Packet dropping detection in single-source environment in the presence of Attacks in
Wireless Ad-Hoc Network
Ms.Madhura Mokashi
Mrs. Sangeetha Rajagopal
Department of EXTC Engineering
Pillai HOC College of Engineering and Technology
Rasayani, Raigad, India
[email protected]
Department of EXTC Engineering
Pillai HOC College of Engineering and Technology
Rasayani, Raigad, India
[email protected]
Abstract— Wireless networks consist of Mobile Ad hoc Network
(MANET) and Vehicular Ad hoc Network (VANET). Both these
networks drop packets in the presence of collisions, channel
errors, buffer overflow and malicious activity. The first three
types are system dependent while the last one is people
dependent. Existing detection algorithms have addressed the
issue of packet loss of the first three types by using user-defined
threshold value. However, no mechanism is proposed for the loss
due to malicious attacks. This thesis presents a mechanism to
detect malicious packet dropping. In order to combat this
problem the first step is to detect the nodes that drop packets.
Nodes that are affected by security attacks, such as blackhole,
grayhole and wormhole are instrumental in dropping packets. So
to overcome malicious packet dropping a mechanism called “loss
monitor” is implemented and validated in order to avoid further
loss of packets in the network because of malicious intent.
table driven routing protocols consistent and up-to-date
routing information to all nodes is maintained at each node
whereas in on-demand routing the routes are created only
when desired by the source host. Next two sections discuss
current table-driven protocols as well as on-demand protocols.
II.
SCOPE OF THE PAPER
In, this we are considering the behavior of malicious node in
the network as it can do two things, one is to forward the
packet and another is to alter or drop the packet. Altering can
be done by corrupting the packet, changing the data, changing
the source or destination of packet on MAC level.
III.
RELATED WORK
Keywords—delay, throughput, attacks.
A. Methodology
I.
INTRODUCTION
Wireless networks are an emerging new technology that will
allow users to access information and services electronically,
regardless of their geographic position. Wireless networks can
be classified in two types, infrastructure network and
infrastructure less (ad hoc) networks. Infrastructure network
consists of a network with fixed and wired gateways. A
mobile host communicates with a bridge in the network
(called base station) within its communication radius. The
mobile unit can move geographically while it is
communicating. When it goes out of range of one base station,
it connects with new base station and starts communicating
through it. This is called hand-off. In this approach the base
stations are fixed. In contrast to infrastructure based networks,
in ad hoc networks all nodes are mobile and can be connected
dynamically in an arbitrary manner. All nodes of these
networks behave as routers and take part in discovery and
maintenance of routes to other nodes in the network. Ad hoc
networks are very useful in emergency search-and-rescue
operations, meetings or conventions in which persons wish to
quickly share information, and data acquisition operations in
inhospitable terrain. This article discusses proposed routing
protocols for these ad hoc networks. These routing protocols
can be divided into two categories: table-driven and on-demand
routing based on when and how the routes are discovered. In
Table driven
In Table-driven routing protocols each node maintains one or
more tables containing routing information to every other
node in the network. All nodes update these tables so as to
maintain a consistent and up-to-date view of the network.
When the network topology changes the nodes propagate
update messages throughout the network in order to maintain
consistent and up-to-date routing information about the whole
network. These routing protocols differ in the method by
which the topology change information is distributed across
the network and the number of necessary routing-related
tables. The following sections discuss some of the existing
table-driven ad hoc routing protocols.
On-demand
These protocols take a lazy approach to routing. In contrast to
table-driven routing protocols all up-to-date routes are not
maintained at every node, instead the routes are created as and
when required. When a source wants to send to a destination,
it invokes the route discovery mechanisms to find the path to
the destination. The route remains valid till the destination is
reachable or until the route is no longer needed. This section
discusses a few on-demand routing protocols.
Hybrid
This type of protocol combines the advantages of proactive
and reactive routing. The routing is initially established with
some proactively prospected routes and then serves the
demand from additionally activated nodes through reactive
flooding. The choice of one or the other method requires
predetermination for typical cases.
B. Protocol Detail
Ad hoc On-demand Distance Vector Routing
Ad hoc On-demand Distance Vector Routing (AODV) is an
improvement on the DSDV algorithm. AODV minimizes the
number of broadcasts by creating routes on-demand as
opposed to DSDV that maintains the list of all the routes. To
find a path to the destination, the source broadcasts a route
request packet. The neighbors in turn broadcast the packet to
their neighbors till it reaches an intermediate node that has
recent route information about the destination or till it reaches
the destination. A node discards a route request packet that it
has already seen. The route request packet uses sequence
numbers to ensure that the routes are loop free and to make
sure that if the intermediate nodes reply to route requests, they
reply with the latest information only. When a node forwards a
route request packet to its neighbors, it also records in its
tables the node from which the first copy of the request came.
