A dynamic approach for improving performance of intrusion detection system over manet

International Journal of Computer Engineering and Technology (IJCET), ISSN 0976-
6367(Print), ISSN 0976 – 6375(Online) Volume 4, Issue 4, July-August (2013), © IAEME
61
A DYNAMIC APPROACH FOR IMPROVING PERFORMANCE OF
INTRUSION DETECTION SYSTEM OVER MANET
1
Kusum Nara, 2
Aman Dureja
1
Student, Computer Science and Engineering Deptt, PDM College of Engineering, Bahadurgarh,
Haryana (India)
2
Asst. Prof, PDM College of Engineering, Bahadurgarh, Haryana (India)
ABSTRACT
A Mobile Ad-hoc Network (MANET) is one of the busy and public networks; Because of
this the network suffers from the problems of different kind of attacks. In such attacks some
malicious nodes are present that falsely claim itself as a valid node. It will accept the information and
will not forward the information to next nodes. Intrusion Detection System (IDS) will be used to
detect such kind of attacks, but these attacks slows down the performance of IDS. To improve the
performance of IDS and to handle these attacks we have presented an attack avoidance scheme. In
which a preventive path will be discovered in which not attacker node will be covered. The detected
path may be wider than the shortest path but will provide the higher throughput and reduce the data
loss over the network. In our present work we record an interconnection table to track the
communication information over the network. The INVERTED TABLE APPROACH will be used
to maintain this table. Once the table will be defined, the DATA MINING APPROACH will be used
to identify the attacker nodes. The work will be implemented in NS2.35 and the result analysis will
be driven based on throughput and the loss analysis.
Keywords: Mobile Ad-Hoc Network (MANET), routing protocol, Black Hole Attack, AODV.
1. INTRODUCTION
A Mobile ad hoc network is a group of wireless mobile computers (or nodes); in which nodes
collaborate by forwarding packets for each other to allow them to communicate outside range of
direct wireless transmission. Ad hoc networks require no centralized administration or fixed network
infrastructure such as base stations or access points, and can be quickly and inexpensively set up as
needed. A MANET is an autonomous group of mobile users that communicate over reasonably slow
wireless links. The network topology may vary rapidly and unpredictably over time, because the
nodes are mobile. The network is decentralized, where all network activity, including discovering the
topology and delivering messages must be executed by the nodes themselves. Hence routing
functionality will have to be incorporated into the mobile nodes.
INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING &
TECHNOLOGY (IJCET)
ISSN 0976 – 6367(Print)
ISSN 0976 – 6375(Online)
Volume 4, Issue 4, July-August (2013), pp. 61-81
© IAEME: www.iaeme.com/ijcet.asp
Journal Impact Factor (2013): 6.1302 (Calculated by GISI)
www.jifactor.com
IJCET
© I A E M E

62
System Architecture of MANET
In our architecture, one or more pre-defined nodes act as a group controller (GC), which is
trusted by all the group nodes. A GC has authority to assign resources to the nodes in MANET. This
resource allocation is represented as a Key Note style credential (capability) called policy token, and
it can be used to express the services and the bandwidth a node is allowed to access. They are
cryptographically signed by the GC, which can be verified any node in the MANET. When a node
(initiator) requests a service from another MANET node (responder) using the policy token assigned
to the initiator, the responder can provide a capability back to the initiator. This is called a network
capability, and it is generated based on the resource policy assigned to the responder and its dynamic
conditions. Figure gives a brief overview of our system. All nodes in the path between an initiator to
a responder (i.e., nodes relaying the packets) enforce and abide by the resource allocation encoded by
the GC in the policy token and the responder in the network capability. The enforcement involves
both accessibility and bandwidth allocation. A responder accepts packets (except for the first one)
from an initiator only if the initiator has authorization to send, in the form of a valid network
capability. It accepts the first packet only if the initiator’s policy token is included. An intermediate
node will forward the packets from a node only if the packets have an associated policy token or
network capability, and if they do not violate the conditions contained therein. Possession of a
network capability does not imply resource reservation; they are the maximum limits a node can use.
Available resources are allocated by the intermediate nodes in a fair manner, in proportion to the
allocations defined in the policy token and network capability.
The capability need not be contained in all packets. The first packet carries the capability,
along with a transaction identifier (TXI) and a public key. Subsequent packets contain only the TXI
and a packet signature based on that public key. Intermediate nodes cache policy tokens and network
capabilities in a capability database, treating them as soft state. A capability database entry contains
the source and destination addresses, TXI, the capability, public key for the packet signature and
packet statistics
Figure 1: MANET System Architecture

