Enhanced adaptive acknowledgement for a secure

intrusion detection system in mobile adhoc network

By

------------------
(IGNOU Roll# ----------)

Synopsis
Synopsis submitted in partial fulfillment of the requirement of
------------------

Under the Supervision of

---------
 ABSTRACT

In recent years, the use of mobile ad hoc networks (MANETs) has been widespread in many
applications, including some mission critical appli-cations, and as such security has become one
of the major concerns in MANETs. Due to some unique characteristics of MANETs, prevention
methods alone are not suficient to make them secure; therefore, detection should be added as
another defense before an attacker can breach the sys-tem. In general, the intrusion detection
techniques for traditional wireless networks are not well suited for MANETs. In this paper, we
classify the architectures for intrusion detection systems (IDS) that have been intro-duced for
MANETs. Current IDS's corresponding to those architectures are also reviewed and compared.

ii
 CONTENTS
CHAPTER TITLE PAGE NO

Abstract………………………………………………………………….i
Acknoledgement………………………………………………………...ii
Contents…………………………………………………………………iii
List of figures…………………………………………………………....iv
Chapter 1 Introduction…………………..……………………………………....1
1.1 Intrusion detection system……...………………………………2

Chapter 2 Literature survey……..……………………………………..…….…3

2.1 Existing system……………..…………………………….……..5

Chapter 3 Problem Definition………………………………………………..…..9

Chapter 4 Scheme Description…………………………………………………...12
4.1 ACK…………………………………………………………...….13
4.2 S-ACK…………………………………………………...………..14
4.3 MRA………………………………………………...…………….15
4.4 Digital Signature…………………………………………..……...16
Chapter 5 SYSTEM REQUIREMENTS SPECIFICATIONS………………...17
Conclusion………………………………………………………...….21
Bibliography……………………………………………………….....22

iii
LIST OF FIGURES:

Fig. no NAME Page no.

1. Mobile Adhoc Networks 1

2. Working of watchdog 6
3. TWOACK Scheme. 7
4. AACK Scheme 8
5. Receiver Collision 9
6. Limited Transmission Power 10
7. False Misbehavior Report 10
8. System Control Flow 12
9. ACK Scheme 13
10. S-ACK Scheme 14
11. Signature genaration 18
12. Signature verification 19

iv
CHAPTER 1
INTRODUCTION
MANET (Mobile Ad hoc network) is an IEEE 802.11 framework which is
a collection of mobile nodes equipped with both a wireless transmitter and receiver
communicating via each other using bidirectional wireless links. This type of peer to peer
system infers that each node or user in the network can act as a data endpoint or intermediate
repeater. Thus, all users work together to improve the reliability of network communications.
MANETs are self-forming, self-maintained and self-healing allowing for extreme network
flexibility, which is often used in critical mission applications like military conflict or
emergency recovery. Minimal configuration and quick deployment make MANET ready to
be used in emergency circumstances.

Fig 1: Moblie Adhoc Network

1.1 Intrusion Detection System

The open medium and wide distribution of nodes make MANET vulnerable to
malicious attackers. In this case, it is crucial to develop efficient intrusion-detection
mechanisms to protect MANET from attacks. A new intrusion detection system named
Enhanced Adaptive ACKnowledgment (EAACK) and Digital Signature is designed for
MANETs to detect malicious nodes and to prevent advanced attacks. Many IDS are existing
for MANET’s and the three existing approaches are WATCHDOG, TWOACK and Adaptive

ACKnowledgment (AACK). They suffer from the problem that they fail to detect malicious
nodes with the presence of false misbehavior report. Existing schemes are largely depend on
the acknowledgment packets. Hence, the acknowledgment packets should be valid and
authentic. Another drawback is the significant amount of unwanted network overhead. Due
to the limited battery power nature of MANETs, such overhead can easily degrade the life
span of the entire network.

