CHAPTER 1 INTRODUCTION

A Mobile Ad hoc Network (MANET) is an infrastructure less, multi-hop network, in which mobile nodes communicate directly and cooperatively with each other. As there are no access points or routers, no coordination or configuration prior to setup of a MANET is required, it is very difficult to centralize administration on MANET in different issues such as routing, authentication, or congestion control. Due to high mobility, resource constrains (power, storage, and bandwidth) in MANET environment, and nodes operating in a dynamic topology, more challenges are encountered in routing. The Ad-hoc On-Demand Distance Vector (AODV) routing protocol is designed for use in ad-hoc mobile networks. AODV is a reactive protocol i.e. the routes are created only when they are needed. It uses traditional routing tables, one entry per destination, and sequence numbers to determine whether routing information is up-to-date and to prevent routing loops. An important feature of AODV is the maintenance of time-based states in each node: a routing entry not recently used is expired. In case of a route is broken the neighbours can be notified. Route discovery is based on query and reply cycles, and route information is stored in all intermediate nodes along the route in the form of route table entries. The following control packets are used routing request message (RREQ) is broadcasted by a node requiring a route to another node, routing reply message (RREP) is uncased back to the source of RREQ, and route error message (RERR) is sent to notify other nodes of the loss of the link. HELLO messages are used for detecting and monitoring links to neighbours. A variety of attacks are possible in MANET. Some attacks apply to general network, some apply to wireless network and some are specific to MANETs. These security attacks can be classified according to different criteria, such as the domain of the attackers, or the techniques used in attacks. These security attacks in MANET and all other networks can be roughly classified by the following criteria: passive or active, internal or external, stealthy or non-stealthy, cryptography or non-cryptography, different protocol layer related.

One of these attacks is the Black Hole attack. In the Black Hole attack, a malicious node absorbs all data packets in itself, similar to a hole which sucks everything in. In this way, all packets in the network are dropped. A malicious node dropping all the traffic in the network makes use of the vulnerabilities of the route discovery packets of the on demand protocols, such as AODV Since it is not our goal to develop a new IDS approach for MANETs, our IDS is ample to provide a reasonable detection performance of our implementation of the black hole attack. We mainly concentrated on IRS technique for MANET. We adjusted the parameters so that the IDS achieve a performance that is comparable to that of other systems proposed in literature survey. Deploying wireless sensor networks (WSNs) for mission critical applications (such as intruder detection and tracking) often face the fundamental challenge of meeting stringent spatial and temporal performance requirements imposed by users. For instance, a surveillance application may require any intruder to be detected with a high probability (e.g., >90%), a low false alarm rate (e.g., <1%), and within a bounded delay (e.g., 20 s). Due to the limited capability and unreliable nature of low-power sensor nodes, over provisioning (of coverage, detection, and communication capabilities) seems to be the only choice for a static sensor network to meet such stringent performance requirements. Over provisioning only works up to the point where the reality meets the original expectation about the characteristics of physical phenomena and environments. If a new ondemand task arises after deployment and its requirements exceed the statically planned network capability, the task could not be accomplished. For instance, in a battlefield monitoring scenario, sensor failures in a small region may lead to a perimeter breach and the sensor nodes deployed in other regions become useless. To better cope with the unpredictability and variability of physical reality and improve the agility of sensor networks, mobile sensors can be introduced to dynamically reconfigure the sensor network capability in an on-demand manner. In a static-mobile hybrid sensor network, the mobile sensors can move close to targets and increase the signal-to-noise ratio (SNR) and the fidelity of detection results beyond what is achievable by static sensor nodes alone in many situations. Furthermore, efficient collaboration between mobile and static nodes could effectively change sensing densities on demand potentially reducing the number of sensors needed comparing to all-static network deployments.
2

CHAPTER 2 LITERATURE SURVEY

Recent work demonstrated that the sensing performance of WSNs can be improved by integrating mobility. Several works has been proposed to eliminate coverage holes in a sensing field by relocating mobile sensors. Although such an approach improves the sensing coverage of a network deployment, it does not dynamically improve the networks performance after targets of interest appear. Complementary to these projects, we focus on online sensor collaboration and movement scheduling strategies that are used after the appearance of targets. In our recent work, we proposed a decision-fusion based detection model in which each mobile sensor makes its own detection decision and locally controls its movement. In this project, we adopt a value-fusionbased detection model that significantly simplifies the task of mobile sensors. Specifically, each mobile sensor in a detection process is only required to move a certain distance and send its measurements to its cluster head. Such a model is more suitable for mobile sensors with limited capability of signal processing and motion control. In contrast, a mobile sensor in the algorithm proposed in must be able to locally detect targets and adaptively control their movement. Moreover, this project studies several important issues that are not addressed in including optimal movement scheduling and multi target detection. Several recent studies analyzed the impact of mobility on detection delay and area coverage. These studies are based on random mobility model and do not address the issue of actively controlling the movement of sensors. Bisnik et al. analyzed the performance of detecting stochastic events using mobile sensors. Chin et al., proposed to improve the coverage of a region by patrolling static routes using mobile sensors. Different from efficient sensor collaboration and movement scheduling strategies that achieve specified target detection performance. Mobile sensors that can move reactively are used in networked robotic sensor architecture to improve the sampling density over a region. They did not focus on target detection under spatiotemporal performance constraints. Collaborative target detection in stationary sensor networks has been extensively studied. Several
3

recent projects also studied network deployment strategies that can achieve specified detection performance. This project investigates the fundamental impacts of data fusion on the coverage of WSNs. Practical network protocols that facilitate target detection and tracking using static or mobile sensors have also been investigated. Complementary to these studies that deal with the mobility of targets, we focus on improving target detection performance by utilizing the mobility of sensors. Several recent studies formulate target detection and tracking in mobile WSNs as game problems and propose several motion strategies for mobile sensors. In these works, the mobile sensors move actively to improve the surveillance quality. The power consumption of locomotion is not explicitly considered. In contrast, the mobile sensors in our approach move reactively only when a coarse detection consensus is reached and the power consumption of locomotion is minimized. As a fundamental issue in robotics, motion learning has been extensively studied. We refer to for comprehensive surveys on this topic. Recent works consider the motion planning/control of autonomous robots for searching/tracking targets. Sensor movement scheduling in mobile WSNs for target detection poses several new challenges that have not been addressed in the existing robotic motion planning literature, which include limited mobility of sensors, resource constraints and stringent quality-of-service requirements such as low false alarm rate, high detection probability and bounded detection delay.