63
1.1 Key Issues in MANETs
Many issues can be addressed in the context of MANETs. Here some important issues are
presented that have dominated the field of research since the evolution of MANETs.
A. Static Datasets
In MANET, the mining work is generally performed on a static confined datasets. In this the
support and confidence values are defined statically.
B. Ineffectiveness
The existing work is ineffective if two malicious nodes will build the path and perform a fake
communication.
C. Cooperativeness
MANET routing protocols are usually highly cooperative. This can make them the target of new
attacks. For example, a node can pose as a neighbour to the other nodes and participate in
decision mechanisms, possibly affecting significant parts of the network.
D. Mobility
MANET nodes can leave and join the network and move independently, so the network topology
can change frequently. The highly dynamic operation of a MANET can cause traditional
techniques of IDS to be unreliable.
E. Lack of Central Points
MANETs do not have any entry points such as routers, gateways, etc. These are typically present
in wired networks and can be used to monitor all network traffic that passes through them. A
node of a mobile ad hoc network can see only a portion of a network: the packets it sends or
receives together with other packets within its radio range. Since wireless ad hoc networks are
distributed and cooperative, the intrusion detection and response systems in MANETs may also
need to be distributed and cooperative and this leads to some difficulties.
2. RELATED WORK
Xiao Yang Zhang performed a work," Proposal of a Method to Detect Black Hole Attack in
MANET". Author propose a new detection method based on checking the sequence number in the Route
Reply message by making use of a new message originated by the destination node and also by
monitoring the messages relayed by the intermediate nodes in the route. Computer simulation results
demonstrate that Presented method has a feature of much lower false positive and negative rates in
detecting any number of malicious nodes than the conventional methods.
After Xiao Yang Zhang , Satoshi Kurosawa performed a work," Detecting Black hole Attack on
AODV-based Mobile Ad Hoc Networks by Dynamic Learning Method" in 2007. The Author analyzes
the black hole attack which is one of the possible attacks in ad hoc networks. In this paper, Author
proposes an anomaly detection scheme using dynamic training method in which the training data is
updated at regular time intervals. The simulation results show the effectiveness of Presented scheme
compared with conventional scheme.
In Year 2009, Mehdi Kargar performed a work," Truthful and Secure Routing in Ad Hoc
Networks with Malicious and Selfish Nodes". Author study routing in ad hoc and wireless networks from
a game theoretic view point. Based on this view, the network consists of selfish and greedy nodes who
accept payments for forwarding data for other nodes if the payments cover their individual costs incurred
by forwarding data. In this work, Author considers that the network consists of malicious nodes too.
After Mehdi Kargar, Athira.M.Nambiar performed a work,” Wireless Intrusion Detection Based
on Different Clustering Approaches” in 2010. The Author finding optimal set of features from collected
WLAN data using a Ranking Algorithm technique. Then with the aid of different data mining techniques
such as K-Means, self organizing map and decision tree, these features are analyzed and the performance
comparison is carried out.
After Athira.M.Nambiar, Rajib Das performed a work," Security Measures for Black Hole Attack
in MANET: An Approach" in the year 2011. The Author gives an algorithmic approach to focus on
analyzing and improving the security of AODV, which is one of the popular routing protocols for

