Proceedings of 2014 RAECS VIET Panjab University Chandigarh, 06 - 08 March, 2014

Defending MANETs against Flooding Attacks for

Military Applications under Group Mobility

Taranpreet Kaur

CSE Department

RBCENTW,Hoshiarpur

ertanu.judge414@gmai1.com

Amanjot Singh Toor

ECE Department

Krishan Kumar Saluja

CSE Department

SBSSTC, Ferozepur

k.salujasbs@gmai1.com

CT institute of technology, lalandhar

aman_singh_toor@ymail.com

Ahstract- MANET is an assembly of mobile nodes having the

capability of configure any momentarily network without the

assistance of any established infrastructure or centralized

supervision. Due to the self-arrangement and self maintenance

abilities, MANETs become highly vulnerable to various kinds of

attacks. So, Security challenges have become a key concern to

provide secure communication between mobile nodes. Flooding

attack is one of the security threat in which the intruder will

overload the network with worthless packets to misuse the

bandwidth and resources of the network. In this paper a

clustering behavior based reputation mechanism is proposed to

identify the flooding malicious nodes in military battlefield

network. As in battlefield situation, mainly Group Mobility

model is followed, so grouping of nodes in clusters have various

advantages. Reputation (assessment of its behavior in the

network) of a node is calculated at cluster heads. This strategy

has double nature, hence it efficiently fix the false detection of

genuine nodes as malicious ones. Strategy is simulated in NS2.

Performance of new scheme is compared with AODV protocol

based on various performance metrics it is noticed that proposed

strategy has better performance in terms of various metrics.

Keywords- MANET; RREQ; RREP; Flooding Attack;

Reputation; NS-2 Simulation

I. INTRODUCTION

MANET is a self organizing impermanent network where multi-hop communication is used i.e. Each node itself acting as a router helps other nodes to transmit their messages. Nodes are also changing their positions very frequently. As MANET have various features like dynamic topology, infrastructure less and easy to deploy etc. Which makes it suitable to use for applications like conferences, assembly events, in battlefield and under disaster conditions (such as flood, fire) etc. MANET is having bright future for fulfilling the demands of new applications [3].

As topology in MANET is changing very often, so routing is a challenging job. Every node needs to learn updated topology very frequently. The main objective of routing is to find best shortest path in terms of low delay, low jitter etc. Moreover nodes are working on battery power and very less bandwidth is available, hence power consumption and bandwidth consumption needs to be considered while choosing a path [1].

978-1-4799-2291-8/14/$31.00 ©2014 IEEE

The routing protocol designed for MANET assumes that all nodes will be co-operative and trustworthy, but when malicious nodes are present in a network, the network becomes vulnerable to various kinds of attacks [2]. In RREQ Flooding Attack, malicious nodes send large amount of useless packets in the network for the destination node which is not present in the network, as no node knows the location of required IP, so packets traverse the entire network. When large amount of useless packets are being sent, the bandwidth and resources of network is exhausted. Hence it causes denial of service because each node will always be busy in receipt of useless packets [20][25].

Military applications require more consideration about information security, than business and educational purposes [4][5][26]. When commutation is through MANET, to deal with it is most tough due to harder constraints , as military aspects in MANET are little complex. Especially in battlefield scenario requirements such as low power consumption, fast communication, security of information etc are bit harder to implement.

Thus routing in MANET has to be reliable and accurate, most important it has to be secure so that any malicious node cannot affect the security and performance of network. Also concerning some other issues like power consumption, bandwidth utilization etc. There are other numbers of concerns which are very difficult to combine with MANET [25].

II. BACKGROUND AND MOTIVATION

In RREQ Flooding Attack intruder injects fake RREQ packets in the network in large amount. The destination chosen for packets usually do not exist in the network; as a result these packets will pass to every node [20]. When large amount of packets are flooded, whole bandwidth of the network is wasted and resources like battery power etc are exhausted. This in turns causes denial of service [25].

The techniques used for defending from flooding attack in [11-24] are able to detect and defend from flooding attack, but some of the gaps left are:

1. Most of the techniques [2][5][7][11][12] have the problem of false alarms. The large number of packets generated in case of busty traffic is taken as attack and legitimate nodes are blocked.

2. Routing overhead in techniques proposed in [6][8] [9][12] effect the throughput of the network.

3. Energy efficiency is other issue, as devices in MANET are battery powered so due to overhead energy is wasted [8] [9] 12].

4. Implementing these techniques also affect QOS of the network because delay, jitter, PDR is also affected [2] [9] [12].

