dhana print final report

7/28/2019 Dhana Print Final Report

1/51

Routing security against data flooding attack in wireless mobile Ad Hoc networks

1

`1. Abstract:

Over the past decade, wireless technology has improved at a dramatic rate. The

ubiquity, low cost, and high functionality of the newest wireless devices have opened the

door for researchers to conduct new ways of using this technology. The main difficulty

in designing routing algorithms for such a network is the large number of topology

changes that the network undergoes due to device movement. Ad hoc networking allows

wireless mobile devices to form networks without the need for any fixed centralized

management .An ad hoc network is a collection of mobile wireless devices that

cooperate with each other to route packets amongst themselves. The main difficulty in

designing routing algorithms for such a network is the large number of topology changes

that the network undergoes due to device movement. To access multimedia data mobile

users like to use their own consumer electronic devices anywhere and at anytime.

Communication in Manet functions properly only if the participating nodes cooperate in

routing without any malicious intention. However, some of the nodes may be malicious

in their behavior, by indulging in flooding attacks on their neighbors. Some others may

act malicious by launching active security attacks like denial of service.

The lack of any centralized infrastructure in mobile ad hoc networks (MANET) is

one of the greatest security concerns in the deployment of wireless networks. Thus

Consumer electronic devices generally operate on limited battery power means every

wireless device may have little computing power. At some instant of time these mobile

devices may not communicate with each other directly. Therefore are vulnerable to

security threats like data flooding attacks. The existing schemes may not guarantee the

Quality of Service (QoS) of burst traffic since multimedia data are usually burst.

Therefore, we propose a novel defense mechanism against data flooding attacks with the

aim of enhancing the throughput. The simulation results show that the proposed scheme

enhances the throughput of burst.


2/51


2

2. INTRODUCTION

2.1 Objective

Ad Hoc Networks represent complex distributed systems that comprise wireless

mobile nodes that can freely and dynamically self-organize into arbitrary and temporary,

ad-hoc network topologies, allowing people and devices to seamlessly inter-network

in areas with no pre-existing communication infrastructure, e.g., disaster recovery

environments. Here a brief overview of what is Ad Hoc Networks and how they work is

provided. Then a look at the advantages of Ad Hoc Networks and also the issues faced

by Ad Hoc Networks is provided. The last part of this paper is dedicated to identifying

the areas of improvement in the field of Ad Hoc Networks.

2.2 Overview

Ad Hoc Networks is defined as a collection of mobile hosts forming a temporary

network without the aid of any centralized administration or standard support services. In

Latin, ad hoc literally means "for this," further meaning "for this purpose only," and thus

usually temporary. Ad hoc networks represent complex distributed systems that comprise

wireless mobile nodes that can freely and dynamically self-organize into arbitrary and

temporary, ad-hoc network topologies, allowing people and devices to seamlessly

inter-network in areas with no pre-existing communication infrastructure. The concept of

Ad Hoc Networking has been around for nearly 20 years but has received renewed

interest in the last 18 to 24 months. In Ad Hoc Networks the individual mobile hosts

(nodes) act at the same time as both the router and the host.

An ad-hoc (or "spontaneous") network is a local area network or any other small

network, especially one with wireless or temporary plug-in connections, in which some

of the network devices are part of the network only for the duration of a communication

session, whereas in the case of mobile or portable devices it is part of the network when

in some close proximity to the rest of the network. In Latin, ad hoc literally means "for

this," further meaning "for this purpose only," and thus usually temporary. Ad Hoc

Networks are future alternative to the current trend of connections among wireless

devices via fixed infrastructure-based service.


3/51


3

2.3 Problem statement:

In wireless ad hoc network all nodes follows mobility model behavior. Mobile

nodes can wish to download or upload multimedia data anywhere and at any time using

their mobile or electronic devices such as laptopsetc. when any malicious node try to

intrude in the normal traffic flow intentionally by introducing more number of useless

data packets then the flooding will be occurred which effects the normal traffic flow and

also consumes more time for processing. Basically most of the consumer electronic

devices are vulnerable limited battery power due to that sometimes may get out of from

service completely (Denial of service).

So Data Flooding Attack can become issue for those who like to download burst

amount of data. Through put obviously decreases due to Flooding Attack. So by

implementing periodic based Defense Mechanism user can observe enhanced a through

put by which quality of service will be increased.

Existing system:

The flooding attack prevention (FAP) suggested a defense system against either

RREQ or data flooding attacks. The path cut off mechanism is used as defense against

data flooding attacks. However, FAP cannot distinguish burst traffic from Attack traffic

since FAP distinguishes an attack by comparing the incoming packets with a threshold.

Hence, the throughput of burst traffic may degrade if a simple threshold-based defense

system in used in FAP

2.4 Limitations of Existing System:

Ranging and positioning techniques are highly vulnerable to attacks from

dishonest nodes and external attackers; dishonest nodes can report false position and

distance information in order to cheat on their locations; external attackers can spoof

measured positions of honest nodes. An attacker can generally Influence all these

measurements by jamming and delaying signals, and by modifying their signal strengths.


4/51


4

2.5 SOFTWARE HARDWARE REQUIREMENTS

HARDWARE REQUIREMENT

Processor type : Intel Pentium 4Clock speed : 2.4GHz

Ram size : 128 MB

Hard disk capacity : 20 GB

Keyboard type : internet keyboard

SOFTWARE REQUIREMENT

Operating System : Windows Xp

Programming package : java

Tools : Eclipse, My Sql

SDK : JDK1.5


5/51


5

3.1 Literature Survey

Ad Hoc Networks are useful in areas that have no fixed infrastructure and hence

need alternative ways to deliver services. Ad Hoc Networks work by having mobile

devices connect to each other in the transmission range through automatic configuration,i.e., setting up an ad hoc network that is very flexible. In other words there is no

intervention of any controller that goes ahead and gathers data from all nodes and

2organizes it. All data gathering and cross-node data transfer is taken care of by the

nodes themselves.

Ad Hoc Networks are a major goal towards the evolution of 4G (Fourth generation)

devices. In the nodes of the Ad Hoc Networks, computing power and network

connectivity are embedded in virtually every device to bring computation to users, no

matter where they are, or under what circumstances they work. These devices

personalize themselves to find the information or software they need. The strife is to

make use of all technologies available without making any major change to the users

behavior. There is also work going on to make the seamless integration of various

networks possible, i.e., integration of LAN, WAN, PAN and Ad Hoc Networks. But

there is still a lot of work to be done to make this completely possible. Node mobility in

an ad hoc network causes frequent changes of the network topology.

Spread Spectrum Techniques are used in the implementation of Ad Hoc Networks

because spread spectrum helps to reduce interference from other sources. Also it helps in

bandwidth reuse. The boundaries of Ad Hoc Networks are not absolute and hence it is

possible that when certain nodes stray into the area of influence of certain transmitters

these may get affected by their signals.

The use of Spread Spectrum (SS) makes sure that this does not happen as the spreading

code and the de-spreading code should ideally be the same. This same technique

provides the method for frequency reuse.

Figure shows such an example: initially, nodes A and D have a direct link between them.

When D moves out of As radio range, the link is broken. However, the network is still

connected, because A can reach D through C, E, and F.


6/51


6

Fig 1: Topology change in Ad Hoc network

3.2 DIFFERENCES BETWEEN CELLULAR NETWORKS AND AD HOC

NETWORKS

Table 1: differentiating Ad hoc networks with respect to cellular networks.

