An EDRI-based approach for detecting and eliminating cooperative black hole nodes in MANET

Mobile Ad hoc Network (MANET) is a self-configurable, self-maintenance network with wireless, mobile nodes. Special features of MANET like dynamic topology, hop-by-hop communications and open network boundary, made security highly challengeable in this network. From security aspect, routing protocols are highly vulnerable against a wide range of attacks like black hole. In black hole attack malicious node injects fault routing information to the network and leads all data packets toward it-self. In this paper, we proposed an approach to detect and eliminate cooperative malicious nodes in MANET with AODV routing protocol. A data control packet is used in order to check the nodes in selected path; also, by using an Extended Data Routing Information table, all malicious nodes in selected path are detected, then, eliminated from network. For evaluation, our approach and a previous work have been implemented using Opnet 14 in different scenarios. Referring to simulation results, the proposed approach decreases packet overhead and delay of security mechanism with no false positive detection. In addition, network throughput is improved by using the proposed approach.     

Security and performance enhancement of AODV routing protocol

A mobile ad hoc networks (MANET) is a decentralized, self‐organizing, infrastructure‐less network and adaptive gathering of independent mobile nodes. Because of the unique characteristics of MANET, the major issues to develop a routing protocol in MANET are the security aspect and the network performance. In this paper, we propose a new secure protocol called Trust Ad Hoc On‐demand Distance Vector (AODV) using trust mechanism. Communication packets are only sent to the trusted neighbor nodes. Trust calculation is based on the behaviors and activities information of each node. It is divided in to trust global (TG) and trust local (TL). TG is a trust calculation based on the total of received routing packets and the total of sending routing packets. TL is a comparison between total received packets and total forwarded packets by neighbor node from specific nodes. Nodes conclude the total trust level of its neighbors by accumulating the TL and TG values. The performance of Trust AODV is evaluated under denial of service/distributed denial of service (DOS/DDOS) attack using network simulator NS‐2. It is compared with the Trust Cross Layer Secure (TCLS) protocol. Simulation results show that the Trust AODV has a better performance than TCLS protocol in terms of end‐to‐end delay, packet delivery ratio, and overhead. Next, we improve the performance of Trust AODV using ant algorithm. The proposed protocol is called Trust AODV + Ant. The implementation of ant algorithm in the proposed secure protocol is by adding an ant agent to put the positive pheromone in the node if the node is trusted. Ant agent is represented as a routing packet. The pheromone value is saved in the routing table of the node. We modified the original routing table by adding the pheromone value field. The path communication is selected based on the pheromone concentration and the shortest path. Trust AODV + Ant is compared with simple ant routing algorithm (SARA), AODV, and Trust AODV under DOS/DDOS attacks in terms of performance. Simulation results show that the packet delivery ratio and throughput of the Trust AODV increase after using ant algorithm. However, in terms of end‐to‐end delay, there is no significant improvement. Copyright © 2014 John Wiley & Sons, Ltd.     

一种基于负载均衡的移动Ad Hoc网络AODV协议改进

当移动Ad Hoc网络负载增加时,现有的路由协议的性能急剧下降,且中间节点能耗过快。为适应高负载网络,平衡网络中节点能耗,在AODV协议基础上进行改进,提出了一种基于路径选择和拒绝应答算法的PS-AODV协议。仿真结果表明,PS-AODV协议可以提高分组传送率,降低平均端     

Analytical Termination of Malicious Nodes (ATOM): An Intrusion Detection System for Detecting Black Hole attack in Mobile Ad Hoc Networks

The decentralized administration and the lack of an appropriate infrastructure causes the MANET prone to attacks. The attackers play on the vulnerable characteristics of the MANET and its underlying routing protocols such as AODV, DSR etc. to bring about a disruption in the data forwarding operation. Hence, the routing protocols need mechanisms to confront and tackle the attacks by the intruders. This research introduces the novel host-based intrusion detection system (HIDS) known as analytical termination of malicious nodes (ATOM) that systematically detects one of the most significant black hole attacks that affects the performance of AODV routing protocol. ATOM IDS performs detection by computing the RREP count (Route Reply) and the packet drop value for each individual node. This system has been simulated over the AODV routing protocol merged with the black hole nodes and the resultant simulation scenario in NS2 has been generated. The trace obtained shows a colossal increase in the packet delivery ratio (PDR) and throughput. The results prove the efficacy of the proposed system.

