Attack Generating and its Implication on Ad Hoc Networks

Sumitra Menaria1, Sharada Valiveti2, Dr Ketan Kotecha3

Institute of Technology Computer Science and Engineering Ahmedabad, Gujarat, India 382481 3 Institute of Technology Nirma University Ahmedabad, Gujarat, India 382481
1

12

sumitra.menaria@gmail.com, sharada.valiveti@nirmauni.ac.in,3drketankotecha@gmail.com
2

AbstractThese days, Ad Hoc Networks are in demand in some crucial applications due to their open architecture and the mobility feature. Here, nodes cooperate with each other for communication. This very characteristic poses an immense problem in Ad Hoc Networks from the Security Point of view. Also due to the lack of Central Administration, Ad Hoc Networks fall prey to the Insider Attacks. Implementation of good Intrusion Detection Systems are ideal for insider attacks. For developing highly efficient intrusion detection system, it is mandatory to understand the effect of attacks on performance of Ad Hoc networks. In this paper we discuss general overview of wireless ad hoc networks, survey of various attacks and analysis of effects of black hole attack, dropping route request attack and Route Request flooding attacks on Ad Hoc networks. The ns-2 simulator was used for simulation of various attacks.

secured and trust worthy systems. To develop a more efficient intrusion detection system it is necessary to understand the impact of attacks on Ad Hoc Networks. In this paper, in section II, we have presented overview of AODV Protocol, section III contains details about type of attacks, section IV contains details about attacks implemented, section V gives simulation study and analysis of effect of attack on network with respect to various performance metrics with varying number of active connections and node mobility. OVERVIEW OF AODV The Ad hoc On-demand Distance Vector (AODV) [4] routing protocol creates routes on demand, trying to minimize the number of control messages. Given that nodes that are not in the selected path does not maintain routing information or exchange routing table information, and that the process is source initiated. The path discovery process starts when a source node desires to send a message to a destination node and does not have a valid route. The source node broadcasts a route request packet (RREQ) to its neighbor nodes, which then forward the request to their neighbor nodes, and so on. The process continues until either the destination node, or an intermediate node with an updated (fresh enough) route to the destination, is reached by this request. Then, the node responds with a route reply packet (RREP) back to the neighbor from which it first received the RREQ. The AODV protocol only supports symmetric links. The reply packets are routed back along the reverse path established by the request packets. The reply packets that travel along the intermediate nodes setup forwarding entries in the routing tables. These table entries point to the node from which the RREP was received. There is a timer associated with each route entry. The entries expire if not used by data packets. Destination sequence numbers are used by AODV to ensure loop-free routes and up to date routing information. With the mobility and radio interferences, links in the network can go down and a route repair procedure may be necessary. If a node moves out of the radio range of its neighbor, the upstream neighbor propagates a link failure notification (routing error packet RERR) to each of its upstream neighbors to inform the failure
II.

INTRODUCTION Ad Hoc Networks belong to the family of Networks in which the group of nodes or mobile devices operate and cooperate with a common goal of providing connectivity without any predifined infrastructure or central administration. In other words, the nodes function solely by themselves. Hence the management of the network lies in the capabilities of the nodes only. The capability may be considered in terms of the number of nodes in the network, time taken for the nodes to send and receive the messages, time taken for route establishment, number of control messages present in the network, number of packets transmitted and received, number of packets dropped and so on.Every parameter mentioned above has some relevance from the applications point of view. Although, the advantages of node mobility, low cost of deployment and infrastructureless set up is available, study is going on about how the above mentioned parameters can be optimized further and further.The mobility of wireless devices demand more resilient, stronger and effective security schemes. But the dynamic nature of Ad Hoc Network puts difficulty in monitoring nodes, non-availability of central points for audit data collection and highly constrained nodes. These are the major challenges in the way of deploying
I.

978-1-4577-0240-2/11/$26.00 2011 IEEE

473

of part of the route. The failure notification is propagated until the source node is reached. When the source node is reached by the routing error packet it initiates a new path discovery process. Connectivity information can be obtained using hello messages. Hello messages are routing reply packets which are periodically broadcasted by a node to inform its existence to its neighbors
III. TYPE OF ATTACKS For the purpose of intrusion detection, one needs to analyse anomalies due to both the consequence and technique of an attack. Consequence gives evidence about the success of attack and technique helps in identifying attack and some time attacker too. According to their consequences attacks can be categorized into passive attacks which are intended for stealing information and active attacks which involve disruption of information. Based on techniques, attacks can be categorized as internal attacks which come from compromised node inside the network and external attack in which an unauthorized node misuses the resources. Main goals for an adhoc network are authentication, non-repudiation, availability, integrity, confidentiality [1]. Authentication means to verify the identity of the node and non-repudiation to prove the originality of the sender. Spoofing and rushing are the attacks affecting authentication and nonrepudiation in which misbehaving node can spoof MAC or IP address. Availability of resources in timely manner can be attacked by packet dropping, route fabrication, resource consumption and selfish behaviour. Malicious node can drop packet instead of forwarding or send unwanted and unlimited number of routing messages to consume available resources. Integrity which is to verify originality of message can be affected by false routing, misrouting and men in the middle attack. Malicious node give reply of any route request with modified sequence number or send false routing information. Confidentiality means not to disclosing details of node. It can be affected by location disclosure and content disclosure attack. Malicious node can disclose the physical location of any other node or can disclose the message being transmitted IV.

