Performance Analysis Of Approaches For Detecting Attacks Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The popularity graph of ad hoc networks are incredibly increasing with increasing its utilization in all fields. No messy wired physical infrastructure and other innumerable advantages made this technology the first choice in emergency, disaster management, healthcare, education, business etc. some time ad hoc networks pay more for their vulnerable features. Still the technology and their associated protocols have numerous loopholes which may be the honey pots for attackers.This paper focused three major areas of ad hoc wireless communication i.e. ad-hoc network, mesh network and sensor network. These networks are mostly at risk of denial of service (DoS) attacks initiated through compromised nodes or intruders. To avoid such attacks some of cryptographic algorithms, key management schemes and security models are proposed but the networks are still highly insecure. Our goal here is to investigate the major issues, attacks and challenges belong to these networks. We also discussed some proposed schemes that mitigate these issues also composed a comparative analysis on the basis of their performance. In future we will analyze and compare the routing protocols in ad-hoc wireless networks.

Index Terms-Ad-hoc networks, routing protocol, security, wireless communication.

1 Introduction

THE deployment of ad hoc wireless networks are quicker, low cost, and number of ease to use, move the researcher to make sounder and robust communications. Wireless set up required no messy wired junction just little time and cost makes it operational. Due to these attractions, mostly wireless networks are the first choice for war, emergency conditions, security, educations or intelligence zone. But the same time, the communications over wireless media always vulnerable to attacks. Inherently the ad hoc wireless communications are prone to attacks and any node can get attacks which come from all directions [13]. During war or disaster, the importances of ad hoc networks are vital, but the communication signals are subjected to jamming, interception, false command disruption and highly vulnerable to security attacks. These issues create obstruction to the deployments of ad hoc wireless networks. The wireless channels are completely defenseless to various security attacks [15].

Every nodes participating in MANET act like a router. The dependability on nodes may disrupt the network, some time a node within a network involves in malicious activities without any victimization, and the detection of this malicious node is difficult. This type of attack is called inside attacks. It may be possible an attacker attacks outside the network, called outside attacker. An outside attacker has no particular access to the network it's only concerned in gathering sensitive data, this cooperation the privacy and secrecy requirements. In contrast an inside attacker's goal is to interrupt the function of the network, degrade its performance and has admittance to the encryption keys or other codes used by the network. Basic idea of an attack is to disrupt the network communication, the most frequent and some time most dodgy attack; experience by MANET is DOS attack. DOS is forced by other fields, such as security, dependability, performance and software engineering [20].

Although there are number of schemes proposed to secure the wireless communication, but the technology is still highly apprehensive and vulnerable to attacks. Nearly all the proposed solutions concentrate on specific security problem but pay no attention to others, those which pull off low energy and memory burning up, compromise on the level of security. Majority of the protocol associated with ad hoc networks are vulnerable especially on demand routing protocols such that AODV are at high risk during route discovery [13]. Thus there is a need for a model which fulfills all these issues with low cost and high security.

In this paper we studies some vital issues related to ad-hoc network, sensor network and mesh network. Also provides their proposed solutions for mitigating the issues and finally compose a comparative study of these proposed schemes that provide a new direction for research.

2 Issues and Problems

Wireless communication has emerged as a major breakthrough in traditional wired communications. It has changed messy wired world into a clean and flexible atmosphere. According to a well known adage, there is no unmixed good in this world; implementation of wireless network particularly ad-hoc network, sensor network and mesh network carries numerous performance and security issues. These issues include:

2.1 Current Security Models and Prevailing Attacks:

Different performance issues of wireless networks operation, administration and management are encountered due to improper security model. Many security schemes don't guard against some prevailing threats therefore Wireless networks shows lack of satisfactory guarantees on security, during communications. Some of proposed solutions for these issues are discuss below:

Majority of at hand wireless network security models are highly insecure and defenseless to active and passive attackers. The hybrid Wireless Intrusion System (WIDS) provides a model to combat the attackers. The model is based on three phases; data-set generation, IDS creation and test phases. For data-set generation, various types of files, for regular and attack types will be created. For IDS creation, a simple agent with five modules is designed. The first module sniffs the traffic and sends it either Anomaly or Misuse detection engines. If inputs are not handled by both engines, it sends it to probable attack module for more precise examination. If the attack is detected the engine call the alarm module. Finally in test phase, used the data-set collected in the first phase to test the wireless intrusion detection agent in phase two [1].

