Secured System against DDoS Attack in Mobile Adhoc ... - WSEAS

WSEAS TRANSACTIONS on COMMUNICATIONSArunmozhi Annamalai, Venkataramani YegnanarayananSecured System against DDoS Attack in Mobile Adhoc NetworkARUNMOZHI ANNAMALAI, VENKATARAMANI YEGNANARAYANANDepartment of Electronics and Communication EngineeringSaranathan College of Engineering, TrichyIndiasaarunmozhi@gmail.com http://www.saranathan.ac.inAbstract: - The risks to users of wireless technology have increased as the service has become more popular.Due to the dynamically changing topology, open environment and lack of centralized security infrastructure, amobile ad hoc network (MANET) is vulnerable to the presence of malicious nodes and to ad hoc routingattacks. There are a wide variety of routing attacks that target the weakness of MANETs. This paper focuses onmobile ad hoc network's routing vulnerability and analyzes the network performance under two types ofattacks, flooding attack and black hole attack that can easily be employed against the MANETS. The resistiveschemes against these attacks were proposed for Ad hoc on demand Distance Vector (AODV) routing protocoland the effectiveness of the schemes is validated using NS2 simulations.Key-Words: - Security, Defense, Mobile adhoc network, Denial of service, Flooding attack, Black hole attack1 IntroductionA MANET is a self-configuring network of mobiledevices connected by links. Each device in aMANET is free to move independently in anydirection, and will therefore change its links to otherdevices frequently. Each must forward trafficunrelated to its own use, and therefore be a router.The primary challenge in building a MANET isequipping each device to continuously maintain theinformation required to properly route traffic. Suchnetworks may operate by themselves or may beconnected to the larger Internet. There are generallytwo types of ad hoc routing protocols, reactive andproactive routing protocols. The focus of this papercentres on reactive routing protocols which establishroutes between communicating nodes when neededusing a route discovery process involving RouteRequests and Route Replies, a process which can beeasily misused for denial-of-service attacks. Thetype of security attack in MANET is denial ofservice attack (DoS). A DoS attack is an attempt toprevent legitimate users of a service or networkresource from accessing that service or resource. ADistributed Denial-Of-Service (DDoS) attack is adistributed, large-scale attempt by malicious users toflood the victim network with an enormous numberof packets. This exhausts the victim network ofresources such as bandwidth, computing power, etc.The victim is unable to provide services to itslegitimate clients and network performance isgreatly deteriorated.The networks are particularly vulnerable toDoS attacks launched through compromised nodesor intruders. The intruder broadcasts mass RouteRequest packets or sends a lot of attacking DATApackets to exhaust the communication bandwidthand node resources so that the valid communicationcannot be kept. In this paper, we have analyzed twotypes of attacks namely flooding attack and blackhole attack in detail. The resisting mechanisms overthese attacks are proposed and the effectiveness ofthe proposed schemes is validated with simulations.2 Security Attacks on MANETSThe main security services for MANETs areauthentication, confidentiality, integrity, nonrepudiationand availability. Authentication meansthat correct identity is known to communicatingpartner; confidentiality means certain messageinformation is kept secure from unauthorized party;integrity means message is unaltered during thecommunication; nonrepudiation means the origin ofa message cannot deny having sent the message;availability means the normal service provision inface of all kinds of attacks.Attacks on MANETs come in manyvarieties and they can be classified based ondifferent aspects. According to the legitimate statusof a node, an attack could be external or internal.The external attacks are committed by nodes that arenot legal members of the network, while the internalattacks are from a compromised member inside thenetwork. The internal attacks are not easy to preventor detect. These attackers are aware of the securitystrategies, and are even protected by them. Theinternal attacks pose a higher threat to the network.In terms of interaction, an attack could be passive orE-ISSN: 2224-2864 331 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONSactive. Passive attacks do not disrupt thecommunication. Instead, they intercept and capturethe packets to read the information. On the otherhand, active attackers inject packets into thenetwork to interfere or interrupt the networkcommunication, overload the network traffic; fakethe legitimate node or package, obstruct theoperation or cut off certain nodes from theirneighbours so they cannot use the network serviceseffectively anymore.Attacks could also be classified according tothe target layer in the protocol stack. By targetingthe physical layer of a wireless network or awireless node, an attacker can easily intercept andread the message contents from open radio signals.An attacker can jam or interfere the communicationby generating powerful transmissions to overwhelmthe target signals. The jamming signals do notfollow the protocol definition, and they can bemeaningless random noise and pulse. By targetingthe link layer, an attacker can generate