decide not to participate in the routing process in order to conserve energy. Thus, a malicious node upon receiving a routing packet that is not destined for itself or it was not initiated by it deliberately drops it. The node by acting selfishly conserves energy but it may also cause network segmentation. If some of the participating nodes are only connected with the malicious node then they become unreachable and isolated from the rest of the network. Malicious node will drop all routing traffic coming to it. C. RREQ Flooding attack: RREQ flooding attack [4], floods the network with false routing packets to consume all the available network bandwidth with irrelevant traffic and to consume energy and processing power from the nodes. For RREQ flooding attack, attacker selects random IP addresses which are not in network and floods route requests. To resist detection it changes destination IP frequently II. SIMULATION AND ANALYSIS The experiments were carried out using the network simulator (ns-2). The scenarios developed to carry out the tests use as parameters the mobility of the nodes and the number of active connections in the network. The different routing agents that were presented previously were utilized in the experiments. The choices of the simulator parameters that are presented in table 1 consider both the accuracy and the efficiency of the simulation. Above parameters are taken for the evaluation
TABLE I: SIMULATION PARAMETERS Simulator Simulation duration Simulation area Number of Nodes Number of Nodes Movement model Maximum speed Traffic type Data payload Number of malicious nodes Number of active connection ns-2.34 500 sec 750 * 750 m 20 250m Random waypoint 5 25 m/sec CBR (UDP) 512 bytes 2 3-12

IMPLEMENTATION OF ATTACKS

A. Black Hole Attack: In a blackhole attack which is also known as Sequence Number Attack [2], a malicious node can imitate a destination node by sending a spoofed route packet to a source node that initiates a route discovery. A blackhole node exploits the ad hoc routing protocol, such as AODV, to advertise itself as having a valid route to a destination, even though the route is spurious, with the intention of intercepting packets and absorbs the network traffic and drops all packets. Malicious node will send RREP with highest sequence number and will attract maximum traffic toward itself and finally drop all attracted traffic. B. Dropping Routing Traffic Attack: Dropping Routing Traffic Attack [3], mobile nodes due to limited battery life and limited processing capabilities may

of attacks on scenario shown in figure 1. Same scenario was executed with different mobilities and with varying number of active connection. A. Performance Metrics Following performance metrics are used for the analyzing effect of attacks on ad hoc network. Packet Delivery Ratio: PDR, the percentage of the numberof packets that are received by destination to the number of packet sent by source. The larger this metric, the more efficient MANET will be. Normalized Routing Load: NRL is the number of routing packets transmitted per data packet sent to the destination. Also each forwarded packet is counted as

474

one transmission. This metric is also highly correlated with the number of route changes occurred in the simulation.It should be lower for efficient network. Packet loss ratio: PLR is the ratio of data packets lost over number of data packet sent during simulation. Themetric should have lower value for the efficient network.

of number of active connections and node mobility on packet loss.

Figure 3. PDR versus node mobility.

Figure 1. Scenario Used.

B. Evaluation of Black Hole Attack: Two metrics that were used in the evaluation of the black hole attack are the delivery ratio and the packet loss ratio. Figure 2 and figure 3 presents the packet delivery ratio of AODV and AODV with 10% malicious nodes performing the blackhole (BHAODV) attack against number of active connections and node mobility in network.

Figure 4. PLR versus number of connection.

Figure 2. PDR versus number of connection.

Figure 5. : PLR versus node mobility.