A new and efficient intrusion detection system named EAACK is proposed and implemented
for MANETs. EAACK is designed to tackle three of the six weaknesses of Watchdog
scheme, namely, false misbehavior report, limited transmission power and receiver collision.
Compared to contemporary approaches, EAACK demonstrates higher malicious-behavior-
detection rates in certain circumstances while does not greatly affect the network
performances.
CHAPTER 2
LITERATURE SURVEY

1. Nat. Inst. Std. Technol., Digital Signature Standard (DSS) Federal Information
Processing Standards Publication, Gaithersburg, MD, 2010, Digital Signature
Standard (DSS)

This paper investigated the procedure to use the alerts from may audit sources to
improve the accuracy of the intrusion detection system (IDS). A theoretical model was
designed automatically for the reason about the alerts from the different sensors through
concentrating on the web server attacks. It also provides a better understanding of
possible attacks against their systems for the security operators.

2. Naeimeh Laleh and Mohammad Abdollahi Azgomi - Detecting forged

acknowledgements in MANETs,‖ in Proc. IEEE 25th Int. Conf. AINA, Biopolis,
Singapore, 2011

This paper discussed the fraud that is growing remarkably with the growth of
modern technology and the universal superhighways of communication which results in the
loss of billions of dollars throughout the world each year. This technique tends to propose
a new taxonomy and complete review for the different types of fraud and data mining
techniques of fraud detection.

3. Phillip Brooke"A method for obtaining digital signatures and public-key

cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120–126,2012

This paper presents a new IDS framework for mobile adhoc network (MANET)
environments based upon the concept of a friend in a small world phenomenon. The two-
tier IDS framework has been designed to overcome longer detection mechanisms and
detection suffering from the potential for blackmail attackers and false accusations with the
help of friend nodes. It is hypothesized that with the introduction of friend nodes, the
impacts of the IDS problems can be minimized. It is noted that the proposed
framework would not be able to work on a diverse MANET environments.

4. Eduardo Mosqueira Rey et al "A Survey on Intrusion Detection in Mobile Ad

Hoc Networks," in Wireless/Mobile Security, 2013

This paper described the design of misuse detection agent which is one of the
different agents in a multiagent-based intrusion detection system. Using a packet sniffer the
agent examines the packets in the network connections and creates a data model based on the
information obtained.

5. Yurong Xu, James Ford and Fillia Makedon―Ad hoc mobile wireless networks
routing protocol—A review,‖ J. Comput. Sci., vol. 3, no. 8, pp. 574–582, 2014

This paper introduces a distributed wormhole detection algorithm called

Wormhole Geographic Distributed Detection (WGDD) that is based on detecting
network disorder caused by the existence of a wormhole. Since wormhole attacks are
passive, this algorithm uses a hop-counting technique as a probe procedure to detect
wormhole attacks, then reconstructs local maps in each node. After that, it uses a feature
called “diameter” to detect abnormalities caused by wormholes. The main advantage of using
a distributed wormhole detection algorithm is that it provide the approximate location
of a wormhole, which may be useful information for further defense mechanisms.

LIMITATIONS :
 Most of the research has been carried out on signature based techniques. The more
efforts are required on anomaly detection techniques especially for WLAN.

 The exact design consideration for efficient technique for monitoring, detecting and
responding to the various security breaches to the WLAN has not been accounted so
for according to author ‘s knowledge..

 Low Rate of False Alarms: The main advantage of misuse detection systems is their

ability to detect known attacks and the relatively low false alarm rate when rules are

correctly defined. It is important to note that, as said above, the signatures which are
 used in rules must be as specific as possible to prevent false alarms [47].

 Only Known Attacks Detection: The foremost drawback of misuse detection systems

is their complete inability in detecting unknown attacks.

 Unknown Attacks Detection: The main advantage of anomaly detection systems is

that, contrary to misuse detection systems, they can detect unknown or novel attacks.

