Beruflich Dokumente
Kultur Dokumente
FAZALUDDIN SHAIK
0924783
Version - 2010/11
0924783 Page 1
CDLE MECHANISM for INTRUSION DETECTION in MANET
ABSTRACT
0924783 Page 2
CDLE MECHANISM for INTRUSION DETECTION in MANET
Acknowledgement
I would like to express gratitude to my Project Supervisor Dr. Enjie Liu for his encouragement as
well as directing me with the precious guidance and unprejudiced feedback on my work.
This dissertation has been one of imaginative, ingenious and significant educational challenges. I
have never ever faced in my life till date. Without the guidance, support and endurance of my
professors on this project would never have been completed.
I owe my inmost appreciation and admiration to my project head Dr Fiaz Hussain, to my project
supervisor Dr. Enjie Liu and to the UOB staff who were always available to help me a lot in my
academic week-to-week activities.
Dedication
0924783 Page 3
CDLE MECHANISM for INTRUSION DETECTION in MANET
Table of Contents
ABSTRACT
1. INTRODUCTION
1.1 Background of ad hoc network Vulnerabilities...08
1.1.1 Challenges to accomplish security in MANETS 09
1.2 Need for intrusion detection ...09
1.2 .1 Intrusion detection ..10
1.2 .2 Problems of intrusion detection in MANETS.10
1.3 Cluster based intrusion detection.11
1.3.1 Leader selection....12
1.3.2 Mechanism design....12
1.4 Problem assertion....13
1.5 Contribution as Aim....13
1.6 Objectives14
1.7 Thesis layout14
0924783 Page 4
CDLE MECHANISM for INTRUSION DETECTION in MANET
3. BACKGROUND KNOWLEDGE
3.1 Game theoretic intrusion detection..26
3.2 Bayesian game theory approach..26
3.2.1 Bayesian Hybrid detection approach26
3.2.2 Perfect Bayesian Equilibrium Analysis (PBE).27
3.3 Behavior based anomaly detection..28
3.3.1 Negative self approach.28
3.4 Sprite: A Simple, Cheat-Proof, Credit-Based System.28
3.4.1 Objectives....29
3.5 Secure and objective reputation based incentive (SORI)29
3.6 CONFIDANT (Cooperation of Nodes: Fairness in Dynamic Adhoc NeTworks)..30
3.7 CORE:.32
3 .8 Mechanism design..33
3.8.1 Main objectives.33
3.9 Vickrey Clarke groves.34
4. DESIGNING OF CDLE
4.1 Existing systems...35
4.2 Proposed systems..35
4.2.1 Cluster based leader selection (CDLE)..36
4.2.2 Priority Based Node Termination Control.36
4.4 Optimized Mechanism design...38
4.4.1 Social choice function38
4.4.2 Cost of analysis..39
4.4.3 Optimized payment function..40
4.4.4Optimized utilitarian function..40
0924783 Page 5
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page 6
CDLE MECHANISM for INTRUSION DETECTION in MANET
7. CONCLUSION76
APPENDIX.77
1. POSTER.82
2. USER GUIDE83
TABLE of FIGURES
1- IDS Architecture..21
2- Block Diagram..47
3- Flow Diagram47
TABLE of GRAPHS
0924783 Page 7
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 1
INTRODUCTION
Dynamic topology: Dynamic topology ad hoc networks have need of complicated routing
protocols. One of the most difficulties due to dynamic topology is that misbehaving node
generates wrong routing information which is hard to discover.
0924783 Page 8
CDLE MECHANISM for INTRUSION DETECTION in MANET
Vulnerability of nodes: Physical protection of nodes is not possible due to open air face
media hence node can be easily captured and cascade under the control of an attacker [4].
0924783 Page 9
CDLE MECHANISM for INTRUSION DETECTION in MANET
Evans Law, security risk is caused due to the more vulnerable attacks and the increased number
of malicious users.
Security problems in adhoc networks conquered by quadrillion times than already
existing security schemes such as encryption and authentication protocols.
0924783 Page 10
CDLE MECHANISM for INTRUSION DETECTION in MANET
Advantages of clustering
It improves the system capacity by implementing spatial reuse of resources.
Optimization in routing mechanism.
Efficient handling of mobility management.
Efficient bandwidth utilization.
Minimize the amount of storage for communication.