2.1 APPROACHES IN MANETS Several routing mechanisms for MANETs that take into account geographical information of nodes have been proposed. Two of these protocols which are related to our work are LAR and DREAM. Both protocols use location information to restrict the propagation of broadcast messages as it is done in GeoSec. A precondition for LAR and DREAM is that the nodes are aware of their geographical position. One way to determine this would be the use of GPS. Besides this, other approaches for the determination of positions in dynamic environments have been proposed. A survey can be found in. The localization mechanisms presented there were developed for sensor networks but

can also be applied to mobile ad hoc networks. The approaches can be categorized according to whether the outcome is a global unique position or a position relative to a specific local neighbour. Our approach neither requires globally available information nor global unique positioning.

2.2 INTRUSION DETECTION SYSTEM Intrusion is defined as any set of actions that attempt to compromise the integrity, confidentiality, or availability of a resource. Intrusion protection techniques works as the first line of defence. However, intrusion protection alone is not sufficient since there is no perfect security in any system, especially in the field of ad hoc networking due to its fundamental vulnerabilities. Therefore, intrusion detection can work as the second line of protection to capture audit data and perform traffic analysis to detect whether the network or a specific node is under attack. Once an intrusion has been detected in an early stage, measures can be taken to minimize the damages or even gather evidence to inform other legitimate nodes for the intruder and countermeasures maybe launched to minimize the effect of the active attacks. An intrusion detection system (IDS) can be classified as network based or host-based according to the audit data that is used. Generally, a network-based IDS runs on a gateway of a network and captures and examines the network traffic that flows through it. Obviously this approach is not suitable for ad hoc networks since there is no central point that allows monitoring of the whole network. A host-based IDS relies on capturing local network traffic to the specific host. This data is analyzed and processed locally to the host and is used either to secure the activities of this host, or to notify another participating node for the malicious action of the node that performs the attack. In our IRSAM, we utilize an IDS i.e. used to detect the Black hole attack in MANET. Each node in MANET operates in Permissions mode to keep track of packets sent and received by its neighbours. Every node uses its packet ratio (sent packets/received packets) to determine Black hole node in the MANET. If the threshold value (sent packets equal to received packets/2) is greater than packet ratio then declare node is Black hole node.

All The basic concept of Intrusion Response System for AODV in MANET is to recover MANET from various security attacks. Figure (a) and (b) briefly explain the concept of AODV

MALICIOUS NODE 'A'

PROMISCIOUS NODE 'B'

Figure 1 Node Transmission Range

It shows oval shape nodes in Adhoc network, node A is assumed as a malicious node. IDS operating in all neigh boring nodes of A (for ex. node B) detects it as a malicious node by checking certain parameters of hop count & traffic going in or out etc. After detecting node A as malicious node, all neigh boring nodes decrease their transmission power so that node A goes out
6

of their range and is not able to listen to their traffic as shown in figure (b). Node A will be out of the operating zone of the network, and will not be able to affect the performance of MANET. Important issue in this strategy is to select optimal transmission power so that malicious node is out of operating zone of network, as well as node adapting power itself remain in the operating zone. It is necessary to choose suitable metrics for evaluation intrusion response system protocol. The performance metrics describes the outcome of the simulation or set of simulations. These metrics are interesting because they can be used to point out what really happened during the simulation and provide valuable information about the response system protocols. The following metrics are chosen in this work for evaluation of IRSAM having comparison with classic AODV, having two scenarios corresponding to variations in pause time and speed of nodes participating in MANET.

PACKET DELIVERY RATIO The ratio between the number of packets originated by the application layer at CBR source and the number of packets received by application layer at CBR sink at final destination. It is desirable that a routing protocol keeps this ratio high. The greater this ratio is, the reliable the Adhoc network will be. Packet Delivery Ratio = Received packets / Sent packets Packet delivery ratio is important as it describes the loss rate that will be seen by the transport protocols, which in turn affects the maximum throughput that the network can support. This metric characterizes both the completeness and correctness of the routing protocol. The AODV has more packet delivery ratio as compare to classic AODV for both scenarios.

ROUTING OVERHEAD The total number of routing packets transmitted & received by all the nodes during the simulation known as routing overhead as energy dissipates both in sending a packet as well as

receiving a packet for processing it. For packets sent over multiple hops, each transmission of the packet counts as one. This is interesting metric. In some way it reveals how bandwidth efficient the routing protocol is. The routing overhead metric simply shows how much of the bandwidth (which often is one of the limited factors in a wireless system) that is consumed by routing messages, i.e. the amount of bandwidth available to data packets. The routing overhead is typically much larger for proactive protocols since it periodically floods the network with updates messages. As the mobility in the network increases, reactive protocols will of course have to send more and more routing messages. This is where the real strengths and weaknesses of the routing protocol revealed. It is an important metric for comparing protocols, as it measures the scalability of a protocol, the degree to which it will function in congested or low-bandwidth environments.

