Designing Solutions to Counter the Attacks in Mobile Ad hoc Networks

Abstract

The open medium, dynamic topology and distributed operation in Mobile Ad hoc Networks (MANET) leads to high risks. Many solutions are proposed to protect a MANET from attacks, ranging from attack identification to prevention. Although these solutions reduce and avoid the attacks in a MANET, sometimes they identify many false attacks as real ones which may cause huge loss of resources. For example, a sudden route breakdown can cause delay in packet delivery; differentiating such a delay from the delay caused by an attacker is difficult. Further, an intelligent attacker could also cause false negative alarms in the network by manipulating the ADS. The attacker could avoid detection by an ADS by delaying the packets in small incre- ments which lead to large increments in delay over time. Such an attack could be detected by using a strong bound on the threshold of delay parameter. But, this could cause false positive alarms as discussed in the above example. Such false alarms occur more often when an attack is complex and has multiple features. In this thesis we propose solutions to mitigate such false alarms and improve the attack detection probability. In thesis we made an attempt to design a system which identifies and con firms the attacks, to protect the MANET from false attacks and loss of resources due to false alarms. The system designed, enhances the attack detection rate by confirming the occurrence of the attack through analysis of the current attack scenario and the past history of attacks. First, we designed and developed, a Wormhole Attack Confirmation (WAC) System using Honeypots to mitigate false alarms in a MANET and protect its resources during a wormhole attack. We embark on the study by building an attack tree of the wormhole attack. The attack tree is built by identifying all the network conditions which could trigger the wormhole attack. These conditions are called as symptoms of wormhole attack and are analyzed by the honeypot. The Honeypot is centrally located and confirms the wormhole attack in a three step process. It makes an assessment of the current scenario using the attack tree of the wormhole attack, and compares it with the similar scenarios in the past with inputs from Attack History Database (AHD) to provide a verdict on the scenario. For preserving the security of a Mobile Ad hoc Network, we need to determine the origin of the attack, that is, trace the location of the attacker. Determining the physical location of the attacker helps in con nement of the attacker and attack. However, traditional attacker trace- back schemes fail to perform in a MANET which leads to huge degradation of its performance. Hence, we propose a Wormhole Attacker Tracing system to trace the location of a wormhole attacker in a MANET. The system runs on the Honeypot and collects the information about the attack from the victim's neighbors using bloom filters. Honeypot extracts the informa- tion from the bloom filter, and the information about the past attacks from Attack History Database (AHD), to trace the location of the wormhole attacker. The zone of the attacker is determined by the honeypot using the concept of Dominating sets. Further, the exact location of the attacker within the zone is determined by interacting with the attacker and identifying the dominant congested link. To demonstrate the WAC system functioning, we have considered the real time applications like email services. We have simulated the WAC system exclusively with email dumping by the attacker under various network load conditions. The system accurately identifies fake attacks and location of the attacker. We extended the technique for the black-hole attacks in a MANET. The Black-hole Attack Confirmation (BAC) system uses honeypot to intelligently identify and confirm the black-hole attack. Honeypot identifies the actions of a black-hole attacker in the current attack scenario with the help of the Black-hole attack Tree (BAT). BAT is an exhaustive sketch of all possible ways a black-hole attack can launched on a MANET. Further, honeypot analyzes the history of attacks from Attack History Database (AHD),to con firm the black-hole attack. Together with the BAT and AHD, the honeypot adapts itself to the current attack scenario, and efficiently confi rms the black-hole attack in a MANET. To preserve the security of a MANET we designed a Black-hole Attacker Tracing system to locate and quarantine the black-hole attacker. The system works in two phases. In phase one, the Honeypot determines the zone of the black-hole attacker. To identify the zone of the black- hole attacker, the honeypot maintains an open connection with the attacker, while collecting the information about the attacker. The current information is enhanced with the knowledge available in the attack history database. Honeypots analyze the actions of the attacker using Dominating sets. The physical location of the black-hole attacker within the zone is determined by identifying the dominant un-reliable node. Later we integrated both systems: WAC and BAC and deployed in MANET where IoT- Health care is a major application. Health care is one of the rapidly developing system in the context of IoT. The value held by the health care attracts a large number of attackers. These systems inherit the vulnerabilities of its underlying access networks like MANET which hinder its deployment. We have applied our systems to counter the attacks on an IoT-Health care network based on a MANET. The purpose of the experiment is to mitigate multiple attacks in an IoT-Health care network. In summary: (1) We designed a Wormhole Attack Con firmation (WAC) system using Hon- eypot through which we make an attempt to confi rm the attack by analyzing a wormhole attack holistically using a attack tree; (2) We designed a Wormhole Attacker Location Tracing Scheme to trace the location of a wormhole attacker by exploiting the properties of the wormhole attack using the dominating sets; (3) We evaluated the performance of WAC system with real time application of email service in a MANET; (4) We designed a system to protect the MANET from the black-hole attack through the Black-hole Attack Confirmation (BAC) system using Honeypot and the Black-hole Attack Tree (BAT); (5) We then designed a Black-hole Attacker Tracing system using Honeypot, where the system first identifying the zone of the attacker followed by identifying the attacker within the zone by collecting the information about the attack from neighbors of victim, and extracting the information about similar attacks from history; (6) We have applied the attack confirmation systems to an IoT-Health care network to identify and confirm multiple attacks in IoT-Health care network. We have simulated the designed system in several IoT-Health care environments, of varying sizes of nodes and applications. On several occasions the results have demonstrated that the proposed system is efficient in confirming multiple attacks, thereby saving the resources and minimizing the path reestablishment. Thus the systems presented in this thesis are capable of avoiding attacks in a practical network and also save important resources of the network.