A Simple and Efficient Malicious Node Detection System for Improving ...

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 1 (2016) pp 396-400 © Research India Publications. http://www.ripublication.com

A Simple and Efficient Malicious Node Detection System for Improving the Performance of the Wireless Sensor Networks 1

R. Rohini1* and R.K. Gnanamurthy2 Faculty of Computer Science and Engineering, Vivekanandha College of Engineering for Women Namakkal 637205, Tamilnadu, India. 2 Faculty of Computer Science and Engineering, SKP Engineering College, Tiruvannamalai 606611, Tamilnadu, India.

network. The security of the information in the wireless sensor nodes is most important. The attackers change the behaviour of the nodes in network to collapse and degrade the functionality of the wireless sensor networks. These nodes are called as malicious nodes and must be detected and eliminated earlier in order to increase the performance behaviour of the wireless sensor networks. Two methodologies were used, namely, watchdog and pathrater, to detect and mitigate the effects of the routing misbehaviour due to the malicious nodes in the wireless networks, respectively.

Abstract The performance and nodes behaviour in the wireless sensor networks are affected by malicious nodes. These malicious nodes alter and degrade the network performance. In this paper, a hybrid Acknowledge scheme is proposed for the detection of malicious nodes in the wireless sensor networks. The nodes in the wireless sensor network are grouped into number of clusters. Each cluster possesses only three nodes and has an individual cluster key in all nodes in the cluster. The individual cluster key is provided to each cluster in the network by the sink. The malicious nodes are detected by receiving the acknowledgement from the destination node. The performance of the proposed system is analyzed and evaluated in terms of latency and packet delivery ratio. The proposed system is tested by determining the performance parameters at three types of attacks on the nodes in the network. Keywords: cluster, malicious node, cluster key, packet delivery ratio, latency

Introduction Wireless networks are preferable due to its high scalability and speed. Now a days, most of the networks are wireless. A Wireless Sensor Network (WSN) comprises of several small wireless sensor nodes usually densely populated within a network. Wireless networking and Mobile communications are recently thriving technologies developing faster in recent years. The sensor nodes can be partitioned into various groups called clusters. Each cluster has a central node or controller, referred to as a cluster head with a number of member nodes. Clustering process results in a two-tier hierarchy with the cluster heads (CHs) forming the higher tier and member nodes form the lower tier. All the member nodes report all the information and data to their respective cluster heads. The CHs collect all the data from the member nodes and shares them with the base station either directly or through other CHs. The CHs lose more energy compared to member nodes since CHs often transmit data over long distances. To maintain proper distribution of load in a cluster, the network may be reclustered periodically to select the energy-abundant node to act as the CH. Besides achieving energy efficiency, clustering reduces channel contention and packet collisions, resulting in better network throughput even under high load. Clustering process improves network lifetime, which is a primary metric for evaluating the performance of a sensor

Figure 1: Clustering in Wireless sensor networks The watchdog technique identifies the misbehaving nodes by overhearing on the wireless medium. The pathrater technique allows nodes to avoid the use of the misbehaving nodes in any future route selections. The Watchdog technique is based on passive overhearing. Unfortunately, it can only determine whether the next-hop node sends out the data packet or not. The reception status of the next-hop link’s receiver is usually unknown to the observer. Figure 1 shows the clustering of nodes in wireless sensor networks. Here, cluster 1 consists of nodes N1 to N7 and cluster 2 consists of N7 to N12, where node N7 is common node to both cluster 1 and 2. The node in cluster 1 sends the data to cluster head1 (CH1) which is responsible for delivering the datas from nodes to sink. Similarly, nodes in cluster 2 send the data to cluster head2 (CH2) which is responsible for delivering the datas from nodes to sink. The main aim of the clustering approach is to detect the hidden nodes or malicious nodes in the wireless sensor networks [3]. Section 2 presents the related works on the detection methodology of malicious nodes in the wireless sensor networks. Section 3 presents the proposed methodology for

396

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 1 (2016) pp 396-400 © Research India Publications. http://www.ripublication.com the detection of malicious nodes. Section 4 presents the results and discussion and Section 5 concludes the work.

the complex forms. This method was based on compressive sensing and a general framework was designed including continuous- and discrete-time and the evolutionary-game type of dynamical systems. Murad Abusubaih [12] devised a combined approach for detecting hidden nodes in 802.11 wireless LANs. The authors solved the hidden node problem through the Request to Send/Clear to Send (RTS/CTS) mechanism. However, the mechanism was not wholly successful. The RTS/CTS idea was based on the assumption that all nodes in the vicinity of Access Points will hear CTS packets and consequently defer their transmissions. The shortcoming of RTS/CTS stems from the fact that such packets introduce high overhead if extensively used. The authors proposed a hybrid approach for detecting hidden nodes in 802.11 WLANs. The approach was mainly based on adaptive learning about collisions in the network.