Disadvantages of clustering
Longer record updation time is required when the fields in the clustering index
are changed.
Difficult to recover from database corruption.
If Cluster head becomes intruder then performance of entire network is
degraded [10].
0924783 Page 11
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page 12
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page 13
CDLE MECHANISM for INTRUSION DETECTION in MANET
Efficiency of the detection mechanism is evaluated through NS2 based simulation model and
illustrated that PBNTC is more efficient to detect selfish node and make them for active
participation in cluster head selection.
To study the various attacks initiated by the misbehavior nodes, selfish node
characteristics and its impact on the performance of the network.
To study and analyze the performance of leader selection in adhoc networks.
To evaluate the performance of leader election models CDLE and CILE leader to
improve the network throughput.
Mechanism design theory with Vickrey, Clarke, and Grovess computation are studied
to provide incentives for selfish nodes.
Propose a well-organized Priority Based Node Termination Control intrusion detection
method to detect selfish and terminate selfish node depends upon the functionality in
network in order to preserve resources of ad hoc networks.
Present the simulation method and performance metrics to measure the efficiency of
proposed Priority Based Node Termination Control intrusion detection method.
0924783 Page 14
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 2
LITERATURE REVIEW O N CLUSTER BASED INTRUSION DETECTION
2. Attacks
Wormhole attack
In a wormhole attack, a high speed malicious node properly positioned tunnels is
created between two nodes in network to transmit secret packets. Therefore the whole
network is interrupted by redirecting traffic near adversary node. Wormhole attack is the
origin of other attacks such rushing attacks and Sybil attacks [13] [14].
0924783 Page
15
CDLE MECHANISM for INTRUSION DETECTION in MANET
Sinkhole Attacks
Sinkhole attack is the attack in which compromised node makes attractive itself to
recognize by neighboring node as a best path for transmission to alter the routing
information [13] [14].
Sybil Attacks
In Sybil attacks, a malicious node acts as a normal node like other nodes in
network to acquire the knowledge of other nodes identity in network either by making
new node or from the knowledge of other nodes identity [13] [14].
Selective Forwarding
Selective forwarding is a compromised node can selectively filter traffic from
particular part of the network. Due to reduction of difficulties of selection random
dropping of packets is also appreciable whereas hard to detect and trace of traffic in
network [15].
Eavesdropping
Eavesdropping is an attack to acquire confidential information such as location;
public key, private key and passwords of the nodes are kept and maintained as secret
during the communication between nodes in networks [15].
Accessibility
Every node should maintain its capability to do all the predefined assigned
services by not considering about its own security state of network. But this criterion is
very challenging when denial-of-service attacks is captured in network therefore
compromised nodes make network services as unavailable [16].
0924783 Page
17
CDLE MECHANISM for INTRUSION DETECTION in MANET
Reliability
Integrity gives assurance for message identity during transmission. Integrity can
be compromised mainly in two ways [16]:
Malicious altering (messages damaged by adversary node )
Accidental altering (messages damaged due to hardware failure)
Confidentiality
Confidentiality maintains the privacy about the secret information in which
certain information is not accessible for unauthorized user.
Authenticity
Authenticity is essentially gives assurance for every participant in network must
be genial and trustworthy to all nodes in network [16]. If there is lack of authentication
mechanism in network, and then adversary node could easily pretend to be access to
confidential resources or even propagate some fake messages to distract the standard
network communications.
Non repudiation
Non repudiation makes sure that sender and receiver of message cannot renounce
about its communication retrieval information. If any node in the network is identified,
received messages are supposed to be error and then notify the error information as
evidence to other nodes in network for compromising nodes in network [16].
Authorization
Authorization is used to assign access rights depends upon the level of users in
which an access authority is supposed to be credential which indicates the constitutional
rights and permissions by the certificate authority [16].
0924783 Page
18
CDLE MECHANISM for INTRUSION DETECTION in MANET
Anonymity
Anonymity denotes all information is used to identify the proprietor or the current
user of the node to be kept private is not distributed by the node itself or the system
software [16].
networks. Specification based IDS detect unknown attacks with low false positive rate
but previously mentioned detection exhibits high false positive to detect unknown attacks
in networks [19] [20] [21].
2 .6 IDS Architectures
Network infrastructures may be in the form of flat or multi-layer networks.
