Documente Academic
Documente Profesional
Documente Cultură
discuss the performance evaluation. Section IV concludes is used. The limitation of the scheme is high communication
with the scope of the scheme in future. overhead and high energy consumption is high.
2.3 Assumptions
2. Background and proposed Scheme Seven assumptions are proposed in detection mechanism.
First, the Nodes are mobile and transmit the messages
This section describes the selective forward attack and during different sessions. Second, the size of the window is
reviews the existing works. constant i.e. the total time duration for transmission of
2.1 Selective Forward Attack messages per session is kept constant. Third, the Dynamic
Source Routing protocol is implemented in nodes. Fourth,
during a particular session topology is static .Fifth; the node
id is different per session. Sixth, the malicious node only
drops maximum number of packets. And finally, the
messages are authenticated using one-way hash chains.
2.4 Detection Scheme
The existing detection scheme consists of inclusion of
packets such as cumulative acknowledgement of each node,
event packet, acknowledgement packet, control packets and
alert packet. With the inclusion of packets for detections,
communication overhead will be more. The proposed
detection schemes consist of cumulative acknowledgement
packet between the check points of the forward path and the
check point generates the trap message and is sent to the
Figure 1 shows an example of selective forward attack. It next node of the forwarding path.
drops packet and refuses to forward the message to neighbor The different phases of the proposed mechanism are as
node. If the malicious nodes drop the entire message, the follows:
node is called black hole. Malicious node can forward the 1. Node id assignment phase and location
message in a wrong path and gives unfaithful routing phase
information in the network. It creates unnecessary packet 2. Topology identification
delay and it leads to confusion in forwarding the message. It 3. Forward route selection path
also creates false information and transmission in the 4. Check Point assignment
network. It is difficult to detect the malicious node when 5. Data transmission
there is collision, packet drop due to timer expiry and link 6. Malicious node detection
failure, since the nodes are mobile nodes. Selective forward 2.4.1 Node id and Location Phase
attack affects the exsisting routing protocols such as DSR, Node id is activated only when the transmission is
GPSR, GEAR and Tinos beaconing. required. Node id is configured dynamically per session by
2.2 Review the sink node/base station. Whenever the sink node/base
Selective forward attack may corrupt some mission- station needs any information it broadcasts the set of node
critical applications such as military surveillance and forest ids and activates the timer. Node id is valid until timer
fire monitoring in wireless sensor networks. BinXiao[3][4] expires. Base station stores the allotted node id temporarily
proposed a lightweight security scheme and detected the for each session temporarily.
selective forward attack using multi-hop 2.4.2 Topology identification phase
acknowledgements. It has limitations as it requires nodes to After receiving the node id, the node identifies its
be loosely time synchronized and keep one-way key chains neighbor node and stores the next hop neighbor id to dentify
for authentication. Kim[5] suggested cumulative the topology of the network.
acknowledgement based detection. The limitations, data- 2.4.3Forward route selection path
reply packets are transmitted through multiple paths. But, The source node sends the route_ request packet to the
the communication overhead will be high because of destination node/base station. It responds the route_reply
cumulative acknowledgement and there by reducing the packet with the selected forward path through which data is
node energy. Y.B.Reddy[7] proposed a new framework to transmitted. Forward path is selected based on the Dynamic
detect the selective forward attack using game theory model, source routing protocol.
the detection of a malicious node is found between the 2.4.4Check point selection phase
selective acknowledgement points irrespective of the Base station/Destination node assigns the nodes to be
dropping rate. J.Brown[8] proposed a sequential the check point in the forward path randonly. In the
probability ratio test for detecting the attacks in downstream link, check point generates a trap message after
heterogeneous sensor networks. Mathematical foundations the successful reception of the packet.
are also be helpful in detecting the attack. The major 2.4.5Data transmission phase
concept of the existing works adopted a scheme in routing Once the forward path is selected, data is transmitted
protocols and analyzed its performance in terms of from the source to the base station/destination node. Upon
communication overhead, network throughput, and energy successful reception of data, each node sends an
consumption. In this paper, the light weight scheme based acknowledgement packet to its next node which lies in the
on dynamic source routing protocol for detecting the attack forward path. The acknowledgement packet of next node
34 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 9, September 2010
44
the source and the destination. 48
9
7
43
16
22 39
2.4.6Detection process 49
15
12
8
23
10 24
Step: 1 Base station issues the node id and it is dynamic 50
42
40
18
and unique for a window. 11 25
26
Step 2: Base station sends the data request to all the 33
19
nodes. 3
4
27
Step 3: Source nodes send a route request packet to the 34
B
base station. S
The Check-points are randomly selected, if the base mobile nodes. Overlap of window causes the packet drop in
station/destination selects the malicious node as check- the network. Check point should not misjudge an ordinary
points that generate acknowledgement and trap message on node to be a compromised node. In Fig. 5 Node 4 drops the
its own and forward the packet to its neighbor node. In that cumulative acknowledgement packet and it is treated as
case, detection of malicious node may be suspected based on compromised node. Based on the Negative
the node id and packet delivery ratio. Check point id is valid acknowledgement, the compromised node is identified.