END-TO-END DELAY End-to-End Delay is average time a packet takes for delivery to its destination after it was transmitted. It tells how a protocol adapts or arranges for an immediate delivery of packets to its desired destination. Average delay is caused by Route Discovery Latency Queuing at the interface queue Retransmission delays at the MAC Propagation delay Transfer time. The Simulation is used for comparative study of the efficiencies of the AODV and IRSAM. MAXIMUM PACKET SENT The Maximum Packet sent metric is used to determine number of data packets delivered to the destination in a network as more data packets are sent in IRSAM than Classic AODV. The IRSAM provides more flexibility for data packets transmission in MANET. MAXIMUM PACKET DROPPED The maximum packet dropped parameter determines total numbers of data packets lost during transmission in the network. The classic AODV dropped more packets as compare to our purposed IRSAM concepts are well described.
8

Parameters Transmitter Range Bandwidth Simulation Time Number of nodes Scenario size Traffic type Packet size Flows Rate

Value 250 m 2Mbits/s 200 50 1000 x 1000 m2 Constant Bit Rate 64 bytes 25 4 Packets

Table 1 Summary of common Parameter used in Simulation

2.3 ADVANTAGES OF MOBILE AD-HOC NETWORKS There are several advantages of using mobile ad hoc network. Setting up a wireless system is easy and fast and it eliminates the need for pulling out the cables through walls and ceilings. Network can be extended to places, which cannot be wired. Multiple paths increase reliability. Wireless network offers more flexibility and adapt easily to changes in the configuration of the network.

2.4 LIMITATIONS OF MOBILE AD HOC NETWORKS 1. Asymmetric links: Most of the wired networks rely on the symmetric links, which are always fixed. But this is not a case with ad-hoc networks as the nodes are mobile and
9

constantly changing their position within network. For example consider a MANET (Mobile Ad-hoc Network) where node B sends a signal to node A but this does not tell anything about the quality of the connection in the reverse direction. 2. Routing Overhead: In wireless ad hoc networks, nodes often change their location within network. So, some out-of-date routes are generated in the routing table, which leads to unnecessary routing overhead. 3. Interference: This is the major problem with mobile ad-hoc networks as links come and go depending on the transmission characteristics, one transmission might interfere with another one and node might overhear transmissions of other nodes and can corrupt the total transmission. 4. Dynamic Topology: This is also the major problem with ad-hoc routing since the topology is not constant. The mobile node might move or medium characteristics might change. In ad-hoc networks, routing tables must somehow reflect these changes in topology and routing algorithms have to be adapted. For example in a fixed network routing table updating takes place for every 30sec. This updating frequency might be very low for ad-hoc networks.

Attackson MANET: The attacks based on the domain of MANET, classified into two categories namely internal attacks and external attacks. These classifications are shown in figure. 1. External Attack: External attacks are attacks, launched by nodes that do not possess a valid certificates, means these nodes do not have authorized member of the MANET. For instance, in a military setting each authorized soldier might possess a signed certificate from a trusted party granting him membership in the MANET. Such a node is an insider node. Any node not possessing such a certificate is considered an outsider node. The outsider attacks have the capability to spoof its identity, such as spoofing its IP and MAC addresses to impersonate an insider node. Outsider attacks have the capability to access the wireless channel so it can eavesdrop on legitimate traffic. 2. Internal Attack: Internal attacks are attacks, launched by one or more compromised nodes that possess a valid certificate, means these nodes are authorized member of the
10

MANET. Internal attacks are more severe comparatively to outsider attacks since the insider knows valuable and secret information, and possesses privileged access right. Internal attacks can be classified as shown in figure according to network protocol stacks. Passive Attacks A Passive Attack does not disrupt the operation of the protocol, but tries to discover valuable information by listening to traffic. Passive attacks basically involve obtaining crucial routing information by sniffing about the network. Such attacks are usually difficult to detect and hence, defending against such attacks is complicated. Even if it is not possible to identify the exact location of a node, one may be able to discover information about the network topology, using these attacks. These attacks do not disturb the operation of communication i.e. do not degrade the performance of the MANET Active Attacks An active attack involves information interruption, modification, or fabrication, thereby to degrade the performance of the MANET.An active attack injects arbitrary packets and tries to disrupt the operation of the protocol in order to limit availability, gain authentication, or attract packets destined to other nodes. The goal is basically to attract all packets to the attacker for analysis or to disable the network. Such attacks can be detected and the nodes can be identified.

Figure 2 Classification of Internal attacks

11

The following are Misuse goals: a. Route Disruption (RD): Breaking down an existing route or preventing a new route from being established. b. Route Invasion (RI): Inside attacker adds itself between two end points of a communication channel. c. Node Isolation (NI): Preventing a node from communicating with any other node. d. Route Consumption (RC): Consuming network bandwidth or storage space. Another instance can be seen when considering a category of attacks called The Black Hole Attacks. Here, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. Once the malicious node has been able to insert itself between the communicating nodes, it can do anything with the packets passing between them. It can then choose to drop the packets thereby creating Dos.

2.5 BLACK HOLE ATTACK The black hole attack is an active insider attack, it has two properties first, the attacker consumes the intercepted packets without any forwarding. Second, the node exploits the mobile ad hoc routing protocol, to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting packets. In other terms, a malicious node uses the routing protocol to advertise as having the shortest path to nodes whose packets it wants to intercept. In the case of AODV protocol, the attacker listens to requests for routes. When the attacker receives a request for a route to the target node, the attacker creates a reply where an extremely short route is advertised, if the reply from malicious node reaches to the requesting node before the reply from the actual node, a fake route has been created.

12

Once the malicious device has been able to insert itself between the communicating nodes, it is able to do anything with the packets passing between them. It can choose to drop the packets to form a denial-of-service attack.

Figure 3 Black Hole Attack

2.6 WORKING OF BLACK HOLE Based on original AODV protocol, any intermediate node may respond to the RREQ message if it has fresh enough route, which is checked by the destination sequence number contained in the RREQ packet. In Figure 4 node 1 is source node where as node 4 is destination node. Source node broadcasts route request packet to find a route to destination node. Here node 3 acts as black hole. Node 3 also sends a route reply packet to the source node. But a route reply from node 3 reaches to source node before any other intermediate node. In this case source node sends the data packet to destination node through node 3.