This information is used to construct the reverse path for the
route reply packet. AODV uses only symmetric links because
the route reply packet follows the reverse path of route request
packet. As the route reply packet traverses back to the source,
the nodes along the path enter the forward route into their
tables. If the source moves then it can re-initiate route
discovery to the destination. If one of the intermediate nodes
move then they moved nodes neighbor realizes the link failure
and sends a link failure notification to its upstream neighbors
and so on till it reaches the source upon which the source can
re-initiate route discovery if needed.
IV.
PARAMETERS TO BE CONSIDERED
Collision
In a network, when two or more stations attempt to transmit a
packet across the network at the same time, a packet collision
occurs. This is not uncommon in a shared medium such as an
Ethernet that has many computers in the same network
segment. When a packet collision occurs, the packets are
either discarded or sent back to their originating stations and
then retransmitted in a timed sequence to avoid further
collision.
Channel Error
In digital transmission, the number of bit errors is the number
of received bits of a data stream over communication channels
that have been altered due to noise, interference, distortion or
bit synchronization errors. The bit error rate or bit error ratio
(BER) is the number of bit errors divided by the total number
of transferred bits during a studied time interval. BER is a unit
less performance measure, often expressed as a percentage.
Malicious Packet Dropping
In computer networking, a packet drop attack or grayhole
attack is a type of denial-of-service attack in which a router
that is supposed to relay packets instead discards them. This
usually occurs from a router becoming compromised from a
number of different causes. One cause mentioned in research
is through a denial-of-service attack on the router using a
known DDoS tool. Because packets are routinely dropped
from a lossy network, the packet drop attack is very hard to
detect and prevent.
The malicious router can also accomplish this attack
selectively, e.g. by dropping packets for a particular network
destination, at a certain time of the day, a packet every n
packets or every t seconds, or a randomly selected portion of
the packets. This is rather called a grayhole attack. If the
malicious router attempts to drop all packets that come in, the
attack can actually be discovered fairly quickly through
common networking tools such as trace route. Also, when
other routers notice that the compromised router is dropping
all traffic, they will generally begin to remove that router from
their forwarding tables and eventually no traffic will flow to
the attack. However, if the malicious router begins dropping
packets on a specific time period or over every n packet, it is
often harder to detect because some traffic still flows across
the network.
The packet drop attack can be frequently deployed to attack
wireless ad-hoc network. Because wireless networks have a
much different architecture than that of a typical wired
network, a host can broadcast that it has the shortest path
towards a destination. By doing this, all traffic will be directed
to the host that has been compromised, and the host is able to
drop packets at will. Also over a mobile ad-hoc network, hosts
are specifically vulnerable to collaborative attacks where
multiple hosts will become compromised and deceive the
other hosts on the network.
V. WAY OF IMPLEMENTATION WITH DESIRED
PLAN
Network Structure Creation
This module will include creation and designing of the
network structure to be used for transmission and various
execution modules. This also involves implementing the node
locations and behavioural features of the network.
Packet Dropping Execution
This module will enable transmission of data due to the
presence of packet dropping nodes. In this execution,
malicious receiving node may send an ACK message upon
receiving a packet to be relayed and not forward the packet to
the next hop.
Packet Dropping Detection Execution
This module will enable transmission of data due to the
detection of packet dropping nodes within the network and
successful transmission across the destination. The proposed
algorithm used to detect if the neighbour node maliciously
dropping packets. The neighbouring Node will count the RTS
messages it sent to suspect node during some time window w
and also the CTS messages received from suspect node during
the same time.
Transmission Analysis
This involves facilitating the tracking of all transmission
details and its utilization to generate analysis output. This
module will therefore include analysing the performance of
the network in terms of Transmission Delay generated and
Packet Drops observed during the executions.
VI. ARCHITECTURE
communication channel. Examples of such channels are
copper wires, optical fibres, wireless communication channels,
and storage media.
Packet Dropping:
Packet loss occurs when one or more packets of data travelling
across a computer network fail to reach their destination.
Packet loss is distinguished as one of the three main error
types encountered in digital communications; the other two
being bit error and spurious packets caused due to noise.
Network Simulation:
Key issues in simulation include acquisition of valid source
information about the relevant selection of key characteristics
and behaviours, the use of simplifying approximations and
assumptions within the simulation, and fidelity and validity of
the simulation outcomes.
VII. FOCUSED PARAMETERS
End to End Delay
Delay is an important design and performance characteristic of
a computer network or telecommunications network. The
delay of a network specifies how long it takes for a bit of data
to travel across the network from one node or endpoint to
another. It is typically measured in multiples or fractions of
seconds. Delay may differ slightly, depending on the location
of the specific pair of communicating nodes. Although users
only care about the total delay of a network, engineers need to
perform precise measurements. Thus, engineers usually report
both the maximum and average delay, and they divide the
delay into several parts:
Throughput
Figure 1.1: Architecture of dropping scenario.
Data Transmission:
Data transmission, digital transmission, or digital
communications is the physical transfer of data (a digital bit
stream) over a point-to-point or point-to-multipoint
In communication networks, such as ethernet or packet radio,
throughput or network throughput is the average rate of
successful message delivery over a communication channel.