until window expires. In Fig. 3 Node 26 and 67 are source
Destina
nodes whereas BS is the base station and it is treated as Source 1 5 8
tion
destination node and forward paths are 26-54-22-6-52-36
and 67-13-44-78-21-88-17-62 respectively. Check points are
22, 16 and 21.The forward path from the source 26 to base Figure 5. Node as Compromised Node
station does not contain any malicious node. But the forward
path from 67 to the Base station contains 21 as check point Format of the Cumulative Acknowledgement packet
but it is also a malicious node. In this case, check point is a Dat Ac Ac … Ack NACK
malicious node and it is detected based on node id and a k0 k1 N
packet drop ratio. Format of the Trap message
Scenario 3: Source node detection Check point RDS Node ids of NACK
The base station broadcasts the request to nodes, and the Node id
malicious node responds to the base station with route
request packet station to gather the routing information and If NACK is set to 0, it denotes that it is a negative
misguide the route in the network. Fig. 4 shows that acknowledgement of data packet and if itis set to 1, it
malicious node 67 voluntarily responds to the base station denotes that it is a negative acknowledgement of route, if the
after receiving the route request and misguides the route. node has not seen the route packet sent by the base
The actual forward path is 67-6-16-52-3 instead of 67-13- station/destination.
44-78-21-88-17-62. The node is detected based on the Received data successfully (RDS=1) denotes that data is
packet drop ratio and based on cumulative received upto the particular check point indicated by its
acknowledgement packet. node id.Once the destination/base station identifies the
46 11 44
99
14
19 malicious nodes, the destination broadcasts the node id of
9
NACK packet .Source requests the destination to send the
45 18 77
14 27
88
43 alternate forward path.
67 78
91 66
13
23 3. Performance Evaluation
44
21
51 The proposed algorithm is implemented in ns2 [6] and
22 6 16
54 the performance is evaluated in terms of network throughput
15
52 17
62 and packet delivery ratio
43
26
3
4
36
Evaluation Metrics:
83
17 The following metrics [6][8] evaluate the effectiveness of
44
81
5
80 B the proposed detection Scheme.
S
2
7 8
Packet delivery ratio: It is the ratio of number of packets
1
10 72 received and the number of packets sent.
98 54
Throughput: This gives the fraction of channel capacity
Figure 4. Source Node Detection. used for data transmission.
Communication Overhead: It is the ratio of overheads
Scenario 4: Node can be a compromised node with and without the detection scheme.
The existing methods such as CHEMAS, CADE, Average Latency: Mean time in seconds taken by the
[2][3][4][5] detect any two nodes in the selective forward packets to reach their respective destination.
path as malicious node . In CHEMAS, authors suggest that Undetected ratio: It is the ratio of number of undetected
malicious node lies within the rang of check points. In maliciously dropped packets to the total number of
CADE, authors present the detection mechanism to identify maliciously dropped packets.
the two malicious nodes in the forward path. The proposed 3.1 Simulation parameters
mechanism detects the exact compromised nodes. Check The parameters used in our simulations are shown in
point generates a trap message and forwards it to the next Table 1. Window is static and malicious nodes are randomly
check point stating that there is no packet drop exists upto located on the forward paths of source and base station.
that check point. Between the two check points, Node ids, check points, source and destination are assigned
acknowledgements of each node are cumulated if the data before the transmission starts.
has been transmitted successfully. Once the check point
receives the cumulative acknowledgement successfully then
it generates the trap message. If any node between the
check points fail to forward the data packet, Cumulative
acknowledgment and trap message, that node is suspected to
be compromised node. Cumulative Acknowledgment packet
can also drop by collision and timer expiry since nodes are
36 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 9, September 2010
Table 1: Parameters used in simulations During the data transmission, malicious nodes are
Area 2000mX2000m detected, and the authors have detected that node 2 is a
Nodes 50 check point node and also malicious node and other
Packet size 512 bytes malicious nodes are 7, 14 and 41 as shown in Fig. 8.
Transmission protocol UDP
Application Traffic CBR
Transmission rate 10 Mbits/sec
Pause time 24.73 sec
Maximum speed 31sec
Simulation time 100 sec
Propagation model Radio Propagation
Maximum Malicious node 50
Type of attack Selective forward attack
Examined DSR
Figure 12.Throughput
The researcher observes that the number of packets sent
and throughput vary due to the presence of malicious nodes.
In Fig. 11 and Fig. 12, the malicious nodes increase the
packet drop ratio and decrease the throughput of the
network, the presence of malicious node affects the
performance of the network. A cumulative
acknowledgement is transmitted up to the check point and
thus reduces the communication overhead in the forward
path.
The packet drop rate of the normal nodes is significantly
different from that of the compromised node. The proposed
detection scheme can achieve 90% of detection rate when
drop rate is less.
The performance of the scheme is compared with the
other existing schemes and it is tabulated in Table 2. The
overall performance of the proposed scheme is better than
the existing schemes. Though the scheme consumes 60% of
node energy, it provides better accuracy than the existing
schemes.
Authors Profile
S.Sharmila received the B.E and M.E
degrees in Electronics and Communication
Engineering and Applied Electronics from
Bharathiyar University and Anna University,
India in 1999 and 2004 respectively. Her
research interest includes wireless sensor
networks,
computer networks and security.