13

But as the property of black hole node that this node does not forward data packets further and dropped it. But source node is not aware of it and continues to send packet to the node 3. In this way the data, which has to be reached to the destination, fails to reach there. There is no way to find out such kind of attack. These nodes can be in large number in a single MANET, which makes the situation more critical. This chapter will discuss about MANET routing, desirable properties of routing protocol in MANET, classification of routing protocol, brief description of commonly routing protocol in MANET, detailed description of AODV routing protocol with different type of routing message of AODV and also working of AODV in MANET. ROUTING Routing means how we can route a data packet from a source to a destination. In the case of MANET, a packet necessarily route several hops (multi hop) before reaches to the destination, a routing protocol is needed. The routing protocol has two main functions, selection of routes for various source destination pair and delivery of the messages to their correct destination. Movement of nodes in MANET causes the nodes to move in and out of the range from one another, as a result there is continuous making and breaking of links in the network. Since the network relies on multi-hop transmissions for communication, this imposes major challenges for the network layer to determine the multi-hop route over which the data packets can be transmitted between a given pair of source and destination nodes. Figure 5 shows how the movement of a single node ( C ) changes the network topology rendering the existing route between A and E (i.e. A-C-E) unusable. The network needs to evaluate the changes in the topology caused by this movement and establish a new route from A to E (such as A-D-C-E).

14

Figure 4 Path Changes Due to Mobility of Node

DESIRABLE PROPERTIES OF ROUTING PROTOCOL IN MANETS There are some desirable properties in routing protocol that are different from conventional routing protocol like link state and distance vector routing protocol. DISTRIBUTED OPERATION The protocol should be distributed. It should not be dependent on a centralized controlling node. This is the same case for stationary networks. The difference is that nodes in an ad-hoc network can enter/leave the network very easily and because of mobility the network can be partitioned. LOOP FREE: To improve the overall performance, we want the routing protocol to guarantee that the routes supplied are loop-free. This avoids any waste of bandwidth or CPU consumption. DEMAND BASED OPERATION To minimize the control overhead in the network and thus not wasting network resources more than necessary, the protocol should be reactive. This means that the protocol should only react when needed and that the protocol should not periodically broadcast control information.
15

UNIDIRECTIONAL LINK SUPPORT: The radio environment can cause the formation of unidirectional links. Utilization of these links and not only the bi-directional links improves the routing protocol performance. SECURITY: The radio environment is especially vulnerable to impersonation attacks, so to ensure the wanted behavior from the routing protocol we need some sort of preventive security measures. Authentication and encryption is probably the way to go and the problem here lies within distributing keys among the nodes in the ad-hoc network. POWER CONSERVATION: The nodes in an ad-hoc network can be laptops and thin clients, such as PDAs that are very limited in battery power and therefore uses some sort of stand-by mode to save power. It is therefore important that the routing protocol has support for these sleep modes. MULTIPLE ROUTES: To reduce the number of reactions to topological changes and congestion multiple routes could be used. If one route has become invalid, it is possible that another stored route could still be valid and thus saving the routing protocol from initiating another route discovery procedure. QUALITY OF SERVICE SUPPORT: Some sort of Quality of Service support is probably necessary to incorporate into the routing protocol. This has a lot to do with what these networks will be used for. It is necessary to remember that the protocols are still under development and is probably extended with more functionality. The primary function is still to find a route to the destination, not to find the best/optimal/shortest-path route

16

CLASSIFICATION OF ROUTING PROTOCOL IN MANETS Classification of routing protocol in MANET depends on routing strategy and network structure. According to the routing strategy the routing protocols can be categorized as Tabledriven and Source initiated, while depending on the network structure these are classified as flat routing, hierarchical routing and geographic position assisted routing. Both the Table-driven and source initiated protocols come under the Flat routing.

Figure 5 Classification of Routing Protocols in MANET

TABLE DRIVEN ROUTING PROTOCOL (PROACTIVE): These protocols are also called as proactive protocols since they maintain the routing information even before it is needed. Each and every node in the network maintains routing information to every other node in the network. Routes information is generally kept in the routing tables and is periodically updated as the network topology changes. Many of these routing protocols come from the link-state routing.
17

There exist some differences between the protocols that come under this category depending on the routing information being updated in each routing table. Furthermore, these routing protocols maintain different number of tables. The proactive protocols are not suitable for larger networks, as they need to maintain node entries for each and every node in the routing table of every node. This causes more overheads in the routing table leading to consumption of more bandwidth. ON DEMAND ROUTING PROTOCOL (REACTIVE): These protocols are also called reactive protocols since they dont maintain routing information or routing activity at the network nodes if there is no communication. If a node wants to send a packet to another node then this protocol searches for the route in an on-demand manner and establishes the connection in order to transmit and receive the packet. The route discovery usually occurs by flooding the route request packets throughout the network.Table1 lists some basic differences between the two classes of protocols.

Parameters

On-demand protocols

routing Table-driven protocols Always available

routing

Availability information

of

routing Available as required

Periodic route updates Dealing with Link

Not required Use route discovery

Required Propagate information to neighbors to maintain

consistent routing table Routing overload Increases with mobility of Independent of traffic and nodes mostly greater than Ondemand protocols Table 2 Comparison between On-demand Vs Table-driven routing protocols

18

DESCRIPTION OF AD HOC ROUTING PROTOCOLS DESTINATION-SEQUENCED DISTANCE-VECTOR (DSDV) The Destination-Sequenced Distance-Vector (DSDV) [13] Routing Algorithm is based on the idea of the classical Bellman-Ford Routing Algorithm with certain improvements. Every mobile station maintains a routing table that lists all available destinations, the number of hops to reach the destination and the sequence number assigned by the destination node. The sequence number is used to distinguish old routes from new ones and thus avoid the formation of loops. The stations periodically transmit their routing tables to their immediate neighbors. A station also transmits its routing table if a significant change has occurred in its table from the last update sent. So, the update is both time-driven and event-driven. The routing table updates can be sent in two ways: - a "full dump" or an incremental update. A full dump sends the full routing table to the neighbors and could span many packets whereas in an incremental update only those entries from the routing table are sent that has a metric change since the last update and it must fit in a packet. If there is space in the incremental update packet then those entries may be included whose sequence number has changed. When the network is relatively stable, incremental updates are sent to avoid extra traffic and full dump are relatively infrequent. In a fast-changing network, incremental packets can grow big so full dumps will be more frequent. DYNAMIC SOURCE ROUTING (DSR) The key distinguishing feature of DSR [12] is the use of source routing. That is, the sender knows the complete hop-by-hop route to the destination. These routes are stored in a route cache. The data packets carry the source route in the packet header. When a node in the ad hoc network attempts to send a data packet to a destination for which it does not already know the route, it uses a route discovery process to dynamically determine such a route. Route discovery works by flooding the network with route request (RREQ) packets.
19

