Professional Documents
Culture Documents
`1. Abstract:
Over the past decade, wireless technology has improved at a dramatic rate. The ubiquity, low cost, and high functionality of the newest wireless devices have opened the door for researchers to conduct new ways of using this technology. The main difficulty in designing routing algorithms for such a network is the large number of topology changes that the network undergoes due to device movement. Ad hoc networking allows wireless mobile devices to form networks without the need for any fixed centralized management .An ad hoc network is a collection of mobile wireless devices that cooperate with each other to route packets amongst themselves. The main difficulty in designing routing algorithms for such a network is the large number of topology changes that the network undergoes due to device movement. To access multimedia data mobile users like to use their own consumer electronic devices anywhere and at anytime. Communication in Manet functions properly only if the participating nodes cooperate in routing without any malicious intention. However, some of the nodes may be malicious in their behavior, by indulging in flooding attacks on their neighbors. Some others may act malicious by launching active security attacks like denial of service. The lack of any centralized infrastructure in mobile ad hoc networks (MANET) is one of the greatest security concerns in the deployment of wireless networks. Thus Consumer electronic devices generally operate on limited battery power means every wireless device may have little computing power. At some instant of time these mobile devices may not communicate with each other directly. Therefore are vulnerable to security threats like data flooding attacks. The existing schemes may not guarantee the Quality of Service (QoS) of burst traffic since multimedia data are usually burst. Therefore, we propose a novel defense mechanism against data flooding attacks with the aim of enhancing the throughput. The simulation results show that the proposed scheme enhances the throughput of burst.
Routing security against data flooding attack in wireless mobile Ad Hoc networks
2. INTRODUCTION
2.1 Objective
Ad Hoc Networks represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies, allowing people and devices to seamlessly inter-network in areas with no pre-existing communication infrastructure, e.g., disaster recovery environments. Here a brief overview of what is Ad Hoc Networks and how they work is provided. Then a look at the advantages of Ad Hoc Networks and also the issues faced by Ad Hoc Networks is provided. The last part of this paper is dedicated to identifying the areas of improvement in the field of Ad Hoc Networks.
2.2 Overview
Ad Hoc Networks is defined as a collection of mobile hosts forming a temporary network without the aid of any centralized administration or standard support services. In Latin, ad hoc literally means "for this," further meaning "for this purpose only," and thus usually temporary. Ad hoc networks represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies, allowing people and devices to seamlessly inter-network in areas with no pre-existing communication infrastructure. The concept of Ad Hoc Networking has been around for nearly 20 years but has received renewed interest in the last 18 to 24 months. In Ad Hoc Networks the individual mobile hosts (nodes) act at the same time as both the router and the host. An ad-hoc (or "spontaneous") network is a local area network or any other small network, especially one with wireless or temporary plug-in connections, in which some of the network devices are part of the network only for the duration of a communication session, whereas in the case of mobile or portable devices it is part of the network when in some close proximity to the rest of the network. In Latin, ad hoc literally means "for this," further meaning "for this purpose only," and thus usually temporary. Ad Hoc Networks are future alternative to the current trend of connections among wireless devices via fixed infrastructure-based service.
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Existing system:
The flooding attack prevention (FAP) suggested a defense system against either RREQ or data flooding attacks. The path cut off mechanism is used as defense against data flooding attacks. However, FAP cannot distinguish burst traffic from Attack traffic since FAP distinguishes an attack by comparing the incoming packets with a threshold. Hence, the throughput of burst traffic may degrade if a simple threshold-based defense system in used in FAP
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Processor type Clock speed Ram size Hard disk capacity Keyboard type
SOFTWARE REQUIREMENT
: : : : : : :
Intel Pentium 4 2.4GHz 128 MB 20 GB internet keyboard Windows Xp java : Eclipse, My Sql : JDK1.5
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Routing security against data flooding attack in wireless mobile Ad Hoc networks
The major advantage of the Ad Hoc Networks is that it does not need any base station as is required in regular mobile networks. They can form a network in any place as required immediately which make them indispensable in battlefield and disaster relief situations. They are useful in areas that have no fixed network for internet coverage. Here they can be used to provide coverage. They can be used in areas where the available network has been destroyed. Security is a very major concern in the development of Ad Hoc Networks. The boundaries of the network are not well defined and hence it is possible for any node to go out of the network. It is also possible for an Ad Hoc Network having a large number of nodes to split into two networks. It is less reliable than wired media due to the inherent problem faced by any wireless network. Due to the formation of Ad Hoc Networks by various devices that need not be having the same capacity it is possible that each device may have different capacity, functionality and protocols. Hence it is necessary to find a solution where all there varied devices can operate together. They also have asymmetric propagation metrics. Capacity constraints faced by these networks in the form of transmission range, wireless bandwidth is another concern. This is taken care of to an extent by the use of Spread Spectrum techniques. Errors and breakdown could also happen in these networks and it is imperative to have a solution or a backup plan for these exigencies. Ad Hoc Networks also face a problem called the Hidden-terminal and exposed-terminal phenomena.
