Routing in these networks is highly complex due to moving nodes
and hence many protocols have been developed. The goal of routing in a MANET is
to discover the most recent topology of a continuously changing network to find
a correct route to a specific node. Routing protocols in a MANET can be
classified into two categories: reactive routing protocols (e.g., AODV) and
proactive routing protocols (e.g., OLSR). In reactive routing protocols, nodes
find routes only when they must send data to the destination node whose route
is unknown. On the other hand, in proactive protocols, nodes periodically
exchange topology information, and hence nodes can obtain route information any
time they must send data. The security
in MANETs is the most important concern for the basic functionality of network.
MANETs often suffer from security attacks because of its features like open
medium, changing its topology dynamically, lack of central monitoring and
management, cooperative algorithms and no clear defense mechanism. The main
objective of routing attacks to mislead or disrupt normal functioning of
network by advertising false routing updates. The availability of network
services, confidentiality and integrity of the data can be achieved by assuring
that security issues have been met 4.
To detect the malicious nodes introduced a new cooperative black
hole attack detection mechanism 5. It modifies the AODV routing protocol by
introducing two concepts i.e. Data routing information (DRI) table and Cross
checking. In order to detect the gray
hole attacks both local and cooperative detection scheme has been designed 6.
Once a node is detected to be really malicious, the scheme has a notification
mechanism for sending messages to all the nodes that are not yet suspected to
be malicious, so that the malicious node can be isolated and not allowed to use
any network resources. The wormhole attack has been detected by
using path delay data. The node is
considered as malicious when its delay time exceeds a pre-defined threshold
7. In order to achieve better detection rate and high throughput Hop Count
delay per hop indication DELPHI method has been used 8. Here identify two
types of wormhole attacks. In the first type, malicious nodes do not take part
in finding routes, meaning that, legitimate nodes do not know their existence.
In the second type, malicious nodes do create route advertisements and
legitimate nodes are aware of the existence of malicious nodes, just do not
know they are malicious. By observing
the delay of different paths to the receiver, the sender is able to detect
both kinds of wormhole attacks.
The rest of the paper is
organized as follows: a brief review of some of the literature works in routing
attacks detection is presented in Section 2. The proposed methodology for dynamic anomaly detection is detailed
in Section 3. The experimental results and performance analysis discussion is
provided in Section 4. Finally, the conclusions are summed up in Section
et.al (2014) introduced a mechanism that
uses the false RREQ packets to attract the malicious node to respond with the
false RREP. In this method, there is more than one malicious node which will
reply the false RREQ packet. The RREP packet is improved by adding one more
field to indicate the identity of the node which replies with RREP packet.
Thus, if any intermediate node sends the RREP message in response to the false
RREQ, it can be easily found. The normal nodes will not respond to the false
RREQ message as they have no route to that virtual node. The identities of
malicious nodes will be added to the black list and this list will be broadcast
as an ALARM to all other nodes in the network 9.
et.al(2006) introduced an attack against the OLSR protocol. As implied by the
name, the goal of this attack is to isolate a given node from communicating
with other nodes in the network. The idea of this attack is that attacker(s)
prevent link information of a specific node or a group of nodes from being
spread to the whole network. Thus, other nodes who could not receive link
information of these target nodes will not be able to build a route to these
target nodes and hence will not be able to send data to these nodes11.
et.al (2014) designed an effective intrusion detection system (IDS) which is
important to identify the malicious nodes, isolate the problem created by such
nodes and notify the information of the malicious node to the other nodes. This scheme also provides the necessary
security cover to the network by adding encryption to maintain confidentiality
and integrity 12.
Li and Agrawal (2002) have suggested a mechanism of defense against a black
hole attack on AODV routing protocol. In their proposed scheme, when the Route
Reply packet is received from one of the intermediate nodes, another Route
Request is sent from the source node to the neighbor node of the intermediate
node in the path. This is to check whether such a path really exists from the
intermediate node to the destination node. While this scheme completely
eliminates the black hole attack by a single attacker, it fails miserably in
identifying a cooperative black hole attack involving multiple malicious nodes
to dynamic, distributed infrastructure less nature of MANETs, lack of
centralized authority, and resources constraints, the ad hoc networks are
vulnerable to both active and passive attacks. In MANET, routing attacks try to
disrupt the functions of routing protocol by intentionally or unintentionally
dropping packets or propagating faked routing messages. To solve this problem
the existing system introduced a distributed and cooperative scheme for
detecting routing attacks in MANETs. In this scheme the delay
data are tested using THD to detect anomalous delays. The findings of this test are used to classify the monitored path as either normal
or abnormal, and accordingly.
this scheme, optimal threshold is selected by using multi objective PSO. The objective function of this system
includes minimizing path delay, maximizing the throughput, minimizing
transmission energy and maximizing packet delivery ratio. Based on this threshold value the normal and
abnormal paths are classified by using support vector machine (SVM) classifier.
For each neighbor, behavior metrics are evaluated based on direct observations
and further verified based on indirect observations. The malicious nodes in the
abnormal paths are detected by using observation
based anomaly detection algorithm. The proposed methodology is implemented by using NS-2 simulator. The
experimental results show that the proposed system achieves better performance
compared with existing system in terms of end to end delay, packet delivery
ratio, throughput, detection rate and false positive rate.
In my research
introduced a multiobjective based PSO-SVM to detect routing attacks in MANETs. A new
proposed scheme makes use of multi objective PSO to determine the threshold
based on the path delay, throughput, energy and Packet Delivery Ratio (PDR) is
outside the range of normal values.
Based on the threshold value the support vector machine (SVM) is used
for classify the routing paths whether it is normal or abnormal. The proposed system uses an observation based
anomaly detection algorithm to characterize the behaviors of both neighboring
and remote node for detecting the malicious node in the abnormal