5. Bandwidth Wastage etc.

In this paper a clustering- behavior based mechanism is proposed to identify and mitigate the impact of flooding malicious nodes in military battlefield network. As in battlefield situation performance of network is really important. The scheme proposed has double nature, hence it resolves the false detection of genuine nodes as malicious nodes, and moreover routing overhead is less because no extra packets need to be transmitted.

III. PROPOSED METHODOLOGY

A clustering-behavior based technique is used to avoid the impact of RREQ Flooding Attack in AODV protocol. Arranging the nodes in clusters have many advantages when mobility model used is Group Mobility. As United States Army began the Near Term Digital Radio project (NTDR) [26] to develop a tactical packet radio for deployment in battlefield, in which nodes are first organized into clusters.

In this approach, first nodes are organized into various clusters, which will form network backbone. Clustering technique used is On-Demand, the node replies with RREP will be elected as cluster head, and cluster head then announce to its one hop nodes. Nodes which want to join the cluster head will send a request to head, head in turn reply for the request. Heads will be reelected of node moves or head moves. In group mobility nodes are moving in same direction so reelections required is less. No extra packets are transmitted because information is transferred through HELLO packets. Reputation formula used to calculate the behavior of each node, on the basis of which maximum no. of RREQ for each node is decided, the formula is as follows:

Nodes can send RREQs on the basis of Reputation. To avoid the clustering overhead a new parameter k is being introduced, because some RREQ packets are dropped due to cluster head bottleneck. The k parameters is varied in scenarios is and the impact on the metrics were studied.

Any malicious node cannot send packets at high rate because reputation value will be less. To avoid false detection filtering scheme is used in which, After HELLO time interval reputations of all nodes are calculated again, if a node's reputation is 0 it will be increased to 0.1. If node starts behaving like genuine node the reputation value increases and node is given chance to join the network again as genuine node.

Ifclwter­head or member node has changed it, position

After HELLO tinter interval

Proposed Methodology

ReputatDn cak:uBtDn b¥ cluste r head

After HELLO timer interval

SetRJo,.=O.1

if R",=O

Bb:k Node

IV. SIMULATION SCENARIOS

In this section impact of presence of malicious here placement of malicious nodes are different. The CBR traffic is taken for experimentation.

A. Experimental Setup and Metrics

The ns-2 simulator was used for the experiments. We now describe the traffic pattern, the scenario description and the metrics that were used for the experiments.

]. The traffic pattern

The traffic pattern file was generated using parameters as in Table 1.

2. Scenario description

Various scenarios taken for experimentation are as follows:

a) Scenario]

The scenario was generated used to depict a battlefield scenario where attacking nodes are distributed among clusters.

RAi = (RREPi+k) /RREQi  (original formula is 

                                  RREP/RREQ generated[24])

 allowed_RREQi= RAi * max_RREQi

Mobility model is Group Mobility and nodes are arranged into clusters.

TABLE 1· Traffic pattern

Parameter Value

Simulation Duration 180

Simulation Area 500 *500

Number of mobile Nodes 10

Packet Size 1024

Mobility Model Group Mobility

Rate 11 Mbps

Application CBR

MAC layer Protocol IEEE 802.11

Transmission Range 250m

Traffic Type CBR

Routing Protocols AODY

Type of traffic Constant Bit Rate

Packet Size 512 bytes

Threshold 0.5

b) Scenario 2

The parameters used for this scenario is same as above the main difference is all the attacking nodes are present in one cluster, one CBR Traffic is genuine. All attacking nodes are present in one cluster. The metrics used are as follows:

3. Metrics

The following metrics were used for performance evaluation-

a) Packet Delivery Fraction (PDF): This is calculated as

the ratio of total number of packets received by the destination nodes to the number of packets sent by the source nodes.

b) Routing Load (RL): This is the ratio between the

number of routing packets transmitted to the number of packets actually received (thus accounting for any dropped packets).

C) Average end to end delay (AED) : This is defined as

the average delay in transmission of a packet between two nodes and is calculated as follows-

n

L (timePacket Re ceivedj - timePacketSent

AED = -'-i=....::.O _______________ _

totalNumberOJPackets Re ceived

d) Throughput: Total amount of data received by the

receiver per unit of time (bits/sec).