Due to distributed nature and short of globally trusted central establishment, the WMNs shows lack of satisfactory guarantees on security. Li Gao et al. [2] has deal with low-computational and scalable key managing model for WMNs. This key management model has three levels of key management, including key management protocols for mesh router pattern (RR), mesh client pattern (CC) and mesh router & mesh client pattern (RC). RR pattern is required highest level of security, may use efficient cryptography such as PKI, two-party Diffie-Hellman schemes. CC pattern is required low computation and reasonable level of security. Thus low computational cryptographic such as symmetric cryptography and threshold secrete sharing schemes may be use. RC pattern can be in between RR and CC pattern. These three models fit in to group communication models [2].

Ana Paula [3] proposed a decentralized Intrusion Detection System (IDS) model that fits the demands and limitations of WSNs. The model is based on three phases. Phase-1 perform data acquisition. Only those messages are filtered and store which useful to the rule application phase. Phase- 2 is rule application, each extracted messages from phase 1 is estimated according to a sequence of rules precise to each message type. If a message unsuccessful in one of the rules, failure counters is incremented and discard the message, otherwise message is discarded from data-structure list. Intrusion detection is perform in Phase-3, that checks if round-failure value is greater than cumulative value or not, in case of greater value, then signal attack indication is generated [3].

Sidra et al [4] defined distributed dynamically configurable firewall architecture for Mobile Ad-hoc Networks (MANETs). The model has three internal data structures that are firewall table, Reject list & black list. Firewall table is used to maintain the entries of data flow for each new establish connection with five columns containing source & destination address, number of packets arrived, threshold and life time of each entry. If number of packets crosses the threshold limit then incoming packets for that entry will be blocked by the firewall, which will be deleted from table if life time exceeds. If for any entry in the firewall table, number of packets arrived is greater than threshold and lifetime exceeds then it will be place it in the reject list with double lifetime and threshold value will decrease. Blacklist hold entries of those nodes which maintain its entry in the reject list five times [4].

Another security model for MANETs is proposed by L.Prema [5], named Enhancement on Intrusion Detection Systems for Ad-hoc Networks (EIDAN). The EIDAN architecture model has four logical components. First component is Traffic Interception Module, confines the incoming traffic from the network & selects which of these packets should be more examines. Event Generation Module is accountable for abstracting the necessary information essential for the attack analysis module. Attack Analysis module checks the presence of attacks, if attack is present then send these malicious packets to counter measure module. Finally the Counter Measure Module is responsible for taking any further action on packets. Either the packets are dropped or taking some actions on malicious packets comes from the attack analysis module [5].

2.2 Current Wireless Protocols and Their Limitations:

The wireless communications survivability relates to wireless communication protection mechanism and robustness of their protocols. Majority of protocols associated with wireless, prone to attacks especially in hostile environments. Intruder easily breaks their security schemes. Some of proposed solutions for these issues are discuss below:

Current communication protocols of routing, MAC and physical layers are not fulfilling major communication issues in WMNs. Sahil Seth et al. [6] studied and suggested to redesign the protocols at each layer, keeping current research issues in mind. The author has deduced the research issues of physical layer as new wideband transmission scheme is required to achieve high transmission rate. New signal processing algorithms are required; optimize the hardware design so as to decrease cost. The MAC layer issues are describe as an effective channel allocation in multi-hop is needed. Advanced bridging functions must be developed for heterogeneous environment in MAC layer. The current research issues in routing layer are describe as the scalable routing is a critical requirement for WMNs. Lightweight but efficient routing protocols are required. Integrate routing and network coding is still a challenge for researchers [6].

Multicast protocols for ad hoc networks undergo security challenges. In [7], P.Sankareswary proposed a security extension to deal with the selfish nodes attack on MAODV. He explains that, the Source node broadcast the RREQs packet that goes by on all the ways from that source node. The RREQs received by target node, forwards the RREPs by using the reverse route. If the RREPs arrive from the trustworthy intermediate node, starts to send data. Otherwise ask for further request. If the node is detected to be wicked node by the two hop acknowledgement mechanism then to provide solution to attack, perform secure message transmission [7].

Ms. Divya [8] has proposed modified Hybrid Wireless Mesh Protocol (HWMP), to overcome the issue of authentication and integrity. Proposed routing protocol guarantees that the communication between any two ends should be secure enough. HWMP routing information element comprises of two types of fields, mutable and non-mutable. In customized HWMP the existing key allocation is used and mutable fields are valid in the hop-by-hop manner using the hash tree concept. To protect non-mutable fields symmetric encryption is used [8].