Routing security against data flooding attack in wireless mobile Ad Hoc networks
In Hidden terminal situation is when two devices A and C are outside the transmission range of each other and cannot detect each others transmissions, but B is in the transmission range of both. As shown below a collision may occur, for example, when the station A and station C start transmitting towards the same receiver, station B. This should be avoided. A transmission range covers B and C. Hence when A transmits to B, C thinks that it cannot transmit when actually it could transmit to D. This is a waste of resource which should also be avoided. Route changes will occur due to router mobility, i.e., as the node themselves act as routers and certain nodes can leave the network in between. Energy consumption and saving is a major area of interest. Advances in battery technology have not been at par with the development of Ad Hoc technology. Most existing solutions for saving energy in ad hoc networks revolve around the reduction of power used by the device. At the MAC level and above, this is often done by selectively sending the device into a sleep mode, or by using a transmitter with variable output power (and proportionate input power draw) and selecting routes that require many short hops, instead of a few longer hops. Beaconing is used by the nodes to let the other nodes know of its presence. The beaconing interval has to be short enough to let the other nodes know that the node is in the network yet long enough so as to save.
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Unlike traditional
networks there is no pre-deployed infrastructure such as centrally administered routers or strict policy for supporting end-to-end routing. The nodes themselves are
responsible for routing packets. Each node relies on the other nodes to route packets for them. Mobile nodes in direct radio range of one another can communicate directly, but nodes that are too far apart to communicate directly must depend on the intermediate nodes to route messages for them.
10
Routing security against data flooding attack in wireless mobile Ad Hoc networks
4. 4 PROBLEMS WITH EXISTING AD-HOC ROUTING PROTOCOLS Implicit Trust Relationship between Neighbors Current Ad-hoc routing protocols inherently trust all participants. Most Ad-hoc routing protocols are cooperative by nature and depend on neighboring nodes to route packets. This naive trust model allows malicious nodes to paralyze an Ad-hoc network by inserting erroneous routing updates, replaying old messages, changing routing updates or advertising incorrect routing information. While these attacks are possible in fixed network as well, the Ad-hoc environment magnifies this makes detection difficult.
Throughput
Ad-hoc networks maximize total network throughput by using all available nodes for routing and forwarding. However a node may misbehave by agreeing to forward packets and then failing to do so, because it is overloaded, selfish, malicious or broken. Misbehaving nodes can be a significant problem. Although the average loss in throughput due to misbehaving nodes is not too high, in the worst case it is very high.
11
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Remote redirection attacks are also called black hole attacks. In the attacks, a malicious node uses routing protocol to advertise itself as the shortest path to nodes whose packets it wants to intercept. Protocols such as AODV instantiate and maintain routes by assigning monotonically increasing sequence numbers to routes towards a specific destination. In AODV, any node may divert traffic through itself by advertising a route to a node with a destination sequence number greater than the authentic value. Suppose a malicious node, M, receives the RREQ that originated from S for destination X after it is re-broadcast by B during route discovery. M redirects traffic towards itself by unicasting to B a RREP containing a significantly higher destination sequence num for X than the authentic value last advertised by X.
Ad Hoc Network:
12
Routing security against data flooding attack in wireless mobile Ad Hoc networks
The need to exchange digital information outside the typical wired office environment is growing. For example, a class of students may need to interact during a lecture; business associates serendipitously meeting in an airport may wish to share files; or disaster recovery personnel may need to coordinate relief information after a hurricane or flood. Each of the devices used by these information producers and consumers can be considered a node in an ad hoc network. In a typical ad hoc network, mobile nodes come together for a period of time to exchange information. While exchanging information, the nodes may continue to move, and so the network must be prepared to adapt continually. In the applications we are interested in, networking infrastructure such as repeaters or base stations will frequently be either undesirable or not directly reachable, so the nodes must be prepared to organize themselves into a network and establish routes among themselves without any outside support. The idea of ad hoc networking is sometimes also called infrastructure less networking [4], since the mobile Nodes in the network dynamically establish routing among themselves to form their own network on the fly. A mobile ad hoc network (MANET) is a collection of mobile nodes that can instantly establish a network, whenever they coexist in the same neighborhood without the need of any fixed infrastructure or centralized administration. The role of routing protocols in an ad hoc network is to allow the source to find routes to destination with the cooperation of other nodes. Due to the arbitrary movement of the nodes, the network topology changes rapidly and randomly. Hence the routing protocol must also be able to react to these changes and must enable the nodes to identify new routes to maintain connectivity. A node is malicious if it is an attacker that cannot authenticate itself as a legitimate node due to the lack of valid cryptographic information. The attack on MANET can be classified as the active and passive attacks: A Mobile Ad hoc Network (MANET) [1] is a dynamic wireless network that is established by a group of mobile stations without necessarily using pre-existing infrastructure or centralized
administration. Such networks can be useful in disaster recovery where there is not enough time or resources to configure a wired network.
13
Routing security against data flooding attack in wireless mobile Ad Hoc networks
attack aims to exhaust the resources at a particular service so that legitimate users cannot enjoy the service. For instance, a service may need to perform complicated and expensive database operations in order to answer a query from a user; let us suppose it can at most answer x user queries per second. Then in an application-level DoS attack against this service, attackers may submit 10x queries per second. If the service chooses to temporarily hold the unprocessed queries, it may eventually run out of memory and crash, preventing legitimate users from further accessing the service; or if the service discards queries it cannot process in time, the query drop rate for both attackers and legitimate users will be at least 90%, meaning the majority of the users still cannot enjoy the service.