They do not rely on any a priori knowledge concerning the intrusions. It is also

important to note that anomaly detection systems have not for main purpose to

replace misuse detection systems. The very good efficiency of misuse systems in

detecting known attacks makes them a perfect complement to anomaly detection

systems.

 High Rate of False Alarms: Two factors may lead to a very high rate of false alarms

or to a very poor accuracy of anomaly detection systems.

2.1 EXISTING SYSTEMS

As discussed before, all nodes in a MANETs are relay the data to communicate with each
node. The range of communication is also depends upon the transmission ability of the
nodes and also the battery power. Due to such limitations the attackers have
significant opportunities to achieve their impact with one or two compromised nodes.
IDS provide a proactive approach to the existing system. It will eliminate the potential
damages caused by compromised nodes and enhance the security level of MANETs.

In this section mainly describe three existing approaches namely,

1. Watchdog
2. TWOACK
3. AACK
 1. Watchdog
This technique describe the two technique improve the throughput in an adhoc
network in the presence of the nodes they agree to forward the packet but fail to do so. This
technique categorizing the nodes based upon the dynamically measured behavior. Watchdog
and path rater are the main technique, identifies the misbehaving nodes and helps the
routing protocols.
WORKING OF WA TCHDOG:

Fig2: How watchdog works: Although node B intends to transmit a packet to node C, node A could overhear
this transmission

Figure 2 shows how the watchdog works. Assume that node S wants to send a packet to
node D, which there exists a path from S to D through nodes A, B, and C. Consider now that
A has already received a packet from S destined to D. The packet contains a message and
routing information. When A forwards this packet to B, A also keeps a copy of the packet in
its buffer. Then, it promiscuously listens to the transmission of B to make sure that B
forwards to C. If the packet overheard from B (represented by a dashed line) matches that
stored in the bu®er, it means that B really forwards to the next hop (represented as a solid
line). It then removes the packet from the buffer. However, if there's no matched packet after
a certain time, the watchdog increments the failures counter for node B. If this counter
exceeds the threshold, A concludes that B is misbehaving and reports to the source node S.

The Watchdog scheme fails to detect malicious misbehaviors with the presence of the
following:
1) Ambiguous Collisions
2) Receiver Collisions
3) Limited Transmission Power
4) False Misbehavior Report
5) Collusion
6) Partial Dropping.
 2. TWOACK
The TWOACK scheme successfully solves the receiver collision and limited
transmission power problems posed by Watchdog. However, the acknowledgment process
required in every packet transmission process added a significant amount of unwanted
network overhead. Due to the limited battery power nature of MANETs, such redundant
transmission process can easily degrade the life span of the entire network
The working process of TWOACK is shown in Fig.3.
S A B C X D

Packet 1
Packet 1

TWOACK
TWOACK

Fig.3: TWOACK Scheme: Each node is required to send back an acknowledgement packet to the
node that is two hops away from it.

3. AACK (Adaptive Acknowledgement)

AACK is an acknowledgment-based network layer scheme which can be considered as

a combination of a scheme called TACK (identical to TWOACK) and an end-to-end
acknowledgment scheme called Acknowledge (ACK).
The end-to-end acknowledgment scheme in ACK is shown in Fig. 4.
Fig.4: ACK Scheme: The Destination node is required to send acknowledgment packets to source node

CHAPTER 3
PROBLEM DEFINITION
Our proposed approach EAACK is designed to tackle three of the six
weaknesses of Watchdog scheme, namely, false misbehavior, limited transmission
power, and receiver collision. In this section, we discuss these three weaknesses in detail.
In a typical example of receiver collisions, shown in Fig. 5, after node A sends Packet 1 to
node B, it tries to overhear if node B forwarded this packet to node C; meanwhile, node X is
forwarding Packet 2 to node C. In such case, node A overhears that node B has successfully
forwarded Packet 1 to node C but failed to detect that node C did not receive this packet due
to a collision between Packet1 and Packet2 at node C.
In the case of limited transmission power, in order to pre-serve its own battery
resources, node B intentionally limits its transmission power so that it is strong enough to be
overheard by node A but not strong enough to be received by node C, as shown in Fig. 6.