64
MANET. Presented aim is on ensuring the security against Black hole attack. The proposed solution is
capable of detecting & removing Black hole node(s) in the MANET at the beginning.
In Year 2012, Saurbh Goyal performed a work," An Improved Inverted table Approach to Detect
Selfish Node In Mobile Ad Hoc Network" after Rajib Das. Authors have to find the frequency of
different node and group nodes over the network. To perform the frequency analysis the improved
Inverted table will be used. As the selfish node will be identified the network throughput will be
improved.
3. APPROACHES USED
A number of different approaches have been used to detect and remove malicious nodes. We will
use two major approaches to detect and remove the malicious nodes. One is The Inverted Table based
approach and other is Data Mining approach. Inverted Table approach is used to define communication
table with improved information management. Data mining approach is used to identify the black hole
and to perform communication over the safe path.
3.1 Inverted Table Approach
Inverted matrix is the numerical representation of a string. The rows of the matrix represent the
various characters present in the string and are indexed in the order in which they appear in the string. In
this proposed we have taken a sequence. The complete work is divided in three steps:-
i. Identification of Node Sequence
ii. Build the Inverted Table for the Specific Node Sequence.
iii. Frequent Pattern Identification
3.2 Data Mining Approach
There are basically three data mining approaches for detecting malicious nodes. They are:
i. Anomaly-based Intrusion Detection approach
ii. Misuse-based Intrusion Detection approach
iii. Specification-based Intrusion Detection approach
The first technique is anomaly-based intrusion detection approach. It profiles the symptoms of
normal behaviors of the system such as usage frequency of commands, CPU usage for programs, and the
like. It detects intrusions as anomalies, i.e. deviations from the normal behavior.
Misuse-based intrusion detection approach compares known attack signatures with current
system activities. It is generally preferred by commercial IDSs since it is efficient and has a low false
positive rate. The drawback of this approach is that it cannot detect new attacks.
The last technique is specification-based intrusion detection approach. In this approach, a set of
constraints on a program or a protocol are specified and intrusions are de-tected as runtime violations of
these specifications. It is introduced as a promising alternative that combines the strengths of anomaly-
based and misuse-based detection techniques and providing detection of known and unknown attacks
with a lower false positive rate. It can detect new attacks that do not follow the system specifications.
3.3 Objectives
• The main objective of the work is to identify a safer path over the mobile network that will not
transfer data through any black hole node. The obtained path may be wider but much safer then
existing shortest path.
• In this work, a new legitimacy table is proposed with improved information management. Here
the association will be maintained in terms of frequency count, throughput analysis and response
time analysis between different nodes.
• A Mining scheme is suggested in this work based on legitimacy table to identify the black hole
and to perform communication over the safe path.
• The objective of work is to improve the network throughput and decrease the data loss over the
network.

65
3.4 Source of Data
• The main objective of the work is to identify a safer path over the mobile network that will not
transfer data through any malicious node. The obtained path may be wider but much safer then
existing shortest path.
• In this work, an inverted list based approach is suggested to define communication table with
improved information management. Here the association will be maintained in terms of
frequency count, throughput analysis and response time analysis between different nodes.
• A Mining scheme is suggested in this work based on invereted table to identify the black hole and
to perform communication over the safe path.
• The objective of work is to improve the network throughput and decrease the data loss over the
network.
3.5 Research Design
The proposed work is about to find the most frequent moving pattern over the network so that we
can find the nodes or the nodes pair that should get the maximum concern respective to the resource
allocation.
The complete Research Design is given as
Figure 2: Flowchart of Work
Establish the Mobile Network
Analyze the network in terms of forwarding, receiving
and transmitting packets
Define the legitimacy table to maintain communication
information
Identify the frequency analysis of each node over the
network
Find the Statistical respective to different parameters
Perform the decision making based on support and
confidence analysis
Perform the Communication over the network
Detect the black node and mark them as unsafe node
Build the new Communicating path with higher
reliability

66
4. ROUTING PROTOCOLS
The primary goal of routing protocols in ad-hoc network is to establish optimal path (min
hops) between source and destination with minimum overhead and minimum bandwidth
consumption so that packets are delivered in a timely manner. A MANET protocol should function
effectively over a wide range of networking context from small ad-hoc group to larger mobile
networks.
Classification of routing protocols in mobile ad hoc network can be done in many ways, but
most of these are done depending on routing strategy and network structure. The routing protocols
can be categorized as flat routing, hierarchical routing and geographic position assisted routing while
depending on the network structure. According to the routing strategy routing protocols can be
classified as Table-driven and on-demand.
Figure 3: Ad-Hoc Routing Protocol
4.1 flat routing protocols
Flat routing protocols are divided mainly into two classes; the first one is proactive routing
(table driven) protocols and other is reactive (on-demand) routing protocols. One thing is general for
both protocol classes is that every node participating in routing play an equal role. They have further
been classified after their design principles; proactive routing is mostly based on LS (link-state)
while on-demand routing is based on DV (distance-vector).
4.1.1 Pro-Active/Table Driven routing Protocols
Proactive MANET protocols are also called as table-driven protocols and will actively
determine the layout of the network. Through a regular exchange of network topology packets
between the nodes of the network, at every single node an absolute picture of the network is
maintained. There is hence minimal delay in determining the route to be taken.
4.1.2 Reactive (On Demand) protocols
Portable nodes- Notebooks, palmtops or even mobile phones usually compose wireless ad-
hoc networks. This portability also brings a significant issue of mobility. This is a key issue in ad-
hoc networks. The mobility of the nodes causes the topology of the network to change constantly.
Keeping track of this topology is not an easy task, and too many resources may be consumed in
signaling. Reactive routing protocols were intended for these types of environments.