Attacks on MANET
Passive attacks: A passive routing attack does not disrupt the operation of a routing protocol, but only attempts to discover valuable information by listening to the routing traffic. Hence such attacks are difficult to detect. Active attacks An active attack attempts to improperly modify data, gain authentication, or procure authorization by inserting false packets into the data steam or modifying packets transition through the network. Active attack is of two types: external and internal. An external attack is one caused by nodes that do not belong to the network. An internal attack is one from compromised or hijacked nodes that belong to the network. As malicious nodes already belong to the network as authorized parties, and hence are protected with network security mechanisms and services, therefore, internal attacks are more severe. Black hole: An attacker can project itself as having shortest route to a destination, whose data packets it wants to intercept, thereby causing the source to send data packets via this node. A malicious node receiving the RREQ may claim to have route to the desired destination by sending RREP back to the originator. If the source receives this RREP first then it sends all data packets via this malicious node and thereby leaving the fate of those data packets on the malicious node. The malicious node now discards or consumes all the data packets, leading to the complete loss of all data packets. Gray hole: An attacker forwards all RREQs and RREPs but forwards only a few data packets, dropping all other data packets. Clearly it points out a lapse in the routing protocol. This type of attack is known as gray hole problem. By nature, it belongs to the set of internal active attacks.
14
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Wormhole: Wormhole is a collection of two or more malicious nodes belonging to the ad hoc network that are connected by a private network connection. Suppose two nodes A and B make a wormhole. Then a forwards all packets that it receives to B through the worm hole to be forwarded by B normally, similarly, B forwards all packets to A, that it receives, through the wormhole. It clearly disrupts routing by short circuiting the normal flow of routing packets. Denial of service (DoS): The attack results when the network bandwidth is hijacked by a malicious node. It can be done in several ways. One way is to flood any centralized resource so that the network crashes or no longer operates correctly. For example, a malicious node by generating frequent route requests can make the network resources unavailable to other nodes. The flooding attack prevention (FAP) suggested a defense system against either RREQ or data flooding attacks. The path cut off mechanism is used as defense against data flooding attacks. When the victim node realizes that it has been subjected to the data flooding attack, it may cut off the path. At the physical layer the capacity of ad hoc wireless networks is constrained by the mutual interference of concurrent transmissions between nodes. We study an ad hoc network model where n nodes communicate in random source {destination pairs. Gupta and Kumar showed that for static random ad hoc networks using a general routing algorithm the capacity available for each node decays as p1 n. Other works delve into the problem of optimizing various parameters of the transmission (e.g., power consumption or medium access control), and try to devise routing protocols that for particular user profiles or scenarios on the same network. Our present study focuses on the general properties of the per node throughput available for ad hoc wireless networks (capacity) using an ideal routing process. The nodes in our model do not move, which modes the customary definition of an ad hoc network to a backbone- less network of wireless nodes occupying a flat topology. Our network model includes ideal collision avoidance and transmission through shortest paths as explained in the following Section. We introduce an alternative description of network throughput approximation that varies the claims of [3] and extends the results by providing the relations of the various network parameters that can change with topology or trace generation algorithm. We have investigated the throughput of various non-planar network topologies, and the results generalize the p n dependence of the average call length parameter. We also check the validity of our model by
15
Routing security against data flooding attack in wireless mobile Ad Hoc networks
simulation. A novel framework for ns2 to facilitate the simulation and, in general, the design of beyond 3G networks. The set of libraries we wrote for this purpose is called Multi Interface Cross Layer Extension for ns2 (MIRACLE). They enhance the functionalities offered by the Network Simulator ns2 by providing an efficient and embedded engine for handling cross-layer messages and, at the same time, enabling the coexistence of multiple modules within each layer of the protocol stack. For instance, multiple network, link, MAC or physical layers can be specified and used within the same node. The implications of this are manifold. First of all, the framework facilitates the implementation and the simulation of modern communication systems in ns2. Secondly, due to its modularity, the code will be portable, re-usable and extensible. As an example of the advantages offered by our architecture, we show how the MIRACLE framework can be used to quickly set up protocol architectures for Ambient Networks [1] and evaluate their performance in wireless and multi-technology environments. However, the procedure of the path cut off mechanism is not explained in detail, and FAP cuts off the path when many data packets are transmitted to the victim node. Current users like to download or access multimedia data using the consumer Electronic devices so that the packets may be transferred as burst traffic. However, FAP cannot distinguish burst traffic from attack traffic since FAP distinguishes an attack by comparing the incoming packets with a threshold. Hence, the throughput of burst traffic may degrade if a simple threshold-based defense System is used in FAP. Therefore, this paper proposes a novel period-based defense mechanism (PDM) against data flooding attacks taking enhancing the throughput of burst traffic into account. The proposed PDM scheme is based on periods and uses a blacklist to efficiently prevent the data flooding attack. Wireless ad hoc networks can be victimized to various kinds of attacks. Among them, the ad hoc flooding attack can easily cause Denial-of-Service (DoS) attacks by flooding many Route Request (RREQ) or data packets .Since a mobile node has limited resource capacities such as memory space, computational ability, battery power, bandwidth capacity, and so on, it cannot provide services when it receives a lot of packets. Hence, the whole network as well as the victim node can get easily paralyzed. This project proposes a novel period-based defense mechanism (PDM) against data flooding attacks taking enhancing the throughput of burst traffic into account. The proposed PDM scheme is based on periods and uses a blacklist to efficiently prevent the data flooding attack.
16
Routing security against data flooding attack in wireless mobile Ad Hoc networks
The main objective of this is to develop a period based defense mechanism against data flooding attacks in wireless Ad Hoc networks. PDM scheme is based on periods and uses a blacklist to efficiently prevent the data flooding attack, as a Result of which many data packets are forwarded at a high rate for the whole duration.
17
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Source address
Request Id
Hop count
Destination address
The request ID is incremented each time the source node sends a new RREQ, so the pair (source address, request ID) identifies a RREQ uniquely. On receiving a RREQ message each node checks the source address and the request ID. If the node has already received a RREQ with the same pair of parameters the new RREQ packet will be discarded. Otherwise the RREQ will be either forwarded (broadcast) or replied (unicast) with a RREP message: if the node has no route entry for the destination, or it has one but this is no more an up-to-date route, the RREQ will be rebroadcasted with incremented hop count and if the node has a route with a sequence number greater than or equal to that of RREQ, a RREP message will be generated and sent back to the source. The number of RREQ messages that a node can send per second is limited.
