1Introduction Routing in these networks is highly complex due to moving nodesand hence many protocols have been developed. The goal of routing in a MANET isto discover the most recent topology of a continuously changing network to finda correct route to a specific node. Routing protocols in a MANET can beclassified into two categories: reactive routing protocols (e.g., AODV) andproactive routing protocols (e.g., OLSR).
In reactive routing protocols, nodesfind routes only when they must send data to the destination node whose routeis unknown. On the other hand, in proactive protocols, nodes periodicallyexchange topology information, and hence nodes can obtain route information anytime they must send data. The securityin MANETs is the most important concern for the basic functionality of network.MANETs often suffer from security attacks because of its features like openmedium, changing its topology dynamically, lack of central monitoring andmanagement, cooperative algorithms and no clear defense mechanism. The mainobjective of routing attacks to mislead or disrupt normal functioning ofnetwork by advertising false routing updates. The availability of networkservices, confidentiality and integrity of the data can be achieved by assuringthat security issues have been met 4.
To detect the malicious nodes introduced a new cooperative blackhole attack detection mechanism 5. It modifies the AODV routing protocol byintroducing two concepts i.e. Data routing information (DRI) table and Crosschecking.
In order to detect the grayhole attacks both local and cooperative detection scheme has been designed 6.Once a node is detected to be really malicious, the scheme has a notificationmechanism for sending messages to all the nodes that are not yet suspected tobe malicious, so that the malicious node can be isolated and not allowed to useany network resources. The wormhole attack has been detected byusing path delay data. The node isconsidered as malicious when its delay time exceeds a pre-defined threshold7. In order to achieve better detection rate and high throughput Hop Countdelay per hop indication DELPHI method has been used 8.
Here identify twotypes of wormhole attacks. In the first type, malicious nodes do not take partin finding routes, meaning that, legitimate nodes do not know their existence.In the second type, malicious nodes do create route advertisements andlegitimate nodes are aware of the existence of malicious nodes, just do notknow they are malicious. By observingthe delay of different paths to the receiver, the sender is able to detectboth kinds of wormhole attacks. The rest of the paper isorganized as follows: a brief review of some of the literature works in routingattacks detection is presented in Section 2. The proposed methodology for dynamic anomaly detection is detailedin Section 3. The experimental results and performance analysis discussion isprovided in Section 4. Finally, the conclusions are summed up in Section5.
2Literature Review Sharma,et.al (2014) introduced a mechanism thatuses the false RREQ packets to attract the malicious node to respond with thefalse RREP. In this method, there is more than one malicious node which willreply the false RREQ packet. The RREP packet is improved by adding one morefield to indicate the identity of the node which replies with RREP packet.Thus, if any intermediate node sends the RREP message in response to the falseRREQ, it can be easily found. The normal nodes will not respond to the falseRREQ message as they have no route to that virtual node. The identities ofmalicious nodes will be added to the black list and this list will be broadcastas an ALARM to all other nodes in the network 9. Kannhavonget.
al(2006) introduced an attack against the OLSR protocol. As implied by thename, the goal of this attack is to isolate a given node from communicatingwith other nodes in the network. The idea of this attack is that attacker(s)prevent link information of a specific node or a group of nodes from beingspread to the whole network. Thus, other nodes who could not receive linkinformation of these target nodes will not be able to build a route to thesetarget nodes and hence will not be able to send data to these nodes11. Ahmedet.al (2014) designed an effective intrusion detection system (IDS) which isimportant to identify the malicious nodes, isolate the problem created by suchnodes and notify the information of the malicious node to the other nodes. This scheme also provides the necessarysecurity cover to the network by adding encryption to maintain confidentialityand integrity 12. Deng,Li and Agrawal (2002) have suggested a mechanism of defense against a blackhole attack on AODV routing protocol.
In their proposed scheme, when the RouteReply packet is received from one of the intermediate nodes, another RouteRequest is sent from the source node to the neighbor node of the intermediatenode in the path. This is to check whether such a path really exists from theintermediate node to the destination node. While this scheme completelyeliminates the black hole attack by a single attacker, it fails miserably inidentifying a cooperative black hole attack involving multiple malicious nodes17. 3 ProblemSpecification Dueto dynamic, distributed infrastructure less nature of MANETs, lack ofcentralized authority, and resources constraints, the ad hoc networks arevulnerable to both active and passive attacks.
In MANET, routing attacks try todisrupt the functions of routing protocol by intentionally or unintentionallydropping packets or propagating faked routing messages. To solve this problemthe existing system introduced a distributed and cooperative scheme fordetecting routing attacks in MANETs. In this scheme the delaydata are tested using THD to detect anomalous delays.
The findings of this test are used to classify the monitored path as either normalor abnormal, and accordingly. 4 Motivation Inthis scheme, optimal threshold is selected by using multi objective PSO. The objective function of this systemincludes minimizing path delay, maximizing the throughput, minimizingtransmission energy and maximizing packet delivery ratio.
Based on this threshold value the normal andabnormal paths are classified by using support vector machine (SVM) classifier.For each neighbor, behavior metrics are evaluated based on direct observationsand further verified based on indirect observations. The malicious nodes in theabnormal paths are detected by using observationbased anomaly detection algorithm. The proposed methodology is implemented by using NS-2 simulator. Theexperimental results show that the proposed system achieves better performancecompared with existing system in terms of end to end delay, packet deliveryratio, throughput, detection rate and false positive rate.
5 ResearchContribution In my research introduced a multiobjective based PSO-SVM to detect routing attacks in MANETs. A newproposed scheme makes use of multi objective PSO to determine the thresholdbased on the path delay, throughput, energy and Packet Delivery Ratio (PDR) isoutside the range of normal values. Based on the threshold value the support vector machine (SVM) is usedfor classify the routing paths whether it is normal or abnormal. The proposed system uses an observation basedanomaly detection algorithm to characterize the behaviors of both neighboringand remote node for detecting the malicious node in the abnormalpath.