Cellular network Ad Hoc Network

Fixed, pre-located cell sites and base stations. No fixed base stations, very rapid deployment.

Static backbone network topology. Highly dynamic network topologies with multi-

hop.

Relatively benign environment and stable

connectivity.

Hostile environment (losses, noise) and sporadic

connectivity.

Detailed planning before base stations can be

installed.

Ad hoc network automatically forms and adapts to

changes.


7/51


7

3.3 PHYSICAL LAYER IN AD HOC NETWORKS Data rates:

1 Mbps, 2 Mbps

Transmission bands Transmission in license-fee 2.4 GHz band (in US, Europe 2.4000-

2.4835 GHz) and in 5 GHz band

Use of spread spectrum technique for 1 Mbps or 2 Mbps

DSSS (direct sequence spread spectrum)

FHSS (frequency hopping spread spectrum)

The major advantage of the Ad Hoc Networks is that it does not need any base

station as is required in regular mobile networks. They can form a network in any place

as required immediately which make them indispensable in battlefield and disaster relief

situations. They are useful in areas that have no fixed network for internet coverage.

Here they can be used to provide coverage. They can be used in areas where the

available network has been destroyed.

Security is a very major concern in the development of Ad Hoc Networks. The

boundaries of the network are not well defined and hence it is possible for any node to go

out of the network. It is also possible for an Ad Hoc Network having a large number of

nodes to split into two networks. It is less reliable than wired media due to the inherent

problem faced by any wireless network.

Due to the formation of Ad Hoc Networks by various devices that need not be

having the same capacity it is possible that each device may have different capacity,

functionality and protocols. Hence it is necessary to find a solution where all there varied

devices can operate together. They also have asymmetric propagation metrics. Capacity

constraints faced by these networks in the form of transmission range, wireless

bandwidth is another concern.

This is taken care of to an extent by the use of Spread Spectrum techniques. Errors and

breakdown could also happen in these networks and it is imperative to have a solution or

a backup plan for these exigencies. Ad Hoc Networks also face a problem called the

Hidden-terminal and exposed-terminal phenomena.


8/51


8

In Hidden terminal situation is when two devices A and C are outside the transmission

range of each other and cannot detect each others transmissions, but B is in the

transmission range of both. As shown below a collision may occur, for example, when

the station A and station C start transmitting towards the same receiver, station B. This

should be avoided.

A transmission range covers B and C. Hence when A transmits to B, C thinks that

it cannot transmit when actually it could transmit to D. This is a waste of resource which

should also be avoided. Route changes will occur due to router mobility, i.e., as the node

themselves act as routers and certain nodes can leave the network in between.

Energy consumption and saving is a major area of interest. Advances in battery

technology have not been at par with the development of Ad Hoc technology. Most

existing solutions for saving energy in ad hoc networks revolve around the reduction of

power used by the device. At the MAC level and above, this is often done by selectively

sending the device into a sleep mode, or by using a transmitter with variable output

power (and proportionate input power draw) and selecting routes that require many short

hops, instead of a few longer hops. Beaconing is used by the nodes to let the other nodes

know of its presence. The beaconing interval has to be short enough to let the other

nodes know that the node is in the network yet long enough so as to save.


9/51


9

4. SECURITY ISSUES IN MANETS

Security is the major issue in wireless Ad Hoc Networks and actually ought to

receive a complete analysis of it than being presented as a part of the study on Ad Hoc

Networks. The use of wireless links renders an ad hoc network susceptible to link attacksranging from denial of service, passive eavesdropping to active impersonation, message

replay, and message distortion. Eavesdropping might give an adversary access to secret

information, violating confidentiality. Active attacks might allow the adversary to delete

messages, to inject erroneous messages, to modify messages, and to impersonate a node,

thus violating availability, integrity, authentication, and non-repudiation.

Nodes, roaming in a hostile environment (e.g., a battlefield) with relatively poor

physical protection, have non-negligible probability of being compromised. Therefore,

we should not only consider malicious attacks from outside a network, but also take into

account the attacks launched from within the network by compromised nodes. Therefore,

to achieve high survivability, ad hoc networks should have a distributed architecture with

no central entities. Introducing any central entity into our security solution could lead to

significant vulnerability; that is, if this centralized entity is compromised, then the entire

network is subverted.

Unlike other wireless mobile networks, such as mobile IP, nodes in an ad hoc

network may dynamically become affiliated with administrative domains. Any security

solution with a static configuration would not suffice. It is desirable for our security

mechanisms to adapt on-the-fly to these changes. Finally, an ad hoc network may consist

of hundreds or even thousands of nodes. Security mechanisms should be scalable to

handle such a large network.

The denial of a service can be caused by such legitimate ways as a radio jammingor battery exhaustion. An attacker can cause a radio jamming by jamming a wider

frequency band and in that way using more power. The latter can be of real threat,

because once a battery runs out the attacker can walk away and leave the victim disabled.

This kind of technique is called the sleep deprivation torture attack. Symmetric key

cryptography is used to provide authenticity and integrity. Integrity means that no node

has been maliciously changed.


10/51


10

An Ad-hoc network is an infrastructure less network. Unlike traditional

networks there is no pre-deployed infrastructure such as centrally administered routers

or strict policy for supporting end-to-end routing. The nodes themselves are

responsible for routing packets. Each node relies on the other nodes to route packets

for them. Mobile nodes in direct radio range of one another can communicate directly,

but nodes that are too far apart to communicate directly must depend on the

intermediate nodes to route messages for them.

Direct Radio Reach

Thread

Fig 2: Routing in Ad-hoc networks Fig 3: Routing in traditional networks

4.2 FREQUENT CHANGES IN NETWORK TOPOLOGY

Ad-hoc networks contain nodes that may frequently change their locations. Hence the

topology in these networks is highly dynamic. This results in frequently changing

neighbors on whom a node relies for routing. As a result traditional routing protocols

can no longer be used in such an environment. This mandates new routing protocols

that can handle the dynamic topology by facilitating fresh route discoveries.

4.3 PROBLEMS ASSOCIATED WITH WIRELESS COMMUNICATION

As the communication is through wireless medium, it is possible for any intruder to

tap the communication easily. Wireless channels offer poor protection and routing

related control messages can be tampered. The wireless medium is susceptible to

signal interference, jamming, eavesdropping and distortion. An intruder can easily

eavesdrop to know sensitive routing information or jam the signals to prevent

propagation of routing information or worse interrupt messages and distort them to

manipulate routes. Routing protocols should be well adopted to handle such

problems.


11/51


11

4. 4 PROBLEMS WITH EXISTING AD-HOC ROUTING PROTOCOLS

Implicit Trust Relationship between Neighbors

Current Ad-hoc routing protocols inherently trust all participants. Most Ad-hoc

routing protocols are cooperative by nature and depend on neighboring nodes to

route packets. This naive trust model allows malicious nodes to paralyze an Ad-hoc

network by inserting erroneous routing updates, replaying old messages, changing

routing updates or advertising incorrect routing information. While these attacks are

possible in fixed network as well, the Ad-hoc environment magnifies this makes

detection difficult.

Throughput

Ad-hoc networks maximize total network throughput by using all available nodes for

routing and forwarding. However a node may misbehave by agreeing to forward

packets and then failing to do so, because it is overloaded, selfish, malicious or

broken. Misbehaving nodes can be a significant problem. Although the average loss

in throughput due to misbehaving nodes is not too high, in the worst case it is very

high.

