Assaults Using Risk Aware Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The Dynamic nature of Mobile Ad hoc Networks infrastructure have been highly assailable to assaults. The most annihilating damage to MANET is caused by routing assaults apart from various assaults. Even though there exist several invasion response techniques to palliate such critical assail, existing solutions typically attempt to separate vicious nodes based on binary or naïf bleary response decisions. Additional damage to the network basic structure caused by unexpected network partition by binary response and naïf bleary responses could lead to incertitude in anticipating routing assaults in MANET. In this paper, we propose a risk-aware response mechanism to deal with identified routing assaults in a planned manner. In accession, our experiments exhibit the effectualness of our approach with the consideration of several performance metrics.

Index Terms - Mobile ad hoc networks, invasion response, risk aware, manifests, node reputation.


Mobile Ad hoc Networks (MANET) establishes winged communication environment without a predefined structure or centralized control. Therefore, MANET has been positioned in contrary and hostile environments where central administration is not necessary. Another unique feature in MANET is mobility of nodes which makes the network topology to change frequently in a dynamic manner. Moreover, each node plays a router part while carrying data across the network. Therefore, any agreed nodes below an opponent's control could cause substantial damage to the behaviour practicality and security of its network since the effect would circulate in performing routing tasks.

Based on the esteem gained from the node behaviour [1], [2], the invasion response action in MANET isolates the non-collaborating nodes. Such a simple response against vicious node often drops possible negative consequences involved with the response actions. In MANET history, wrong countermeasures may cause unanticipated network partition, bringing extra damages to the network infrastructure. More flexible and adaptive response should be looked in to cover the above cited critical issues.

The belief of risk can be followed to support more adaptive responses to routing assaults in MANET [3]. However, risk evaluation is still a fiddle, challenging problem due to its engagements of immanent knowledge, objective witness and logical conclusion. Immanent knowledge could be retrieved from past experience and objective witness could be obtained from observance while logical reasoning requires a formal base. Tseng et al. [4] declared a naïf bleary cost-sensitive invasion response solution for MANET. Their framework took immanent knowledge and objective witness into account but omitted an unlined combination of two properties with logical conclusion.

In this paper, we propose a risk-aware response mechanism to deal identified routing assaults in a planned

manner, aiming an adaptive time-wise isolation method. To evaluate our mechanism, we have to conduct a series of experiments with a proactive routing protocol, Optimized Link State Routing Protocol [5]. This paper is organized as follows: Section 2 summarizes a routing protocol and its assaults against OLSR. Section 3 describes the details of our risk-aware response mechanism. Section 4 discusses our evaluation approach used. Section 5 provides the related work in invasion sensing and response systems, also looks back risk-aware approaches in different fields.


In this section, we look back the OLSR and routing assaults on OLSR.

2.1 OLSR Protocol

The major function of any routing protocol is holding the recent map of the network topology, so that they can construct cost-effective routes to its destinations. The MANETs have various routing protocols. By the manner in which the protocols oppose to the topology changes, they have been grouped into Proactive (table-driven) and Reactive (on-demand). Table-driven protocols like AODV [6] circulate topology information sporadically and find routes unendingly, while on-demand protocols like OLSR find routes on need. Proactive protocol needs a minimal delay for an application to route the packet because routes to all reachable nodes in the network are available. Larger signalling traffic and power consumption is present in table-driven protocols. When a topology change occurs, updates are circulated throughout the network to notify the change. Maintaining up-to-date network topology information is relatively high in proactive protocols.

OLSR is a variation of Link-State routing protocol in terms of reduction in size of control message and minimum flooding. Multipoint Relay (MPR) is a designated node in OLSR to provide an efficient flooding mechanism by reducing the number of transmissions. Unlike LSR, where each node floods the link message to their neighbours, only nodes selected as MPR is responsible for advertising, as well as forwarding MPR selector list. LSR protocol need 24 retransmissions to diffuse a message up to 3 hops, while OLSR need 11 retransmissions to cover the same, is shown in figure 1.

2.2 Routing Attack on OLSR

The assailants on MANETs can be categorized based on the behaviour as active (disrupts) or passive (listens). Assaults are further divided with respect to the target as data packet or routing packet assaults. In routing assault, assailants

prevent existing paths from being used, but also charade non-existing paths to entice data packets to them. Several models [7], [8], [9], [10] have been proposed to study the MANET routing assaults. Typical routing assault includes black hole, flood rushing, worm hole and overlay network assault. All these assault make changes in routing packets, which leads to serious network malfunctions.

