wireless Mobile Ad-hoc Network
A Secure Intrusion.pdf (Size: 455.54 KB / Downloads: 60)
ABSTRACT
Wireless Mobile ad-hoc network (MANET) is an emerging
technology and have great strength to be applied in critical
situations like battlefields and commercial applications such
as building, traffic surveillance, MANET is infrastructure less,
with no any centralized controller exist and also each node
contain routing capability, Each device in a MANET is
independently free to move in any direction, and will
therefore change its connections to other devices frequently.
So one of the major challenges wireless mobile ad-hoc
networks face today is security, because no central controller
exists. MANETs are a kind of wireless ad hoc networks that
usually has a routable networking environment on top of a
link layer ad hoc network. Ad hoc also contains wireless
sensor network so the problems is facing by sensor network is
also faced by MANET. While developing the sensor nodes in
unattended environment increases the chances of various
attacks. There are many security attacks in MANET and
DDoS (Distributed denial of service) is one of them. Our main
aim is seeing the effect of DDoS in routing load, packet drop
rate, end to end delay, i.e. maximizing due to attack on
network. And with these parameters and many more also we
build secure IDS to detect this kind of attack and block it. In
this paper we discussed some attacks on MANET and DDOS
also and provide the security against the DDOS attack
INTRODUCTION
Mobile ad hoc network (MANET) is a group of two or more
devices or nodes or terminals with a capability of wireless
communications and networking which makes them able to
communicate with each other without the aid of any
centralized system. This is an autonomous system in which
nodes are connected by wireless links and send data to each
other. As we know that there is no any centralized system so
routing is done by node itself. Due to its mobility and self
routing capability nature, there are many weaknesses in its
security. To solve the security issues we need an Intrusion
detection system, which can be categorized into two models:
Signature-based intrusion detection [1] and anomaly-based
intrusion detection. In Signature-based intrusion detection
there are some previously detected patron or signature are
stored into the data base of the IDS if any disturbance is found
in the network by IDS it matches it with the previously saved
signature and if it is matched than IDS found attack. But if
there is an attack and its signature is not in IDS database then
IDS cannot be able to detect attack. For this periodically
updating of database is compulsory. To solve this problem
anomaly based IDS[2] is invented, in which firstly the IDS
makes the normal profile of the network and put this normal
profile as a base profile compare it with the monitored
network profile. The benefit of this IDS technique is that it
can be able to detect attack without prior knowledge of attack.
Intrusion attack is very easy in wireless network as compare
to wired network. One of the serious attacks to be considered
in ad hoc network is DDoS attack. A DDoS attack is a large
scale, coordinated attack on the availability of services at a
victim system or network resource. The DDoS attack is
launched by sending huge amount of packets to the target
node through the co-ordination of large amount of hosts
which are distributed all over in the network. At the victim
side this large traffic consumes the bandwidth and not allows
any other important packet reached to the victim
RELATED WORK
The new DOS attack, called Ad Hoc Flooding Attack(AHFA),
can result in denial of service when used against on-demand
routing protocols for mobile ad hoc networks, such as AODV
& DSR. Wei-Shen Lai et al [3] have proposed a scheme to
monitor the traffic pattern in order to alleviate distributed
denial of service attacks. Shabana Mehfuz1 et al [4] have
proposed a new secure power-aware ant routing algorithm
(SPA-ARA) for mobile ad hoc networks that is inspired from
ant colony optimization (ACO) algorithms such as swarm
intelligent technique. Giriraj Chauhan and Sukumar Nandi [5]
proposed a QoS aware on demand routing protocol that uses
signal stability as the routing criteria along with other QoS
metrics. Xiapu Luo et al [6] have presented the important
problem of detecting pulsing denial of service (PDoS) attacks
which send a sequence of attack pulses to reduce TCP
throughput. Xiaoxin Wu et al [7] proposed a DoS mitigation
technique that uses digital signatures to verify legitimate
packets, and drop packets that do not pass the verification
Ping. S.A.Arunmozhi and Y.Venkataramani [8] proposed a
defense scheme for DDoS attack in which they use MAC
layer information like frequency of RTD/CTS packet, sensing
a busy channel and number of RTS/DATA retransmission.
Jae-Hyun Jun, Hyunju Oh, and Sung-Ho Kim [9] proposed
DDoS flooding attack detection through a step-by-step
investigation scheme in which they use entropy-based
detection mechanism against DDoS attacks in order to
guarantee the transmission of normal traffic and prevent the
flood of abnormal traffic. Qi Chen, Wenmin Lin, Wanchun
Dou, Shui Yu [10] proposed a Confidence-Based Filtering
method (CBF) to detect DDoS attack in cloud computing
environment. In which anomaly detection is used and normal
profile of network is formed at non attack period and CBF is
used to detect the attacker at attack period.
CONCLUSION
The proposed mechanism eliminates the need for a centralized
trusted authority which is not practical in ADHOC network
due to their self organizing nature. The results demonstrate
that the presence of a DDOS increases the packet loss in the
network considerably. The proposed mechanism protects the
network through a self organized, fully distributed and
localized procedure. The additional certificate publishing
happens only for a short duration of time during which almost
all nodes in the network get certified by their neighbors. After
a period of time each node has a directory of certificates and
hence the routing load incurred in this process is reasonable
with a good network performance in terms of security as
compare with attack case. We believe that this is an
acceptable performance, given that the attack prevented has a
much larger impact on the performance of the protocol. The
proposed mechanism can also be applied for securing the
network from other routing attacks by changing the security
parameters in accordance with the nature of the attacks