The reliable transport layer protocols for wireless communications are not ensure reliability in harsh environment. Pump slowly Fetch Quickly Protocol doesn't deal with the lost full message problem. Also nodes cancel their scheduled transmission of given fragment if they listen by their neighbor that the fragment being transmitted 4 times. Weaknesses in Distributed TCP Caching is if a SACK list several lost fragments, so an invader can forge and infuse another SACK that acknowledges all lost fragments. With this particular packet, he can provoke several fragment losses. Reliable Bursty Convergecast protocol is supported block ACK; it is probable to acknowledge each fragment piled up by a node in one ACK. Upon the reception of packet, the node will fully empty its cache, which can direct to fragment losses with high probability [9].

Dr.Sami et al [10] defined Path Redundancy based Security Algorithm (PRSA) for securing routing protocols in WSNs. The PRSA algorithm first read network topology and find the optimum routing path. Check for disjoint paths. If no disjoint path found, remove every other node in the path and its link otherwise remove the nodes of previous path. Now select a suspected node and removes the suspected node and its links. Find optimum routing path, if number of routing paths less than the maximum numbers of routing path, then increment number of paths and again check for disjoint paths [10].

2.3 Security Issues and Attacks in Wireless Communications

Attack is a crack to achieve illegal access to resources, or the attempt to cooperation reliability, availability, or confidentiality [20]. As the deployment of wireless networks are not follow any particular infrastructure, due to the flexible topology wireless communication suffer varieties of security attacks. Some of these attacks are as follows:

2.3.1 Wormhole Attack:

In a wormhole attack, adversaries collaborate to offer a low-latency side-channel for communication. The wormhole attack can disrupt the wireless networks, particularly location-based wireless security system and ad-hoc network routing protocols. Few proposed solutions are discussed below:

Mahdi Taheri et. al [11] proposed a mechanism named Multipath Routing, for detecting and defending against wormhole attacks. He considers two types of channel, one for signaling with one link and other for user data with n-1 link. The original message is divided into n-1 parts with unique identifier. Generate a random number X such that 1<X<= (n-1), to be sent on one of n-channel. The codes parts in pairs using XOR technique associated to X. Every arrangement is sent over one of the channel, the Xth part is sent in simple text that will be the begin point for receiver to uncover other parts [11].

Other proposed scheme for the same problem is Wormhole Attack Prevention (WAP) [12]. In this scheme neighbor node monitoring is used to find out the neighbors. Suppose node A sends RREQ, which initiates a wormhole prevention timer, node B attains the RREQ, B have to broadcast to its neighbors as B is not a target. A check whether the RREQ arrives at within the timer. If A obtains the message after the timer ends, it considers B or one of B's next nodes may be wormhole nodes. In order to keep away from wormhole, nodes watch the malicious activities of neighbors and maintain it into their own neighbor node table [12].

2.3.2 Black-hole Attack:

The wicked node abuse the ad-hoc routing protocol such as AODV, to announce itself as having a legitimate route to a destination node, although the route is false, with the objective of interrupting and pertaining to the packets that never forward. Black-hole attacks especially disrupt the routing protocols to upsets network performance and reliability. Few techniques are discussed below, to mitigate Black hole attack.

Intrusion Detection using Anomaly Detection (IDAD) scheme is proposed to handle Black hole attacks [13]. The Source node broadcasts route request then receive route replay. If route replay is different from audit data, save route to routing table and start to sending packets while the size of buffer is not zero. But if route replay is same as audit data, discard route replay and check for another route replay. The pre-collected set of glitch activities, termed as audit data. The audit data is composed and is supply to the IDAD system that is competent to evaluate every action of a host with audit data on a fly. If any action of a host be alike to the actions listed in the audit data, then the IDAD system separates the particular node by forbidding further interaction [13].

S.Bajwa and Khalid Khan et al. [14] has proposed GBHASM scheme for mobile ad-hoc networks. The model is based on two components, the first component has the explanation regarding how new node will become a part of network also performs the operation of communication. Server entertains request packet from new joining node. It responds with relationship acknowledgement to node and stay for the approval from the node. If node doesn't replay within a time then the server rejects the joining request if not it throws its information. The received information as of new-joining node is kept in the database also allocates Node Code (NC) Pkk1 and Pkk2. The second component handles the communication action within the network. Later than becoming a part of the network, node make request for shortest path through pkk2 with packet. Each node will match pkk1 to pkk2, if its key matches within a time than the information will be released, otherwise time to live (TTL) of packet, force it to become meaningless [14].