A vicious node can interrupt the routing process in simple ways: first, changes the contents of a discovered route, modifies a reply message, and packet dropped as invalid, then it formalize the routing table cache in other nodes by publishing wrong paths and decline to take part in the route uncovering process and finally, it changes the content of a routing data packet or act normally during the route uncovering process but is dropped.

In OLSR, any node can either change the routing message, or create false data message or provide false identity. Therefore, the assailant can maltreat the properties of the selection algorithm to be selected as MPR. The assailant picks up only one node as MPR in the worst case. Otherwise, wrong information about the topology in the form of TC message will be propagate by the assailants in order to trouble the routing function.


This section formulates an adaptive risk-aware reply mechanism based on valued risk judgement and risk leeway. Our approach follows a separation mechanism in a secular manner based on the risk value, instead of using binary separation of vicious nodes.

3.1 Overview

Because the MANET's doesn't have a specific architecture, our response system is distributed on each node to make decisions based on the manifest and its own sole gains. Therefore, few nodes are separated from vicious node, but other nodes may still kept in collaboration with due to high addiction relationship. Figure 2 shows our risk-aware reply mechanism which is divided into the following four steps.

Affirmation Collection: Invasion sensing system provides an assured value with an assault awake and then routing table change sensor runs to show what is the alteration induced on the routing table by the assault.

Risk Evaluation: Alert assurance from ISS and the routing table information change are considered further as independent manifest for risk computation. The anticipating steps of risk are computed as well during a risk evaluation phase. Based on the risk of assaults and risk of anticipating steps, the entire risk of an assault could be pointed out.

Decision Making: The adaptive conclusion module provides a compromising response conclusion making mechanism, which takes risk judgement and risk leeway into account. To adapt temporary separation degree, a user can set various verges to satisfy the goal.

Invasion Reply: With the result from risk evaluation and conclusion-making module, the matching response action, including routing table retrieval and node separation, are done to palliate assault harms in a spreader fashion.


In this proposal, we use two various responses to deal with various assault methods: routing table retrieval and node separation.

Routing table retrieval contains both local and global routing table retrieval. A victim node that finds the assault does local retrieval and automatically retrieves its own table. Global retrieval needs with sending regained routing content by victim nodes and changing their routing table based on corrected routing data in real time by other nodes.

After successful sensing of assaults, routing table recovery should serve as the first essential response method. In table-driven routing algorithm like OLSR, routing table regain does not bring any extra overhead since it sporadically goes with routing control content. Until the sensing of assaults is positive, this reply does no negative effects on existing routing operations.

The most non rational method to forbid from vicious node assaults is node separation. The node separation is executed by the neighbours of the vicious node, neither by routing packets through nor receiving any packets from the vicious node. Negative effects to the routing operations may cause damage then the assault itself, when a binary node separation response is made.

For example, in figure 3, node 1 acts like a vicious node. On the other hand, if other nodes simply isolate node 1, node 6 will be disjointed from the network. Consequently, more compromising and fine-grained node separation mechanism is required. In our risk-aware response mechanism, we have to take two types of time-wise separation response: temporary separation and permanent separation, which are discussed in section 3.4.


The risks of assault and response should be figured out because the assault response actions may cause more harm than assault. MANET security states are distinguished as {Secure, Insecure}. In other words, {Ï•, {Secure}, {Insecure}, {Secure, Insecure}} would be the frame of appreciation. The security state {Secure, Insecure} of MANET could be either secure or insecure, which depicts the security state as uncertain. The risk of MANET is represented as Bel{Insecure}.


Immanent manifests from experts cognition and objective manifests from routing table alteration are consider our manifest selection approach. We suggest an integrated analysis approach for assessing the both assault (RiskA) and anticipating steps (RiskC) of risks.

The assured level of alert from ISS is taken as the immanent knowledge in manifest 1. In objective manifest, we examine various routing table alteration cases. The routing table of OLSR contains three basic details (destination, next hop, distance). Thus, routing assault can do living routing table entries to be neglected any details of a routing table entry to be altered. From manifests 2 through 5, we exemplify the potential cases of routing

table alteration and examine the levels of harms.

Manifest 1: Awake assurance. The ISS renders the assurance of assault sensing to address the possibility of the assault happening. Since the wrong alert from most ISSs is a problem, the assurance factor must be conceived for the risk estimation of the assault.