Intrusion detection is classified into four types based on network infrastructure. Fig 1
represents the cluster dependent intrusion detection in MANET with proposed PBNTC
based on mechanism design theory.
Checker Repudator
CDLE
0924783 Page
21
CDLE MECHANISM for INTRUSION DETECTION in MANET
Detection engine
i) Local detection engine
Local detection engine is used to detect the presence of intrusion in data item.
Data items are locally collected in data collection module. Two types of attacks are
possible such as known and unknown attacks. Known attacks are easily recognized and
eliminate by misuse based detection IDS with specific patterns and corrective measures.
On the other hand unknown attacks are mainly identified by statistical anomaly detection
0924783 Page
22
CDLE MECHANISM for INTRUSION DETECTION in MANET
techniques which distinguish anomalies from normal behaviors based on the deviation
between the current observation data and the normal profiles of the system [5] [7].
Anomaly detection is performed using the eSOM classification algorithm.
Collect audit data and perform the suitable transformations.
eSOM algorithm is used to compute the training data.
Collected data are classified into Normal or Abnormal [7].
0924783 Page
23
CDLE MECHANISM for INTRUSION DETECTION in MANET
its battery power without involving to serve other nodes in networks. To solve the
problem in cooperative intrusion detection, cluster-based intrusion detection technique
for ad hoc network was evolved [25].
Monitoring agent
Monitoring agent is used to monitor both individual host and whole networks.
Host-based monitor agent runs on every node to inspect system-level user-activities runs
on every node individually. Conversely network based monitoring agent runs on selected
0924783 Page
24
CDLE MECHANISM for INTRUSION DETECTION in MANET
nodes to monitor at packet-level to capture packets going through the network within its
radio ranges [25][17].
Action agent
Action agent is the important agent and it is used to initiate a response according
to the detected intrusion in networks. Response may be in the form of either by
discontinuing the process carried out in intrusion detected node or blocking the node
from network. If any intrusion activities are detected in certain node with strong
confirmation then immediate response are produced by this action agent [25] [17].
Decision agent
Unlike action agent, decision agent is deployed only on assured nodes which can
run as network monitoring agents.
Decision agent functions are not performed by host monitors node because it does
not have own capability to make a decision individually about intrusion due to
insufficient awareness about intrusion. Network monitoring node collects all intrusion
packets information within its communication radio range and analysis are carried out to
make collective decisions about network level intrusions [17].
0924783 Page
25
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 3
BACKGROUND KNOWLEDGE
0924783 Page
26
CDLE MECHANISM for INTRUSION DETECTION in MANET
heavy monitoring system is to monitor the intrusion detection which is more complicated
IDS but detection is more effective which provides more detection quality, but consumes
more energy. Decision is taken from updation belief of adversarys node information to
ON or OFF of either lightweight or heavy weight monitoring system. Only one
monitoring systems is active at one time to detect the intrusion and also comprehended
that one heavyweight monitoring system or two lightly weighted monitoring systems in
which one lightly weighted to detect maliciousness of entire network and other lightly
weighted evaluates neighboring nodes individually[28] [29] .
0924783 Page
27
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
28
CDLE MECHANISM for INTRUSION DETECTION in MANET
also maintains the receipt for received message itself. Node reports to Credit Clearance
Service (CCS), about the message forwarding with receipt for received message.
CCS only evaluates cost and credit for node based on number of receipt reported
by nodes in networks. There are two concerns must be taken in consideration, in which
charge and credit are provided to node depending upon the number of receipt reported by
node, therefore selfish node withhold its receipt without reporting to CCS to maximize its
own welfare. Then second is node with low resources is reported receipt for its own
messages to acquire high credit [31].
3.4.1 Objectives
There are four main objectives are acquired by sprite incentive schemes are
follows
To provides incentive to make selfish nodes make actively cooperate with packet
forwarding of other nodes.
Game-theoretic approach is used to compute charge and credit which motivates
each node to report about its receipts honestly.
First pure software solution by game approach with prove the providing of
correctness security.
Message overhead also reduced with efficient cooperation of nodes in networks
[31].
0924783 Page
29
CDLE MECHANISM for INTRUSION DETECTION in MANET
Reputation-based schemes
In existing reputation based schemes lack of efficient measure to evaluate
quantitative and objective ways to propagate reputation. But for efficient reputation
schemes requires secure mechanism to propagate reputation and then quantify criteria are
used to evaluate reputation of a node in objective way [32] [33] .