Attacks Using Modification of Protocol Fields of Messages

Current routing protocols assume that nodes do not alter the protocol fields of

messages passed among nodes. Routing protocol packets carry important control

information that governs the behavior of data transmission in Ad-hoc networks. Since

the level of trust in a traditional Ad-hoc network cannot be measured or enforced,

enemy nodes or compromised nodes may participate directly in the route discovery

and may intercept and filter routing protocol packets to disrupt communication.

Malicious nodes can easily cause redirection of network traffic and DOS attacks bysimply altering these fields.

For example, in the network illustrated in Figure 4.3, a malicious node M

could keep traffic from reaching X by consistently advertising to B a shorter route to

X than the route to X, which C is advertising. The attacks can be classified as remote

redirection attacks and denial of service attacks. Let us look at them now.

Remote Redirection with Modified Route Sequence Number (AODV)


12/51


12

Remote redirection attacks are also called black hole attacks. In the attacks, a

malicious node uses routing protocol to advertise itself as the shortest path to nodes

whose packets it wants to intercept. Protocols such as AODV instantiate and maintain

routes by assigning monotonically increasing sequence numbers to routes towards a

specific destination. In AODV, any node may divert traffic through itself by

advertising a route to a node with a destination sequence number greater than the

authentic value. Suppose a malicious node, M, receives the RREQ that originated

from S for destination X after it is re-broadcast by B during route discovery. M

redirects traffic towards itself by unicasting to B a RREP containing a significantly

higher destination sequence num for X than the authentic value last advertised by X.

Redirection with modified hop count (AODV)

A redirection attack is also possible in certain protocols, such as AODV, by

modification of the hop count field in route discovery messages. When routing

decisions cannot be made by other metrics, AODV uses the hop count field to

determine a shortest path. In AODV, malicious nodes can attract route towards

themselves by resetting the hop count field of the RREP to zero. Similarly, by setting

the hop count field of the RREP to infinity, routes will tend to be created that do not

include the malicious node.

Once the malicious node has been able to insert itself between two communicating

nodes it is able to do anything with the packets passing between them. It can choose

to drop packets to perform a denial of service attack, or alternatively use its place on

the route as a first step in man-in-the-middle attack.

Denial of Service with Modified Source Routes

DSR is a routing protocol, which explicitly states routes in data packets. These

routes lack any integrity checks and a simple denial-of-service attack can be launched

in DSR by altering the source routes in packet headers.

Modification to source routes in DSR may also include the introduction of

loops in the specified path. Although DSR prevents looping during the route

discovery process, there are insufficient safeguards to prevent the insertion of loops

into a source route after a route has been salvaged.

Ad Hoc Network:


13/51


13

The need to exchange digital information outside the typical wired office environment is

growing. For example, a class of students may need to interact during a lecture; business

associates serendipitously meeting in an airport may wish to share files; or disaster

recovery personnel may need to coordinate relief information after a hurricane or flood.

Each of the devices used by these information producers and consumers can be

considered a node in an ad hoc network. In a typical ad hoc network, mobile nodes come

together for a period of time to exchange information. While exchanging information,

the nodes may continue to move, and so the network must be prepared to adapt

continually. In the applications we are interested in, networking infrastructure such as

repeaters or base stations will frequently be either undesirable or not directly reachable,

so the nodes must be prepared to organize themselves into a network and establish routes

among themselves without any outside support. The idea of ad hoc networking is

sometimes also called infrastructure less networking[4], since the mobile Nodes in the

network dynamically establish routing among themselves to form their own network on

the fly.

A mobile ad hoc network (MANET) is a collection of mobile nodes that can

instantly establish a network, whenever they coexist in the same neighborhood without

the need of any fixed infrastructure or centralized administration. The role of routing

protocols in an ad hoc network is to allow the source to find routes to destination withthe cooperation of other nodes. Due to the arbitrary movement of the nodes, the network

topology changes rapidly and randomly. Hence the routing protocol must also be able to

react to these changes and must enable the nodes to identify new routes to maintain

connectivity.

A node is malicious if it is an attacker that cannot authenticate itself as a

legitimate node due to the lack of valid cryptographic information. The attack on

MANET can be classified as the active and passive attacks: A Mobile Ad hoc Network

(MANET) [1] is a dynamic wireless network that is established by a group of mobile

stations without necessarily using pre-existing infrastructure or centralized

administration. Such networks can be useful in disaster recovery where there is not

enough time or resources to configure a wired network.

Denial of service attack:

As the name suggests, a Denial-of-Service (DoS) attack aims to prevent legitimate users

from accessing a particular service. In general, there are two types of DoS attacks in the

Internet: application-level attacks, and network-level attacks. An application-level DoS


14/51


14

attack aims to exhaust the resources at a particular service so that legitimate users cannot

enjoy the service. For instance, a service may need to perform complicated and

expensive database operations in order to answer a query from a user; let us suppose it

can at most answer x user queries per second. Then in an application-level DoS attack

against this service, attackers may submit 10x queries per second. If the service chooses

to temporarily hold the unprocessed queries, it may eventually run out of memory and

crash, preventing legitimate users from further accessing the service; or if the service

discards queries it cannot process in time, the query drop rate for both attackers and

legitimate users will be at least 90%, meaning the majority of the users still cannot enjoy

the service.

Attacks on MANET

Passive attacks: A passive routing attack does not disrupt the operation of a routing

protocol, but only attempts to discover valuable information by listening to the routing

traffic. Hence such attacks are difficult to detect.

Acti ve attacksAn active attack attempts to improperly modify data, gain authentication,

or procure authorization by inserting false packets into the data steam or modifying

packets transition through the network. Active attack is of two types: external and

internal. An external attack is one caused by nodes that do not belong to the network. An

internal attack is one from compromised or hijacked nodes that belong to the network.

As malicious nodes already belong to the network as authorized parties, and hence are

protected with network security mechanisms and services, therefore, internal attacks are

more severe.

Black hole: An attacker can project itself as having shortest route to a destination, whose

data packets it wants to intercept, thereby causing the source to send data packets via this

node. A malicious node receiving the RREQ may claim to have route to the desired

destination by sending RREP back to the originator. If the source receives this RREPfirst then it sends all data packets via this malicious node and thereby leaving the fate of

those data packets on the malicious node. The malicious node now discards or consumes

all the data packets, leading to the complete loss of all data packets.

Gray hole: An attacker forwards all RREQs and RREPs but forwards only a few data

packets, dropping all other data packets. Clearly it points out a lapse in the routing

protocol. This type of attack is known as gray hole problem. By nature, it belongs to the

set of internal active attacks.


15/51


15

Wormhole: Wormhole is a collection of two or more malicious nodes belonging to the

ad hoc network that are connected by a private network connection. Suppose two nodes

A and B make a wormhole. Then a forwards all packets that it receives to B through the

worm hole to be forwarded by B normally, similarly, B forwards all packets to A, that it

receives, through the wormhole. It clearly disrupts routing by short circuiting the normal

flow of routing packets.

Denial of service (DoS): The attack results when the network bandwidth is hijacked by a

malicious node. It can be done in several ways. One way is to flood any centralized

resource so that the network crashes or no longer operates correctly. For example, a

malicious node by generating frequent route requests can make the network resources

unavailable to other nodes.



data flooding attacks. When the victim node realizes that it has been subjected to the data

flooding attack, it may cut off the path.

