Smartening the Environment using Wireless
Sensor Networks in a Developing Country
An Efficient Detection Model of
Selective Forwarding Attacks in
Wireless Mesh Networks
Shapla Khanam, Habibullah Yusuf Saleem, and Al-Sakib Khan Pathan
Department of Computer Science
International Islamic University Malaysia (IIUM)
Presented By
Al-Sakib Khan Pathan
Department of Computer Science
International Islamic University Malaysia
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
Outline of This Presentation
•
•
•
•
•
•
Introduction
The problem formulation
Proposed approach
Analysis
Conclusions
Future directions of research
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
2
Introduction
• A Wireless Mesh Network (WMN) consists of
– Mesh routers
– Mesh clients
• Mesh routers form the backbone of the network that
provides network access to both the mesh and
conventional clients.
• Mesh clients can either connect to a backbone or among
each other.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
3
WMN Infrastructure
Hybrid WMN?
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
4
The Problem Formulation
• Any malicious node can attack the network in the forms:
– Blackhole attack
– Grayhole attack
– Sybil attack.
• In all of these attacks, the routing packets are
deliberately misled towards wrong destinations or
network entities.
• Once the malicious node or the attacker has control over
the packet after getting it in its trap, the packet could be
modified, fabricated, dropped, or forwarded (arbitrarily);
all of which are considered as the major obstacles for
secure and guaranteed routing in WMN.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
5
The Problem Formulation (Contd.)
• Although, based on the precise operational methods,
different attacks are given different names to clearly
distinguish them (with slightly different operational
methods), most of the routing attacks are related to
selective forwarding (or, use it as an underlying
method), which means that the received trapped packets
are manipulated to forward selectively (or, drop).
• Our goal is to mitigate selective forwarding attack by
detecting it using some meticulous approach.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
6
Our Proposed Approach
• There are mainly two phases in our proposed approach.
– (i) Game theory based attack model
– (ii) Detection of malicious behavior
• Game theory can be defined as the statistical model to
analyze the interaction among a group of players, who
act strategically.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
7
The Game Theoretic Model
Player 1 is the source
node S and Player 2 is
the malicious/attacker
intermediate node A.
Let D be the destination
node and N be the finite
set of all players.
We consider a zero-sum
game model where if one
player wins then, the
other player must lose,
equaling to sum of the
gain and loss to be zero.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
8
The Scenario
• The attacker tries to minimize the throughput of the
network by dropping the packet.
• The attacker should spend more than the target to drop
any packet and eventually the attacker has to pay
heavily for its actions.
• We want to detect where the selective forwarder is. Each
three-node in the network can be multiplied to cover the
entire network!
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
9
Mathematical Formulation
• Let Pi be the probability to defend the ith node in the
network. vi is an intermediate node and vi-1 and vi+1 are
the upstream and downstream nodes respectively.
The
N
total probability of defending all N nodes is,  Pi
i 1
• The energy spent for utility cost (transmission cost) is:
N
Esd   Pi
i 1
, because the amount of energy needed is as the same
amount of probability for defending all nodes.
• Interaction of different players and their total probabilities
are constructed based on their individual probability.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
10
Mathematical Formulation (Contd.)
N
N
Pi where,  Pi  1 . Our
• The remaining energy is: Er  1  
i 1
i 1
objective is that the energy that needs to be spent by the
attacker in order to compromise the nodes must be more
than the energy spent by the target.
• The energy of the sender to send
via the attacker could
N
be noted by the equation: Esa    Pi , where  is a
i 1
constant.
• The successful attack depends on the value of  . If   1 ,
the attack succeeds. If   1 , the energy spent by the
attacker equals to that of the target. When   0 , the
attacker cannot attack, and   1 means that the attacker
cannot drop any packet.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
11
Mathematical Formulation (Contd.)
• The state of the game is (m,n), where m is the sending
buffer of Player 1 and n is the dropping buffer of Player
2. If one packet is present in the sending buffer of m of
Player 1, then will take a value of 1 and n can take value
0 or d, depending on whether any packet is dropped or
not. We also denote  as the probability that a new
packet arrives at the sending buffer of Player 1.
• There are four possible states of the game and they are:
k1  (0,0), k2  (0, d ), k3  (1,0), k4  (1, d )
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
12
Basic Notations & Meanings
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
13
State Transition Diagram
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
14
Transition Probabilities
• When (m=1),
• When (m=0),
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
15
A Bit Explanation …
• Assume that the current state of system is (1,0). Player 1
(i.e, S) has packet in its send buffer. It uses two
strategies: transmit packet directly or transmit via A. If S
transmits packet directly to D, then the states are (0,0) or
(1,0) with probability pd. Otherwise, it transmits packets
via Player 2 (i.e., A) with probability, pa.
