DETAILED DESIGN

The project basically has 5 modules namely Module 1-Network creation and packet forwarding Module 2-Monitoring and Data collection Module 3-Evaluation of node specific data Module 4-Detection of malicious nodes Module 5-Elimination of malicious nodes

NETWORK CREATION

PACKET FORWARDING

MONITORING

DATA COLLECTION

ELIMINATION OF MALICIOUS NODES

MALICIOUS NODE DETECTION

DATA EVALUATION

MODULE 1-NETWORK CREATION AND PACKET FORWARDING INPUT OUTPUT destination. : n number of nodes, wireless links, data packets : an ad hoc network of n nodes. Data packets routed from source to

DESCRIPTION OF THE MODULE PROCESS: PHASE 1: NETWORK FORMATION

NETWORK FORMATIO N

n NODES NETWORK WITH n

AN AD HOC

NODES

During this phase when n number of nodes is given as an input, an ad-hoc network with its nodes connected by means of a wireless link is given as the output. PHASE 2:PACKET FORWARDING(ROUTING)

S-source D-destination

During this phase, the Ad hoc On demand Distance Vector Routing protocol is used to establish the route between the source and the destination to serve the purpose of forwarding a packet through the route which has the minimum cost to the destination.

MODULE 2-MONITORING AND DATA COLLECTION INPUT OUTPUT : Nodes belonging to a particular route from source to destination. :Behavioral data about each node.

S k 1

S-source D-destination

J,k-Intermediate nodes

During this phase the input will be S J K D. For every node I, there exists a set of neighboring nodes Gi . j is a neighboring node of I and it belongs to Gi . Node j now monitors node I. It calculates a cost parameter called aj,I,k, . aj,I,k. = No. of packets forwarded by i No. of packets dropped by i

Where j-neighboring node i-monitored node k-time slot

MODULE 3-EVALUATION OF NODES INPUT OUTPUT PROCESS In this module, we define two hypotheses namely H0: Node is genuine H1: Node is misbehaving An adaptive detection function is defined which is given by : P(misbehavior),ajik :Adaptive detection function

T(I,J)n-1*P[FWD|H1] packets] T(I,J)n packets] = T(I,J)n-1*P[FWD|H0]

T(I,J)n-1*P[misbehaving node forwarding = T(I,J)n-1*P[genuine node forwarding

Where n samples are taken in n timeslots and comparatively more packets have been forwarded during the time slots

T(I,J)n-1*P[DRP|H1] packets] T(I,J)n =

T(I,J)n-1*P[misbehaving node dropping =

T(I,J)n-1*P[DRP|H0] packets]

T(I,J)n-1*P[genuine node dropping

Where n samples are taken in n timeslots and comparatively more packets have been dropped during the time slots P(drop)=1-ajik

P[FWD|H1]= (1-P(drop))*(1-P(misbehavior)) == Probability that a misbehaving node forwards a packet. P[FWD|H0]= (1-P(drop) == Probability that a genuine node forwards a packet P[DRP|H1]=1-(1-P(drop))*(1-P(misbehavior))==Probability that a misbehaving node drops a packet P[DRP|H0]=P(drop)==Probability that a genune node drops a packet

MODULE 4:-DETECTION OF MALICIOUS NODES INPUT: ,, T(I,J)n OUTPUT:Decision as to whether a node is malicious or genuine PROCESS . =user parameter which represents the tolerable limits of false positives=tolerable level of a node being called genuine but it is actually malicious . =user parameter which represents the tolerable limits of false negatives=tolerable level of a node being called malicious but it is actually genuine A=1- . B= 1- If T(I,j)n>=A -H1 is true node I is malicious If T(I,j)n<=B H0 is truenode I is genuine

When If T(I,j)n<A or If T(I,j)n>B then the degree of maliciousness or genuineness will be determined Thus the detection phase basically does the following If node j can forward packets over a timeslot k and node I also forwards packets then the degree of genuineness is high. If node j can forward packets and node I does not forward packets over a time slot k, then the degree of maliciousness of the node is high If node j is unable to forwards packets but if node I forwards then the degree of genuineness is high If node j is unable to forward and node I is also unable to forward then the packet drop is due to traffic

MODULE 5-ELIMINATION OF MALICIOUS NODES Once the maliciousness of a node reaches a threshold value that particular node is removed from the network. This is done when the nodes get a message that a particular node is malicious. The nodes collaboratively eliminate the node from their routing tables.