S A B C X D

Packet 1
Overhearing

Packet 1 packet 2
Fig.5: Receiver Collision: both node B and node X re trying to send packet 1 and packet 2 respectively, to node
C at the same time

Fig.6: limited transmission power: node B limits the transmission power so that packet transmission can be
overhead by node A but too weak to reach node C

For false misbehavior report, although node A successfully overheard that node B
forwarded Packet 1 to node C, node A still reported node B as misbehaving, as shown in
Fig.6. Due to the open medium and remote distribution of typical MANETs, attackers can
easily capture and compromise one sor two nodes to achieve this false misbehavior report
attack.

S A B C X D

Packet 1
Overhearing

False Report Packet 1

Fig.7: False Misbehavior Report. Node A sends back misbehavior report even through the node B forward the
packet to node C

As discussed in previous sections, TWOACK and AACK solve two of these three
weaknesses, namely,
 Receiver Collision
  Limited Transmission Power.

Furthermore, we extend our research to adopt a digital signature scheme during the packet
transmission process.
As in all acknowledgment-based IDSs, it is vital to ensure the integrity and
authenticity of all acknowledgment packets.

CHAPTER 4
Scheme Description
EAACK is consisted of three major parts, namely, ACK, secure ACK (S-ACK), and
misbehavior report authentication (MRA). Fig.8 presents a flowchart describing the
EAACK scheme. All the nodes in the network are bidirectional. Furthermore, for
each communication process, both the source node and the destination node are not
malicious. Unless specified, all acknowledgment packets described in this research are
required to be digitally signed by its sender and verified by its receiver.
 Start

Start with ACK

mode

Node Activity

ACK Packet S-ACK

Mode
yes Reply from MRA yes Misbehaviour no
Destination report
yes Destination
no
Node has
no the Pkt
Send S-ACK Pkt Send ACK Pkt
Send MRA Pkt

Mark reporter Trust the

as Malicious Report

Send ACK-Pkt

Fig.8:System control flow: this figure shows the system flow of how the EAACK
scheme works

4.1 ACK
In Fig. 9, in ACK mode, node S first sends out an ACK data packet Pad1 to
the destination node D. If all the intermediate nodes along the route between nodes S and
D are cooperative and node D successfully receives Pad1, node D is required to send back an
ACK acknowledgment packet Pak1 along the same route but in a reverse order. Within a
predefined time period, if node S receives Pak1, then the packet transmission from node S to
node D is successful. Otherwise, node S will switch to S-ACK mode by sending out an S-
ACK data packet to detect the misbehaving nodes in the route.
Fig.9: ACK Scheme: The Destination node is required to send acknowledgment packets to source node when it
receives new packet.

4.2 S-ACK (Secure Acknowledgment)

The S-ACK scheme is an improved version of the TWOACK scheme.
The principle is to let every three consecutive nodes work in a group to detect
misbehaving nodes. For every three consecutive nodes in the route, the third node is required
to send an S-ACK acknowledgment packet to the first node. The intention of introducing S-
ACK mode is to detect misbehaving nodes in the presence of receiver collision or limited
transmission power. As shown in Fig.10, in S-ACK mode, the three consecutive nodes
(i.e., A, B, and C) work in a group to detect misbehaving nodes in the network. Node
A first sends out S-ACK data packet Psad1to node B. Then, node B forwards this packet
to node C. When node C receives Psad1, as it is the third node in this three-node group, node
C is required to send back an S-ACK acknowledgment packet Psak1 to node B. Node B
forwards Psak1 back to node A. If node A does not receive this acknowledgment packet
within a predefined time period, both nodes B and C are reported as malicious. EAACK
requires the source node to switch to MRA step to detect false misbehavior report in our
proposed scheme

S A B C X D
 Pad 1
Pad 1

PSaK1
PSaK1

Fig.10: S-ACK Scheme: node C required sending back an acknowledgement packet to node A