18
Routing security against data flooding attack in wireless mobile Ad Hoc networks
There is an optimization of AODV using an expanding ring (ESR) technique when flooding RREQ messages [5, 6]. Every RREQ carries a time to live (TTL) value that specifies the number of times this message should be re-broadcasted. This value is set to a predefined value at the first transmission and increased at retransmissions. Retransmissions occur if no replies are received. Historically such flooding used a TTL large enough - larger than the diameter of the network - to reach all nodes in the network, and so to guarantee successful route discovery in only one round of flooding. However, this low delay time approach causes high overhead and unnecessary broadcast messages. Later, it was shown [7, 8] that the minimal cost flooding search problem can be solved via a sequence of flooding with an optimally chosen set of TTLs. Routing reply If a node is the destination, or has a valid route to the destination, it unicasts a route reply message (RREP) back to the source. This message has the following,
Source address
Destination address
Hop count
Life time
Table 3: Message Format The reason one can uncast RREP back is that every node forwarding a RREQ message caches a route back to the source node. Route error All nodes monitor their own neighborhood. When a node in an active route gets lost, a route error message (RERR) is generated to notify the other nodes on both sides of the link of the loss of this link. HELLO messages Each node can get to know its neighborhood by using local broadcasts, so-called HELLO messages. Nodes neighbors are all the nodes that it can directly communicate with. Al-though AODV is a reactive protocol it uses these periodic HELLO messages to inform the neighbors that the link is still alive. The HELLO messages will never be forwarded because they are broadcasted with TTL = 1. When a node receives a HELLO message it refreshes the corresponding lifetime of the neighbor information in the routing table. This local connectivity management should be distinguished from general topology management to optimize response time to local changes in the network
19
Routing security against data flooding attack in wireless mobile Ad Hoc networks
PROPOSED SYSTEM
5.1 Proposed system:
We are proposing a new mechanism called periodic based defense mechanism which works against data flooding attacks in wireless mobile Ad Hoc networks to enhance the throughput of burst traffic
20
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Keywords:
Wireless ad hoc Networks, Denial of Service attack, Data Flooding Attack, through put.
21
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Tools To be used: ECLIPSE: eclipse also provides the runtime in which eclipse components are loaded, integrated, and executed. The primary purpose of the platform project is to enable other developers to easily build and deliver integrated tools and applications.
22
Routing security against data flooding attack in wireless mobile Ad Hoc networks
User
Adaptive text
Attack encountered
Communication
23
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Add name
PDM
PDM
PDM
Node A
Node B
Node C
Node d
Attack
Attack
Fig 5 : system architecture
We can implement PDM mechanism at each and every node in a communication path where attack may suppose to happen.
This section outlines the use case for each of the activity
separately. The User can have only one use case apiece
Add node
User Fig 6: Use case Add Node
24
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Brief Description:
1. User
2. When Node found in a path it will add the node in that transmission range.
Add Address
User Fig 7: Use Case Add Address
Brief Description:
1. After getting the node in the range it will add address of that particular node in to an account
Add Name
User
Description: System will add the Name when user prompts to add
Fill parameter
25
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Brief Description: User will count the connection range parameters named (x,y) of transmission range as an arguments which works as a transmission range parameters for which data will be transmitted
Send attacker
Brief Description: System will generate an anonymous node as an attacker and release (send) in to the node transmission range
Send data
Brief Description: User enters the data for to communication to transmit with in communication range
26
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Add Nodes
Add address
Add name
User
Fill parameters
Send Attacker
Send Data
Search Node
Add
Enter name
Process attack
data transfered
27
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Start State
Add Name
Delever data
Send Acknowledgement
Stop state
28
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Node Name
Fill connection parameters 1: Add 2: Enter name 3: User Fill connection parameters 4: process attack 5: show the attack Attack
9: view status
8: search node
View status
Search node
29
Routing security against data flooding attack in wireless mobile Ad Hoc networks
30
Routing security against data flooding attack in wireless mobile Ad Hoc networks
9.1 MODULES
9.1.1 Throughput of Burst Traffic under Data Flooding Attacks. 9.1.2 Period Based Defense Mechanism against Data Flooding Attacks 9.1.3 Performance Evaluations
Module Description:
9.1.1 Throughput of burst Traffic under Data Flooding attacks In wireless ad hoc networks, handheld-based consumer electronic devices are used as mobile nodes. The data flooding attack sends many data packets in order to clog not only a victim node but also the entire network since all packets are transmitted via multiple hops. Hence, data flooding attacks are extremely hazardous to wireless ad hoc networks. To conduct the data flooding attack, an attacker first sets up a path to the victim node since the attack can be performed only after a path is constructed. Then, the attacker forwards tremendous useless data packets along the path to make sure that the victim node cannot process packets in a normal fashion. Finally, the resources of the victim node are exhausted, so the node may get isolated from the network. In order to measure the effect of the data flooding attack on data traffic including burst traffic in wireless ad hoc networks, we calculate the throughput. The throughput is defined as the ratio between the amount of data packets sent by the source node and the amount of data packets received by the destination node during a time span from ts to td [4] The amount of packets sent by the source node (tr) can be classified into control packets (C) such as RREQ, Route Reply (RREP), Route Error (RERR) packets and data packets including traffic for conducting data flooding attacks. On the other hand, the amount of data packets received by the destination node (rc) can be classified into normal traffic excluding the traffic meant for data flooding attacks Therefore, we can represent the throughput using the following equation: Through put = ( ) (1)
9.1.2 The procedure of the PDM scheme is following as: Step 1) at the end of the period packets with the variance limit Step 2-1) If D ( period . compares the variance of received data ( )).