Pricing-based schemes
Proper packet forwarding between nodes in networks is obtained by providing the
virtual currencies with implementation of temper resistant hardware trust between
scheme and nodes in networks. Nodes that is responsible for forwarding data packets are
priced by providing currency in the form of virtual and also makes efficient relationship
between nodes in networks [32] [33].
Features
The features of SORI are described as follows
Objective measures are used to quantify reputation of node.
Simplex hash chain based authentication scheme are used to compute secured
propagation of reputation.
Communication overhead is minimized by propagating reputation only to
neighbors not to all nodes in network.
Punishment scheme is equipped with reputation-based mechanism can
successfully identify selfish nodes and punish them accordingly [32] [33].
0924783 Page
30
CDLE MECHANISM for INTRUSION DETECTION in MANET
Monitor system
Monitor system is used to monitor the transmission behavior of both user and
network activities and then misbehaving node behaviors are detected by either comparing
the deviation from normal behavior listening to the transmission status of the next node
called as passive acknowledgement or by observing route protocol behavior. Monitor
component is registered the deviations by proper listening of behavior of neighboring
nodes and reputation system is called to terminate the misbehaving nodes from network
[34].
Trust manager
Trust management in adhoc networks is obtained by Pretty Good Privacy (PGP)
in which trust level are structured as unknown, none, marginal, and complete to validate
the key validation and certification.
The trust manager consists of the following components.
An alarm table contains received alarms information.
A trust table manages trust levels to determine the trustworthiness of an
alarm.
A friends list gathered list of friends node whose has capability to send
potential alarm [34].
Reputation system
Reputation systems are used to provide the rating of nodes involved in
transmission of data packets depends upon quality which is acquired from feedback
mutually given by source and destination activities on network correspondingly
Reputation table consists of information about node entry identity and their quality rating
in networks. Quality rating are modified if only if when clear proof for malicious
behavior according to rate function. If malicious behavior is detected by node itself then
high quality rating is acquired for detection rather than detected by neighbor node. The
underlying principle is on weighting schemes is that node have more confidence on own
knowledge for detection [34].
0924783 Page
31
CDLE MECHANISM for INTRUSION DETECTION in MANET
Path manager
Functions performed by path manager are follows
Path direction is changed according to security criteria depend on
reputation of node.
Malicious nodes path are removed from network.
Activities performed by malicious node also withheld.
Actions also performed in route of malicious node in networks [34].
3.7 CORE
A Collaborative Reputation mechanism is used to enforce node cooperation in
Mobile Ad hoc Networks are abbreviates as CORE. CORE is a generic mechanism in
which nodes are enforced to node for involvement in cooperative transmission of other
nodes in networks based on a collaborative monitoring technique. Reputation in CORE is
defined as each network entity has ability to track the identity of other network and
evaluated by the data information provided nodes in networks [35].
Subjective reputation
Subjective reputation is computed at time for subjects inspection using
weighted means of inspected rating factors on every network identity in networks
achieves significance reputation from the past observations. Direct interaction between
subject and neighbors exist in network.
Subjective reputation is computed as follows.
R (si/h) = ( , n) * n
Indirect Reputation
Indirect reputation defines that indirect communication is existing between nodes
and other network members. It is possible to reflect the characteristic of complex
formation of other members of different community. Indirect links are established to
compute the final indirect reputation value [35].
Functional reputation
Functional reputation integrates the functions of aforesaid reputation with respect
to distinct function of h. Hence global value of reputation is calculated with different
observations. Reputation value is evaluated for both packet forwarding and routing [35].
3 .8 Mechanism design
Mechanism design is defined by function M = (O; P) where O is output vector
and P is amount of incentives provided as payment for successful agents in mechanism.
The output function is used to determine the successful winner from all participants in
network. The mechanism m is determined from output and payment is computed based
on inputs of all participants in networks. Game theory and mechanism design are used in
routing protocols of adhoc networks to motivate nodes for actively participates in packet
transmission of other nodes in network [12] [26] [27] [28] [36].
0924783 Page
33
CDLE MECHANISM for INTRUSION DETECTION in MANET
Computation of VCG
Utilitarian function: A winner determination function from set of nodes in
network is called utilitarian G (o) = Nk (o).
VCG mechanism: A mechanism operates under VCG model uses a utilitarian objective
function and then output and payment function are determined as follows.