2.3.3 Flooding Attack:

A flooding attack overcomes a victim's inadequate resources, whether bandwidth, memory or processing cycles. Majority of the reactive protocols can easily get flooding attacks during their route finding process. Few proposed schemes for handling this attack, are discussing below.

In [15] defined a scheme based on three threshold values i.e. friends, acquaintances & strangers. If a node sent or received plenty of messages to or from any node X, then it's consider as friend node of X & put the highest value of threshold. If a node sent/received few messages from node X, consider this node as acquaintance and place it threshold value less than friend. And if a node never sent/received any message to/from node X, its consider as stranger and put its threshold value very low. Now suppose a node sends RREQ to its friend node, if RREQ value is less than the maximum threshold value, then RREQ is forwarded otherwise it discarded. If a node sends RREQ to its acquaintance node, if RREQ value is less than its threshold, the RREQ forwards otherwise discards. Same rule will be applied in case of Stanger node. The threshold values are considered as friend > acquaintance > stranger [15].

Ping Yi et al. [16] Proposed Flooding Attack Prevention (FAP), a general defense against the Ad Hoc Flooding Attack. The scheme based on neighbor suppression. The main idea of neighbor suppression is that each neighbor calculates the rate of RREQ originated by intruder. If the rate exceeds some threshold, all neighbors will not receive and forward packets from intruder. Every node has to maintain two tables Rate-RREQ & Blacklist. The Rate-RREQ has two columns: Node-ID and RREQ-time. If a node receives a RREQ, it looks up the node ID in the table of Rate-RREQ, to ensure who is requesting. Find node ID and increment RREQ-time field by 1. If RREQ-time is greater than the threshold value, put node ID into Blacklist [16].

As in AODV the node set outs RREQ packet according to FIFO rule. In flooding attack prevention scheme [17], the FIFO has changed with rule of priority. Nodes maintain the priority & threshold for its neighbor node. The node priority is inversely proportion with RREQ frequency. If RREQ frequency of attacker increases by threshold value, the node will not entertain further RREQ from the attacker node. This technique is called Neighbor Suppression, which uses to mitigate RREQ flooding attack. For data flooding attack, path cutoff scheme is uses. The attacker has established a path from the invader to victim node ahead. Once the victim locates the DATA Flooding Attack, the path can be cut off from the attacker [17].

Fig. 3: neighbor nodes isolate attacker [17]

S. Li et al. [18] proposed Avoiding Mistaken Transmission Table (AMTT) scheme to combat Flooding attack. Each node establishes an AMTT table to record received RREQ packages and other fields. When one node wants to send package to any other node, it floods RREQ package. Each node receiving this RREQ fills the fields of its AMTT table, sets the RREQ Num field as 1. Now whenever receives a RREQ with the same node, the RREQ Num value increases by 1. The destination node receive RREQ, it fills AMTT table & sends RREP package. Other node checks it validity and if found legitimate, they start to search their AMTTs, and put equivalent item's validity indication as 1 or else they discard this RREP. When two nodes finish their communication, source node will send RANC (route announcement) to other intermediate nodes, all nodes receives RANC will delete corresponding items in their AMTTS table [18].

Flooding attack mitigation scheme present [19] describe as for every node, it observes the neighbor's packets generated during an interval. The Packets are dropped if the rates of transmission packets are exceeded from threshold limit i.e. 'α'. But if the same neighbor exceeds 'α' by blacklist-threshold 'β' then it is consider as flooding node. Now put this node to blacklist as a flooder and discarded all packets comes from flooded neighbor node. The node continuous monitors the behavior of blacklisted neighbor node in the successive periods. The blacklisted node has to show gentle behavior for 'γ' interval or whitelist-threshold to turn into white-listed. Given the blacklisted neighbor is experienced to be gentle, the observing node then whitelists the neighbor and starts to forward the packets for the neighbor [19].

2.3.4 DOS Attack:

Denial of service attack can attempt to flood a network, thereby preventing legitimate network traffic and prevent a particular individual from accessing a service. With the inherent resource limitations and vulnerabilities of WSN devices, they can easily catch attacks specially Denial-of-Service (DOS) attack.