'T'h h numberOf Re ceivedbits 1, roug put = . .

umt -tzme

TABLE 2: Parameters for the battlefield scenario

Parameter Value

Dimensions 500"500

Mobility Model Group Mobility Model

No. of nodes

Min. speed

Max. speed

Average number of nodes in a group

Probability of group change

Pause time

V. RESULTS

(GM)

10

1 mls

5 mls

5

0.01

60 sec

As the AODV protocol is modified where reputation formula used to calculate reputation of each node, on the basis of reputation maximum no. of RREQ for each node is decided, the formula is as follows:

RA = (RREP+k) IRREQ

The k parameters in the battlefield scenario I and scenario 2 were varied and the impact on the four metrics described above was studied. The results are as follows:

A. Effect of varying the value of k on PDR (scenario I vs. scenario 2)

As shown in Fig. 2 and 3, the number of attacking nodes was varied from 0 to 4 and the effect of k is depicted on PDR. The performance is compared under different scenarios. The results are as follows:

It is found that the packet delivery fraction decreases as the number of malicious nodes in the network increases. This is due to the fact that as number of nodes increases, the congestion in the network also increases and hence the number of lost packets due to retransmission also increases. When the original formula(k=O)[24] is used due to clustering overhead, when number of nodes increases to 3 due to clustering overhead PDR reaches to O. When value of k is increased, It performs better than original AODV. The optimal value of PDR at k=2. But in scenario 2 the PDR degradation is faster than scenario 1.

B. Effect of varying the value of k on Delay( scenario I vs. scenario 2)

As shown in Fig. 4 and 5, since AODV uses a table driven approach, the processing delay at the nodes also increases with an increase in the size of the network thereby accounting for the higher end-to-end delay. As shown in the Fig. 4, when the original formula(k=O) is used due to clustering overhead, when number of nodes increases to 3 due to clustering overhead AED(Excluding Processing time) reaches to infinite. But in

scenario 2 it reaches to infinite when attacking nodes reaches to 1. So if attacking nodes are present in same cluster the increase in delay is high.

c:: o Co.

0.6

0.4

0.2

o

o 1 2 3 4

�AODV

_k=O

-a-k=l

�k=2

�k=3 Number of Attacking Nodes

Effect of varying the value of k on PDR ( Scenario I)

Effect of varying the value of k on PDR ( Scenario 2)

C. Effect of varying the value of k on Routing

Overhead (scenario 1 vs. scenario 2)

D. Effect of varying the value of k on Throughput

(scenario ] vs. scenario 2)

800

E 600

> 400 .!!! � 200

o

o 1 2 3 4

�AODV

_k=O

-a-k=l

�k=2

�k=3 Number of Attacking Nodes

Effect of varying the value of k on Delay (Scenario 1)

1500

VI 1000 E z: 500 ttl C1I

0

0

c enalo 2

o 1 2 3 4

�AODV

_k=O

-a-k=l

�k=2

�k=3

Number of Attacking Nodes

Effect of varying the value of k on Delay(Scenario 2)

As shown in Fig. 6 and 7 ,the routing load increases with an increase in number of nodes due to an increase in the routing packets in the network. As shown in the Table overhead is high in original AODV, as we apply the filtering scheme it is improving. When attacking nodes are present in same cluster the overall control messages will be less in whole network.

-c ttl C1I

..r::. ... C1I :> 0 tlll c::

·z ::::I 0

c::

500000

400000

300000

200000

100000

0

0 1 2 3 4

Number of Attacking Nodes

_k=O

-a-k=l

�k=2

�k=3

Effect of varying the value of k on Routing Overhead (Scenario 1)

Throughput is the measure of total amount of data received by the receiver per unit of time (bits/sec). As shown in Fig. 8 and 9, the proposed approach performs better in terms of throughput. Due to cluster overhead the throughput reaches to o after malicious nodes increases to 3. But in scenario 2, throughput degradation is high, as increasing in malicious nodes. Thus the position of malicious nodes in a network also impacts various performance parameters in MANET.

In both the scenarios the k=2 gives optimal value in terms of PDR, Delay, Overhead and Throughput. Because when the value of k is decreased, packets from legitimate nodes are also dropped, due to cluster head bottleneck, so performance of the network degrades.

100000 "'C ra 80000 Q)

.s::. 60000 ...

Q) :> 40000 0 tlO 20000 c::

·z 0 ::l 0

a:: o 1 2 3 4

�AODV

_k=O

-&-k=l

�k=2

�k=3 Number of Attacking Nodes

Effect of varying the value of k on Routing Overhead (Scenario 2)

400 II> C. 300 .0

:..:: ..... 200 ::l C.

100 .s::. tlO ::l

0 0 ... .s::. I- o 1 2 3 4

�AODV

_k=O

-&-k=l

�k=2

�k=3 Number of Attacking Nodes

Effect of varying the value of k on Throughput (Scenario 1)

250 II>

200 c. .0 :..:: 150 ..... ::l 100 c.

.s::. 50 tlO

::l 0 0 ...