     

Security upgrade against RREQ flooding attack by using balance index on vehicular ad hoc network

VANET is an ad hoc network that formed between vehicles. Security in VANET plays vital role. AODV routing protocol is a reactive or on-demand routing protocol which means if there is data to be send then the path will create. AODV is the most commonly used topology based routing protocol for VANET. Using of broadcast packets in the AODV route discovery phase caused it is extremely vulnerable against DOS and DDOS flooding attacks. Flooding attack is type of a denial of service attack that causes loss of network bandwidth and imposes high overhead to the network. The method proposed in this paper called Balanced AODV (B-AODV) because it expects all network node behave normally. If network nodes are out of the normal behavior (too much route request) then they identified as malicious node. B-AODV is designed with following feature: (1) The use of adaptive threshold according to network conditions and nodes behavior (balance index) (2) Not using additional routing packets to detect malicious nodes (3) Perform detection and prevention operations independently on each node (4) Perform detection and prevention operations in real time (5) No need for promiscuous mode. This method for detection and prevention flooding attack uses average and standard deviation. In this method each node is employing balance index for acceptation or rejection RREQ packets. The results of the simulation in NS2 indicates B-AODV is resilience against flooding attack and prevent loss of network bandwidth. Comparing between AODV with B-AODV in normal state (non-attacker) shows B-AODV is exactly match with AODV in network performance, this means that the B-AODV algorithm does not impose any overhead and false positive to AODV.     

Improving protocol robustness in ad hoc networks through cooperative packet caching and shortest multipath routing

A mobile ad hoc network is an autonomous system of infrastructure-less, multihop, wireless mobile nodes. Reactive routing protocols perform well in this environment due to their ability to cope quickly against topological changes. This paper proposes a new routing protocol named CHAMP (caching and multiple path) routing protocol. CHAMP uses cooperative packet caching and shortest multipath routing to reduce packet loss due to frequent route failures. We show through extensive simulation results that these two techniques yield significant improvement in terms of packet delivery, end-to-end delay and routing overhead. We also show that existing protocol optimizations employed to reduce packet loss due to frequent route failures, namely local repair in AODV and packet salvaging in DSR, are not effective at high mobility rates and high network traffic.     

A highly topology adaptable ad hoc routing protocol with complementary preemptive link breaking avoidance and path shortening mechanisms

Ad-hoc on-demand distance vector routing (AODV) is a well-known routing protocol for mobile ad hoc networks. The original AODV protocol works in a semi-dynamic fashion, by establishing a route on demand and using that route until it breaks. However, to suit the changing network topology of ad hoc networks, more aggressive and adaptable routing strategies are required. A number of researches have proposed improving AODV performance by locally repairing broken links, predicting and replacing potentially vulnerable links, or shortening a link through removing redundant nodes from the transmission path. Although local repair may relieve some problems, it usually results in longer paths and thus a considerable performance drop in heavy traffic conditions. There are also issues regarding packet loss and communication delay due to route rebuilding once the link is broken. Predicting and replacing potentially vulnerable links may require special hardware, additional tables to maintain, or other extra overhead. Finally, path shortening may result in shorter and more efficient routes, but there is no guarantee that the new paths will be robust. This paper proposes integrating preemptive link breaking avoidance and path shortening mechanisms into a modified AODV protocol. However, the difficult issue lies in determining the right timing to initiate the two independent mechanisms so that the two dynamically and complementarily operating mechanisms can work together to improve the routing performance. Through numerical analysis and simulation, we have arranged a simple parameter setting for controlling the activation of each mechanism at the appropriate time. The proposed combination is a highly dynamic ad hoc routing protocol that is capable of adapting itself to the changing network topology and achieving extremely good performance in various routing performance metrics. Extensive simulations show that each of the two schemes alone improves AODV performance. More importantly, the integrated protocol performs even better in terms of data delivery rate, average delay time, and network overhead. To be more specific, in the best cases our protocol can reduce up to 82% in control overhead and 66% in delay time, while achieving 12% more in data delivery rate comparing to AODV.     

Efficient on-demand routing for mobile ad hoc wireless access networks

In this paper, we consider a mobile ad hoc wireless access network in which mobile nodes can access the Internet via one or more stationary gateway nodes. Mobile nodes outside the transmission range of the gateway can continue to communicate with the gateway via their neighboring nodes over multihop paths. On-demand routing schemes are appealing because of their low routing overhead in bandwidth restricted mobile ad hoc networks, however, their routing control overhead increases exponentially with node density in a given geographic area. To control the overhead of on-demand routing without sacrificing performance, we present a novel extension of the ad hoc on-demand distance vector (AODV) routing protocol, called LB-AODV, which incorporates the concept of load-balancing (LB). Simulation results show that as traffic increases, our proposed LB-AODV routing protocol has a significantly higher packet delivery fraction, a lower end-to-end delay and a reduced routing overhead when compared with both AODV and gossip-based routing protocols.     