31
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Step 2-2) Else priority is determined by the inversion of the number of received data packets and process the data packets according to priority. Step 3) updates the black list by the greatest number of received packets in the period. Step 4) checks the period is the last period, the procedure of the PDM scheme is stopped. Step 4-2) Else go to step 1 11.3 PERFORMANCE EVOLUATION The performance of the proposed PDM scheme is measured by the throughput as given in (1). The PDM scheme sets up w periods for the data session from ts to td defend the data flooding attack. The PDM scheme guarantees the QoS of non-burst traffic as well as burst traffic.
[ ] [ ]
By reducing the received traffic for conducting the data flooding attack at the victim node, the received normal traffic regardless of burst traffic are increased. Hence, the victim node receives much larger number of received non-burst traffic and burst traffic than the case when the PDM scheme is not conducted [5]. We use the AODV as the basis routing protocol and compare its performance with that of our PDM scheme attacker first sets up a path to the victim node since the attack can be performed only after a path is constructed. Then, the attacker forwards tremendous useless data packets along the path to make sure that the victim node cannot process packets in a normal fashion. Finally, the resources of the victim node are exhausted, so the node may get isolated from the network.
32
Routing security against data flooding attack in wireless mobile Ad Hoc networks
10. SIMULATION: NS2 is an open-source event-driven simulator designed specifically for research in communication networks. Since its inception in 1989, NS2 has continuously gained tremendous interest from industry, academia, and government. Having been under constant investigation and enhancement for years, NS2 now contains modules for numerous network components such as routing, transport layer protocol, application, etc. To investigate network performance, researchers can simply use an easy-to-use scripting language to configure a network, and observe results generated by NS2. Undoubtedly, NS2 has become the most widely used open source network simulator, and one of the most widely used network simulators. The network designed consists of basic network entities with the simulation parameters presented in table
33
Routing security against data flooding attack in wireless mobile Ad Hoc networks
package UI; import UI.myobjects.NodeButton; import UI.myobjects.NodeButton1; import UI.myobjects.draganddrop.DropTargetImp; import UI.myobjects.GraphicalNode; import UI.myobjects.PowerShower; import UI.actions.*; import javax.swing.*; import java.awt.*; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.awt.event.MouseEvent; import java.awt.event.MouseListener; import java.awt.event.MouseMotionListener; import java.awt.image.ImageConsumer; import java.awt.image.ImageProducer; import java.util.ArrayList; import java.util.List; import java.util.Observer;
import simulator.Node; import logger.StatusManager; public class Myform extends JFrame implements ActionListener,MouseListener { public final NumberKeyListener nkl = new NumberKeyListener(); JPanel content; public MyMap myMap; public static MapForm mapForm; int P = 20, Q = 20,p=0,q=0, dp = 3, dq = 3; private Image cup; // private Panel keyPad; public int top = 10; public int left = 10; private Node_Properties nodePanel; public int xScale = 10; public int yScale = 10; public final int mapWidth = 550;
34
Routing security against data flooding attack in wireless mobile Ad Hoc networks
public final int mapHeight = 550; public NodeButton newNodeBtn = new NodeButton(new ImageIcon("images/SendingNode0.png")); // public NodeButton1 newNodeBttn = new NodeButton1(new ImageIcon("images/virus.gif")); private final List<GraphicalNode> graphicalNodes = new ArrayList<GraphicalNode>(); private final JTextField minNumber = new JTextField("3",3); private final JCheckBox doubleDirection = new JCheckBox("DoubleDirection",true); private final JTextField searchText = new JTextField(8); JButton generateBtn ; JButton delGnodeBtn = new JButton(new ImageIcon("images/delete.png")); PowerShower powerShower; JToolBar toolBar; public JButton start =new JButton("Attacker"); JButton stop =new JButton("Stop"); private GraphicalNode selectedGNode; // JButton atkBtn=new JButton("Gen. Attacker"); public List<GraphicalNode> getGraphicalNodes() { return graphicalNodes; } /** * returns the {@link GraphicalNode} that currently selecteed */ public GraphicalNode getSelectedGNode() { return selectedGNode; }
public MyMap getMyMap() { return myMap; } public void refreshPowerShower(){ this.powerShower.setVisible(false); this.powerShower.setXYrXrY(selectedGNode.getLocation().x,selectedGNode.getLocation().y,
selectedGNode.getNode().getPower()/this.xScale,selectedGNode.getNode().getPower()/this.yScal e); this.powerShower.setVisible(true); this.powerShower.invalidate(); } public void setSelectedGNode(GraphicalNode selectedGNode) { this.selectedGNode = selectedGNode; if (selectedGNode!=null){