Literature Survey Sheltami et al. [4] proposed Adaptive Acknowledgment (AACK) method to detect the malicious nodes in the wireless sensor networks. This method reduced the network overhead by maintaining the same throughput. This AACK scheme transmits the packet to the other nodes without any overhead. The sender node got the AACK signal when the packet was successfully reached the destination node. If the sender node did not receive the packet from the destination time within a stipulated time period, the sender node again sends the same packet to the destination node. Marti et al. [5] developed a method Watchdog to improve the performance of the wireless networks even the presence of the malicious nodes in the network. Watchdog detects malicious misbehaviours by promiscuously listening to its next hop’s transmission. Haas and Deng [6] tried to remove exposed node and hidden node by utilizing the dual busy tone multiple access technique. In that scheme, a node needs to transmit two narrow bandwidth busy tones to notify its neighbours while receiving a signal. Ozgur Ekici and Abbas Yongacoglu [7] analyzed the performance of the wireless networks with hidden nodes. The authors showed that the hidden nodes barely affect the network performance in low traffic conditions, but it causes 33% performance loss in moderate traffic scenarios. The traffic level increases, the hidden node scenario experience more and more collisions that increase the average slot time duration T. Since the packet transmission attempt was only possible in average slot time decrements, high delay penalty of packet collision decreased in hidden node scenario. Ray et al. [8] presented a queuingtheoretic analysis method for evaluating the performance of wireless networks. Initially, an exact queuing-theoretic analysis for a 4-node segment is done and analytical expressions are derived for the probability of packet collision, mean packet delay and maximum throughput, based on a model that closely follows the IEEE 802.11 standard. Finally, they extended the analysis and provided an approximation for a general linear topology that was asymptotically exact at low load. The CSMA protocol was introduced by Klein-rock and Tobagi [9]. The authors dealt with the hidden node problem and proposed an alternate protocol, called the Busy Tone Multiple Access (BTMA). In their paper, the analysis of the protocols has been carried out under the assumption that the inter-arrival times of the point process defined by the start times of all the packets plus retransmissions are independent and exponentially distributed, i.e. they follow the Poisson process. Mostefa et al. [10] proposed a technique for the detection of hidden node in wireless Ad hoc networks. The active and passive detection methodologies allowed overcoming the problem of the hidden node in the wireless networks. In the passive detection, a mechanism RTS / CTS was used. The detection of hidden node by use of RTS / CTS mechanisms reduced the power consumption for every node to have a better knowledge of the topology of the network and preserving its energy consumption. Ri-Qi Su et al. [11] developed an algorithm which detects the hidden nodes in

Materials and Methods Materials The common simulation environment parameters used in this work are illustrated in Table 1. It uses dynamic source routing protocol to route the packets from one node to another node in the network and the data rate is about 1Mbps. The omni directional antenna is used in each node to send and receive the packets and the initial energy of each node in the network is assumed to have 1000 Joules. Table 1: Simulation environment parameters Parameters Channel type Radio-propagation model Antenna type Max packet Network interface type Standard Number of mobile nodes Routing protocol Initial energy in Joules Data Rate Area

Type Wireless Channel Two Ray Ground Omni directional Antenna 300 Physical layer IEEE 802.11b 75 DSR 1000 1Mbps 1000×1000

Methods The malicious nodes in the wireless sensor networks can be detected using hybrid Acknowledge scheme (HAS). In this method, the nodes in the wireless sensor network are grouped into number of clusters. Each cluster should have only three nodes and have an individual cluster key [3] in all nodes in the cluster. The individual cluster key is supplied by the sink to each cluster in the network. The nodes are named as N1, N2 and N3. Initially node N1 likes to transmit a packet to node N3.It first passes the packet to the node N2 with its own cluster key. Node N2 receives this packet after verifying the cluster key of the node N1. If the cluster key of the node N1 is matched with cluster key of node N2, then node N2 accepts the packets from the node N1 and sends this packet to node N3 if the destination address is not matched

397

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 1 (2016) pp 396-400 © Research India Publications. http://www.ripublication.com with its own address. The node N3 follows the same packet reception procedure performed by node N2 to receive the packets from the previous node in the cluster. After receiving packet, node N3 sends the HAS signal to the node N1 through node N2 using the procedure stated above. The node N1 must receive this HAS signal with in a particular duration. If it not received the HAS signal within the stipulated time, then node N1 assume that node N2 and node N3 are suspicious or malicious nodes. Finally node N1 sends this malicious nodes information to the sink immediately.