FPN‐SAODV: using fuzzy petri nets for securing AODV routing protocol in mobile Ad hoc network

In this paper, we use fuzzy Petri nets (FPNs) to propose a secure routing protocol in mobile ad hoc network. The proposed method is based on secure ad hoc on‐demand distance vector (SAODV), which is named FPN‐SAODV. In FPN‐SAODV routing protocol, for each packet delivery or firing each transition, a type of bidirectional node‐to‐node fuzzy security verification is conducted that can be carried out with five security threshold levels. This inference uses four fuzzy variables that have been selected to well represent the malicious behaviors of some public attacks in mobile ad hoc network. Furthermore, a through route security verification has been used for selecting the most secure route among each candidate path through source node to destination. Both of these verifications utilize FPN inherent features for their operation. For evaluation purpose, we used the metrics such as packet delivery ratio, end‐to‐end delay, average security level of the nodes, and percentage of true/false detector nodes. These metrics have been used for investigating the inner operation of FPN‐SAODV as determining the proper level of security threshold level in node‐to‐node security verification module. Also, these are used for comparison of FPN‐SAODV performance versus the original AODV. Copyright © 2015 John Wiley & Sons, Ltd.     

Study of MANET routing protocols by GloMoSim simulator

This paper compares ad hoc on‐demand distance vector (AODV), dynamic source routing (DSR) and wireless routing protocol (WRP) for MANETs to distance vector protocol to better understand the major characteristics of the three routing protocols, using a parallel discrete event‐driven simulator, GloMoSim. MANET (mobile ad hoc network) is a multi‐hop wireless network without a fixed infrastructure. Following are some of our key findings: (1) AODV is most sensitive to changes in traffic load in the messaging overhead for routing. The number of control packets generated by AODV became 36 times larger when the traffic load was increased. For distance vector, WRP and DSR, their increase was approximately 1.3 times, 1.1 times and 7.6 times, respectively. (2) Two advantages common in the three MANET routing protocols compared to classical distance vector protocol were identified to be scalability for node mobility in end‐to‐end delay and scalability for node density in messaging overhead. (3) WRP resulted in the shortest delay and highest packet delivery rate, implying that WRP will be the best for real‐time applications in the four protocols compared. WRP demonstrated the best traffic scalability; control overhead will not increase much when traffic load increases. Copyright © 2005 John Wiley & Sons, Ltd.     

A novel approach for mitigating route request flooding attack in MANET

Mobile ad-hoc network (MANET) is a temporary network in which the main requirement for establishing the communication path among nodes is that the nodes should be cooperative. However, in the presence of malicious node, the MANET’s routing protocol such as AODV is vulnerable to different types of flooding attacks. The flooding attack can be continuous or selective. In the available literature, although many researchers have analyzed the network under continuous flooding attack but they have not focussed on selective flooding attack in which an attacker can sometimes behave as a normal and sometimes behave as a malicious. Most of the existing schemes use constant threshold value which lead to a false positive problem in the network. In order to address this issue, a new mechanism called as Mitigating Flooding Attack Mechanism is proposed which is based on a dynamic threshold value and consists of three phases. It makes use of several special nodes called as Flooding-Intrusion Detection System (F-IDS) that are deployed in MANETs in order to detect and prevent flooding attack. The F-IDS nodes are set in promiscuous in order to monitor the behaviour of the node. The simulation results show that the proposed mechanism improves network performance metrics in terms of PDR, throughput and reduces the routing overhead as well as normalized routing load.     

SRDPV: secure route discovery and privacy-preserving verification in MANETs

In the routing discovery phase of the Mobile Ad hoc Networks (MANETs), the source node tries to find a fast and secure path to transmit data. However, the adversaries attempt to get the rights of routing during this phase ,then the networks can easily be paralyzed during the data transmission phase. During the routing discovery phase, finding a good path is already a challenge and verifying the security of the established path without revealing any privacy of the nodes adds a new dimension to the problem. In this paper, we present SRDPV, an approach that helps the source find the benign destination dynamically and conducts privacy-preserving verification of the path. Our approach first finds the benign destination. Then, it spreads the verification tasks across multiple nodes and verifies the log entries without revealing private data of the nodes. Unlike the traditional debugging system to detect the faults or misbehaviors of the nodes after the attacks, SRDPV can guarantee the source to avoid transmitting data through malicious nodes at the beginning and perform the verification without introducing a third party. We demonstrate the effectiveness of the approach by applying SRDPV in two scenarios: resisting the collaborative black-hole attack of the AODV protocol and detecting injected malicious intermediated routers which commit active and passive attacks in MANETs. We compared our approach with the existing secure routing algorithms and the results show that our approach can detect the malicious nodes, and the overhead of SRDPV is moderate.