35
Routing security against data flooding attack in wireless mobile Ad Hoc networks
this.getNodePanel().nameText.setEnabled(selectedGNode.getName().trim().length()==0); selectedGNode.fillNodePanel(); this.refreshPowerShower(); }else{ this.powerShower.setVisible(false); } } public Myform(String title) { super(title); content = new JPanel(new BorderLayout()); content.setOpaque(true); myMap = new MyMap(); myMap.setPreferredSize(new Dimension(this.mapWidth,this.mapHeight)); myMap.setBorder(BorderFactory.createEtchedBorder()); // newNodeBttn.setToolTipText("Attacker"); newNodeBtn.setToolTipText("Base Station"); cup = Toolkit.getDefaultToolkit().getImage("images/virus.gif"); this.getContentPane().add(content) toolBar = new JToolBar(); // toolBar.add(newNodeBttn); // toolBar.add(atkBtn); toolBar.add(newNodeBtn); toolBar.add(delGnodeBtn); start.setIcon(new ImageIcon("images/virus.gif")); toolBar.add(start); // toolBar.add(stop); toolBar.add(Box.createHorizontalStrut(5)); toolBar.add(new JSeparator(SwingConstants.VERTICAL)); toolBar.add(Box.createHorizontalStrut(5)); toolBar.add(new JLabel("Min Neighbor: ")); toolBar.add(minNumber); toolBar.add(doubleDirection); generateBtn = new JButton("Fill Parameter"); toolBar.add(generateBtn); minNumber.addKeyListener(new NumberKeyListener()); toolBar.add(Box.createHorizontalStrut(5)); toolBar.add(new JSeparator(SwingConstants.VERTICAL)); toolBar.add(Box.createHorizontalStrut(5)); toolBar.add(new JLabel("Search: ")); toolBar.add(searchText); content.add(toolBar,BorderLayout.PAGE_START);
36
Routing security against data flooding attack in wireless mobile Ad Hoc networks
/ atkBtn.addActionListener(this); start.addActionListener(this); // stop.addActionListener(this); // newNodeBttn.addMouseListener(this); myMap.setDropTarget(new DropTargetImp(myMap)); myMap.setLayout(null); } public boolean isDoubleDirection(){ return this.doubleDirection.isSelected(); } public int getMinNumberForFillParameter(){ if (this.minNumber.getText().trim().length()>0){ return Integer.parseInt(this.minNumber.getText()); }else{ return 0; } }
/** * finds GraphicalNode in graphicalNode list * @param name * @return null: if it didn't find the gnode with name<br/> * */ public GraphicalNode getGNode(String name){ for (GraphicalNode graphicalNode : graphicalNodes) { if (graphicalNode.getName().equals(name)){ return graphicalNode; } } return selectedGNode; } public void putGNode (GraphicalNode gNode){ graphicalNodes.add(gNode); } reference to that node if it found
37
Routing security against data flooding attack in wireless mobile Ad Hoc networks
this.nodePanel = nodePanel; }
public GraphicalNode getGnodebyNode(Node node){ for (GraphicalNode graphicalNode : graphicalNodes) { if (graphicalNode.getNode().equals(node)){ return graphicalNode; } } return selectedGNode; }
public static void main(String[] args) { Myform frame = new Myform("Novel defense mechanism against data flooding attacks in wireless ad hoc networks"); frame.newNodeBtn.myForm = frame; // frame.newNodeBttn.myForm = frame;
frame.setNodePanel(new Node_Properties(frame)); JSplitPane splitPane = new JSplitPane(JSplitPane.HORIZONTAL_SPLIT,frame.myMap,frame.getNodePanel()); splitPane.setOneTouchExpandable(true); splitPane.setDividerLocation(550); frame.content.add(splitPane,BorderLayout.CENTER); frame.myMap.addMouseListener(new PanelAction(frame)); //frame.atkBtn.addActionListener(this); frame.generateBtn.addActionListener(new InitParameters(frame)); frame.powerShower = new PowerShower(frame); frame.delGnodeBtn.addActionListener(new DeleteBtnAction(frame)); frame.searchText.addActionListener(new SearchGNodeAction(frame)); frame.setGlassPane(frame.powerShower); frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); frame.pack(); mapForm = new MapForm(frame,"Initializing Map",true,frame); mapForm.pack(); mapForm.setVisible(true);
38
Routing security against data flooding attack in wireless mobile Ad Hoc networks
StatusManager.init(frame); }
Graph.java : package graph; import java.awt.BasicStroke; import java.awt.Color; import java.awt.Polygon; import java.awt.Shape; import java.awt.geom.Rectangle2D; import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.Statement; import java.util.StringTokenizer; import java.util.Vector; import org.jfree.chart.ChartFactory; import org.jfree.chart.ChartPanel; import org.jfree.chart.JFreeChart; import org.jfree.chart.axis.NumberAxis; import org.jfree.chart.plot.CategoryPlot; import org.jfree.chart.plot.DefaultDrawingSupplier; import org.jfree.chart.plot.DrawingSupplier; import org.jfree.chart.plot.PlotOrientation; import org.jfree.chart.renderer.category.LineAndShapeRenderer; import org.jfree.data.category.CategoryDataset; import org.jfree.data.category.DefaultCategoryDataset; import org.jfree.ui.ApplicationFrame; import org.jfree.ui.RefineryUtilities; public class graph extends ApplicationFrame { public graph(final String title) { super(title); final CategoryDataset dataset = createDataset(); final JFreeChart chart = createChart(dataset); final ChartPanel chartPanel = new ChartPanel(chart); chartPanel.setPreferredSize(new java.awt.Dimension(500, 270)); setContentPane(chartPanel);