In [20] author survey different attack especially DOS attack to discover the attacker, his capabilities, purpose of the attack and the end result. He studied that Jamming is intentional intrusion with radio reception to deny the target. Spread-spectrum techniques can be used to overcome jamming problem. The intruder can damage, destroy or tamper the sensor nodes, camouflaging the packaging & using low-probability of intercept radio techniques, can mitigate these problems. An attacker can deliberately cause collisions, error correcting codes can be use to avoid attack. In selective forwarding sensor device can only neglect to forward certain messages, multiple disjoint routing paths and diversity coding can be use to overcome this problem. In wormhole attack, enemies collaborate to offer a low-latency side-channel for communication packets are totally controlled by these two adversaries. Packet leashes scheme can be use to overcome this problem [20].

In this survey paper, we focused the main issues associated with wireless communications. Attacks are the major challenge that faces by wireless communication. There are numerios schemes available to mitigate these attacks but it is observed that, if a scheme is performing well, it may have some overhead or it may be non-reliable. This paper also provides a comparisions amoung many proposed IDS schemes with respect to their performance, which may provide us a dash board in understanding the effectiveness of these schemes.

Table 1. Comparitive Study of Different IDS Schemes in Ad Hoc Networks

Attributes of an ideal Intrusion Detection System in Ad Hoc Networks

Proposed Scheme




Types of attacks detect


Wireless Intrusion Detection system (WIDS)

[Ref. 1]

Yes. The use of agents will slow down the communication.



Impersonation, network discovery, man-in-the-middle, DOS.

Yes. using the Yazd university test bed

Distributed dynamically configurable firewall architecture [4]

Yes. To maintain extra attributes of a table.

No. single point of failure


Data flooding attacks


Enhancement on Intrusion Detection Systems for Ad-hoc Networks (EIDAN) [5]

No. without interfering routing operations.



Resource Consumption

Attacks, Packet Dropping attacks, Fabrication Attack.


Using NS-2

Security extension to deal with the selfish node attack [7]

No. Scheme has no cryptography or agents.



Dropping of data packets, selfish behavior of nodes.


Using NS-2

Multipath Routing [11]

Yes. Multipath increases transmission overhead.



Wormhole attack


Using NS-2

Wormhole Attack Prevention (WAP) [12]

No. scheme has no special hardware or cryptography. only energy inefficient



Wormhole attack


Using QualNet

Intrusion Detection using Anomaly Detection (IDAD) scheme [13]

No. scheme minimizes the number of extra routing packets.



black hole attack


Using NS-2

The extent of friendship between the nodes [15]

No. scheme increases throughput

No. malicious packets are still present in network


Flooding attack

No. Only used AODV protocol.

Flooding Attack Prevention (FAP) [16]

Yes. Scheme has little overload.

No. fail to resist corporative work of two or more attacking nodes


Ad-hoc Flooding attack


Using NS-2

Avoiding Mistaken Transmission Table(AMTT) [18]

Yes. The use of tables will slow down the communication process.

Yes. But within limited links.

No. fail to work on more link

Flooding attack


Novel technique to deal with flooding attacks [19]




Flooding attack


Using NS-2

Conclusion and future work

In this paper, we investigate some very common but challenging issues experienced by ad-hoc wireless communicstion. We have divided our studies into three sub-domain i.e. security models, vulnerability in current protocols and attacks. Security attacks are major issue of ad-hoc networks which can be mitigates by adopting some proposed schemes. Here we explored the proposed methodologies and security schemes that protect against large number of attacks including DOS, wormhole, blackhole and flooding attacks. Indeed these schemes are effective for detection attacks but

still have limitations which raise questions on their usability. The protocols associated with MANETs required more research, especially reactive protocols may trape by intruders at the time of route request or route replay. Our comparative study on the basis of proposed IDS, may provide a direction and thinking towards solution space. The contribution of this paper is to spell out the severity of current security threats and other correlated issues in ad hoc wireless communications.

Future research in the area of vulnerabilities in current security models in wireless networks would concentrate on intelligent agents to enhance the precision of intrusion detection rate and replace static threshold values with dynamic values.

Future research in the area of current wireless protocols would concentrate on higher transmission with low-cost, flexible and lesser energy consumption, which is still a challenging open issue. Also all current intrusion detection schemes discover attacks only by in view of the single layer but no intrusion detection method exists for wireless mesh environments.

Future research in the area of security issues and attacks would concentrate on network-based IDS as all proposed IDS uses host-based IDS schema.