     

Biologically inspired artificial intrusion detection system for detecting wormhole attack in MANET

A mobile ad hoc network (MANET) does not have traffic concentration points such as gateway or access points which perform behaviour monitoring of individual nodes. Therefore, maintaining the network function for the normal nodes when other nodes do not forward and route properly is a big challenge. One of the significant attacks in ad hoc network is wormhole attack. In this wormhole attack, the adversary disrupts ad hoc routing protocols using higher bandwidth and lower-latency links. Wormhole attack is more hidden in character and tougher to detect. So, it is necessary to use mechanisms to avoid attacking nodes which can disclose communication among unauthorized nodes in ad hoc networks. Mechanisms to detect and punish such attacking nodes are the only solution to solve this problem. Those mechanisms are known as intrusion detection systems (IDS). In this paper, the suggested biological based artificial intrusion detection system (BAIDS) include hybrid negative selection algorithm (HNSA) detectors in the local and broad detection subsection to detect anomalies in ad hoc network. In addition to that, response will be issued to take action over the misbehaving nodes. These detectors employed in BAIDS are capable of discriminating well behaving nodes from attacking nodes with a good level of accuracy in a MANET environment. The performance of BAIDS in detecting wormhole attacks in the background of DSR, AODV and DSDV routing protocols is also evaluated using Qualnet v 5.2 network simulator. Detection rate, false alarm rate, packet delivery ratio, routing overhead are used as metrics to compare the performance of HNSA and the BAIDS technique.     

A modified algorithm to improve security and performance of AODV protocol against black hole attack

Ad Hoc network is a temporal network which is managed by autonomous nodes which have the ability to communicate with each other without having fixed network infrastructure or any central base station. Due to some reasons such as dynamic changes of the network topology, trusting the nodes to each other, lack of fixed substructure for the analysis of nodes’ behaviours and loss of specific offensive lines, this type of networks is not supportive against malicious nodes’ attacks. One of these attacks is black hole attack. In this attack, the malicious nodes absorb data packets and destroy them. Thus, it is essential to present an algorithm against the black hole attacks. This article suggests a new algorithm which enhances the security of AODV routing protocol to encounter the black hole attacks. This algorithm tries to identify malicious nodes according to nodes’ behaviours in an Ad Hoc network and delete them from routing. The suggested algorithm is simulated by NS2. The simulation results show some improvements in end-to-end delay and packet delivery rate in the suggested algorithm.     

A secure and trust based on-demand multipath routing scheme for self-organized mobile ad-hoc networks

A mobile ad hoc network (MANET) is a self-configurable network connected by wireless links. This type of network is only suitable for provisional communication links as it is infrastructure-less and there is no centralized control. Providing QoS and security aware routing is a challenging task in this type of network due to dynamic topology and limited resources. The main purpose of secure and trust based on-demand multipath routing is to find trust based secure route from source to destination which will satisfy two or more end to end QoS constraints. In this paper, the standard ad hoc on-demand multi-path distance vector protocol is extended as the base routing protocol to evaluate this model. The proposed mesh based multipath routing scheme to discover all possible secure paths using secure adjacent position trust verification protocol and better link optimal path find by the Dolphin Echolocation Algorithm for efficient communication in MANET. The performance analysis and numerical results show that our proposed routing protocol produces better packet delivery ratio, reduced packet delay, reduced overheads and provide security against vulnerabilities and attacks.     