39
Routing security against data flooding attack in wireless mobile Ad Hoc networks
final String series1 = "Position"; final String series2 = "Distance"; //final String series3 = "Failure Recovery Time"; Vector vec1=new Vector(); Vector vec2=new Vector(); // Vector vec3=new Vector(); // create the dataset... final DefaultCategoryDataset dataset = new DefaultCategoryDataset() try { Class.forName("com.mysql.jdbc.Driver"); String url="jdbc:mysql://localhost:3306/secure"; Connection con=DriverManager.getConnection(url,"root","root"); Statement st=con.createStatement(); //DBConnection connection2=new DBConnection(); //Util util=new Util(); ResultSet rs=null; String sql=null; sql="SELECT * FROM local"; rs=st.executeQuery(sql); Vector v1=new Vector(); Vector v2=new Vector(); Vector v3=new Vector(); while(rs.next()) { v1.addElement(rs.getString(1)); v2.addElement(rs.getString(2)); v3.addElement(rs.getString(3)); } System.out.println("v1============"+v1); System.out.println("v2============"+v2); //System.out.println("v3============"+v3); for (int i = 0; i < v1.size(); i++) { StringTokenizer tokenizer=new StringTokenizer(v1.elementAt(i).toString(),"T[pos ] ="); vec1.addElement(tokenizer.nextToken()) } for (int i = 0; i < v2.size(); i++) { StringTokenizer tokenizer=new StringTokenizer(v2.elementAt(i).toString(),"T[ Td ] ="); vec2.addElement(tokenizer.nextToken()); }
40
Routing security against data flooding attack in wireless mobile Ad Hoc networks
vec3.addElement(tokenizer.nextToken()); }*/ System.out.println("vecc==="+vec1); System.out.println("vecc==="+vec2); //System.out.println("vecc==="+vec3); for (int i = 0; i < vec1.size(); i++) { dataset.addValue(Float.parseFloat(vec1.elementAt(i).toString()), series1, String.valueOf(i)); } for (int i = 0; i < vec2.size(); i++) { dataset.addValue(Float.parseFloat(vec2.elementAt(i).toString()), series2, String.valueOf(i) } /*for (int i = 0; i < vec3.size(); i++) { dataset.addValue(Float.parseFloat(vec3.elementAt(i).toString()), series3, String.valueOf(i)); } }catch(Exception e){e.printStackTrace();}
return dataset;
final JFreeChart chart = ChartFactory.createLineChart( "Novel defense mechanism against data flooding attacks in wireless ad hoc networks", // chart title "Distance", "Execution Time", dataset, // data // domain axis label // range axis label
41
Routing security against data flooding attack in wireless mobile Ad Hoc networks
// //
// right-pointing triangle xpoints = new int[] {-3, 3, -3}; ypoints = new int[] {-3, 0, 3}; shapes[0] = new Polygon(xpoints, ypoints, 3);
// left-pointing triangle xpoints = new int[] {-3, 3, 3}; ypoints = new int[] {0, -3, 3}; shapes[2] = new Polygon(xpoints, ypoints, 3);
final DrawingSupplier supplier = new DefaultDrawingSupplier( DefaultDrawingSupplier.DEFAULT_PAINT_SEQUENCE, DefaultDrawingSupplier.DEFAULT_OUTLINE_PAINT_SEQUENCE, DefaultDrawingSupplier.DEFAULT_STROKE_SEQUENCE, DefaultDrawingSupplier.DEFAULT_OUTLINE_STROKE_SEQUENCE, shapes ); final CategoryPlot plot = chart.getCategoryPlot(); plot.setDrawingSupplier(supplier);
chart.setBackgroundPaint(Color.CYAN);
// set the stroke for each series... plot.getRenderer().setSeriesStroke( 0, new BasicStroke( 2.0f, BasicStroke.CAP_ROUND, BasicStroke.JOIN_ROUND, 1.0f, new float[] {10.0f, 6.0f}, 0.0f ) ); plot.getRenderer().setSeriesStroke(
42
Routing security against data flooding attack in wireless mobile Ad Hoc networks
1, new BasicStroke( 2.0f, BasicStroke.CAP_ROUND, BasicStroke.JOIN_ROUND, 1.0f, new float[] {6.0f, 6.0f}, 0.0f ) ); plot.getRenderer().setSeriesStroke( 2, new BasicStroke( 2.0f, BasicStroke.CAP_ROUND, BasicStroke.JOIN_ROUND, 1.0f, new float[] {2.0f, 6.0f}, 0.0f ) );
// customise the renderer... final LineAndShapeRenderer renderer = (LineAndShapeRenderer) plot.getRenderer(); // renderer.setDrawShapes(true); renderer.setItemLabelsVisible(true);
// customise the range axis... final NumberAxis rangeAxis = (NumberAxis) plot.getRangeAxis(); rangeAxis.setStandardTickUnits(NumberAxis.createIntegerTickUnits()); rangeAxis.setAutoRangeIncludesZero(false); rangeAxis.setUpperMargin(0.12);
return chart; } public static void main(final String[] args) { final graph local = new graph("Novel defense mechanism against data flooding attacks in wireless ad hoc networks"); local.pack(); RefineryUtilities.centerFrameOnScreen(local); local.setVisible(true);
43
Routing security against data flooding attack in wireless mobile Ad Hoc networks
In wireless ad hoc networks all nodes are participating in a communication network range when they need. Each and every mobile will have distinct parametric values and their power ranges. At a particular instant of time every node can act as base station along their network. Before establishing communication between an nodes their need to build a route between nodes. After establishing a route communication may be done.