Each node receiving an RREQ rebroadcasts it, unless it is the destination or it has a route to the destination in its route cache. Such a node replies to the RREQ with a route reply (RREP) packet that is routed back to the original source. RREQ and RREP packets are also source routed. The RREQ builds up the path traversed across the network. The RREP routes back itself to the source by traversing this path backward. The route carried back by the RREP packet is cached at the source for future use. If any link on a source route is broken, the source node is notified using a route error (RERR) packet. The source removes any route using this link from its cache. A new route discovery process must be initiated by the source if this route is still needed. DSR makes very aggressive use of source routing and route caching. No special mechanism to detect routing loops is needed. Also, any forwarding node caches the source route in a packet it forwards for possible future use. TEMPORALLY ORDERED ROUTING ALGORITHM (TORA) TORA is a distributed routing protocol based on a link reversal algorithm. It is designed to discover routes on demand, provide multiple routes to a destination, establish routes quickly, and minimize communication overhead by localizing algorithmic reaction to topological changes when possible. Route optimality (shortest-path routing) is considered of secondary importance, and longer routes are often used to avoid the overhead of discovering newer routes. The actions taken by TORA can be described in terms of water flowing downhill towards a destination node through a network of tubes that models the routing state of the real network. The tubes represent links between nodes in the network, the junctions of tubes represent the nodes, and the water in the tubes represents the packets flowing towards the destination. Each node has a height with respect to the destination that is computed by the routing protocol. If a tube between nodes A and B becomes blocked such that water can no longer flow through it, the height of A is set to a height greater than that of any of its remaining neighbors, such that water will now flow back out of A (and towards the other nodes that had been routing packets to the destination via A).

20

When a node discovers that a route to a destination is no longer valid, it adjusts its height so that it is a local maximum with respect to its neighbors and transmits an UPDATE packet. If the node has no neighbors of finite height with respect to this destination, then the node instead attempts to discover a new route as described above. When a node detects a network partition, it generates a CLEAR packet that resets routing state and removes invalid routes from the network. AD HOC ON-DEMAND DISTANCE VECTOR (AODV) AODV shares DSRs on-demand characteristics in that it also discovers routes on an as needed basis via a similar route discovery process. However, AODV adopts a very different mechanism to maintain routing information. It uses traditional routing tables, one entry per destination. This is in contrast to DSR, which can maintain multiple route cache entries for each destination. Without source routing, AODV relies on routing table entries to propagate an RREP back to the source and, subsequently, to route data packets to the destination. AODV uses sequence numbers maintained at each destination to determine freshness of routing information and to prevent routing loops. All routing packets carry these sequence numbers. An important feature of AODV is the maintenance of timer-based states in each node, regarding utilization of individual routing table entries. A routing table entry is expired if not used recently. A set of predecessor nodes is maintained for each routing table entry, indicating the set of neighboring nodes which use that entry to route data packets. These nodes are notified with RERR packets when the next-hop link breaks. Each predecessor node, in turn, forwards the RERR to its own set of predecessors, thus effectively erasing all routes using the broken link. In contrast to DSR, RERR packets in AODV are intended to inform all sources using a link when a failure occurs. Route error propagation in AODV can be visualized conceptually as a tree whose root is the node at the point of failure and all sources using the failed link as the leaves. 2.7 DETAILED DESCRIPTION OF AODV CHARACTERISTICS OF AODV AODV is a very simple, efficient, and effective routing protocol for Mobile Ad-hoc Networks which do not have fixed topology. This algorithm was motivated by the limited
21

bandwidth that is available in the media that are used for wireless communications. It borrows most of the advantageous concepts from DSR and DSDV algorithms. The on demand route discovery and route maintenance from DSR and hop-by-hop routing, usage of node sequence numbers from DSDV make the algorithm deal with topology and routing information. Obtaining the routes purely on-demand makes AODV a very useful and desired algorithm for MANETs. AODV allows mobile nodes to responds to link breakages and changes in network topology in a timely manner. The operation of AODV is loop-free, and avoiding the count-to-infinity problem offers quick convergence when the ad hoc network topology changes. When link breaks, AODV causes the affected set of nodes to be notified so that they are able to invalidate the routes using the lost link. AODV have four different type of message Route Request (RREQ), Route Reply (RREP), and Route Error (RERR) and Hello. All messages are sent using UDP. ROUTE REQUEST (RREQ) This is a message used by AODV for the purpose of discovering new routes to a destination node. The format of this message is given belowType: Type of message Reserved: Sent as 0, ignored on reception Type [8] Broadcast ID [32] Destination IP address [32] Destination Sequence Number [32] Originator IP address [32] Originator Sequence Number [32] Table 3 Route Request Format Reserved [16] Hop count [8]

22

HOP COUNT: The number of hops from the Originator IP Address to the node handling the request. BROADCAST ID: A sequence number uniquely identifying the particular RREQ when taken in conjunction with the originating node's IP address. DESTINATION IP ADDRESS: The IP address of the destination for which a route is desired. DESTINATION SEQUENCE NUMBER: The latest sequence number received in the past by the originator for any route towards the destination. ORIGINATOR IP ADDRESS: The IP address of the node, which originated the Route Request. ORIGINATOR SEQUENCE NUMBER: The current sequence number to be used in the route entry pointing towards the originator of the route request. ROUTE REPLY (RREP): This is a message used by AODV to reply to route requests. The format of this message is given belowType [8] L Reserved [16 Hop Count [8]

Destination IP address [32] Destination Sequence Number [32] Originator IP Address [32] Lifetime [32] Table 4 Route Reply Format Type: Type of message RESERVED: Sent as 0, ignored on reception. HOP COUNT: The number of hops from the Originator IP Address to the Destination IP Address. For multicast route requests this indicates the number of hops to the multicast tree member sending the RREP.
23