.s::. I- o 1 2 3 4

�AODV

_k=O

-&-k=l

�k=2

�k=3 Number of Attacking Nodes

Effect of varying the value of k on Throughput (Scenario 2)

On the other hand if the value is increased from 2 the malicious nodes get more chance of sending the useless packets. Hence performance starts degrading. The optimal value of performance is at when the value of k=2.

VI. CONCLUSION

To degrade the performance of MANET, the Denial of Service (DOS) Attacks, such as Route Request Flooding Attack comes under Distributed Denial of service attacks are major threat. A new approach is proposed which will efficiently defend from RREQ Flooding Attack in Military battlefield situations. Following are the main conclusion: The optimal value of k varies from scenario to scenario.

For Clustering scenarios the optimal value of k is 2, in terms of PDR, Delay, Overhead, and Throughput. The position of attacking nodes also plays important role on values of various metrics. If all malicious nodes are present in one cluster the performance degradation is more, as clustering overhead increases. For future research, a new method for clustering can be implemented where battery power can be taken in to consideration. More mobility models can be taken for experimentation in future research. More metrics can be taken for performance measurement. Moreover we can consider other applications as well.

REFERENCES

[1] Jhaveri, RH. Patel, SJ. Jinwala and D.C. , "DoS Attacks in Mobile Ad Hoc Networks: A Survey," Advanced Computing & Communication Technologies (ACCT), 2012 Second International Conference on , vol., no., pp.S3S-S4 I, 7-8 Jan. 2012

[2] Djahel, S. Nait-abdesselam, and F. Zonghua Zhang, "Mitigating Packet Dropping Problem in Mobile Ad Hoc Networks: Proposals and Challenges," Communications Surveys & Tutorials, IEEE, vol.13, no.4, pp.658-672, Fourth Quarter 2011

[3] Konate, K. Abdourahime and G , "Attacks Analysis in Mobile Ad Hoc Networks: Modeling and Simulation," Intelligent Systems, Modelling and Simulation (ISMS), 2011 Second International Conference on , vol., no., pp.367-372, 2S-27 Jan. 2011

[4] Bandyopadhyay, A. Vuppala, S. Choudhury and P. , "A simulation analysis of t100ding attack in MANET using NS-3," Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronics Systems Technology (Wireless VITAE), 2011 2nd International Conference on , vol., no., pp.I-S, Feb. 28 201 I-March 3 2011

[S] c. Perkins and P Bhagwat, "Highly Dynamic Destination Sequenced Distance Vector Routing DSDV for mobile computers". In ACM SIGCOMM'94 Conference on Communication Architectures, protocols and applications, 1994, pp. 234-244 .

[6] C.E. Perkins, E. Belding Royer, and S.R Das, "Ad hoc On demand distance vector (AODV) routing", IETF RFC 3S61, July 2003.

[7] D.Johnson, Y. Hu, and D. Maltz, "The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4", RFC 4728, 2007 .

[8] B. Wu, J. Chen, J. Wu, and M. Cardei, "A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks," in Wireless/Mobile Network Security, Springer, 2009

[9] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato and A. Jamalipour, "A survey of routing attacks in mobile ad hoc networks", Proc. of Wireless Communications, IEEE, Oct 2007, Issue S, pgs 8S-91.

[10] Kannhavong, B. Nakayama, H. Nemoto, Y. Kato, N. Jamalipour, and A. , "A survey of routing attacks in mobile ad hoc networks," Wireless Communications, IEEE, vo1.14, no.5, pp.8S-9 I, October 2007

[ I I] M. G. Zapata and N. Asokan, "Securing Ad hoc Routing Protocols", Proceedings of the AC Workshop on Wireless Security (WiSe 2002), September 2002, pp. 1-10

[12] Yih-Chun Hu, Adrian Perrig, and David B. Johnson, "Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks", Proceedings of the Eighth Annual International Conference on Mobile

Computing and Networking (MobiCom 2002), ACM, Atlanta, GA, September 2002, pp. 12-23

[13] S. Desilva and RV. Boppana, "Mitigating Malicious Control Packet Floods in Ad Hoc Networks", Proceedings of 2005 IEEE Wireless Communications and Networking Conference (WCNC05), March 200S, pp. 2112-2117

[14] P. Yi, Z. Dai, Y. Zhong and S. Zhang, "Resisting Flooding Attacks in Ad Hoc Networks",

[ IS] Proceedings of International Conference on Information Technology: Coding and Computing (ITCC'OS), April 200S, pp.6S7-662

[16] Zhi Ang EU and Winston Khoon Guan SEAH, "Mitigating Route Request Flooding Attacks in Mobile Ad Hoc Networks", Proceedings of International Conference on Information networking (ICOIN-2006), Sendai, Japan, 2006