67
4.2 Hierarchical protocols
These protocols include HSR, ZRP, CGSR, LANMAR protocols.
4.3 Geographic position assisted or Hybrid protocols
Hybrid protocols make use of both reactive and proactive approaches. Example of this type
includes Zone Routing Protocol (ZRP), ZHLS etc.
5. AN OVERVIEW OF AODV ROUTING PROTOCOL
Ad hoc On Demand Distance Vector Routing (AODV)
Ad hoc On-Demand Distance Vector (AODV) routing is a routing protocol for mobile ad hoc
networks and other wireless ad-hoc networks. It is jointly developed in Nokia Research Centre of
University of California, Santa Barbara and University of Cincinnati by C. Perkins and S. Das. It is
an on-demand and distance-vector routing protocol, meaning that a route is established by AODV
from a destination only on demand. AODV is capable of both unicast and multicast routing. It keeps
these routes as long as they are desirable by the sources. Additionally, AODV creates trees which
connect multicast group members. The trees are composed of the group members and the nodes
needed to connect the members. The sequence numbers are used by AODV to ensure the freshness
of routes. It is loop-free, self-starting, and scales to large numbers of mobile nodes. AODV defines
control messages for route maintenance such as:
RREQ- A route request message is transmitted by a node requiring a route to a node. As an
optimization AODV uses an expanding ring technique when flooding these messages.
Every RREQ carries a time to live (TTL) value that states for how many hops this message should be
forwarded. This value is set to a predefined value at the first transmission and increased at
retransmissions. Retransmissions occur if no replies are received. Data packets waiting to be
transmitted (i.e. the packets that initiated the RREQ). Every node maintains two separate counters: a
node sequence number and a broadcast_ id. The RREQ contains the following fields Source Address,
Broadcast ID, Source Sequence no., Destination Address, Destination Sequence no., Hop count.
Whenever a node needs to send a packet to a destination for which it has no ‘fresh enough’
route (i.e., a valid route entry for the destination whose associated sequence number is at least as
great as the ones contained in any RREQ that the node has received for that destination) it broadcasts
a route request (RREQ) message to its neighbors. Each node that receives the broadcast sets up a
reverse route towards the originator of the RREQ (unless it has a ‘fresher’ one).When the intended
destination (or an intermediate node that has a ‘fresh enough’ route to the destination) receives the
RREQ, it replies by sending a Route Reply (RREP). It is important to note that the only mutable
information in a RREQ and in a RREP is the hop count (which is being monotonically increased at
each hop). The RREP travels back to the originator of the RREQ (this time as a unicast). At each
intermediate node, a route to the destination is set (again, unless the node has a ‘fresher’ route than
the one specified in the RREP). In the case that the RREQ is replied to by an intermediate node (and
if the RREQ had set this option), the intermediate node also sends a RREP to the destination. In this
way, it can be granted that the route path is being set up bi-directionally. In the case that a node
receives a new route (by a RREQ or by a RREP) and the node already has a route ‘as fresh’ as the
received one, the shortest one will be up dated. The source node starts routing the data packet to the
destination node through the neighboring node that first responded with an RREP. The AODV
protocol is vulnerable to the well-known black hole attack.

68
5.1 Black Hole Attack
The black hole attack is an active insider attack, it has two Properties: first, the attacker
consumes the intercepted packets without any forwarding. Second, the node exploits the mobile ad
hoc routing protocol, to advertise itself as having a valid route to a destination node, even though the
route is spurious, with the intention of intercepting packets.
In other terms, a malicious node uses the routing protocol to advertise as having the shortest path to
nodes whose packets it wants to intercept. In the case of AODV protocol, the attacker listens to
requests for routes. When the attacker receives a request for a route to the target node, the attacker
creates a reply where an extremely short route is advertised, if the reply from malicious node reaches
to the requesting node before the reply from the actual node, a fake route has been created. Once the
malicious device has been able to insert itself between the communicating nodes, it is able to do
anything with the packets passing between them. It can choose to drop the packets to form a denial-
of-service attack.
Figure 4: Black Hole Attack
5.2 Algorithmic approach to avoid black hole attack in MANETs
Algorithm()
{
1. Perform the Randomized placement of nodes under defined parameters
2. Define the multiple sources called S1,S2…Sn
3. Define Multiple Destination Nodes called d1,D2…..Dm
4. Define the Minimum Throughput Support and Confidence called EffectiveSupport
and EffectiveConfidence. Also define supportdelay and confidencedelay
5. For i=1 to n
6. {
For j=1 to m
7. {
Perform communication between each pair S(i) and D(j)
8. Identify the Intermediate communication nodes between each pair nodes called
Node1,Node2…Node k
9. Estimate the Association mining between each intermediate node under different
Parameters for all k nodes called Throughput, Idle Rate and the network delay etc.
10. If(Throughput(Node(i))>EffectiveSupport Delay(Node(i))<supportdelay)