DESTINATION IP ADDRESS: The IP address of the destination for which a route is supplied. DESTINATION SEQUENCE NUMBER: The destination sequence number associated to the route. ORIGINATOR IP ADDRESS: The IP address of the node, which originated the RREQ for which the route is supplied. LIFETIME: The time in milliseconds for which nodes receiving the RREP consider the route to be valid. HELLO: This message is special case of Route reply messages. The difference is only that it always makes a route to itself. In another terms, we can say the hop count field is set to 0, the destination address set to the nodes IP address and destination sequence number set to the nodes latest sequence number. ROUTE ERROR (RERR): This message is also special Route reply messages. The difference is that here the destination reflects the route that has broken, and this broken route is assigned an infinite hop count and a sequence number that is increased by one. LOCAL REPAIR: When a link break in an active route occurs, the node upstream of that break may choose to repair the link locally if the destination was no farther than maximum repair TTL hops away. To repair the link break, the node increments the sequence number for the destination and broadcasts a RREQ for that destination. WORKING OF AODV: Each mobile host in the network acts as a specialized router and routes are obtained as needed, thus making the network self-starting. Each node in the network maintains a routing table with the routing information entries to its neighboring nodes, and two separate counters: a node sequence number and a broadcast-id. When a node (source node S) wants to communicate with another node (destination node D), S increments its broadcast-id and initiates path discovery by broadcasting a route request packet RREQ to its neighbors. The RREQ contains the following fields as Source

24

address, broadcast-id, source sequence number, destination address, destination sequence number, hop count The (source-address, broadcast-id) pair is used to identify the RREQ uniquely. Then the dynamic route table entry establishment begins at all the nodes in the network that are on the path from S to D.As RREQ travels from node to node, it automatically sets up the reverse path from all these nodes back to the source. Each node that receives this packet records the address of the node from which it was received. This is called Reverse Path Setup. The nodes maintain this information for enough time for the RREQ to traverse the network and produce a reply to the sender and time depends on network size. If an intermediate node has a route entry for the desired destination in its routing table, it compares the destination sequence number in its routing table with that in the RREQ. If the destination sequence number in its routing table is less than that in the RREQ, it rebroadcasts the RREQ to its neighbors. Otherwise, it uncast a route reply packet to its neighbor from which it was received the RREQ if the same request was not processed previously (this is identified using the broadcast-id and source-address). Once the RREP is generated, it travels back to the source, based on the reverse path that it has set in it until traveled to this node. As the RREP travels back to source, each node along this path sets a forward pointer to the node from where it is receiving the RREP and records the latest destination sequence number to the request destination. This is called Forward Path Setup. If an intermediate node receives another RREP after propagating the first RREP towards source it checks for destination sequence number of new RREP. The intermediate node updates routing information and propagates new RREP only, If the Destination sequence number is greater or if the new sequence number is same and hops count is small or Otherwise, it just skips the new RREP. This ensures that algorithm is loop-free and only the most effective route is used.

25

ROUTE TABLE MANAGEMENT Each mobile node in the network maintains a route table entry for each destination of interest in its route table. Each entry contains the following info: Destination address, next hop, number of hops, destination sequence number, active neighbors for this route, expiration time for the route table entry. The other useful information contained in the entries along with source and destination sequence numbers is called soft-state information associated to the route entry. The information about the active neighbors for this route is maintained so that all active source nodes can be notified when a link along a path to the destination breaks. And the purpose of route request time expiration timer is to purge the reverse path routing entries from all the nodes that do not lie on the active route.

ROUTE DISCOVERY A node broadcast a RREQ when it wants a route to a destination and does not have any path to reaching there, means when the route to the destination is unknown. After broadcasting the RREQ packet node waits for the RREP packet for RREQ Expire Time. If the reply is not received within this time, the node rebroadcast the RREQ packet again and again up to a certain limited time. Forwarding of RREQs is done when the intermediate node receiving the RREQ packet and it do not have a route to the destination. It then rebroadcast the RREQ. The node also creates a reverse route to the source node for future purpose if through this node a route is formed to the destination node, means when route reply packet comes to this node that will follow this route to source node. There are some changes in routing table also. This route is valid for much shorter time, than an actual route entry. When the RREQ packet reaches to a node that either has a route to destination node or it is destination node itself, in this case this node uncased RREP back to the requesting node. While

26

this RREP is forwarded, a route is formed to the destination node and when the RREP reaches the source node, there exist a route from the source to destination.

ROUTE MAINTENANCE When a node detects that a route to the neighbor is no longer valid, then this node will remove the routing entry from its routing table and send a link failure message, a triggered route reply message to the neighbors that are actively using the route, informing that this route is no longer valid. For this purpose AODV uses an active neighbor list to keep track of the neighbors that are using the particular route. The node that receives this message will repeat this procedure and tell them not to follow that path. The message will be received by the affected sources that can chose to either stop sending the data or finding a new route by sending a new RREQ packet. These concepts explained of the routing and its properties for mobile ad-hoc networks. On demand routing is more useful to the table driven routing because there is less routing overhead, but on demand routing takes a large time to establish a route to a particular destination. AODV is a reactive routing protocol, there is less routing overhead because node on the routing path from source to destination maintain their routing table, other node do not update their routing protocol who are not on the routing path. In the case of AODV when node movement is very fast, routing from source to destination is very difficult because node will be in and out of the range of each other. AODV is very efficient when number of mobile node is very large in MANET comparatively to other routing protocol in MANET.

27

CHAPTER 3 SYSTEM ANALYSIS 3.1 EXISTING SYSTEM In Existing system, it deals with the static network deployment of spatiotemporal node for ensuring security. It also ensures monitoring security features, based on demand after deployment and risk maintenance. The derived optimal sensor movement scheduling algorithm that minimizes the total moving distance of sensors under a set of spatiotemporal performance requirements including: Bounded detection delay High target detection probability and Low system false alarm rate. 3.2 PROPOSED SYSTEM 3.2.1 A METHOD TO AVOID BLACK HOLE IN MANET A black hole has two properties. First, the node exploits the ad hoc routing protocol, such as AODV, to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting packets. Second, the node consumes the intercepted packets. We define the following conventions for protocol representation.