The output functions as follows.
Where hi (a-i) is an arbitrary function for real valuation of all agents except agent
i. The payment is in the form of reputation
Disadvantages of VCG
Pushes complexity onto bidders.
Reveals a lot of secured real information.
Possible to evolve very low-revenue outcomes.
Extremely vulnerable to collusion.
Unlimited budgets are required.
0924783 Page
34
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 4
DESIGNING OF CDLE
0924783 Page
35
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
36
CDLE MECHANISM for INTRUSION DETECTION in MANET
misbehaving nodes in networks interrupt the overall communication due to less enough
nodes for transmission.
Hence considerable concern must be needed when terminating node from network
even when nodes are misbehaving about revelation of sensitive information such as
resources level. Before terminating misbehave node in network, priority level are
calculated from node transmission activities in network. Therefore node with less priority
level is easily terminated by reputation mechanism. Cluster based selection with Priority
based node termination control reduces the percentage of leaders, single-node IDS
implementation, with increasing average cluster size.
Algorithm
0924783 Page
37
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
38
CDLE MECHANISM for INTRUSION DETECTION in MANET
C (i) = P ()
SP
Power factor
Power factor P () of every node are calculated by dividing the time slots of
nodes into k timeslots with time duration (Ti) and energy level of nodes is represented as
{Ei, Ei+1, Ei+2 ..En}.
P () = Ei
KTi
Sampling power
Each node has reputation value Ri with sampling budget and then
percentage of sampling of node i is determined by ratio between reputation of node and
sum of reputation of node.
SP = Ri
Ri
0924783 Page
39
CDLE MECHANISM for INTRUSION DETECTION in MANET
Least cost of analysis is needed for efficient reputation scheme which is achieved
by decreasing percentage of sampling with increasing power factor. Hence node with
high power cost efficient leader is selected by cost of analysis [12] [37].
where hi (a-i) is an arbitrary function for real valuation of all agents except agent I
[12] [37].
Jonathan
0924783 Page
40
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 5
IMPLEMENTAION & SIMULATION OF CDLE
5 .1 Artefact Implementation
The performance evaluation of cluster dependent leader selection with proposed
priority based node termination control in mobile ad-hoc network under various
constraints such as node density, dynamic mobility have been simulated using NS2. The
simulation is determined by a trace file and performance of system was compared for
node density, dynamic mobility. Network simulator (NS-2) is carried out extensive
simulations to simulate the proposed to obtain priority base node termination control to
improve detection of misbehaving nodes , effective termination leads to increase number
of alive nodes with average cluster size and reduced number of leader nodes in cluster .
0924783 Page
41
CDLE MECHANISM for INTRUSION DETECTION in MANET
Parameters Value
0924783 Page
43
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
44
CDLE MECHANISM for INTRUSION DETECTION in MANET
process to elect the most cost efficient cluster head with maximum resource so serve the
other nodes in cluster.
0924783 Page
45
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
46
CDLE MECHANISM for INTRUSION DETECTION in MANET
Block diagram:
Packet transmission
Intrusion Detection CDLE with PBNTC Node termination
Mechanism design
Flow diagram:
Number of nodes
Formation of cluster
CDLE
Non participation of
Selfish node
Reputation
PBNTC
0924783 Page
47
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 6
COMPARATIVE TESTING & EVALUATION
Graph 1
0924783 Page
48
CDLE MECHANISM for INTRUSION DETECTION in MANET
Graph1 shows that PBNTC improves the number of alive nodes by proper termination
with efficient prolong lifetime of MANET by regular distribution of power consumption
of nodes. It balances the resource consumption of IDS in every node of network and
recover node from selfish behavior
Graph 2
Graph 2 illustrates that proposed PBNTC implementation of cluster dependent leader
selection improves average cluster size better than connectivity model. It makes active
participation in forwarding data packet of other nodes. VCG mechanism is used to
evaluate the amount of incentives and also be the truth telling is dominant strategy.
0924783 Page
49
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
50
CDLE MECHANISM for INTRUSION DETECTION in MANET
Five steps are executed on proposed systems to enhance functional testing in it.
Identifies the requirements to meet and functions that are expected to perform
by proposed system.
Inputs are fashioned based on functional specifications.
Output is determined based on functional specifications.
Execution of test case
Comparison of actual and expected output.