69
11. {
If(Throughput(Node(i))> Throughput(Node(i+1) And IdleRate(Node(i))>
IdleRate(Node(i+1))
12. {
13. If(Throughput(Node(i))>EffectiveConfidence And
Delay(Node(i))<confidencedelay)
14. {
Set Node(i) as Valid Path Node
15. }
16. Else if(Throughput(Node(i))>EffectiveConfidence)
17. {
Set Node(i) as Valid Path Node
18. }
19. Else
20. {
Reconsider Node(i) if No node is under confidence level
21. }
22. }
23. Else
24. {
Avoid Node (i) from path
25. }
26. }
27. }
28. }
29. }
Example
Let we have seven nodes and the communication between the nodes is defined in terms of one to one
data transmission between the nodes. If the nodes have communication it will be represented by 1
else it will be represented by 0.
Sample DataSet
A B C D E F G
1 1 0 0 0 1 1
1 1 1 1 1 1 0
1 1 0 0 1 1 1
1 1 0 0 0 0 0
1 0 1 0 0 0 0
1 1 1 0 0 0 0
1 0 0 0 0 0 0
Table 1: Sample Data
In this table a sample dataset is shown with 7 nodes with communication. The value 1 here
represents the transmission of data and 0 represents the absence of transmission. From this dataset
we drive a table of existing dataset.

70
{A} 7
{A} & {B} 5
{A} & {C} 3
{A} & {D} 1
{B} & {D} 1
{C} & {D} 1
Table 2: Association of Data
In this table some association are shown here with the occurrence of values in different
attributes. In same way all the possible association will be taken. On the analysis of this association a
lower threshold value will be defined such as 2.
Now all the association having support less then this defined value will be eliminated. Now
the attribute with minimum support will be eliminated from the dataset. In such way the incomplete
information fields and the non required fields and record set will be eliminated and incomplete data
impurities will be eliminated.
If the confidence value is 70% then the value 5 will be valid for the communication. It means
A and B are most associated nodes.
Results
Scenario
Figure 5: Scenario

71
Figure 6: Packet transmission
6. PERFORMANCE EVALUATION
In this section, we concentrate on describing our simulation Environment and methodology
.To implement the above defined work we have used the NS2.35 as the simulation environment.
A. Network Simulator
NS-2 is an open-source simulation tool running on Unix-like operating systems. It is a
discreet event simulator targeted at networking research and provides substantial support for
simulation of routing, multicast protocols and IP protocols, such as UDP, TCP, RTP and SRM over
wired, wireless and satellite networks. It has many advantages that make it a useful tool, such as
support for multiple protocols and the capability of graphically detailing network traffic.
Additionally, NS-2.35 supports several algorithms in routing and queuing. LAN routing and
broadcasts are part of routing algorithms. Queuing algorithm includes fair queuing, deficit round
robin and FIFO. NS-2 started as a variant of the REAL network simulator in 1989. REAL is a
network simulator originally intended for studying the dynamic behavior of flow and congestion
control schemes in packet-switched data networks. In 1995 ns development was supported by
Defense Advanced Research Projects Agency DARPA through the VINT project at LBL, Xerox
PARC, UCB, and USC/ISI. The wireless codes from the UCB Daedelus and CMU Monarch projects
and Sun Microsystems have added the wireless capabilities to ns-2.35.
Simulation Parameters
As already outlined, in this proposed system we will observe the actual throughput in shortest
path and alternate path. Firstly analyze the network detect if there is some misbehaving node based
on the current statistics of receiving packets, forwarding packets and dropping packets. Now the data
will be transferred from some compromising node.