Node: Mobile Unit

---------> Dashed Arrow: RREQ/RREP Propagation

Solid Arrow (Single head): Node i has a route to node j and has
28

Solid Arrow (Double head): Nodes i and j have route to each their and have routed data packets (i and j are reliable to each other)

Solid Line: There is a route between two nodes

3.2.2 COOPERATIVE BLACK HOLE ATTACK According to the original AODV protocol, when source node S wants to communicate with the destination node D, the source node S broadcasts the route request (RREQ) packet. The neighboring active nodes update their routing table with an entry for the source node S, and check if it is the destination node or has a fresh enough route to the destination node. If not, the intermediate node updates the RREQ (increasing the hop count) and floods the network with the RREQ to the destination node D until it reaches node D or any other intermediate node which has a fresh enough route to D, as depicted by example in Figure 1. The destination node D or the intermediate node with a fresh enough route to D, initiates a route response (RREP) in the reverse direction, as depicted in Figure 3. Node S starts sending data packets to the neighboring node which responded first, and discards the other responses. This works fine when the network has no malicious nodes.

29

Figure 7 Propagation of RREP Messages Researchers have proposed solutions to identify and eliminate a single black hole node. However, the case of multiple black hole nodes acting in coordination has not been addressed. For example, when multiple black hole nodes are acting in coordination with each other, the first black hole node B1 refers to one of its teammates B2 as the next hop, as depicted in Figure 2. According to, the source node S sends a Further Request (FReq) to B2 through a different route (S-2-4-B2) other than via B1.

30

CHAPTER 4 SYSTEM SPECIFICATION 4.1 SOFTWARE REQUIREMENTS OPERATING SYSTEM SOFTWARE 4.2 HARDWARE REQUIREMENT RAM PROCESSOR HARD DISK : : : 512 MB PENTIUM SERIES 50 GB : : REDHAT EL5 NS2 2.34

31

CHAPTER 5 METHODOLOGY 5.1 REGION ANALYSIS This module which identifies the environment where the nodes can survive. It can get adapted to the environment (physical location).The nodes will find the temperature, humidity, location,

5.2 TOPOLOGY CONSTRUCTION This is the first stage of the topology control protocol .Once the initial topology is deployed specially when the location of the node is random, the administrator has no control over the design of the network; for example some areas may be very dense, showing a high number of redundant nodes which will increase the number of message collision and will provide several copies of the same information from similarly located nodes. However, the administrator has control over some parameter of the network, transmission power of the nodes, state of the nodes, role of the nodes etc. By modifying this parameter the topology of the network can change.

5.3BOUNDED DETECTION Detecting abnormal events represents an important family of applications for wireless sensor networks. To achieve high performance of event detection, a sensor network should stay active most of the time, which is energy inefficient for battery driven sensor networks. We propose a novel approach for statistically bounding detection latency for event detection in sensor network. The key issue is the wakeup scheduling of sensor nodes and minimization of wake up activity.

32

5.4ADAPTIVE NEIGHBORHOOD DETECTION This module which will ensure the neighbor nodes based on the distance strategy.

5.5WEAK DUPLICATE ADDRESS DETECTION IN MOBILE NODE The purpose of this module is to identify weak duplicate address in mobile node to avoid security breaches like 1 IDS63. 2 Packet drop attack or black hole attack (denial-of-service attack in which a router supposed to relay packets discards them instead) 3 Wormhole Attack DATA ROUTING INFORMATION TABLE

33

The solution to identify multiple black hole nodes acting in cooperation involves two bits of additional information from the nodes responding to the RREQ of source node S. Each node maintains an additional Data Routing Information (DRI) table. In the DRI table, 1 stands for true and 0 for false. The first bit From stands for information on routing data packet from the node (in the Node field) while the second bit Through stands for information on routing data packet through the node (in the Node field). In reference to the example of Figure, a sample of the database maintained by node 4 is shown in Table 1. The entry 1 0 for node 3 implies that node 4 has routed data packets from 3, but has not routed any data packets through 3 (before node 3 moved away from 4). The entry 1 1 for node 6 implies that, node 4 has successfully routed data packets from and through node 6. The entry 0 0 for node B2 implies that, node 4 has NOT routed any data packets from or through B2.

34

Node #

Data Routing Information From Through 0 1 0 1

3 6 B2 2

1 1 0 1

Table 5 Additional table of data routed from, and routed to nodes maintained by node 4.

Notations: SN: Source Node DN: Destination Node FReq: Further Request IN: Intermediate Node NHN: Next Hop Node FRep: Further Reply

Reliable Node: The node through which the SN has routed data DRI: Data Routing Information ID: Identity of the node ALGORITHM FOR IDS: SN broadcasts RREQ SN receives RREP IF (RREP is from DN or a reliable node) { Route data packets (Secure Route) } else { do { Send FReq and ID of IN to NHN Receive FRep, NHN of current NHN, DRI entry for NHN's next hop, DRI entry for current IN If (NHN is a reliable node) { Check IN for black hole using DRI entry If (IN is not a black hole)
35

Route data packets (Secure Route) else { Insecure Route IN is a black hole All the nodes along the reverse path from IN to the node that generated RREP are black holes } } else Current IN = NHN } While (IN is NOT a reliable node) }

36

MODIFIED AODV ALGORITHM TO PREVENT IDS

Source Node (SN) RREQ

RREP

Intermediate Node (IN)

Next Hop Node (NHN)

Destination Node (DN)

Next Hop + DRI of NHN

If IN is unreliable Freq

FRep Next Hop of Current + DRI of its IN + DRI of IN

If IN is not a Black Hole AND NHN is unreliable, Current NHN = IN Repeat the steps 7 through 24 in the algorithm Else Continue