0924783 Page
51
CDLE MECHANISM for INTRUSION DETECTION in MANET
Hence proposed systems are validated and check out through functional testing and then
finally found and ensure that proposed systems satisfies all the criterias that is expected
to meet depart from existing systems.
0924783 Page
52
CDLE MECHANISM for INTRUSION DETECTION in MANET
The network consists of three clusters in the form of cluster dependent and contains the
checker and reputator.
0924783 Page
53
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster1 selects Node5 as leader by connectivity based approach and transfer the
packets to Node1, 2, 3, 4.
0924783 Page
54
CDLE MECHANISM for INTRUSION DETECTION in MANET
The selfish node Node3 and Node4 contains the resource as private information and
injects fake messages regarding the resource for their own benefit.
The reputator is used to make the selfish nodes trustworthy by providing more
incentives to the selfish node.
0924783 Page
55
CDLE MECHANISM for INTRUSION DETECTION in MANET
Even though the reputators providing incentives the selfish node with high resource
terminate from connection and life time of leader reduced thus results in network
termination.
0924783 Page
56
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster2 selects Node10 as leader by connectivity based approach and transfer the
packets to Node6, 7, 8, 9.
0924783 Page
57
CDLE MECHANISM for INTRUSION DETECTION in MANET
The selfish node Node7 and Node8 contains the resource as private information and
injects fake messages regarding the resource for their own benefit.
The reputator is used to make the selfish nodes trustworthy by providing more
incentives to the selfish node.
0924783 Page
58
CDLE MECHANISM for INTRUSION DETECTION in MANET
Even though the reputators providing incentives the selfish node with high resource
terminate from connection and life time of leader reduced thus results in network
termination.
LEADER ELECTION AND PACKET TRANSFER IN CLUSTER3:
0924783 Page
59
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster3 selects Node15 as leader by connectivity based approach and transfer the
packets to Node11, 12, 13, 14.
SELFISH NODES AND FAKE MESSAGES:
The selfish node Node13 and Node14 contains the resource as private information and
injects fake messages regarding the resource for their own benefit.
The reputator is used to make the selfish nodes trustworthy by providing more incentives
0924783 Page
60
CDLE MECHANISM for INTRUSION DETECTION in MANET
Even though the reputators providing incentives the selfish node with high resource
terminate from connection and life time of leader reduced thus results in network
termination.
0924783 Page
61
CDLE MECHANISM for INTRUSION DETECTION in MANET
The network contains three clusters in the form of cluster dependent and contains the
checker and reputator.
LEADER ELECTION AND PACKET TRANSFER:
0924783 Page
62
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster1 selects Node5 as leader by connectivity based approach and transfer the
packets to Node1, 2, 3, 4.
SELFISH NODES NODE3 AND NODE4:
The life time of leader is to be reduced and selfish nodes send fake messages to checker
regarding the resource information for their own benefit.
0924783 Page
63
CDLE MECHANISM for INTRUSION DETECTION in MANET
The reputator is used to make the selfish nodes trustworthy by using the VCG Model
providing more incentives.
SELFISH NODE3 SELECTED AS LEADER1:
0924783 Page
64
CDLE MECHANISM for INTRUSION DETECTION in MANET
The selfish node Node3 is selected as leader1 by Leader Election Algorithm and to
transfer the packets between nodes.
ACKNOWLEDGMENT FROM NODES AND LIFE TIME REDUCED:
The acknowledgment is received from nodes to leader and lifetime is reduced in the
leader.
SELFISH NODE4 SELECTED AS LEADER1:
0924783 Page
65
CDLE MECHANISM for INTRUSION DETECTION in MANET
The selfish node Node4 with maximum resource is selected as leader1 by Leader
Election Algorithm to prevent the termination of connection and to transfer the packets
between nodes.
ACKNOWLEDGMENT FROM NODES:
0924783 Page
66
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster2 selects Node10 as leader by connectivity based approach and transfer the
packets to Node6, 7, 8, 9.
SELFISH NODES NODE7 AND NODE8:
The life time of leader is to be reduced and selfish nodes send fake messages to checker
regarding the resource information for their own benefit.
0924783 Page
67
CDLE MECHANISM for INTRUSION DETECTION in MANET
The reputator is used to make the selfish nodes trustworthy by using the VCG Model
providing more incentives.