[l7] Li, Q. Chang, E.-e. Chan and M.e. , "On the effectiveness of DDoS attacks on statistical filtering," INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, vol.2, no., pp. 1373- 1383 vol. 2, 13-17 March 200S

[18] Hwee-Xian ,Tan Seah and W.K.G. , "Framework for statistical filtering against DDoS attacks in MANETs," Embedded Software and Systems, 2005. Second International Conference on , vol., no., pp. 8 pp., 16-18 Dec. 200S

[19] Cabrera, J.B.D. Gutierrez, e. Mehra and R.K. , "Infrastructures and algorithms for distributed anomaly-based intrusion detection in mobile ad-hoc networks," Military Communications Conference, 2005.

MIL COM 2005. IEEE, vol., no., pp.1831-1837 Vol. 3, l7-20 Oct. 200S

[20] [19] Balakrishnan, V. Varadharajan, V. Tupakula, U. Moe and M.E.G. , "Mitigating Flooding Attacks in Mobile Ad-hoc Networks Supporting Anonymous Communications," Wireless Broadband and Ultra Wideband Communications, 2007. AusWireless 2007. The 2nd International Conference on, vol., no., pp.29, 27-30 Aug. 2007

[21] lian-Hua Song, Fan Hong and Yu Zhang , "Notice of Violation of IEEE Publication Principles Effective Filtering Scheme against RREQ Flooding Attack in Mobile Ad Hoc Networks," Parallel and Distributed Computing, Applications and Technologies, 2006. PDCAT '06. Seventh International Conference on , vol., no., pp.497-S02, 4-7 Dec. 2006

[22] Yinghua Guo, Gordon, S. Perreau and S. , "A Flow Based Detection Mechanism against Flooding Attacks in Mobile Ad Hoc Networks," Wireless Communications and Networking Conference, 2007. WCNC 2007. IEEE, vol., no., pp.3 IOS-311O, 11-1S March 2007

[23] Gunasekaran, R. Uthariaraj and V.R., "Prevention of Denial of Service Attacks and Performance Enhancement in Mobile Ad hoc Networks," Information Technology: New Generations, 2009. ITNG '09. Sixth International Conference on , vol., no., pp.640-64S, 27-29 April 2009

[24] Yinghua Guo, Simon and M. , "Network Forensics in MANET: Traffic Analysis of Source Spoofed DoS Attacks," Network and System Security

(NSS), 2010 4th International Conference on , vol., no., pp.l28-135, 1-3 Sept. 2010

[2S] Choudhury, P. Nandi, S. Pal, A. Debnath and N.e. , "Mitigating route request flooding attack in MANET using node reputation," Industrial

Informatics (INDIN), 2012 10th IEEE International Conference on, vol., no., pp.1010-1015, 25-27 July 2012

[26] H. Kari,"Military-grade wireless ad hoc networks", <http://www.cs.helsinki.fi/ulrn i ki for/nytlkalvotlhy _ 200303 OS _langattom aCsotilasver kocrl.pdf >. Helsinki University of Technology, Finland, Acc: 2003-11-2S.

[27] R. Ruppe, S. Griswald, P. Walsh, and R. Martin. Near Term Digital Radio (NTDR) System. In Proceedings of the 1997 IEEE Military Communications Conference (MILCOM'97), Monterey, CA, November 1997.

[28] Zheng Kai; Wang Neng; Liu Ai-Fang, "A new AODV based clustering routing protocol," Wireless Communications, Networking and Mobile Computing, 2005. Proceedings. 2005 International Conference on, vol.2, no., pp.n8,731, 23-26 Sept. 2005 doi: 1O.1109IWCNM.200S.1S44146

[29] e.-K. Toh. "Ad Hoc Mobile Wireless Networks: Protocols and Systems". Prentice Hall publishers, December 2001, ISBN 0130078174.

[30] William Stallings. "Network Security essentials: Application and Standards", Pearson Education , Inc 2003, ISBN 01303S1288.

[31] Yi-an Huang and Wenke Lee. "Attack analysis and Detection for Ad­hoc Routing protocols". Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID'04), French Riviera, France. September 2004. http://www.ece.cmu.edu/-adrian1731-spOS/readings/Huang-Lee-Ad-Hoc-Net-TDS.pdf

[32] NS2 installation instruction under windows operating system. [Online] A vailable:http://140.116.n.80/-smallko/ns2/setup en.htm.

[33] NS manual. [Online]Available: http://www.isi.edulnsnam/ns/ns-

documentation.html