Manifest 2: Absence of detail. This manifest shows the extent of missing details in routing table. The cause for potential omission of details from routing table of a node is link with holding assault or node separation countermeasure.

Manifest 3: Altering detail I. This manifest constitutes the extent of altering details in the case of next hop being the vicious node. Here, the vicious node constructs a direct link to this node. So, it is extremely potential for this node to be the assailant's destination vicious node could act as a normal node and expect for future assault activity, or drop all packets to or from the destination node. Separation of vicious node cannot initiate this case.

Manifest 4: Altering detail II. This manifest indicates the extent of altered entries in the case of various next hops (not the vicious node) and the same distance. Hits on the node communication should be very minimal in this case. The cause for this case is both assault and anticipating step.

Manifest 5: Altering detail III. This manifest shows the extent of altering entries in the various next hops (not the vicious node) and the various distances. Alike to manifest 4, both assaults and anticipating steps could result in this manifest. Routing cost and transmission delay of the network may be affected by the path alteration.


Figure 4 shows our adaptive decision making module based on valued risk judgement and risk leeway. In accession, the reply level is separated into multiple bands. A separation degree is related with each band, which poses a various time period of the separation activity. Based on the risk leeway the reply action and band level are all decided and can be altered when risk leeway verge changes. The permanent separation response would be related with upper risk leeway verge (UA). The lower risk leeway verge would remain each node intact. The band among the upper verge and lower verge is related with the temporary separation response, in which the temporary separation response, in which the separation time (T) changes dynamically based on the various response degrees given by (1) and (2), where n is the number of bands and i is the matching separation band.

Initially if no additional information is available we urge the value of lower risk leeway verge to be 0. This shows the separation is required when the risk of assault is greater than the risk of separation response. If additional information is available, it could be used to correct the verge. Node Reputation is one of the crucial factors in MANET security; our adaptive mechanism could take this factor into account as well. If the compromised node has a high or low reputation degree, the reply module can non-rationally align the risk leeway verge consequently. When LA is less than 0, still if the risk of assault is not higher than the risk of separation, the response module could also do a separation chore to the vicious nodes.

Assault frequency is another factor that could dynamically change the risk leeway verge when the assault frequency is high, more severe response activity should be taken to overcome this assault. Our reply module could attain this objective by reducing the values of risk leeway verge and necking down the verge between two risk leeway verges.


In this section, we explained the experiment methodology and the metrics took to judge the effectuality. Then we proved the elaborated process of our solution with a case study. The results show the effectuality and scalability of our approach.


NS-2 is a distinct event simulator which models the physical and data link layer functionality of a wireless network and allows absolute movement of nodes within the network. Using NS-2 as the tool from VINT project [11] with UM-OLSR [12] we have carried out the experiments. UM-OLSR is an effectuation of OLSR protocol for the NS-2, which follows with [5] and confirms all core practicalities of OLSR plus the data-link layer resubmit alternative. We made a MANET scenarios in a topology area of 1,000m X 1,000m in our experiments with a total simulation time and bandwidth are set to 1,200 seconds and 2mbps respectively. Between the nodes 512 byte UDP packets was send for Constant Bit Rate (CBR) traffic. Every node queuing capacity is set to 15. Every node used to keep a log about the packet send and received across the network.

To determine the effectuality of our adaptive mechanism, we used six metrics for performance comparison. The following explains each stage and its associated activities.

Stage 1 - Before assault - Among the nodes in the network random packets are generated and transmitted without triggering any of them as assailants. A traffic pattern which comes from this simulation is under normal condition.

Stage 2 - After assault - In the network particular nodes are assigned as assailant which perform vicious actions for their own gains. This stage doesn't provide any sensing or reply for the assailant's. Traffic patterns which comes from this simulation is a under the vicious action conditions.

Stage 3 - After response - For each node response conclusions were made and conveyed based on the binary isolation.

The six metrics [13] we used for our simulation run:

Packet delivery ratio. The proportion of the number of delivered data packet to the CBR sinks at the final destination.

Routing cost. The proportion between the total bytes of routing packets transmitted and the total bytes of packets received at the final destination.

Packet overhead. The time it takes to transmit data on a packet-switched network. For example, a TC or HELLO message sent across three hops counted as three packets.

Byte overhead. The number of carried bytes by routing packets, counting each hops like packet overhead.

Mean latency. The amount of time takes for the information from the source computer to the destination.