SELFISH NODE8 SELECTED AS LEADER2:
The selfish node Node8 is selected as leader2 by Leader Election Algorithm and to
transfer the packets between nodes.
0924783 Page
68
CDLE MECHANISM for INTRUSION DETECTION in MANET
The acknowledgment is received from nodes to leader and lifetime is reduced in the
leader.
SELFISH NODE7 SELECTED AS LEADER2:
0924783 Page
69
CDLE MECHANISM for INTRUSION DETECTION in MANET
The selfish node Node7 with maximum resource is selected as leader2 by Leader
Election Algorithm to prevent the termination of connection and to transfer the packets
between nodes.
ACKNOWLEDGMENT FROM NODES:
0924783 Page
70
CDLE MECHANISM for INTRUSION DETECTION in MANET
The cluster3 selects Node15 as leader by connectivity based approach and transfer the
packets to Node11, 12, 13, 14.
SELFISH NODES NODE3 AND NODE4:
The life time of leader is to be reduced and selfish nodes send fake messages to checker
regarding the resource information for their own benefit.
REPUTATORS TO MAKE SELFISHNODE TRUSWORTHY:
0924783 Page
71
CDLE MECHANISM for INTRUSION DETECTION in MANET
The reputator is used to make the selfish nodes trustworthy by using the VCG Model
providing more incentives.
SELFISH NODE13 SELECTED AS LEADER3:
The selfish node Node13 is selected as leader3 by Leader Election Algorithm and to
transfer the packets between nodes.
ACKNOWLEDGMENT FROM NODES AND LIFE TIME REDUCED:
0924783 Page
72
CDLE MECHANISM for INTRUSION DETECTION in MANET
The acknowledgment is received from nodes to leader and lifetime is reduced in the
leader.
SELFISH NODE14 SELECTED AS LEADER3:
The selfish node Node14 with maximum resource is selected as leader3 by Leader
Election Algorithm to prevent the termination of connection and to transfer the packets
between nodes.
0924783 Page
73
CDLE MECHANISM for INTRUSION DETECTION in MANET
PERFORMANCE EVALUATION:
GRAPH:
0924783 Page
74
CDLE MECHANISM for INTRUSION DETECTION in MANET
The performance evaluation for the number of alive nodes, average cluster size and
Detection accuracy is evaluated between the Pbntc and connectivity.
0924783 Page
75
CDLE MECHANISM for INTRUSION DETECTION in MANET
CHAPTER 7
CONCLUSION
In this paper various types of attacks and intrusion detection types are deliberately
studied. Cluster dependent intrusion detection in adhoc networks with mechanism design
theory is completely investigated and then results are obtained to achieve efficient
detection. Performance of various cluster leader selection scheme is analyzed and studied.
Leader election models CDLE and CILE leader are completely investigated and also
analyzed how network throughput is increased. Mechanism design theory with Vickrey,
Clarke, and Grovess computation is also studied and reputation scheme to provide
incentives for selfish nodes. Propose a well-organized Priority Based Node Termination
Control intrusion detection method to detect selfish and terminate selfish node depends
upon the functionality in network in order to preserve resources of ad hoc networks.
Proposed Priority Based Node Termination Control (PBNTC) is performed better
detection accuracy and also simulated using NS2 simulator. Performance effectiveness of
PBNTC was reviewed on the metrics by analytical and simulation models. The PBNTC
control effectively terminates the selfish node with considerable efforts are taken and
then reputation scheme with mechanism design theory are used to make active
participation of node in cluster head selection. Cluster dependent leader selection
performs better than cluster independent leader selection because of single node cluster
head are reduced by efficient formation of cluster. Hence, cluster dependent leader
selection with PBNTC implementation has shown the better performance to achieve high
optimized detection accuracy. Performance of PBNTC approach demonstrates a high
detection rate under different highly dynamic misbehaving environments. NS-2 Simulator
are used to measure the efficiency of proposed Priority Based Node Termination Control
intrusion detection method.
0924783 Page
76
CDLE MECHANISM for INTRUSION DETECTION in MANET
References
0924783 Page
77
CDLE MECHANISM for INTRUSION DETECTION in MANET
[10] Sharmila John Francis and Elijah Blessing Rajsingh (2009), Performance
Analysis of Clustering Protocols in Mobile Ad hoc Networks International
journal of computer science and security, volume 3, issue 5, pages 334-354, 2009.