2 tool with Pentium core 2 duo processor and 1GB RAM. The simulation parameters are configured as follows: The 100 nodes are spread over an area of 1000m×1000m and initial energy of each node is configured to 1000 J. The data rate is set to 2Mb/sec. For each scheme, we ran every network scenario three times and calculated the average performance. The performance of the proposed methodology is determined through the following parameters as: 1) Packet delivery ratio: It is defined as the ratio between the numbers of packets correctly received to the total number of packets sent. 2) Latency: It is the time required to receive the packets from the transmitter through the number of nodes. Table 1 explains the performance analysis of packet delivery ratio and latency for Attack1. Table 2 notes the performance analysis of packet delivery ratio and latency for Attack2 and finally Table 3 notes the performance analysis of packet delivery ratio and latency for Attack3.The packet delivery ratio and latency of the proposed system is affected by malicious nodes. If there is number of malicious nodes available in the wireless sensor network, then the performance of the clustering technique will be degraded. For attack 1, the proposed system achieves packet delivery ratio of 98%, 91.5% and 89.1% when there are malicious nodes of 10%, 20% and 30%, respectively. It also achieves latency of 10.7 sec, 14.8 sec and 17.9 sec when there are malicious nodes of 10%, 20% and 30%, respectively. For attack 2, the proposed system achieves packet delivery ratio of 94.7%, 89.4% and 84.7% when there are malicious nodes of 10%, 20% and 30%, respectively. It also achieves latency of 12.9 sec, 15.6 sec and 18.9 sec when there are malicious nodes of 10%, 20% and 30%, respectively. For attack 3, the proposed system achieves packet delivery ratio of 92.9%, 90.8% and 84.8%, when there are malicious nodes of 10%, 20% and 30%, respectively. It also achieves latency of 14.1sec, 17.8 sec, and 19.1 sec, when there are malicious nodes of 10%, 20% and 30%, respectively.

Figure 2: Proposed malicious node detection system The false misbehaviour report can be generated and sent to the sink by malicious attackers to falsely report innocent nodes as malicious. To overcome this, the node (N4) nearby the malicious cluster node sends the dummy packet with its own address to the node (N5) in the cluster 2 through the node in the false cluster where the node N1 sends the malicious report to the sink. If the reported node is malicious, it does not transmit this dummy packet to the source node N5, otherwise it passes this packet to the node N5. At the same time, node N4 in nearby cluster, sends the same dummy packet with its own address to the node N5 with an alternative routing. If the node N5 does not receive the same dummy packet from the node N1 (i.e. reported node), then it is safe to conclude that this is a false misbehaviour report and whoever generated this report is marked as malicious node. Otherwise, the misbehaviour report is trusted and accepted.

Table 1: Performance Analysis for Attack1 Attack1: Packet delivery ratio (%) Malicious Malicious nodes:10 nodes:20 % % 91.5 Proposed 98 AACK 94 89.9 [4] Watchdo 93.7 89.5 g [5] Attack1: Latency (sec) Malicious Malicious nodes:10 nodes:20 % % 14.8 Proposed 10.7 AACK 15.1 17.9 [4] Watchdo 14.9 17.4 g [5]

Results and Discussion To validate the proposed methodology, three different attacks are applied on the nodes in the cluster. These attacks are named as packet dropping attack (attack1), false reporter attack (attack2) and acknowledgment hacking attack (attack3). In a packet dropping attack, the malicious node drops all packets that they receive. But, it does not generate any acknowledgment signal. These attacks can be easily found through the ‘ack’ checking method. In a false reporter attack, malicious nodes always drop the packets that they receive and send back a false misbehaviour report whenever it is possible. In an acknowledgement hacking attack, the malicious nodes are smart enough to forge acknowledgment packets and claiming positive result while, in fact, it is negative. The simulation is carried using Network simulator

398

Malicious nodes:30 % 89.1 86.2

Averag e

87.1

90.1

Malicious nodes:30 % 17.9 19.1

Averag e

18.9

17.0

92.86 90.03

14.4 17.3

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 1 (2016) pp 396-400 © Research India Publications. http://www.ripublication.com Table 2: Performance Analysis for Attack2 Attack2: Packet delivery ratio (%) Malicious Maliciou nodes:10% s nodes:20 % 89.4 Proposed 94.7 AACK [4] 91.7 82.9 Watchdog 89.1 82.1 [5] Attack2: Latency (sec) Malicious Maliciou nodes:10% s nodes:20 % 15.6 Proposed 12.9 AACK [4] 16.8 18.1 Watchdog 15.9 19.1 [5]

Malicio us nodes:3 0% 84.7 81.1 80.9

Averag e

Malicio us nodes:3 0% 18.9 21.8 20.9

Averag e

89.6 85.23 84.03 Figure 4: Performance analysis of average Latency Performance analysis of average packet delivery ratio and latency are depicted in Figure 3 and 4. The proposed methodology achieves improvement of packet delivery ratio for 10.31% in AACK scheme and 10.30% in Watchdog methods by testing Attack1. The proposed methodology achieves improvement of packet delivery ratio for 10.51% in AACK scheme and 10.66% in Watchdog methods by testing Attack2. The proposed methodology achieves improvement of packet delivery ratio for 10.8% in AACK scheme and 10.99% in Watchdog methods by testing Attack3.