Average path length. This is the average number of steps along the shortest paths for all possible pair of network nodes. It is a measure of the efficiency of information on a network.


Our case study scenario is shown in figure 3, where packets from source node 5 to destination node 0 are supposed to go through intermediate nodes 2 and 4. A vicious node 1 announces its link as a direct link (false link) to node 0 and makes every other node in the network to update their routing table consequently. Any packet from node 5 to node 0 goes through node 1 instead of nodes 2 and 4. The vicious node 1 drops and influences the traffic between nodes 5 and 0. We accept, as Node 1's one hop neighbours, node 0, node 4, and node 6 get the invasion awake with 80 per cent assurance from their respective ISS modules. The routing tables of nodes 0, 4, and 6 before the assault, after the assault and after the separation, severally are shown in the figure 5a, 5b, and 5c.

In figure 6a, due to routing assaults, the packet delivery ratio drops off in Stage 2. The ratio decreases even-more in Stage 3 after doing binary separation. Since, this mechanism largely destructs the topology there is a drop in the metrics.

In figure 6b, the routing assaults increase the routing cost in Stage 2. Stage 3 there is an increase in metrics due to binary separation.

Figure 6c and 6d shows the packet and byte overhead respectively. When comparing Stage 1 with Stage 2 they remain almost the same because the routing assaults do not alter the topology further in this case.

In figure 6e, as an effect of the routing assaults, the mean latency increases in Stage 1 to 2. After separation, we find that this metric has a slight drop in Stage 3.

In figure 6f, there is a decrease in average path length due to the vicious activity calming a shorter path performed by node 1 in Stage 2. After response, using binary separation this metrics becomes higher because the more nodes isolated the vicious node. Hence, some packets may be carried by more hops than before.


Invasion sensing and response in MANET. Some preventive activity has

been made through some research efforts [13], [14], [15], [16] for protecting the routing protocols in MANET. Unauthorized nodes were prevented from joining the network through these approaches; they brought a substantial overhead for key exchange and verification with the restricted invasion elimination. Also, vicious insiders who have the lawful certificate to communicate in the network are more powerful than the prevention-based technique that is available.

Recent years numerous ISSs for MANET have been introduced. Most ISS are designed to be distributed due to the nature of MANET and have a conjunctive architecture. MANET ISSs use specification based or statistics-based approaches which are similar to signature-based or anomaly-based ISSs models for the wired network. DEMEM [17] and [18], [19], [20], poses specification based approach, monitor function of the network and compare it with the known assault features, which are speculative to cope with new assaults. On the other hand, Watchdog [21], and [22], as statistics-based approach, compare network functions with normal behaviour patterns, which shows in higher positive false rate than spec-based. Both ISSs have some drawbacks in their models, invasion awake from this system always come with alert assurance, which shows there is an existence of assault.

MANET ISS is inspired from MANET invasion response system [23]. Based on their reputations vicious node are isolated in [1] and [2], fails to take vantage of ISS alerts and simple separation may induce surprising network separation. The concept of cost-sensible invasion response by Wang et al. [4], which conceived topology dependency and assault harm. Our solution has the advantage of incorporating manifests from ISS, expert knowledge from routing table and anticipating steps.

Risk-aware approach. There exists underlying doubt which guides to irregular risk, to make response conclusion [24], particularly in security and intelligence field. This problem had been tackled by risk-aware approach, balancing the activity gains and harm trade-offs in a measured way. Blurry logic control model by Chen et al. [3] presented an adaptive

risk-based access control. Dynamic risk-aware mechanism applied by Teo et al. [25] decides whether an access to the network should be refused or allowed.

Risk evaluation is still a little ambitious problem due to its interest of immanent knowledge, objective witness and logical conclusion. Naïf bleary cost-sensible invasion response solution was suggested by Wang et al. [4] for MANET. Their framework took immanent knowledge and objective witness into account but omitted an unlined combination of two properties with logical conclusion.


For palliating MANET routing assaults we proposed a risk-aware response solution. Our approach conceived the possible harms of assaults and anticipating steps. This mechanism deals the identified routing assaults in a planned manner, aiming an adaptive time-wise separation method. Based on various metrics, we also looked into the functioning and practicality of our approach and the experiment results evidently proved the effectuality and scalability of our risk aware approach. Based on the compromising result, we would promote more planned way to adapt node reputation and assault frequency in our adaptive conclusion model.