This data may be delivered over a physical or logical link, or
pass through a certain network node. The throughput is
usually measured in bits per second (bit/s or bps), and
sometimes in data packets per second or data packets per time
slot. The system throughput or aggregate throughput is the
sum of the data rates that are delivered to all terminals in a
network. Throughput is essentially synonymous to digital
bandwidth consumption, it can be analysed mathematically by
means of queuing theory, where the load in packets per time
unit is denoted arrival rate λ, and the throughput in packets per
time unit is denoted departure rate μ.
VIII. PROTOCOL EVALUATION
In this article, several existing routing protocols for ad hoc
Wireless Networks were described. Three categories of
routing protocols were discussed are Table-driven, on-demand
routing and hybrid routing protocols. In table-driven protocols,
each node maintain up-to-date routing information to all the
nodes in the network where in on-demand protocols a node
finds the route to a destination when it desires to send packets
to the destination. Several table-driven protocols were
discussed. DSDV and GSR are table-driven protocols that use
destination sequence numbers to keep routes loop-free and upto-date. HSR and ZHLS are hierarchical routing. FSR reduces
the size of tables to be exchanged by maintaining less accurate
information about nodes farther away. CGSR is a clusterbased routing protocol where nodes are grouped into clusters.
On-demand routing protocols were also discussed. In ondemand protocols, a route creation is initiated by the source
when the source wants to communicate to the destination.
CBRP is a cluster based routing algorithm like CGSR except
that it is an on-demand routing mechanism as opposed to
CGSR that is table-driven. DSRP is a source routing
mechanism where the route is in each packet. ABR uses the
degree of associativity to select routes. Similarly, SSR selects
routes based on signal strength. In this paper, a performance
comparison of DSR, AODV and ZRP routing protocols for
mobile Ad-hoc networks is presented as a function of pause
time. Performance of these routing protocols is evaluated with
respect to four performance metrics such as average end to
end delay, packet delivery ratio, throughput and average jitter.
According to our simulation results, AODV shows best
performance than DSR, FSR and ZRP in terms of packet
delivery ratio and throughput as a function of pause time. In
future, number of nodes, more sources, additional metrics such
as average hop count, routing overhead may be used.
IX. RESULTS
Fig 1.3: Graph for end-to-end delay in single source
undetected vs. detected malicious packet dropping
Fig 1.4: Graph for throughput in single source undetected vs.
detected malicious packet dropping
X. CONCLUSION
The existing techniques do not have detection
mechanism for malicious activities such as grayhole and
wormhole attacks. Hence, they fall prey to a lot of packet
dropping and thereby, lose a lot of data in transit which results
in a very poor performance of the network. So, in order to
overcome malicious packet dropping behavior of the network,
a new mechanism called “Loss Monitor” has been
implemented. This has improved the performance of the
network on a large scale as compared to the results without it.
XI. FUTURE WORK
Fig 1.2: Graph for end-to-end delay and throughput in Simple
Network
In future, the malicious packet dropping scenario would be
tested using different protocols such as DSDV, DSR and ZRP.
It can also be tested using greater number of nodes, sources
and different types of attacks. Performance of these routing
protocols can be evaluated with respect to other performance
metrics such as hop count, packet delivery ratio and average
jitter.
REFERENCES
 Dina Simunic, Ashok Kanthe, Ramjee Prasad “A Mechanism for
gray hole attack detection in mobile Ad-hoc networks” IEEE
Transaction Paper, Vol.53, No-16, July 2014
 Y.-C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: a secure ondemand routing protocol for ad hoc networks,” Wirel. Netw.,
vol. 11, no. 1-2, pp.21–38, 2005.
 J. Kim, S. Kim, S. Choi, and D. Qiao, “Cara: Collision-aware
rate adaptation for ieee 802.11 wlans,” INFOCOM 2006. 25th
IEEE International Conference on Computer Communications.
Proceedings, pp. 1–11, April 2006.
 M. Just, E. Kranakis, and T. Wan, “Resisting malicious packet
dropping in wireless ad hoc networks,” in In Proc. of
ADHOCNOW03. Springer Verlag, 2003, pp. 151–163.
 J.-H. Yun and S.-W. Seo, “Novel collision detection scheme and
its applications for ieee 802.11 wireless lans,” Computer
Communications, vol. 30, no. 6, pp. 1350–1366, —2007—.
 F. Anjum and R. Talpade, “Lipad: lightweight packet drop
detection for ad hoc networks,” Vehicular Technology
Conference, 2004. VTC2004- Fall. 2004 IEEE 60th, vol. 2, pp.
1233–1237 Vol. 2, Sept. 2004.
 M. Carvalho and J. Garcia-Luna-Aceves, “Delay analysis of ieee
802.11 in single-hop networks,” Network Protocols, 2003.
Proceedings. 11th IEEE International Conference on, pp. 146–
155,
Nov.
2003.