[11] Navneet Malpani Jennifer L. Welch, Nitin Vaidya (2000), Leader Election
th
Algorithms for Mobile Ad Hoe Networks Proceedings of 4 IEEE international
workshop of discrete algorithm and methods for mobile computing and
communications, 2000, USA.
[12] Min-You Wu, Wei Shu (2004), RPP: A Distributed Routing Mechanism for
Strategic Wireless Ad hoc Networks Proceedings of IEEE international conference
on Global telecommunication, 2004
13. Giovanni Vigna, Sumit Gwalani, Kavitha Srinivasan (2004), An Intrusion
Detection Tool for AODV-based Ad hoc Wireless Networks Proceedings of IEEE
international conference on computer security applications, Vol. 8, Issue 9 2004
14. Ipsa De, Debdutta Barman Roy (2004), Comparative study of Attacks on AODV-
based Mobile Ad Hoc Networks International Journal on Computer Science and
Engineering (IJCSE) , volume4, issue2 , pages 320-350 , 2004
15. Satria Mandala Md. Asri Ngadi (2006), A Survey on MANET Intrusion Detection
volume 40, issue 5, May. 2006.
16. Wenjia Li and Anupam Joshi Security Issues in Mobile Ad Hoc Networks - A
Survey www. citeseer .in
17. Marjan Kuchaki Rafsanjani (2008), Investigating Intrusion Detection Systems in
MANET and Comparing IDSs for Detecting Misbehaving Nodes, Proceedings of
world academy of science engineering and technology, USA, 2008.
18. Oleg Kachirski, Ratan Guha (2003), Effective Intrusion Detection Using Multiple
th
Sensors in Wireless Ad Hoc Networks Proceedings of 36 annual Hawaii international
conference on systems science, 2003, USA.
19. S.Neelavathy Pari 1, D.Sridharan (2010), A Performance Comparison and
Evaluation of Analyzing Node Misbehaviour in MANET using Intrusion Detection
System International journal on computer science and engineering technology , volume
1, issue1 , pages 35-40 , India 2010.
0924783 Page
78
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
79
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
80
CDLE MECHANISM for INTRUSION DETECTION in MANET
[38] Noman Mohammed, Hadi Otrok, Lingyu Wang (2007), Mechanism Design-Based
Secure Leader Election Model for Intrusion Detection in MANET, volume 40, issue
5, May. 2007.
APPENDIX
1. POSTER
2. USER GUIDE
0924783 Page
81
CDLE MECHANISM for INTRUSION DETECTION in MANET
Objectives:
A- To evaluate the performance of leader
election models CDLE and CILE leader to
improve the network throughput. Conclusion
B- Mechanism design theory with Vickrey, NS-2 simulation demonstrates the cluster dependent
Clarke, and Grovess computation are studied leader selection with PBNTC implementation has
to provide incentives for selfish nodes. shown the better performance to achieve high
optimized detection accuracy. Performance of
Software Specifications: NS-2 Cygwin / PBNTC approach demonstrates a high detection
rate under different highly dynamic misbehaving
Window 2000/XP
environments.
Methodology:
References
1- Sharmila John Francis and Elijah Blessing Rajsingh
(2009), Performance Analysis of Clustering Protocols
in Mobile Ad hoc Networks International journal of
computer science and security, volume 3, issue 5, 2009.
2- Giovanni Vigna, Sumit Gwalani, Kavitha Srinivasan
(2004), An Intrusion Detection Tool for AODV-based Ad
hoc Wireless Networks Proceedings of IEEE international
conference on computer security applications, Vol. 8, Issue
9, 2004
0924783 Page
82
CDLE MECHANISM for INTRUSION DETECTION in MANET
1) Go to http://www.cygwin.com/install.html ;
4) Open it
6) Location
7) Press there
8) Finish
1) Click on Cygwin
2) Enters "startxwin.bat"
3) cd C:
4) cd cygwin
5) cd home
6) cd ns-Allinone
7) ./install
8) ns tcl
0924783 Page
83
CDLE MECHANISM for INTRUSION DETECTION in MANET
a- Location is C:\cygwin\home\Administrator
0924783 Page
84
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
85
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
86
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
87
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
88
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
89
CDLE MECHANISM for INTRUSION DETECTION in MANET
0924783 Page
90