The blackhole attack performed against the normal AODV has a very big impact in the delivery ratio decreasing it to lower than the half compared to the normal AODV. It shows that packet delivery ratio is high at low mobility. With increasing mobility packet delivery ratio drops slightly. But due to black hole attack packet delivery ratio decreases almost half then original one. Figure 4 and figure 5 shows the packet loss ratio of AODV and AODV with 10% malicious node against number of active connections and node mobility in adhoc network. Both are plotted to show the effect

Analysis shows that as black hole attracts maximum traffic toward itself and drops it which leads to maximum packet loss. Packet loss due to black hole attack increases up to 70%. It also shows that with increase in mobility packet loss increases. C. Evaluation of Dropping Routing Packets Attack: For the evaluation of dropping routing packet attack two metrics are used one is Packet Deliver Ratio and secondly Normalized routing load. Both the metrics are plotted against number of active connection and node mobility. Figure 6 shows the packet delivery ratio of AODV and AODV with two dropping

475

routing traffic attackers (DROPAODV) against number of active connections in network. The drop ping routing packets attack has a major impact in network connectivity and this is obvious by the very low delivery ratio that is achieved when the normal AODV is under attack. Figure 7 shows the packet delivery ratio of AODV and AODV with two dropping routing traffic attackers against node mobility. The second metric that is used in the evaluation of attack is the packet loss ratio. Figure 8 and figure 9 shows the packet loss ratio of AODV and AODV with two dropping routing traffic attackers against number of active connections and node mobility. The matrix is used to examine packet loss.

compared to black hole attack. This type of attacks are difficult to detect.

Figure 8. PLR versus number of active connections

Figure 6. PDR versus number of connection

ping routing packets attack has a major impact in network connectivity and this is obvious by the very low delivery ratio that is achieved when the normal AODV is under attack. Figure 7 shows the packet delivery ratio of AODV and AODV with two dropping routing traffic attackers against node mobility. The second metric that is used in the evaluation of attack is

Figure 9. PLR versus node mobility

Figure 7. PDR versus node mobility

the packet loss ratio. Figure 8 and figure 9 shows the packet loss ratio of AODV and AODV with two dropping routing traffic attackers against number of active connections and node mobility. The matrix is used to examine packet loss. Analysis of above graph shows 20% increase in packet loss as compared to AODV. Here it should be consider that above attack drops packet if it comes in route and is not the destination. It has comparatively less effect on network as

C. Evaluation of Route Request Flooding Attack: To evaluate the Route request flooding attack the delivery ratio and the routing overhead are used as metrics. Both metrics are plotted against the number of connections and the node mobility. Figure 10 shows the packet delivery ratio of AODV and AODV with two RREQ flooding attacker nodes (DOSAODV) against number of active connections in network. AODV give approximately constant PDR with increase in connection in network but when network have two malicious node, with increase in number of connection PDR decreases proportionally. Due to RREQ flooding attack PDR decreases 35% to 39%. Figure 11 shows the packet delivery ratio of AODV and AODV with ten percent RREQ flooding attacker node in network against node mobility. With increase in mobility PDR of AODV decreases slightly. But when network have ten percent malicious nodes, PDR decrease by 25 % The second metric that is used in the evaluation of attack is the normalized routing load. This metric is used to present the severity of the attack in the additional routing load that it introduces. Figure 12 and figure 13 shows the normalized routing overhead against of AODV and AODV with RREQ flooding attack against number of active connections and node mobility in network.

476

RREQ flooding attack leads to higher routing load, which highly affect the network.

Figure 10. PDR versus number of connection Figure 13. NRL versus node mobility

CONCLUSION Above work was done to analyse degradation of performance of network due to attack, which can be further used to analyze the improvement in performance due to detection system implemented. REFERENCES
[1] Giovanni Vigna, Sumit Gwalani, Kavitha Srinivasan,Elizabeth M., BeldingRoyerRichard, A.Kemmerer,An Intrusion Detection Tool for AODVbased Ad hoc Wireless Networks, IEEE InternationalConference on Computer and Information Technology, 2000 [2] Semih Dokurer, Y.M. Erten, Can Erkin Acar,Performance analysis of ad-hoc networks under black hole attacks, IEEE Proceedings 2007. [3] Imad Aad, Jean-Pierre Hubaux,Impact of Denial of Service Attacks on Ad Hoc Networks, IEEE/ACM Transactions on Networking, Vol. 16, No. 4, August 2008. [4] Ioanna Stamouli, Patroklos G. Argyroudis, and Hitesh Tewari,Real-time Intrusion Detection for Ad hoc Networks, Proceedings of the Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM05) 2005 IEEE.

Figure 11. PDR versus node mobility

Figure 12. NRL versus number of active connection

From the graphs shown below we can conclude that flooding attack increases the routing traffic to a higher extend as malicious node keep flooding routing packet and leads to higher bandwidth consumption. We also say that increase in mobility helps in increasing NRL. Three attacks, black hole, dropping routing packets and RREQ flooding are implemented and their effect on network is evaluated. Individually the attacks have more or less effect on network with increase in active connections and node mobility.These attacks can lead to 20% to 80% decrease in packet delivery ratio. As well as black hole and dropping routing packet leads to 40% to 70% packet loss whereas

477