44
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Simulation Results:
45
Routing security against data flooding attack in wireless mobile Ad Hoc networks
46
Routing security against data flooding attack in wireless mobile Ad Hoc networks
12. SYSTEM TESTING The purpose of testing is to discover errors. Testing is the process of trying to discover every conceivable fault or weakness in a work product. It provides a way to check the functionality of components, sub assemblies, assemblies and/or a finished product It is the process of exercising software with the intent of ensuring that the Software system meets its requirements and user expectations and does not fail in an unacceptable manner. There are various types of test. Each test type addresses a specific testing requirement. 12.2 TYPES OF TESTS Unit testing Unit testing involves the design of test cases that validate that the internal program logic is functioning properly, and that program inputs produce valid outputs. All decision branches and internal code flow should be validated. It is the testing of individual software units of the application .it is done after the completion of an individual unit before integration. This is a structural testing, that relies on knowledge of its construction and is invasive. Unit tests perform basic tests at component level and test a specific business process, application, and/or system configuration. Unit tests ensure that each unique path of a business process performs accurately to the documented specifications and contains clearly defined inputs and expected results. Integration testing Integration tests are designed to test integrated software components to determine if they actually run as one program. Testing is event driven and is more concerned with the basic outcome of screens or fields. Integration tests demonstrate that although the components were individually satisfaction, as shown by successfully unit testing, the combination of components is correct and consistent. Integration testing is specifically aimed at components. Functional test Functional tests provide systematic demonstrations that functions tested are available as specified by the business and technical requirements, system documentation, and user manuals. Functional testing is centered on the following items: exposing the problems that arise from the combination of
47
Routing security against data flooding attack in wireless mobile Ad Hoc networks
: identified classes of valid input must be accepted. : identified classes of invalid input must be rejected. : identified functions must be exercised. : identified classes of application outputs must be exercised.
Systems/Procedures: interfacing systems or procedures must be invoked. Organization and preparation of functional tests is focused on requirements, key functions, or special test cases. In addition, systematic coverage pertaining to identify Business process flows; data fields, predefined processes, and successive processes must be considered for testing. Before functional testing is complete, additional tests are identified and the effective value of current tests is determined. System Test System testing ensures that the entire integrated software system meets requirements. It tests a configuration to ensure known and predictable results. An example of system testing is the configuration oriented system integration test. System testing is based on process descriptions and flows, emphasizing pre-driven process links and integration points. White Box Testing White Box Testing is a testing in which in which the software tester has knowledge of the inner workings, structure and language of the software, or at least its purpose. It is purpose. It is used to test areas that cannot be reached from a black box level. Black Box Testing Black Box Testing is testing the software without any knowledge of the inner workings, structure or language of the module being tested. Black box tests, as most other kinds of tests, must be written from a definitive source document, such as specification or requirements document, such as specification or requirements document. It is a testing in which the software under test is treated, as a black box .you cannot see into it. The test provides inputs and responds to outputs without considering how the software works.
48
Routing security against data flooding attack in wireless mobile Ad Hoc networks
Unit Testing: Unit testing is usually conducted as part of a combined code and unit test phase of the software lifecycle, although it is not uncommon for coding and unit testing to be conducted as two distinct phases. Test strategy and approach Field testing will be performed manually and functional tests will be written in detail. Test objectives All field entries must work properly. Pages must be activated from the identified link. The entry screen, messages and responses must not be delayed.
Features to be tested Verify that the entries are of the correct format No duplicate entries should be allowed All links should take the user to the correct page.
Integration Testing Software integration testing is the incremental integration testing of two or more integrated software components on a single platform to produce failures caused by interface defects. The task of the integration test is to check that components or software applications, e.g. components in a software system or one step up software applications at the company level interact without error. Test Results: All the test cases mentioned above passed successfully. No defects encountered. Acceptance Testing User Acceptance Testing is a critical phase of any project and requires significant participation by the end user. It also ensures that the system meets the functional requirements. Test Results: All the test cases mentioned above passed successfully. No defects encountered.
49
Routing security against data flooding attack in wireless mobile Ad Hoc networks
13. CONCLUSION
The proposed the period-based defense mechanism against data flooding attack paralyzes a victim node by consuming its resources. Hence, the throughput of the victim node is significantly reduced. However, the current defense systems focus on RREQ flooding attacks rather than the data flooding attack. They easily reduce the throughput of burst traffic by comparing with the simple threshold. Hence, we aim to enhance the throughput of burst traffic under the data flooding attack. The proposed scheme uses a blacklist, considers the data type, and processes packets according to the priority so as to defend against data flooding attacks; since the attacker forwards many data packets at a high rate for the whole session. Recently, many users like to download and share multimedia data, so we expect that the proposed scheme is useful to networks where burst traffic are transferred.
50
Routing security against data flooding attack in wireless mobile Ad Hoc networks
REFERENCES
[1]
A. Jamal pour, "Self-organizing networks [message from the editor-inchief],"IEEE Wireless Communications, vol. 15, no. 6, pp.2-3, Dec. 2008.
[2]
S.-J. Lee and M. Gerla, "Split multipath routing with maximally disjoint paths in ad hoc networks," IEEE International Conference on Communications (ICC2001), vol. 10, pp. 3201-3205, Jun. 2001.
[3]
L. Xia and J. Slay, "Securing wireless ad hoc networks: towards a mobile agent security architecture," the 2nd Australian Information Security Management Conference 2004 (InfoSec 2004), Nov. 2004.
[4]
M. Al-Shurman, S.-M. Yoo, and S. Park, "Black hole attack in mobile ad hoc networks," the 42nd annual Southeast regional conference ACM Southeast Regional Conference (ACMSE 2004), pp. 96-97, Apr. 2004.
[5]
Y.-C. Hu, A. Perrig, D. B. Johnson, "Wormhole attacks in wireless networks," IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 370- 380, Feb. 2006.
[6]
Y.-C. Hu, A. Perrig, and D. B. Johnson, "Rushing attacks and defense in Wireless ad hoc network routing protocols," the 2nd ACM Workshop on Wireless Security, pp. 30-40, Sept. 2003.
51