At the physical layer the capacity of ad hoc wireless networks is constrained by

the mutual interference of concurrent transmissions between nodes. We study an ad hoc

network model where n nodes communicate in random source {destination pairs. Gupta

and Kumar showed that for static random ad hoc networks using a general routingalgorithm the capacity available for each node decays asp1 n. Other works delve into the

problem of optimizing various parameters of the transmission (e.g., power consumption

or medium access control), and try to devise routing protocols that for particular user

profiles or scenarios on the same network. Our present study focuses on the general

properties of the per node throughput available for ad hoc wireless networks (capacity)

using an ideal routing process.

The nodes in our model do not move, which modes the customary definition of

an ad hoc network to a backbone- less network of wireless nodes occupying a flat

topology. Our network model includes ideal collision avoidance and transmission

through shortest paths as explained in the following Section. We introduce an alternative

description of network throughput approximation that varies the claims of [3] and

extends the results by providing the relations of the various network parameters that can

change with topology or trace generation algorithm. We have investigated the throughput

of various non-planar network topologies, and the results generalize the pn dependence

of the average call length parameter. We also check the validity of our model by


16/51


16

simulation. A novel framework for ns2 to facilitate the simulation and, in general, the

design of beyond 3G networks. The set of libraries we wrote for this purpose is called

Multi Interface Cross Layer Extension for ns2 (MIRACLE). They enhance the

functionalities offered by the Network Simulator ns2 by providing an efficient and

embedded engine for handling cross-layer messages and, at the same time, enabling the

coexistence of multiple modules within each layer of the protocol stack. For instance,

multiple network, link, MAC or physical layers can be specified and used within the

same node. The implications of this are manifold. First of all, the framework facilitates

the implementation and the simulation of modern communication systems in ns2.

Secondly, due to its modularity, the code will be portable, re-usable and extensible. As

an example of the advantages offered by our architecture, we show how the MIRACLE

framework can be used to quickly set up protocol architectures for Ambient Networks

[1] and evaluate their performance in wireless and multi-technology environments.

However, the procedure of the path cut off mechanism is not explained in detail,

and FAP cuts off the path when many data packets are transmitted to the victim node.

Current users like to download or access multimedia data using the consumer Electronic

devices so that the packets may be transferred as burst traffic. However, FAP cannot

distinguish burst traffic from attack traffic since FAP distinguishes an attack by

comparing the incoming packets with a threshold. Hence, the throughput of burst trafficmay degrade if a simple threshold-based defense System is used in FAP.

Therefore, this paper proposes a novel period-based defense mechanism (PDM)

against data flooding attacks taking enhancing the throughput of burst traffic into

account. The proposed PDM scheme is based on periods and uses a blacklist to

efficiently prevent the data flooding attack.

Wireless ad hoc networks can be victimized to various kinds of attacks. Among

them, the ad hoc flooding attack can easily cause Denial-of-Service (DoS) attacks by

flooding many Route Request (RREQ) or data packets .Since a mobile node has limited

resource capacities such as memory space, computational ability, battery power,

bandwidth capacity, and so on, it cannot provide services when it receives a lot of

packets. Hence, the whole network as well as the victim node can get easily paralyzed.

This project proposes a novel period-based defense mechanism (PDM) against data

flooding attacks taking enhancing the throughput of burst traffic into account. The

proposed PDM scheme is based on periods and uses a blacklist to efficiently prevent the

data flooding attack.


17/51


17

The main objective of this is to develop a period based defense mechanism

against data flooding attacks in wireless Ad Hoc networks. PDM scheme is based on

periods and uses a blacklist to efficiently prevent the data flooding attack, as a Result of

which many data packets are forwarded at a high rate for the whole duration.

APPLICATIONS OF AD HOC NETWORKS

Personal area networking

Cell phone, laptop, ear phone, wrist watch

Military environments

Soldiers, tanks, planes

Civilian environments

Taxi cab networkMeeting rooms

Sports stadiums

Boats, small aircraft

Emergency operations

Search and rescue

Policing and fire fighting

Collaborative computing

Communications within buildings, organizations, ad hoc conferences

Communications in battlefields and disaster recovery areas

Sensor networks


18/51


18

AD-HOC ON-DEMAND VECTOR

AODV is a relative of the Bellman-Ford distant vector algorithm, but is adapted to work

in a mobile environment. AODV determines a route to a destination only when a node

wants to send a packet to that destination. Routes are maintained as long as they areneeded by the source. Sequence numbers ensure the freshness of routes and guarantee

the loop-free routing. Routing tables Each routing table entry contains the following

information [2] as destination, next hop, and number of hops, destination sequence

number, and active neighbors for this route and expiration time for this route table entry.

Expiration time, also called lifetime, is reset each time the route has been used. The new

expiration time is the sum of the current time and a parameter called active route

timeout. This parameter, also called route caching timeout, is the time after which the

route is considered as invalid, and so the nodes not lying on the route determined by

RREPs delete their reverse entries. If active route timeout is big enough route repairs will

maintain routes. RFC 3561 defines it to 3 seconds. Control messages Routing r equest

When a route is not available for the destination, a route request packet (RREQ) is

flooded throughout the network. The RREQ contains the following fields,

Source

addressRequest

Id

Source

Sequence

number

Hop count Destination

address

Destination

sequence

number

Table 2: RREQ packet Format

The request ID is incremented each time the source node sends a new RREQ, so the pair

(source address, request ID) identifies a RREQ uniquely. On receiving a RREQ message

each node checks the source address and the request ID. If the node has already received

a RREQ with the same pair of parameters the new RREQ packet will be discarded.

Otherwise the RREQ will be either forwarded (broadcast) or replied (unicast) with a

RREP message: if the node has no route entry for the destination, or it has one but this is

no more an up-to-date route, the RREQ will be rebroadcasted with incremented hop

count and if the node has a route with a sequence number greater than or equal to that of

RREQ, a RREP message will be generated and sent back to the source. The number of

RREQ messages that a node can send per second is limited.


19/51


19

There is an optimization of AODV using an expanding ring (ESR) technique

when flooding RREQ messages [5, 6]. Every RREQ carries a time to live (TTL) value

that specifies the number of times this message should be re-broadcasted. This value is

set to a predefined value at the first transmission and increased at retransmissions.

Retransmissions occur if no replies are received. Historically such flooding used a TTL

large enough - larger than the diameter of the network - to reach all nodes in the network,

and so to guarantee successful route discovery in only one round of flooding. However,

this low delay time approach causes high overhead and unnecessary broadcast messages.

Later, it was shown [7, 8] that the minimal cost flooding search problem can be solved

via a sequence of flooding with an optimally chosen set of TTLs. Routing replyIf a node

is the destination, or has a valid route to the destination, it unicasts a route reply message

(RREP) back to the source. This message has the following,

Source

addressDestination

address

Destination

Sequence

number

Hop count Life time

Table 3: Message Format

The reason one can uncast RREP back is that every node forwarding a RREQ message

caches a route back to the source node. Route errorAll nodes monitor their own

neighborhood. When a node in an active route gets lost, a route error message (RERR) is

generated to notify the other nodes on both sides of the link of the loss of this link.