4.3 MRA (Misbehavior Report Authentication)

The MRA scheme is designed to resolve the weakness of Watchdog when it
fails to detect misbehaving nodes with the presence of false misbehavior report. The
false misbehavior report can be lethal to the entire network when the attackers break
down sufficient nodes and thus cause a network division. The core of MRA scheme is to
authenticate whether the destination node has received the reported missing packet
through a different route. To initiate the MRA mode, the source node first searches its
local knowledge base and seeks for an alternative route to the destination node. When the
destination node receives an MRA packet, it searches its local knowledge base and compares
if the reported packet was received. If it is already received, then it is safe to conclude
that this is a false misbehavior report and whoever generated this report is marked as
malicious. Otherwise, the misbehavior report is trusted and accepted. By the adoption of
MRA scheme, EAACK is capable of detecting malicious nodes despite the existence of false
misbehavior report.
MRA resolve weakness of watchdog of detecting misbehaving nodes.
a) Source node
1) checks local knowledge base
2) if no path use DSR and send MRA to destination
b) Destination node
1) checks local knowledge base
2) if packet received then falsify the report

4.4 Digital Signature

As discussed before, EAACK is an acknowledgment- based IDS. All three
parts of EAACK, namely, ACK, S-ACK, and MRA, are acknowledgment-based detection
schemes. Thus, it is extremely important to ensure that all acknowledgment packets in
EAACK are authentic and un-tainted. With regard to this urgent concern, we incorporated
digital signature in our proposed scheme. In order to ensure the integrity of the IDS, EAACK
requires all acknowledgment packets to be digitally signed before they are sent out and
verified until they are accepted.
However, we fully understand the extra resources that are required with the introduction of
digital signature in MANETs. To address this concern, we implemented both DSA and RSA
[8] digital signature schemes in our proposed approach. The goal is to find the most optimal
solution for using digital signature in MANETs.

SYSTEM REQUIREMENTS SPECIFICATIONS

USER REQUIREMENTS

These are the theoretical abnormal state prerequisites, which a framework is required
to perform. This gives the subtle elements of the administrations that the framework is relied
upon to give furthermore specify the imperatives pertinent. These are composed in regular
English proclamations and might incorporate abnormal state graphs.

The rundown of administrations that our framework is relied upon to give.

NON FUNCTIONAL REQUIREMENTS

The requirements that are indirectly dependent on the system are termed as non
functional requirements that are not essential in direct manner. These Non Functional
necessities are concerned about the requirements that are directly not required by the system.
The straight concern is about the storage capacity, dependability and finally the time required
for the execution. It characterizes on the system capacity of the input and in turn the output of
the system used to get the particular application. It consists of noted difference between the
individual requirements and the dependent non functional requirements. There are number of
non functional requirements comes under the system on behalf of the importance to
individual existence.

Necessary non-functional requirements identified here are,

 Security.
 Dependability.
 FUNCTIONAL REQUIREMENTS

A practical detail does not characterize the internal workings of the proposed framework;
it does exclude the particular how the framework capacity will be executed. Rather, it
concentrates on what different outside operators like individuals utilizing the project, PC
peripherals, or different PCs, may "watch" when interacting with the framework.

The different functional requirements recognized in this task are

 Selecting the MANET network.

 Sending the packet data data through the intermediate nodes.
 Send back an end to end acknowledgement.
 Detect malicious nodes.
 Switch to the different acknowledgement schemes.

Hardware Requirements
Memory Hard Dis : 30 Gigabyte.
Output device : High Resolution Monitor and VGA.
Processor : Processor that supports above 500 Mega Hz.
Input device : Mouse and Standard Keyboard.
Compact Disk : 650 Megabyte.
Primary memory : 256MegaByte.