15.8 18.9 18.6

Table 3: Performance Analysis for Attack3 Attack3: Packet delivery ratio (%) Malicious Malicious nodes:10 nodes:20 % % 90.8 Propose 92.9 d AACK 86.8 81.0 [4] Watchdo 83.8 81.5 g [5] Attack3: Latency (sec) Malicious Malicious nodes:10 nodes:20 % % 17.8 Propose 14.1 d AACK 18.6 19.9 [4] Watchdo 17.8 19.6 g [5]

Malicious nodes:30 % 84.8

Averag e

79.7

82.5

78.9

81.4

Malicious nodes:30 % 19.1

Averag e

22.1

20.2

21.9

19.7

Conclusion Packet-dropping attack is a major attack to the security of the nodes in the wireless sensor networks. The malicious nodes are detected by receiving the acknowledgements from the destination nodes. The performance of the proposed system is analyzed using packet delivery ratio and latency. The proposed system for the detection of malicious nodes in the network achieves approximate improvement of packet delivery ratio and latency to 10% over the ACCK and Watchdog schemes.

89.5

References [1]

17

[2]

[3]

[4]

[5] Figure 3: Performance analysis of average Packet delivery ratio

399

Jyoti Saraswat, and Partha Pratim Bhattacharya, 2013, “Effect of duty cycle on energy consumption in wireless sensor networks,” International Journal of Computer Networks & Communications, 5(1). Chu-Fu Wang, Jau-Der Shih, Bo-Han Pan, and TinYu Wu, 2014, “A Network Lifetime Enhancement Method for Sink Relocation and Its Analysis in Wireless Sensor Networks,” IEEE Sensors Journal, 14(6). Boroumand, L., Khokhar, R.H., Bakhtiar, L.A., and Pourvahab, M., 2012, “A Review of Techniques to Resolve the Hidden Node Problem in Wireless Networks,” Smart Computing Review, 2(2). Sheltami, T., Al-Roubaiey, A., Shakshuki, E., and Mahmoud, A., 2009, “Video transmission enhancement in presence of misbehaving nodes in MANETs,” Int. J. Multimedia Syst., 15(5), pp. 273– 282. Marti, S., Giuli, T.J., Lai, K., and Baker, M., 2000, “Mitigating routing misbehaviour in mobile ad hoc networks,” in Proc. 6th Annu. Int. Conf. Mobile Comput. Netw., Boston, MA, pp. 255–265.

International Journal of Applied Engineering Research ISSN 0973-4562 Volume 11, Number 1 (2016) pp 396-400 © Research India Publications. http://www.ripublication.com Haas, Z.J., and Deng, J., 2002, “Dual Busy Tone Multiple Access (DBTMA)—A Multiple Access Control Scheme for Ad Hoc Networks Communication,” IEEE Trans. Comm., 50(6), pp. 975-985. [7] Ozgur Ekici, and Abbas Yongacoglu, 2008, “IEEE 802.11a Throughput Performance with Hidden Nodes,” IEEE Communications Letters, 12(6). [8] Ray, S., Starobinski, D., and Carruthers, J.B., 2005, “Performance of wireless networks with hidden nodes: A queuing-theoretic analysis,” Computer Communication, 28(10), pp. 1179–1192. [9] Kleinrock L., and Tobagi, F.A., 1975, “Packet switching in radio channels: Part 1 - Carrier Sense Multiple-Access modes and their throughput-delay characteristics,” IEEE Transactions on Communications, COM-23, 12, pp. 1400–1416. [10] Mostefa Fatima Zohra, Mekkakia Maaza Zoulikha, Khelifa Said, 2011, “Techniques Of Detection Of The Hidden Node In Wireless Ad Hoc Network,” in Proceedings of the World Congress on Engineering, Vol. II, London, U.K. [11] Ri-Qi Su, Wen-Xu Wang, and Ying-Cheng Lai, 2012, “Detecting hidden nodes in complex networks from time series,” Phys. Rev. [12] Murad Abusubaih, 2011, “A combined approach for detecting hidden nodes in 802.11 wireless LANs,” annals of telecommunications, annales des telecommunications, 66(11), pp. 635–642. [6]

400