| dc.description.abstract | The open medium, dynamic topology and distributed operation in Mobile Ad hoc Networks
(MANET) leads to high risks. Many solutions are proposed to protect a MANET from attacks,
ranging from attack identification to prevention. Although these solutions reduce and avoid
the attacks in a MANET, sometimes they identify many false attacks as real ones which may
cause huge loss of resources. For example, a sudden route breakdown can cause delay in packet
delivery; differentiating such a delay from the delay caused by an attacker is difficult. Further,
an intelligent attacker could also cause false negative alarms in the network by manipulating
the ADS. The attacker could avoid detection by an ADS by delaying the packets in small incre-
ments which lead to large increments in delay over time. Such an attack could be detected by
using a strong bound on the threshold of delay parameter. But, this could cause false positive
alarms as discussed in the above example. Such false alarms occur more often when an attack
is complex and has multiple features. In this thesis we propose solutions to mitigate such false
alarms and improve the attack detection probability.
In thesis we made an attempt to design a system which identifies and con firms the attacks,
to protect the MANET from false attacks and loss of resources due to false alarms. The system
designed, enhances the attack detection rate by confirming the occurrence of the attack through
analysis of the current attack scenario and the past history of attacks.
First, we designed and developed, a Wormhole Attack Confirmation (WAC) System using
Honeypots to mitigate false alarms in a MANET and protect its resources during a wormhole
attack. We embark on the study by building an attack tree of the wormhole attack. The attack
tree is built by identifying all the network conditions which could trigger the wormhole attack.
These conditions are called as symptoms of wormhole attack and are analyzed by the honeypot.
The Honeypot is centrally located and confirms the wormhole attack in a three step process. It
makes an assessment of the current scenario using the attack tree of the wormhole attack, and
compares it with the similar scenarios in the past with inputs from Attack History Database
(AHD) to provide a verdict on the scenario.
For preserving the security of a Mobile Ad hoc Network, we need to determine the origin of
the attack, that is, trace the location of the attacker. Determining the physical location of the
attacker helps in con nement of the attacker and attack. However, traditional attacker trace-
back schemes fail to perform in a MANET which leads to huge degradation of its performance.
Hence, we propose a Wormhole Attacker Tracing system to trace the location of a wormhole
attacker in a MANET. The system runs on the Honeypot and collects the information about
the attack from the victim's neighbors using bloom filters. Honeypot extracts the informa-
tion from the bloom filter, and the information about the past attacks from Attack History
Database (AHD), to trace the location of the wormhole attacker. The zone of the attacker is
determined by the honeypot using the concept of Dominating sets. Further, the exact location
of the attacker within the zone is determined by interacting with the attacker and identifying
the dominant congested link.
To demonstrate the WAC system functioning, we have considered the real time applications
like email services. We have simulated the WAC system exclusively with email dumping by the
attacker under various network load conditions. The system accurately identifies fake attacks
and location of the attacker.
We extended the technique for the black-hole attacks in a MANET. The Black-hole Attack
Confirmation (BAC) system uses honeypot to intelligently identify and confirm the black-hole
attack. Honeypot identifies the actions of a black-hole attacker in the current attack scenario
with the help of the Black-hole attack Tree (BAT). BAT is an exhaustive sketch of all possible
ways a black-hole attack can launched on a MANET. Further, honeypot analyzes the history of
attacks from Attack History Database (AHD),to con firm the black-hole attack. Together with
the BAT and AHD, the honeypot adapts itself to the current attack scenario, and efficiently
confi rms the black-hole attack in a MANET.
To preserve the security of a MANET we designed a Black-hole Attacker Tracing system to
locate and quarantine the black-hole attacker. The system works in two phases. In phase one,
the Honeypot determines the zone of the black-hole attacker. To identify the zone of the black-
hole attacker, the honeypot maintains an open connection with the attacker, while collecting
the information about the attacker. The current information is enhanced with the knowledge
available in the attack history database. Honeypots analyze the actions of the attacker using
Dominating sets. The physical location of the black-hole attacker within the zone is determined
by identifying the dominant un-reliable node.
Later we integrated both systems: WAC and BAC and deployed in MANET where IoT-
Health care is a major application. Health care is one of the rapidly developing system in the
context of IoT. The value held by the health care attracts a large number of attackers. These
systems inherit the vulnerabilities of its underlying access networks like MANET which hinder
its deployment. We have applied our systems to counter the attacks on an IoT-Health care
network based on a MANET. The purpose of the experiment is to mitigate multiple attacks in
an IoT-Health care network.
In summary: (1) We designed a Wormhole Attack Con firmation (WAC) system using Hon-
eypot through which we make an attempt to confi rm the attack by analyzing a wormhole attack
holistically using a attack tree; (2) We designed a Wormhole Attacker Location Tracing Scheme
to trace the location of a wormhole attacker by exploiting the properties of the wormhole attack
using the dominating sets; (3) We evaluated the performance of WAC system with real time
application of email service in a MANET; (4) We designed a system to protect the MANET
from the black-hole attack through the Black-hole Attack Confirmation (BAC) system using
Honeypot and the Black-hole Attack Tree (BAT); (5) We then designed a Black-hole Attacker
Tracing system using Honeypot, where the system first identifying the zone of the attacker
followed by identifying the attacker within the zone by collecting the information about the
attack from neighbors of victim, and extracting the information about similar attacks from
history; (6) We have applied the attack confirmation systems to an IoT-Health care network
to identify and confirm multiple attacks in IoT-Health care network.
We have simulated the designed system in several IoT-Health care environments, of varying
sizes of nodes and applications. On several occasions the results have demonstrated that the
proposed system is efficient in confirming multiple attacks, thereby saving the resources and
minimizing the path reestablishment. Thus the systems presented in this thesis are capable of
avoiding attacks in a practical network and also save important resources of the network. | en_US |