HEL LO messagesEach node can get to know its neighborhood by using local

broadcasts, so-called HELLO messages. Nodes neighbors are all the nodes that it can

directly communicate with. Al-though AODV is a reactive protocol it uses these periodic

HELLO messages to inform the neighbors that the link is still alive. The HELLO

messages will never be forwarded because they are broadcasted with TTL = 1. When a

node receives a HELLO message it refreshes the corresponding lifetime of the neighbor

information in the routing table. This local connectivity management should be

distinguished from general topology management to optimize response time to local

changes in the network


20/51


20

PROPOSED SYSTEM

5.1 Proposed system:

We are proposing a new mechanism called periodic based defense mechanism

which works against data flooding attacks in wireless mobile Ad Hoc networks to

enhance the throughput of burst traffic

5.2 Advantages over the existing system:

1. Proposed system can distinguish normal traffic from attack traffic

2. It can enhance the quality of service

3. Proposed defense mechanism can enhance the throughput of the burst traffic


21/51


21

6. SRS DOCUMENT

6.1 Purpose:

The main purpose of this is to develop a period based defense mechanism against

data flooding attacks in wireless Ad Hoc networks to increase throughput and Quality of

service of Burst Traffic which is being transferred.

6.2 Definitions, Acronyms, keywords:

Mobile Ad Hoc network:

A mobile Ad Hoc Network is a self Configuring infrastructure less network of

mobile devices connected by wireless.Ad hoc is Latin and means "for this purpose".[1]

Each device in a MANET is free to move independently in any direction.

Ad Hoc network:

A wireless ad hoc networkis a decentralized type of wireless network. The

network is ad hoc because it does not rely on a preexisting infrastructure, such

as routers in wired networks or access points in managed (infrastructure) wireless

networks.

Abbreviations:

HTML (Hyper Text Markup Language): It is used to create static web pages.

Java: It is used to create dynamic web content.

JDK (Java Development kit): It is a programming platform, belonging to the Java

platform, which is used for developing and running distributed java applications.

HTTP (Hyper Text Transfer Protocol): It is a transaction oriented client/ server protocol

between a web browser and a web server.

Keywords:

Wireless ad hoc Networks, Denial of Service attack, Data Flooding Attack,

through put.

6.3 Technologies to be used

Java: create dynamic web content pages to meet User and System Requirements
http://en.wikipedia.org/wiki/Mobile_ad_hoc_network#cite_note-1http://en.wikipedia.org/wiki/Mobile_ad_hoc_network#cite_note-1http://en.wikipedia.org/wiki/Mobile_ad_hoc_network#cite_note-1


22/51


22

Tools To be used:

ECLIPSE: eclipse also provides the runtime in which eclipse components are loaded,

integrated, and executed. The primary purpose of the platform project is to enable other

developers to easily build and deliver integrated tools and applications.

6.4 Study of the system

Overall description:

The next session, the Overall Description section, of this document gives an

overview of the functionality of the product. It describes the informal requirements and

is used to establish a context for the technical requirements specification in the next

session

Basic Aim of this project is to forestall the Flooding Attack from being by

implementing periodic based Defense mechanism (PDM) to enhance the throughput of

the burst traffic.



data flooding attacks. However, FAP cannot distinguish burst traffic from Attack traffic

since FAP distinguishes an attack by comparing the incoming packets with a threshold.

Hence, the throughput of burst traffic may degrade if a simple threshold-based defense

system is used in FAP.

FAP cannot distinguish burst traffic from attack traffic hence the throughput of

burst traffic may degrade if a simple threshold-based defense system is used in FAP.

We are proposing a new mechanism called periodic based defense mechanism

which works against data flooding attacks in wireless mobile Ad Hoc networks to

enhance the throughput of burst traffic


23/51


23

7.1 Data flow diagram

A DFD shows what kinds of data will be input to and output from the system,

where the data will come from and go to, and where the data will be stored.

Fig 2: Data Flow diagram level 0

7.2 Level 2 DFD

Fig 3: DFD Level1

Context analysis Diagram:

Fig 4: Context analysis diagram

User

Routing Security against flooding attacks

in wireless ad hoc networks

UserAdaptive text

Attack encountered

Communication

Transfer data

Delivered path


24/51


24

8.1 Product perspective:

Fig 5 : system architecture

We can implement PDM mechanism at each and every node in a communication path

where attack may suppose to happen.

8.2 Specific Requirements:

Functional Requirements: This section outlines the use case for each of the activity

separately. The User can have only one use case apiece

Use Case: Add Node

User

Fig 6: Use case Add Node

Add

node

Node A

PDM

Add name

Node B Node C

PDM

Node d

PDM

Attack Attack

Add node


25/51


25

Brief Description:

1. User will prompt for the node

2. When Node found in a path it will add the node in that transmission range.

Use Case: Add Address

User

Fig 7: Use Case Add Address

Brief Description:

1. After getting the node in the range it will add address of that particular node in to an account

Use case: Add name

User

Fig 8: Use Case Add Name

Description:

System will add the Name when user prompts to add

Use case: Fill parameter

User

Fig 9: Use Case Fill Parameter

Add

Address

Add

Name

Fill parameter


26/51


26

Brief Description:

User will count the connection range parameters named (x,y) of transmission

range as an arguments which works as a transmission range parameters for which data

will be transmitted

Use case: send attacker

User

Fig 10 Use case Send Attacker

Brief Description:

System will generate an anonymous node as an attacker and release (send) in to

the node transmission range

Use case: send data

User

Fig 11: Send data

Brief Description:

User enters the data for to communication to transmit with in communication

range

Send attacker

Send data


27/51


27

8.3 UML DIAGRAMS

8.3.1 Use case diagram

Fig 12: Use case Diagram

8.3.2 Sequence Diagram

Fig 13: sequence Diagram

Add address

Add Nodes

Add name

Fill parameters

Send Attacker

Send Data

Search Node

User

user node name Fill parameter Attack Transfer data Search Status

Add

Enter name

Fill connection parameters

Process attack

data transfered

Sent Acknowledgement

Search node

view status

Recieve Acknowledge


28/51


28

8.3.3 Activity Diagram

Fig: 14 Activity Diagram

AddName

SendData

FindAttack

Deleverdata

SendAcknowledgement

Attack FoundNot Found

Start State

Stop state


29/51


29

8.3.4 Collaboration diagram

Fig 15: Collaboration Diagram

User

Node

Name

Fill connection

parameters

Attack

Transferdata

Search

nodeView

status

Add1:Enter name2:

Fill connection parameters3:

4: process attack

5: show the attack

6: transfer data

7: recieve acknowledge

8: search node9: view status


30/51


30

8.3.5 Class diagram

Fig 15: Class Diagram


31/51


31

9.1 MODULES

9.1.1 Throughput of Burst Traffic under Data Flooding Attacks.

9.1.2 PeriodBased Defense Mechanism against Data Flooding Attacks

9.1.3 Performance Evaluations

Module Description:

9.1.1 Throughput of burst Traffic under Data Flooding attacks

In wireless ad hoc networks, handheld-based consumer electronic devices are

used as mobile nodes. The data flooding attack sends many data packets in order to clog

not only a victim node but also the entire network since all packets are transmitted via

multiple hops. Hence, data flooding attacks are extremely hazardous to wireless ad hoc

networks. To conduct the data flooding attack, an attacker first sets up a path to thevictim node since the attack can be performed only after a path is constructed. Then, the

attacker forwards tremendous useless data packets along the path to make sure that the

victim node cannot process packets in a normal fashion. Finally, the resources of the

victim node are exhausted, so the node may get isolated from the network. In order to

measure the effect of the data flooding attack on data traffic including burst traffic in

wireless ad hoc networks, we calculate the throughput. The throughput is defined as the

ratio between the amount of data packets sent by the source node and the amount of data

packets received by the destination node during a time span from ts to td [4] The amount

of packets sent by the source node (tr) can be classified into control packets (C) such as

RREQ, Route Reply (RREP), Route Error (RERR) packets and data packets including

traffic for conducting data flooding attacks. On the other hand, the amount of data

packets received by the destination node (rc) can be classified into normal traffic

excluding the traffic meant for data flooding attacks Therefore, we can represent the

throughput using the following equation:

Through put = ()

(1)

9.1.2 The procedure of the PDM scheme is following as:

Step 1)at the end of the period compares the variance of received datapackets with the variance limit ( )).