72
The needed Parameters to carry out the simulation and their corresponding values for both protocols
are specified below:
Parameter Value
Number of Nodes 36
Topography
Dimension
800 m x 800 m
Traffic Type CBR
Radio Propagation
Model
Two-Ray Ground
Model
MAC Type 802.11.Mac Layer
Packet Size 512
Mobility Model Random Way Point
Antenna Type Omni directional
Protocol AODV
Table 3: Simulation Parameters
In Table 3, the mobile ad hoc network comprising of 50 mobile nodes is constructed in the
NS-2 simulator with the use of TCL script in the topological boundary area of 670 m x 670 m. The
position of the mobile nodes is defined in terms of X and Y coordinates values and it is written in
the movement scenario file.
A NS2 application will be used to generate sample data. Care will be taken to make sure that
the approach is tested for performance considerations under similar hardware and software
environments. To test the performance of all of the above stated approaches, a program is written in
TCL and tested in real environment.
Simulation in NS2
The ad hoc network comprising of 25 nodes is constructed in the NS-2 simulator with the use
of ETCL script in the topological boundary area of 1050 m x 100 m. The position of the mobile
nodes is defined in terms of X and Y coordinates values. The given scenario showing the packet
transmission with shortest path between the nodes starting from the source node 0 to the destination
node 9.
Figure 7: Placement of Nodes

73
Figure 8: Communication over the network
1) NS2.35 Overview
The network simulator (NS), which is a discrete event simulator for networks, is a simulated
program developed by VINT (Virtual Internetwork Test-bed) project group. It supports simulations
of TCP and UDP, some of MAC layer protocols, various routing and multicast protocols over both
wired and wireless network etc.
Depending on user’s requirement the simulation are stored in trace files, which can be fed as input
for analysis by different component:
• A NAM trace file (.nam) is used for the ns animator to produce the simulated environment.
• A trace file (.tr) is used to generate the graphical results with the help of a component called
X Graph.
When the simulation is finished, the simulation results are produced in one or more text-
based output files that contain detailed simulation data, which can be used to analyze directly or can
be used in the graphical user interface Network Animator (NAM). This graphical user interface
shows the simulation result in an easy way.
The language that is written in NS-2.35 is not only OTcl but also C++. The event scheduler
and the basic network component objects in the data path are written and compiled using C++ to
reduce packet and event processing time.These compiled objects need the OTcl linkage to create a
matching OTcl object for each of the C++ objects to be able to work with OTcl interpreter.
2) Tool Command Language (Tcl)
Tool Command Language, Tcl is a powerful interpreted programming language developed by
John Ouster out at the University of California, Berkeley. Tcl is a very powerful and dynamic
programming language. It has a wide range of usage, including web and desktop applications,
networking, administration, testing etc. Tcl is a truly cross platform, easily deployed and highly
extensible. The most significant advantage of Tcl language is that it is fully compatible with the C
programming language and Tcl libraries can be interoperated directly into C programs.
3) Network Animator (NAM)
The biggest advantage of network animator (NAM) is that it provides a graphical user
interface (GUI) for the different simulation environment according to the parameters specified by the
user. The Xgraph utility generates the graphical output of the input data (or trace files).

74
To animate network traffic in several ways, nam interprets a trace file containing time-indexed
network events, as Figure 3(a) shows. Typically, an ns simulation generates this trace, but nam can
also use processing data from a live network to produce a trace.
6.2 Simulation Results
Figure 8.1: Network Design
Here figure 8.1 is showing the network design for the given work. The network is here
created with 36 nodes.
Figure 8.2: Network Communication
Here figure 8.2 is showing the communication over the network. As we can see, there the
communication is performed between three node pairs at the same time. The network is also giving
the packet loss because of attacked nodes over the network.

75
6.3 Analysis Results
Figure 8.3: Packet Transmitted (Existing vs. Proposed Approach)
Here figure 8.3 is showing the comparative analysis of packet transmitted over the network.
Here x axis represents the time and y axis represents the packet transmitted. As we can see after
implementing the proposed approach the successful packet transmission over the network is
increased.

76
Figure 8.4: Packet Lost (Existing vs. Proposed Approach)
Here figure 8.4 is showing the comparative analysis of packet lost over the network. Here x
axis represents the time and y axis represents the packet transmitted. As we can see after
implementing the proposed approach the packet loss over the network is decreased.

77
Figure 8.5: Bytes transmitted (Existing vs. Proposed Approach)
Here figure 8.5 is showing the comparative analysis of bytes transmitted over the network.
Here x axis represents the time and y axis represents the bytes transmitted. As we can see after
implementing the proposed approach the bytes transmitted over the network is increased.
Figure 8.6: Bit rate (Existing vs. Proposed Approach)
Here figure 8.6 is showing the comparative analysis of bit rate over the network. Here x axis
represents the time and y axis represents the bit rate of communication. As we can see after
implementing the proposed approach the bit rate over the network is increased

78
Figure 8.7: Packet Delay (Existing vs. Proposed Approach)
Here figure 8.7 is showing the comparative analysis of Packet Delay over the network. Here
x axis represents the time and y axis represents the Packet Delay of communication. As we can see
after implementing the proposed approach the Packet Delay over the network is decreased.