• Node A either drops the packet or forwards it to D. If it
drops, then the states become (0,d) or (1,d). If A
forwards the packet, then the next states will be (0,0) or
(1,0).
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
16
Strategy Sets
• The strategy set for Player 1 is S1={s1,s2}, meaning that
Player 1 forwards the packet either directly to destination
D (s1) or via A (s2). Mixed strategies that correspond to
S1 are πs (s1,s2 )=(pd,pa), where pd+ pa=1 . The strategy
set of Player 2 is A2=(a1,a2).
• Mixed strategies corresponding to the action of A2 are
πa(a1,a2)=(qf,qd) where, qf+qd=1 . Here, qd = probability
of dropping the packet. Hence, x=(πs,πa)=(pd,pa,qf,qd).
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
17
The Utilities of Sender and Attacker
• The utility can be calculated from the equations below
based on the probability of dropping and forwarding the
packets.
x is the joint strategy as defined previously
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
18
Detection of Malicious Behavior
• In this algorithm, multiple nodes need to be selected as
acknowledgement points in WMNs. This means that
those mesh nodes are responsible for sending an ACK
packet after receiving a packet from a source node or
nearest intermediate source nodes.
• We are considering that the packet loss appears only
due to malicious activity.
• When the source node S sends a route request, it
receives several route replies.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
19
Multi-hop Ack.-Based Algorithm
Let us consider that S chooses the route
SABCEFG→D, where E is the malicious
node. We are considering two selected
acknowledgement points (i.e., Y=2)
namely B and F. B and F will acknowledge
back after they receive the packets from
the source mesh nodes.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
20
Various Cases and Scenarios
• Therefore, the following possibilities may occur if:
– Case 1: One of the nodes is malicious in the forwarding path.
– Case 2: One or more nodes are malicious in the forwarding
path.
– Case 3: Both the Acknowledgement points B and F are
malicious
– Case 4: Either B or F is malicious.
• Each of these cases is handled and we formulated the
mathematical model of when to declare the node is
malicious based on ACK, NACK, monitoring threshold,
loss rate, and upstream or downstream nodes.
• The paper is referred to see the details.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
21
Performance Analysis
• We substititute the values for required energy to transmit
packets from S to D either directly or via A and the points
earned by source S and A as follows: Esd=0.6 ,
Esa=Ead=0.05, Ptd=1, Ptsa=0.3 .
• We assume that the packet arrival rate μ to send buffer
is quite fast; μ=0.8, and β=0.2 . However, the parameter
settings are chosen based on probabilities.
• The closer the probability is to 1, the higher the utility will
be for the sender.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
22
Performance Analysis (Contd.)
Fig. 4. Increasing the utilities of A and decreasing the utilities of S with respect
to different drop probabilities of qd when pd=0.8 and pa=0.2 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
23
Performance Analysis (Contd.)
Fig. 5. Increasing the utilities of A and decreasing the utilities of S with respect
to different drop probabilities of qd when pd=0.6 and pa=0.4 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
24
Performance Analysis (Contd.)
Fig. 6. Increasing the utilities of A and decreasing the utilities of S with respect
to different drop probabilities of qd when pd=0.4 and pa=0.6 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
25
Performance Analysis (Contd.)
Fig. 7. Increasing the utilities of A and decreasing the utilities of S with respect
to different drop probabilities of qd when pd=0.2 and pa=0.8
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
26
Performance Analysis (Contd.)
Fig. 8. Increasing the utilities of A and decreasing the utilities of S with respect
to different drop probabilities of qd When, pd=0 and pa=1 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
27
Performance Analysis (Contd.)
Fig. 9. The increase of utility S and A as a function of pa with respect to qf=1
and qd=0.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
28
Performance Analysis (Contd.)
Fig. 10. The increase of utilities S and A as a function of pa with respect to
qf=0.75 and qd=0.25.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
29
Performance Analysis (Contd.)
Fig. 11. The increase of utility A and decrease of utility S as a function of pa
with respect to qf=0.5 and qd=0.5 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
30
Performance Analysis (Contd.)
Fig. 12. The increase of utility A and decrease of utility S as a function of pa
with respect to qf=0.25 and qd=.75 .
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
31
Performance Analysis (Contd.)
Fig. 13. The increase of utility A and decrease of S as a function of pa with
respect to qf=0 and qd=1.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
32
Final Words
• In our work, we have formulated a zero-sum noncooperative game based approach to detect the
presence of such attacker(s) in WMNs and we
introduced a multi-hop acknowledgment based algorithm
to identify the malicious behavior during the transmission
of packets.
• As our future work, we would like to investigate
cooperative selective forward attacks in Wireless Mesh
Networks.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
33
THANK YOU
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
34
Questions and Answers
Any query should be directed to
[email protected], [email protected]
???
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China
35