Software Requirements
Language used : Java.
Front End : Java Swings.
Data Bases : Oracle Sql.
Tools used : Netbeans IDE 7.1.
Operating System : Windows.
 CONCLUSION
In this seminar the main focus has been laid on comparative study of EAACK approach
and its limitation with EAACK protocol using ECDSA. Here we have study the behaviour of
EAACK technique. The algorithm is designed to resolve the weakness of Watchdog when it fails
to detect misbehaving nodes with the presence of false misbehaviour report and to authenticate
whether the destination node has received the reported missing packet through a different route
and to achieve this we have to focus on the comparative study of ACK, SACK & MRA scheme.
To extend the deserves of our analysis work, we plan to Investigate the subsequent problems in
our future research:

1) Potentialities of adopting hybrid cryptography techniques to additional cut back the network
overhead caused by digital signature;

2) examine the chances of adopting a key exchange mechanism to eliminate the necessity of
redistributed keys;

3) Testing the performance of EAACK in real network environment rather than software code
simulation.
 BIBLIOGRAPHY
[1] IG Gowthaman &2G Komarasamy , “A Study On Secured Intrusion Detection System For
MANETS” IEEE 2015
[2] T. Anantvalee and J. Wu, "A Survey on Intrusion Detection in Mobile Ad Hoc Networks,"
in Wireless/Mobile Security, 2008.

[3] S. Marti, T. J. Giuli, K. Lai, and M. Baker, "Mitigating routing misbehavior in mobile ad
hoc networks," in Proc. 6th Annu. Int. Conf. Mobile Comput. Netw., Boston, MA, pp. 255–
265, 2000.

[4] K. Liu, J. Deng, P. K. Varshney, and K. Balakrishnan, "An acknowledgment-based

approach for the detection of routing misbehaviour in MANETs," IEEE Trans. Mobile
Comput., vol. 6, no. 5, pp. 536–550, May 2007.

[5] D. Johnson and D. Maltz, "Dynamic Source Routing in ad hoc wireless networks," in
Mobile Computing, ch. 5, pp. 153–181, 1996.

[6] Ashok M. Kanthe, Dina Simunic and Ramjee Prasad, "Comparison of AODV and DSR On-
Demand Routing Protocols in Mobile Ad hoc Networks," in Emerging Technology Trends in
Electronics, Communication and Networking, 2012.

[7]P.Priyanka, S.Swetha, "Detection of misbehavior nodes in MANETS using EIDS," 2014.

[8]R. Rivest, A. Shamir, and L. Adleman, "A method for obtaining digital signatures and public-
key cryptosystems," Commun. ACM, vol. 21, no. 2, pp. 120–126, Feb. 1983.

[9] G. Jayakumar and G. Gopinath, ―Ad hoc mobile wireless networks routing protocol—A
review,‖ J. Comput. Sci., vol. 3, no. 8, pp. 574–582, 2007.

[9] N. Kang, E. Shakshuki, and T. Sheltami, ―Detecting forged acknowledgements in

MANETs,‖ in Proc. IEEE 25th Int. Conf. AINA, Biopolis, Singapore, Mar. 22–25, 2011, pp.
[10] N. Nasser and Y. Chen, ―Enhanced intrusion detection systems for discovering malicious
nodes in mobile ad hoc network,‖ in Proc. IEEE Int. Conf. Commun., Glasgow, Scotland, Jun.
24–28, 2007, pp. 1154–1159.

[11] A. Patwardhan, J. Parker, A. Joshi, M. Iorga, and T. Karygiannis, ―Secure routing and
intrusion detection in ad hoc networks,‖ in Proc. 3rd Int. Conf. Pervasive Comput. Commun.,
2005, pp. 191–199.

[12] M. Zapata and N. Asokan, ―Securing ad hoc routing protocols,‖ in Proc. ACM Workshop
Wireless Secur., 2002, pp. 1–10.

[13] Nat. Inst. Std. Technol., Digital Signature Standard (DSS) Federal Information Processing
Standards Publication, Gaithersburg, MD, 2009, Digital Signature Standard (DSS)