79
Figure 8.8: Packet Loss rate (Existing vs. Proposed Approach)
Here figure 8.8 is showing the comparative analysis of Packet Loss rate over the network.
Here x axis represents the time and y axis represents the Packet Loss rate of communication. As we
can see after implementing the proposed approach the Packet Loss rate over the network is increased.

80
6. CONCLUSION AND FUTURE WORK
6.1 Conclusion
The proposed work is about to generate a preventive path to avoid the communication over a
faulty node or on congested node. The proposed work is about to improve the AODV protocol in
terms of security. As in case of multicast network because of lot of communication the network
suffers from some attack that results the packet loss over the network. The proposed work is about to
minimize this packet loss over the network. The work will increase the throughput with this
improved AODV protocol. The system is providing better throughput and less packet loss over the
network. The system is implemented in a wireless network with AODV protocol. In this system a
Table based data mining approach is defined to perform the analysis among neighboring nodes and
to provide the communication from effective path. Here we have proposed a new algorithm for the
above said task. The implementation is performed in ns2 and analysis is presented using Xgraph.
6.2 Future Scope
The proposed system can be enhanced in future by other researchers in the following ways
• We have worked only with AODV protocol. The work can be implemented and analyzed
along with other protocols.
• We have performed the work only with Black hole Node attack, the work can be enhanced by
implementing some other attack such as wormhole, flooding attacks, DOS etc.
• We have presented the work with a Legitimacy Table approach in a wireless network. The
work can be implemented on some specific network such as PAN, WiMax etc.
7. REFERENCES
[1] Satoshi Kurosawa," Detecting Blackhole Attack on AODV-based Mobile Ad Hoc Networks by
Dynamic Learning Method", International Journal of Network Security, Vol.5, No.3, PP.338–
346, Nov. 2007 (pp 338-346)
[2] Vera Marinova-Boncheva," Applying a Data Mining Method for Intrusion Detection",
International Conference on Computer Systems and Technologies - CompSysTech’07
[3] Zahra Safaei," An Efficient Reputation-Based Mechanism to Enforce Cooperation in MANETs",
LATEST TRENDS on COMMUNICATIONS and INFORMATION TECHNOLOGY ISSN:
1792-4316 ISBN: 978-960-474-207-3 (pp 33-38)
[4] Tsong Song Hwang," A Three-tier IDS via Data Mining Approach", MineNet’07, June 12, 2007,
San Diego, California, USA. ACM 918-1-59593-792-6/07/0006 (pp 1-6)
[5] LTC Bruce D. Caulkins," A Dynamic Data Mining Technique for Intrusion Detection Systems",
(pp 148-153)
[6] Neil Hurley," Statistical Attack Detection", RecSys’09, October 23–25, 2009, New York, New
York, USA. ACM 978-1-60558-435-5/09/10 (pp 149-156)
[7] Guanhua Yan," Towards a Bayesian Network Game Framework for Evaluating DDoS Attacks
and Defense", CCS’12, October 16–18, 2012, Raleigh, North Carolina, USA.ACM 978-1-4503-
1651-4/12/10. (pp 553-566)
[8] Yu Liu," A Bayesian Game Approach for Intrusion Detection in Wireless Ad Hoc Networks",
GameNets’06, October14, 2006, Pisa, Italy. ACM 1-59593-507-X/06/10
[9] Joseph Mocker and Scott Carson Mobile ad-hoc networks (MANET).
http://www.ietf.org/proceedings/01dec/183.htm.
[10] J. Kong, X. Hong and M. Gela, “ A new set of passive routing attacks in mobile ad-hoc
networks” in IEEE Military Communications Conference, vol. 2, pp. 796 – 801,2003.
[11] www.itrainonline.org/04_en_mmtk_wireless_basic-infrastructuretopology_slides.pdf
[12] F. Stajano, F. and R. Anderson, “ The Resurrecting Duckling : Security Issues For Ad-hoc
Wireless Networks In Security Protocols”, 7th
International Workshop Proceedings,1999.