Secure message transmission in mobile ad hoc networks

The vision of nomadic computing with its ubiquitous access has stimulated much interest in the mobile ad hoc networking (MANET) technology. However, its proliferation strongly depends on the availability of security provisions, among other factors. In the open, collaborative MANET environment, practically any node can maliciously or selfishly disrupt and deny communication of other nodes. In this paper, we propose the secure message transmission (SMT) protocol to safeguard the data transmission against arbitrary malicious behavior of network nodes. SMT is a lightweight, yet very effective, protocol that can operate solely in an end-to-end manner. It exploits the redundancy of multi-path routing and adapts its operation to remain efficient and effective even in highly adverse environments. SMT is capable of delivering up to 83% more data messages than a protocol that does not secure the data transmission. Moreover, SMT achieves up to 65% lower end-to-end delays and up to 80% lower delay variability, compared with an alternative single-path protocol––a secure data forwarding protocol, which we term secure single path (SSP) protocol. Thus, SMT is better suited to support quality of service for real-time communications in the ad hoc networking environment. The security of data transmission is achieved without restrictive assumptions on the network nodes’ trust and network membership, without the use of intrusion detection schemes, and at the expense of moderate multi-path transmission overhead only.     

无线传感器网络路由协议的设计与实现

针对传统路由协议端到端时延长、丢包率过高的现实问题,提出了一种基于贪婪转发的能量感知多路径路由协议(Greedy Forward Energy-aware Multipath Routing Protocol,GFEMRP)。GFEMRP从传感器起始结点出发,如果遇到网络黑洞则选择周边转发方式,否则将选择吞吐量大、且更接近于目的结点的结点作为下一跳结点。利用了OMNET++5.0和INET框架对包括无线自组网按需平面距离向量路由协议(Ad hoc on-demand distance vector routing protocol,AODV),动态按需无线自组织网络(Dynamic MANET On-demand,DYMO),贪婪周边无状态路由无线网络(Greedy Perimeter Stateless Routing for Wireless Networks,GPSR)和GFEMRP协议在内的四种路由协议进行了仿真和比较,实验结果表明GFEMRP协议具有良好的端到端时延、丢包率等性能。     

Performance Evaluation of Improved Directional Ad Hoc on Demand Distance Vector Routing Protocol

Mobile ad hoc networks (MANET’s) popularly uses ad hoc on-demand distance vector (AODV) routing protocol. Past research has identified certain limitations on performance on AODV. This work discusses the results of a new protocol, improved directional AODV (ID-AODV) routing protocol; that has succeeded in improving the performance of MANET’s for energy, delay, packet delivery ratio and overheads as compared with networks using AODV. In ID-AODV, improvements are carried out in both network layer, and data link layer. The directionality is introduced based on hop count of its position from the source. The dual sensing directional media access control protocol is used to eliminate the hidden terminal, exposed terminal, and deafness issue. Participation of nodes in forming route is decided by checking remaining energy level of the node and also checking its load. A modified algorithm is used to reduce the delay. This algorithm reduces the delay by changing the time to live, wait time, and using expanded ring search technique. The simulation results show that the ID-AODV offers improved performance on average Energy consumption in the range of 17–20%, average end to end delay is lower by 61 to 95%, Overheads improved in the range of 10–13%, Jitter 6–21%, link break 43–52%, packet delivery ratio is 6–21% lower as compared to MANETS deploying AODV.     

A cluster-based trust-aware routing protocol for mobile ad hoc networks

Routing protocols are the binding force in mobile ad hoc network (MANETs) since they facilitate communication beyond the wireless transmission range of the nodes. However, the infrastructure-less, pervasive, and distributed nature of MANETs renders them vulnerable to security threats. In this paper, we propose a novel cluster-based trust-aware routing protocol (CBTRP) for MANETs to protect forwarded packets from intermediary malicious nodes. The proposed protocol organizes the network into one-hop disjoint clusters then elects the most qualified and trustworthy nodes to play the role of cluster-heads that are responsible for handling all the routing activities. The proposed CBTRP continuously ensures the trustworthiness of cluster-heads by replacing them as soon as they become malicious and can dynamically update the packet path to avoid malicious routes. We have implemented and simulated the proposed protocol then evaluated its performance compared to the clustered based routing protocol (CBRP) as well as the 2ACK approach. Comparisons and analysis have shown the effectiveness of our proposed scheme.     

Trust-Based Routing Mechanism in MANET: Design and Implementation

Mobile Ad hoc Network (MANET) is a self-organizing wireless network for mobile devices. It does not require any fixed infrastructure to be configured which makes it more suitable to be used in environments that require on-the-fly setup. This paper discusses the challenging issues in MANET routing security. It presents FrAODV, a trust-based scheme for securing AODV routing protocol in MANET using the friendship mechanism. The nodes can evaluate the routing paths according to some selected features (such as node reputation and identity information) before forwarding the data through these routes. We have used two types of implementation in our scheme, simulation (using NS2) and real test-bed (using JADHOC). This scheme is believed to provide a robust environment where MANET nodes can trust each other in a secure community.