Step 2-1) IfD ( is in the black list.it is not transmitted until the nextperiod .


32/51


32

Step 2-2) Else priority is determined by the inversion of the number of received data

packets and process the data packets according to priority.

Step 3) updates the black list by the greatest number of received packets in the

period.

Step 4) checks the period is the last period, the procedure of the PDM scheme isstopped.

Step 4-2) Else go to step 1

11.3 PERFORMANCE EVOLUATION

The performance of the proposed PDM scheme is measured by the throughput as

given in (1). The PDM scheme sets up wperiods for the data session from ts to td defendthe data flooding attack. The PDM scheme guarantees the QoS of non-burst traffic as

well as burst traffic.

[] []

By reducing the received traffic for conducting the data flooding attack at the

victim node, the received normal traffic regardless of burst traffic are increased. Hence,

the victim node receives much larger number of received non-burst traffic and burst

traffic than the case when the PDM scheme is not conducted [5].

We use the AODV as the basis routing protocol and compare its performance

with that of our PDM scheme attacker first sets up a path to the victim node since the

attack can be performed only after a path is constructed. Then, the attacker forwards

tremendous useless data packets along the path to make sure that the victim node cannot

process packets in a normal fashion. Finally, the resources of the victim node are

exhausted, so the node may get isolated from the network.


33/51


33

10. SIMULATION:

NS2 is an open-source event-driven simulator designed specifically for research

in communication networks. Since its inception in 1989, NS2 has continuously gained

tremendous interest from industry, academia, and government. Having been under

constant investigation and enhancement for years, NS2 now contains modules for

numerous network components such as routing, transport layer protocol, application, etc.

To investigate network performance, researchers can simply use an easy-to-use scripting

language to configure a network, and observe results generated by NS2. Undoubtedly,

NS2 has become the most widely used open source network simulator, and one of the

most widely used network simulators.

The network designed consists of basic network entities with the simulation parameters

presented in table

10.2 PARAMETERS OF SIMULATION

Description Value

Simulation time 300 s

Simulation area 1000*1000 m

Number of nodes 50, 120

Application traffic FTP server

File size 5000000 bytes

Data rate (bps) 11 mbps

Mobility algorithm Random waypoint

Routing protocol Aodv

Performance parameter Throughput, delay, Drop

Table 3: simulation Parameters


34/51


34

11. SAMPLE CODING AND SAMPLE SCREEN SHOTS

MYFORM.JAVA

package UI;import UI.myobjects.NodeButton;

import UI.myobjects.NodeButton1;

import UI.myobjects.draganddrop.DropTargetImp;

import UI.myobjects.GraphicalNode;

import UI.myobjects.PowerShower;

import UI.actions.*;

import javax.swing.*;

import java.awt.*;

import java.awt.event.ActionEvent;

import java.awt.event.ActionListener;

import java.awt.event.MouseEvent;

import java.awt.event.MouseListener;

import java.awt.event.MouseMotionListener;

import java.awt.image.ImageConsumer;

import java.awt.image.ImageProducer;

import java.util.ArrayList;

import java.util.List;

import java.util.Observer;

import simulator.Node;

import logger.StatusManager;

public class Myform extends JFrame implements ActionListener,MouseListener {

public final NumberKeyListener nkl = new NumberKeyListener();

JPanel content;

public MyMap myMap;

public static MapForm mapForm;

int P = 20, Q = 20,p=0,q=0, dp = 3, dq = 3;

private Image cup;

// private Panel keyPad;

public int top = 10;

public int left = 10;

private Node_Properties nodePanel;

public int xScale = 10;

public int yScale = 10;

public final int mapWidth = 550;


35/51


35

public final int mapHeight = 550;

public NodeButton newNodeBtn = new NodeButton(new

ImageIcon("images/SendingNode0.png"));

// public NodeButton1 newNodeBttn = new NodeButton1(new ImageIcon("images/virus.gif"));

private final List graphicalNodes = new ArrayList();

private final JTextField minNumber = new JTextField("3",3);

private final JCheckBox doubleDirection = new JCheckBox("DoubleDirection",true);

private final JTextField searchText = new JTextField(8);

JButton generateBtn ;

JButton delGnodeBtn = new JButton(new ImageIcon("images/delete.png"));

PowerShower powerShower;

JToolBar toolBar;

public JButton start =new JButton("Attacker");

JButton stop =new JButton("Stop");private GraphicalNode selectedGNode;

// JButton atkBtn=new JButton("Gen. Attacker");

public List getGraphicalNodes() {

return graphicalNodes;

}

/**

* returns the {@link GraphicalNode} that currently selecteed

*/

public GraphicalNode getSelectedGNode() {

return selectedGNode;

}

public MyMap getMyMap() {

return myMap;

}

public void refreshPowerShower(){

this.powerShower.setVisible(false);

this.powerShower.setXYrXrY(selectedGNode.getLocation().x,selectedGNode.getLocation().y,

selectedGNode.getNode().getPower()/this.xScale,selectedGNode.getNode().getPower()/this.yScal

e);

this.powerShower.setVisible(true);

this.powerShower.invalidate();

}

public void setSelectedGNode(GraphicalNode selectedGNode) {

this.selectedGNode = selectedGNode;

if (selectedGNode!=null){


36/51


36

this.getNodePanel().nameText.setEnabled(selectedGNode.getName().trim().length()==0);

selectedGNode.fillNodePanel();

this.refreshPowerShower();

}else{

this.powerShower.setVisible(false);

}

}

public Myform(String title) {

super(title);

content = new JPanel(new BorderLayout());

content.setOpaque(true);

myMap = new MyMap();

myMap.setPreferredSize(new Dimension(this.mapWidth,this.mapHeight));

myMap.setBorder(BorderFactory.createEtchedBorder());// newNodeBttn.setToolTipText("Attacker");

newNodeBtn.setToolTipText("Base Station");

cup = Toolkit.getDefaultToolkit().getImage("images/virus.gif");

this.getContentPane().add(content)

toolBar = new JToolBar();

// toolBar.add(newNodeBttn);

// toolBar.add(atkBtn);

toolBar.add(newNodeBtn);

toolBar.add(delGnodeBtn);

start.setIcon(new ImageIcon("images/virus.gif"));

toolBar.add(start);