81
[13] Y.C.Hu,A. Perrig, and D. B. Johnson, “Rushing attacks and defense in wireless Ad-hoc
network routing protocols”, In Proceedings of the ACM Workshop 2003.
[14] G. M. Ignas, M. Niemegeers, Sonia M. Heemstra de Groot, “Research issues in ad hoc
distributed personal networking”, wireless personal communications : An international
journal, vol.26, no. 2-3, pp.149-167, Kluwer Academic Publishers, August 2003.
[15] G. S. Mamatha and Dr. S. C. Sharma “Analyzing the MANET Variaitons, Challenges,
Capacity and Protocol Issues”, International Journal of Computer Science & Engineering Survey
(IJCSES), Vol. 1, no.1, August 2010.
[16] A. D.Wood and J. A. Stankovic, “Denial of service in sensor networks”,Computer, vol. 35, no.
10, pp. 54-62, 2002.
[17] Hao Yang, Haiyun Luo, Fan Ye, Songwu Lu, Lixia Zhang, “ Security in mobile ad- hoc
networks : challenges and solutions ”, IEEE Wireless Communications, February 2004.
[18] I. Aad, J. , P. Hubaux , and E. W. Knightly, “Denial of service resilience in ad hoc network”, In
Proceedings of the 10th annual international conference on Mobile computing and networking.
New York, NY, USA: ACM Press, pp. 202-215, 2004.
[19] Y. Xue and K. Nahrstedt, “ By passing misbehaving nodes in ad hoc routing ,” Tech.
Rep.,Department of Computer Science, University of Illinois at Urbana Champaign, November
2002.
[20] C. Siva Ram Murthy and B. S. Manoj, “Ad Hoc Wireless Networks, Architectures and protocol”,
Second Edition, Low price Edition, Pearson Education, 2007.
[21] Priyanka Goyal, Viniti parmar and Rahul Rishi, “ MANET: Vulnerabilities,
Challenges,Attacks, Application”, IJCEM (International Journal of Computational Engineering &
Management), Vol. 11, January 2011.
[22] Irshad Ullah, “ Analysis of Black Hole Attack on MANETs Using Different MANET
Routing Protocols”, Master Thesis, Blekinge Institute of Technology, June 2010.
[23] Piyush Agrawal and R. K. Ghosh “Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc
Networks”, Indian Institute of Technology, Kanpur - 208 016, INDIA.
[24] J. Bellardo and S. Savage, “802.11 denial-of-service attacks: real vulnerabilities and practical
solutions”, In Proceedings of the 12th conference on USENIX Security Symposium,Berkeley,
CA, USA: USENIX Association, 2003.
[25] L. Zhou and Z. Haas, “Securing Ad Hoc Networks”, IEEE Networks Special Issue on Network
Security, pp 24-30, November 1999.
[26] S. Bansal and M. Baker, “Observation-based Cooperation Enforcement in Ad Hoc Network”, july
2003. http://arxiv.org/pdf/cs.NI/0307012.
[27] Po-Wah Yau and Chris J. Mitchell, “Reputation methods for routing security for mobile ad hoc
network” http://www.isg.rhul.ac.uk/~cjm/rmfrsf.pdf.
[28] Michiardi P, Molva R. “ Core : a collaborative reputation mechanism to enforce node
Corporation in Mobile Ad Hoc Networks ”, In Proceeding of the sixth IFIP Conf. on
Security Communications and Multimedia (CMS), 2002.
[29] Q. He, D. Wu, P. Khosla, “ SORI : A secure and objective reputation - based incentive
Scheme For ad hoc networks ”, IEEE Wireless Communications and Networking
conference 2004.
[30] Manel Guerrero Zapata, “ Secure ad hoc on-demand distance vector (SAODV) routing”,
draft-querrero-manet-saodv-03, Mobile Ad Hoc Networking Working Group, March 2005.
[31] Syeda Gauhar Fatima, Dr. Syed Abdul Sattar and Dr.K.Anita Sheela, “Energy Efficient
Intrusion Detection System for WSN”, International Journal of Electronics and
Communication Engineering & Technology (IJECET), Volume 3, Issue 3, 2012,
pp. 246 - 250, ISSN Print: 0976- 6464, ISSN Online: 0976 –6472.
[32] Poonam Pahuja and Dr. Tarun Shrimali, “Routing Management for Mobile Ad-Hoc
Networks”, International Journal of Computer Engineering & Technology (IJCET),
Volume 4, Issue 3, 2013, pp. 464 - 468, ISSN Print: 0976 – 6367, ISSN Online: 0976 – 6375.

A dynamic approach for improving performance of intrusion detection system over manet

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (17)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie A dynamic approach for improving performance of intrusion detection system over manet

Ähnlich wie A dynamic approach for improving performance of intrusion detection system over manet (20)

Mehr von IAEME Publication

Mehr von IAEME Publication (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

A dynamic approach for improving performance of intrusion detection system over manet