Figure 10 Modified AODV protocol and algorithm to prevent cooperative black hole attack

37

CHAPTER 6 SYSTEM TESTING

Testing is the major quality measure, employed during software development. After the coding phase computer programs are available that can be executed for testing purpose. Testing not only has to uncover errors introduced during coding, but also locates errors committed during the previous phases. Thus the aim of testing is to uncover requirements, design or coding errors in the program

6.1 TESTING STRATEGY A software testing strategy provides a road map for the software developer. Testing is a set activity that can be planned in advance and conducted systematically. A template for software testing is a series of steps into which we can place specific test case design methods Testing begins at the module level and works outward toward the integration of the entire computer based system. Different testing techniques are appropriate at different points in time. The developer of the software and an independent test group conducts testing. Testing and Debugging are different activities but debugging must be accommodated in any testing strategy. Testing generally removes all bugs and improves the reliability of the program. Some basic types of testing are Unit Testing Integration Testing

6.1.1 UNIT TESTING This is the first level of testing. Unit testing deals with testing a unit as a whole. This would test the interaction of many functions but confine the test within one unit. The exact scope of a unit is left to interpretation. This type of testing is driven by the architecture and implementation teams. This focus is also called black-box testing because only the details of the interface are visible to the test. Limits that are global to a unit are tested here.
38

The primary goal of unit testing is to take the smallest piece of testable software in the application, isolate it from the remainder of the code, and determine whether it behaves exactly as we expect. Each unit is tested separately before integrating them into modules to test the interfaces between modules. Unit testing has proven its value in that a large percentage of defects are identified during its use. In our project, unit testing is done in the phases such as Node Surveillance, Cluster Classification, Distributed Node and Sender/Receiver Approach.

6.1.2 INTEGRATION TESTING Integration testing is a logical extension of unit testing. In its simplest form, two units that have already been tested are combined into a component and the interface between them is tested. The idea is to test combinations of pieces and eventually expand the process to test your modules with those of other groups. Beyond that, if the program is composed of more than one process, they should be tested in pairs rather than all at once. Integration testing identifies problems that occur when units are combined. By using a test plan that requires you to test each unit and ensure the viability of each before combining units, you know that any errors discovered when combining units are likely related to the interface between units. This method reduces the number of possibilities to a far simpler level of analysis. Integration testing can also be treated as testing assumption of fellow programmer. In our project, integration testing is done by combining of all the phases like Node Surveillance, Cluster Classification, Distributed Node and Sender/Receiver Approach.

39

CHAPTER 7 DESIGN IMPLEMENTATION

7.1 BLOCK DIAGRAM

Figure 11 Sequence Diagram

40

SYSTEM ARCHITECTURE

Packets Message to be dispatched

N1 N2 Bound Detect

Information

N3

Malicious Node

N4 Packets N5

Malicious Node Collision node

Figure 12 System Architecture

41

DATA FLOW DIAGRAM

FIGURE

Figure 13 Data flow diagram

42

SYSTEM DIAGRAM IMPLEMENTATION DETAILS

Figure 14 System Diagram

43

Figure 15 Class Diagram

44

CHAPTER 8 APPENDIX SCREEN SHOT

REGION ANALYSIS

45

TOPOLOGY CONSTRUCTION

46

BOUNDED DETECTION

47

ADAPTIVE NEIGHBOURHOOD DETECTION

48

WEAK DUPLICATE MOBILE NODES

49

CHAPTER 9 CONCLUSION

The field of MANET is rapidly growing and changing. While there are still many challenges that need to be met, it is expected that such networks will see general use within the next few years. One of these challenges is security. Security of mobile ad hoc networks has recently gained momentum in the research community. Due to the open medium of ad hoc networks, and their inherent lack of infrastructure, security exposures can be an obstacle to basic network operation. It is impossible to find a general idea that can work efficiently against all kinds of attack, since every attack has its own distinct characteristics. As per this work is concern, there is no previously published work on detecting and defending against malicious nodes in the field of MANETs routing protocol.

50

CHAPTER 10 REFERENCES 1 Hongmei Deng, Wei Li, and Dharma P. Agarwal, Routing Security in Wireless Ad Hoc

Networks, University of Cincinnati, IEEE Communication magazine, October 2002. 2 C.E. Perkins, S.R.Das, and E.Royer, Ad-hoc Demand Distance vector (AODV),

Mobile Ad Hoc Networking Working Group, IETF Internet Draft, http:/www.ietf.org/internetdraft/draft-ietf-manet-aodv-05.txt March 2000. 3 Lidong Zhou, Zygmunt J.Hass, Securing Ad Hoc Networks, IEEE Special Issue on

Network Security, vol-13, pp 24-30 Nov-Dec 1999. 4 P.Ning and K.Sum, How to misuse AODV: A case study of insider attack against

mobile ad hoc routing protocol, Tech Rep, TR- 2003-07, CS Department, NC University, April 2003. 5 L.Venkatraman and D.P. Agrawal, Strategies for Enhancing Routing Security in

Protocols for Mobile Ad Hoc Networks, IEEE Network Magazine, vol. 13, no-6, Nov 1999. 6 S. Marti, T. J. Giuli, K. Lai, and M. Baker, Mitigating routing misbehavior in mobile ad

hoc networks, in Proceedings of MOBICOM, Boston MA USA, pp 255-265 2000. 7 Elizabeth M.Royer and C.K.Toh, A Review of Current Routing Protocols for Ad-Hoc

Mobile Wireless Networks, IEEE Personal Communication Magazine, pp 46-55, April 1999. 8 9 The Network Simulator ns-2 http://www/isi.edu/nsnam/ns. Kevin Fall and Kannan Varahan, editors. NS Notes and Documentation, the VINT

Project, UC Berkeley, LBL, USC/ISI, and Xerox PARC, November 1997. 10 K.Gorantala, Routing Protocol in Mobile Ad-hoc Networks, Technical report

Department of Computer Science from UMEA University, June-2006. 11 A tutorial named NS by example: http://nile.wpi.edu/NS/, visited 2006-07-22
51