// toolBar.add(stop);

toolBar.add(Box.createHorizontalStrut(5));

toolBar.add(new JSeparator(SwingConstants.VERTICAL));


toolBar.add(new JLabel("Min Neighbor: "));

toolBar.add(minNumber);

toolBar.add(doubleDirection);

generateBtn = new JButton("Fill Parameter");

toolBar.add(generateBtn);

minNumber.addKeyListener(new NumberKeyListener());


toolBar.add(new JSeparator(SwingConstants.VERTICAL));


toolBar.add(new JLabel("Search: "));

toolBar.add(searchText);

content.add(toolBar,BorderLayout.PAGE_START);


37/51


37

/ atkBtn.addActionListener(this);

start.addActionListener(this);

// stop.addActionListener(this);

// newNodeBttn.addMouseListener(this);

myMap.setDropTarget(new DropTargetImp(myMap));

myMap.setLayout(null);

}

public boolean isDoubleDirection(){

return this.doubleDirection.isSelected();

}

public int getMinNumberForFillParameter(){

if (this.minNumber.getText().trim().length()>0){

return Integer.parseInt(this.minNumber.getText());

}else{return 0;

}

}

/**

* finds GraphicalNode in graphicalNode list

* @param name

* @return null: if it didn't find the gnode with name

* reference to that node if it found

*/

public GraphicalNode getGNode(String name){

for (GraphicalNode graphicalNode : graphicalNodes) {

if (graphicalNode.getName().equals(name)){

return graphicalNode;

}

}


}

public void putGNode (GraphicalNode gNode){

graphicalNodes.add(gNode);

}

public Node_Properties getNodePanel() {

return nodePanel;

}

public void setNodePanel(Node_Properties nodePanel) {


38/51


38

this.nodePanel = nodePanel;

}

public GraphicalNode getGnodebyNode(Node node){

for (GraphicalNode graphicalNode : graphicalNodes) {

if (graphicalNode.getNode().equals(node)){

return graphicalNode;

}

}


}

public JTextField getSearchText() {return searchText;

}

public static void main(String[] args) {

Myform frame = new Myform("Novel defense mechanism against data flooding attacks in

wireless ad hoc networks");

frame.newNodeBtn.myForm = frame;

// frame.newNodeBttn.myForm = frame;

frame.setNodePanel(new Node_Properties(frame));

JSplitPane splitPane = new

JSplitPane(JSplitPane.HORIZONTAL_SPLIT,frame.myMap,frame.getNodePanel());

splitPane.setOneTouchExpandable(true);

splitPane.setDividerLocation(550);

frame.content.add(splitPane,BorderLayout.CENTER);

frame.myMap.addMouseListener(new PanelAction(frame));

//frame.atkBtn.addActionListener(this);

frame.generateBtn.addActionListener(new InitParameters(frame));

frame.powerShower = new PowerShower(frame);

frame.delGnodeBtn.addActionListener(new DeleteBtnAction(frame));

frame.searchText.addActionListener(new SearchGNodeAction(frame));

frame.setGlassPane(frame.powerShower);

frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);

frame.pack();

mapForm = new MapForm(frame,"Initializing Map",true,frame);

mapForm.pack();

mapForm.setVisible(true);


39/51


39

StatusManager.init(frame);

}

Graph.java :

package graph;

import java.awt.BasicStroke;

import java.awt.Color;

import java.awt.Polygon;

import java.awt.Shape;

import java.awt.geom.Rectangle2D;

import java.sql.Connection;

import java.sql.DriverManager;

import java.sql.ResultSet;

import java.sql.Statement;import java.util.StringTokenizer;

import java.util.Vector;

import org.jfree.chart.ChartFactory;

import org.jfree.chart.ChartPanel;

import org.jfree.chart.JFreeChart;

import org.jfree.chart.axis.NumberAxis;

import org.jfree.chart.plot.CategoryPlot;

import org.jfree.chart.plot.DefaultDrawingSupplier;

import org.jfree.chart.plot.DrawingSupplier;

import org.jfree.chart.plot.PlotOrientation;

import org.jfree.chart.renderer.category.LineAndShapeRenderer;

import org.jfree.data.category.CategoryDataset;

import org.jfree.data.category.DefaultCategoryDataset;

import org.jfree.ui.ApplicationFrame;

import org.jfree.ui.RefineryUtilities;

public class graph extends ApplicationFrame {

public graph(final String title) {

super(title);

final CategoryDataset dataset = createDataset();

final JFreeChart chart = createChart(dataset);

final ChartPanel chartPanel = new ChartPanel(chart);

chartPanel.setPreferredSize(new java.awt.Dimension(500, 270));

setContentPane(chartPanel);

}

private CategoryDataset createDataset() {

// row keys...


40/51


40

final String series1 = "Position";

final String series2 = "Distance";

//final String series3 = "Failure Recovery Time";

Vector vec1=new Vector();

Vector vec2=new Vector();

// Vector vec3=new Vector();

// create the dataset...

final DefaultCategoryDataset dataset = new DefaultCategoryDataset()

try {

Class.forName("com.mysql.jdbc.Driver");

String url="jdbc:mysql://localhost:3306/secure";

Connection con=DriverManager.getConnection(url,"root","root");

Statement st=con.createStatement();

//DBConnection connection2=new DBConnection();//Util util=new Util();

ResultSet rs=null;

String sql=null;

sql="SELECT * FROM local";

rs=st.executeQuery(sql);

Vector v1=new Vector();



while(rs.next())

{

v1.addElement(rs.getString(1));



}

System.out.println("v1============"+v1);

System.out.println("v2============"+v2);

//System.out.println("v3============"+v3);

for (int i = 0; i < v1.size(); i++)

{

StringTokenizer tokenizer=new StringTokenizer(v1.elementAt(i).toString(),"T[pos ] =");

vec1.addElement(tokenizer.nextToken())

}

for (int i = 0; i < v2.size(); i++)

{

StringTokenizer tokenizer=new StringTokenizer(v2.elementAt(i).toString(),"T[ Td ] =");

vec2.addElement(tokenizer.nextToken());

}


41/51


41

/*for (int i = 0; i < v3.size(); i++)

{

StringTokenizer tokenizer=new StringTokenizer(v3.elementAt(i).toString(),"T[ r ] =");

vec3.addElement(tokenizer.nextToken());

}*/

System.out.println("vecc==="+vec1);

System.out.println("vecc==="+vec2);

//System.out.println("vecc==="+vec3);

for (int i = 0; i < vec1.size(); i++)

{

dataset.addValue(Float.parseFloat(vec1.elementAt(i).toString()), series1, String.valueOf(i));

}

for (int i = 0; i < vec2.size(); i++){

dataset.addValue(Float.parseFloat(vec2.elementAt(i).toString()), series2, String.valueOf(i)

}

/*for (int i = 0; i < vec3.size(); i++)

{

dataset.addValue(Float.parseFloat(vec3.elementAt(i).toString()), series3, String.valueOf(i));

}

}catch(Exception e){e.printStackTrace();}

return dataset;

}

private JFreeChart createChart(final CategoryDataset dataset) {

final JFreeChart chart = ChartFactory.createLineChart(

"Novel defense mechanism against data flooding attacks in wireless ad hoc networks",

// chart title

"Distance", // domain axis label

"Execution Time", // range axis label

dataset, // data

PlotOrientation.VERTICAL, // orientation

true, // include legend

true, // tooltips

false // urls

);


42/51


42

// final StandardLegend legend = (StandardLegend) chart.getLegend();

// legend.setDisplaySeriesShapes(true);

final Shape[] shapes = new Shape[3];

int[] xpoints;

int[] ypoints;

// right-pointing triangle

xpoints = new int[] {-3, 3, -3};

ypoints = new int[] {-3, 0, 3};

shapes[0] = new Polygon(xpoints, ypoints, 3);

// vertical rectangle

shapes[1] = new Rectangle2D.Double(-2, -3, 3, 6);

// left-pointing triangle

xpoints = new int[] {-3, 3, 3};

ypoints = new int[] {0, -3, 3};

shapes[2] = new Polygon(xpoints, ypoints, 3);

final DrawingSupplier supplier = new DefaultDrawingSupplier(

DefaultDrawingSupplier.DEFAULT_PAINT_SEQUENCE,

DefaultDrawingSupplier.DEFAULT_OUTLINE_PAINT_SEQUENCE,

DefaultDrawingSupplier.DEFAULT_STROKE_SEQUENCE,

DefaultDrawingSupplier.DEFAULT_OUTLINE_STROKE_SEQUENCE,

shapes

);

final CategoryPlot plot = chart.getCategoryPlot();

plot.setDrawingSupplier(supplier);

chart.setBackgroundPaint(Color.CYAN);

// set the stroke for each series...

plot.getRenderer().setSeriesStroke(

0,

new BasicStroke(

2.0f, BasicStroke.CAP_ROUND, BasicStroke.JOIN_ROUND,

1.0f, new float[] {10.0f, 6.0f}, 0.0f

)

);



43/51


43

1,

new BasicStroke(


1.0f, new float[] {6.0f, 6.0f}, 0.0f

)

);


2,

new BasicStroke(


1.0f, new float[] {2.0f, 6.0f}, 0.0f

)

);

// customise the renderer...

final LineAndShapeRenderer renderer = (LineAndShapeRenderer) plot.getRenderer();

// renderer.setDrawShapes(true);

renderer.setItemLabelsVisible(true);

// customise the range axis...

final NumberAxis rangeAxis = (NumberAxis) plot.getRangeAxis();

rangeAxis.setStandardTickUnits(NumberAxis.createIntegerTickUnits());

rangeAxis.setAutoRangeIncludesZero(false);

rangeAxis.setUpperMargin(0.12);

return chart;

}

public static void main(final String[] args) {

final graph local = new graph("Novel defense mechanism against data flooding attacks in wireless ad

hoc networks");

local.pack();

RefineryUtilities.centerFrameOnScreen(local);

local.setVisible(true);

}

}


44/51


44

11. Effect of flooding attack

Initially it suggest to adjust the map settings but defaultly it takes some parameter

values

Fig: 16: Nodes Are participating in Ad Hoc Network

In wireless ad hoc networks all nodes are participating in a communication network

range when they need. Each and every mobile will have distinct parametric values and

their power ranges. At a particular instant of time every node can act as base station

along their network. Before establishing communication between an nodes their need to

build a route between nodes. After establishing a route communication may be done.

Fig 17:Effect of the flooding attack in MANET


45/51


45

Simulation Results:

Fig 18: Simulation Environment of the PDM scheme in MANET

Fig: 19 Evaluation of Random way point Model


46/51


46

Fig: 20 values stored in data base

Fig : 21 graphical analysis of periodic based defense mechanism


47/51


48/51


48

Valid Input : identified classes of valid input must be accepted.

Invalid Input : identified classes of invalid input must be rejected.

Functions : identified functions must be exercised.

Output : identified classes of application outputs must be exercised.

Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify

Business process flows; data fields, predefined processes, and successive processes must

be considered for testing. Before functional testing is complete, additional tests are

identified and the effective value of current tests is determined.

System Test

System testing ensures that the entire integrated software system meets

requirements. It tests a configuration to ensure known and predictable results. An

example of system testing is the configuration oriented system integration test. System

testing is based on process descriptions and flows, emphasizing pre-driven process links

and integration points.

White Box Testing

White Box Testing is a testing in which in which the software tester has

knowledge of the inner workings, structure and language of the software, or at least its

purpose. It is purpose. It is used to test areas that cannot be reached from a black box

level.

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner

workings, structure or language of the module being tested. Black box tests, as most

other kinds of tests, must be written from a definitive source document, such as

specification or requirements document, such as specification or requirements document.

It is a testing in which the software under test is treated, as a black box .you cannot see

into it. The test provides inputs and responds to outputs without considering how the

software works.


49/51


49

Unit Testing:

Unit testing is usually conducted as part of a combined code and unit test phase

of the software lifecycle, although it is not uncommon for coding and unit testing to be

conducted as two distinct phases.

Test strategy and approach

Field testing will be performed manually and functional tests will be written in

detail.

Test objectives

All field entries must work properly.

Pages must be activated from the identified link.

The entry screen, messages and responses must not be delayed.

Features to be tested

Verify that the entries are of the correct format

No duplicate entries should be allowed

All links should take the user to the correct page.

Integration Testing

Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by

interface defects.

The task of the integration test is to check that components or software

applications, e.g. components in a software system or one step up software

applications at the company levelinteract without error.

Test Results: All the test cases mentioned above passed successfully. No defects

encountered.

Acceptance Testing

User Acceptance Testing is a critical phase of any project and requires significant

participation by the end user. It also ensures that the system meets the functional

requirements.

Test Results: All the test cases mentioned above passed successfully. No defects

encountered.


50/51


50

13. CONCLUSION

The proposed the period-based defense mechanism against data flooding attack

paralyzes a victim node by consuming its resources. Hence, the throughput of the victim

node is significantly reduced. However, the current defense systems focus on RREQ

flooding attacks rather than the data flooding attack. They easily reduce the throughput

of burst traffic by comparing with the simple threshold. Hence, we aim to enhance the

throughput of burst traffic under the data flooding attack. The proposed scheme uses a

blacklist, considers the data type, and processes packets according to the priority so as to

defend against data flooding attacks; since the attacker forwards many data packets at a

high rate for the whole session. Recently, many users like to download and share

multimedia data, so we expect that the proposed scheme is useful to networks where

burst traffic are transferred.


51/51


REFERENCES

[1] A. Jamal pour, "Self-organizing networks [message from the editor-in-

chief],"IEEE Wireless Communications, vol. 15, no. 6, pp.2-3, Dec. 2008.[2] S.-J. Lee and M. Gerla, "Split multipath routing with maximally disjoint paths in

ad hoc networks," IEEE International Conference on Communications

(ICC2001), vol. 10, pp. 3201-3205, Jun. 2001.

[3] L. Xia and J. Slay, "Securing wireless ad hoc networks: towards a mobile agent

security architecture," the 2nd Australian Information Security Management

Conference 2004 (InfoSec 2004), Nov. 2004.

[4] M. Al-Shurman, S.-M. Yoo, and S. Park, "Black hole attack in mobile ad hoc

networks," the 42nd annual Southeast regional conference ACM Southeast

Regional Conference (ACMSE 2004), pp. 96-97, Apr. 2004.

[5] Y.-C. Hu, A. Perrig, D. B. Johnson, "Wormhole attacks in wireless networks,"

IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 370- 380,

Feb. 2006.

[6] Y.-C. Hu, A. Perrig, and D. B. Johnson, "Rushing attacks and defense in Wireless

ad hoc network routing protocols," the 2nd ACM Workshop on Wireless Security,

pp. 30-40, Sept. 2003.

dhana print final report

Documents