meaninglessrandom packets to grab the channel and causecollisions. In this situation, if the impacted nodekeeps trying to resend the packet, it will exhaust itspower supply; the attacker can passively eavesdropon the link layer packets; the link layer securityprotocol WEP is vulnerable too, the initializationvector (IV) flaw in the WEP protocol makes iteasier for an attacker to launch a cryptanalytic typeattack. Coming along with many new routingprotocols introduced to the MANETs, many newtypes of attacks were presented to target thesespecific protocols. By targeting the transport layer,a desynchronization attacker can break an existingconnection between two nodes by sendingfabricated packets exceeding the sequence numberto either node of the connection. It may result inletting the node keep sending retransmissionrequests for the missed frames.By targeting on the application layer, aRepudiation attack is a threat to a business thatrelies on electronic traffic. Other application layerattacks, such as viruses, worms, trojans, spywares,backdoor, and data corruption or deletion, targeteither application layer protocols, such as FTP,HTTP, and SMTP, or applications and data files onthe victims.Some attacks target security leaks on thecryptography primitive of the protocols. Digitalsignature attacks target RSA public-key encryptionalgorithms. Attackers forge the message signaturebased on the signature of a legitimate message.Digital signature attacks have three types, knownmessage,chosen message, and key only attacks. TheKnown-message attacker knows a list of messagesArunmozhi Annamalai, Venkataramani Yegnanarayananpreviously signed by the victim. The Chosenmessageattacker can choose a specific message thatit wants the victim to sign. The Key only attackerknows the public verification algorithm only.Hash collision attacks target hashalgorithms, such as SHA-1, MD4, MD5, HAVAL-128, and RIPEMD, to construct a valid certificatecorresponding to the hash collision. Pseudorandomnumber attacks reverse engineer the pseudorandomnumber generators used by the public keymechanisms to break the cryptography.3 BackgroundRouting in MANETs is difficult since mobilitycauses frequent network topology changes andrequires more robust and flexible mechanisms tosearch for and maintain routes. When the networknodes move, the established paths may break andthe routing protocols must dynamically search forother feasible routes. Many protocols have beenproposed for MANETs. These protocols can bemainly divided into two categories as proactive andreactive protocols.Proactive Routing Protocols maintain routesto all destinations, regardless of whether or not theseroutes are needed. In order to maintain correct routeinformation, a node must periodically send controlmessages. Therefore, proactive routing protocolsmay waste bandwidth since control messages aresent out unnecessarily when there is no data traffic.The main disadvantages of such algorithms arerespective amount of data for maintenance and slowreaction on restructuring and failures. The mainadvantage of this category of protocols is that hostscan quickly obtain route information and quicklyestablish a session. DSDV, OLSR and CGSR aresome of the well known proactive routing protocolsfor MANETs. Reactive protocols do not execute arouting update until the communication needs it.When a route is needed, the source node initiates aroute discovery process to the destination. Onceestablished, the route must be maintained until it isno longer needed or the destination node becomesinaccessible. Reactive routing protocols candramatically reduce routing overhead because theydo not need to search for and maintain the routes onwhich there is no data traffic. This property is veryappealing in the resource-limited environment.AODV, DSR and TORA are some of the wellknown reactive protocols for MANETs.The AODV Routing Protocol is used forfinding a path to the destination in an ad-hocnetwork. To find the path to the destination allmobile nodes work in cooperation using the routingE-ISSN: 2224-2864 332 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONScontrol messages. AODV Routing Protocol offersquick adaptation to dynamic network conditions,low processing and memory overhead, low networkbandwidth utilization with small size controlmessages. The most distinguishing feature ofAODV compared to the other routing protocols isthat it uses a destination sequence number for eachroute entry. The destination sequence number isgenerated by the destination when a connection isrequested from it. Using the destination sequencenumber ensures loop freedom. AODV makes surethe route to the destination does not contain a loopand is the shortest path. Route Requests (RREQs),Route Replay (RREPs), Route Errors (RERRs) arecontrol messages used for establishing a path to thedestination. When the source node wants to make aconnection with the destination node, it broadcasts aRREQ message. This RREQ message is propagatedfrom the source, received by neighbours(intermediate nodes) of the source node. Theintermediate nodes broadcast the RREQ message totheir neighbours. This process goes on until thepacket is received by destination node or anintermediate node that has a fresh enough routeentry for the destination. Sequence Numbers serveas time stamps and allow nodes to compare howfresh their information on the other node is.However when a node sends any type of routingcontrol message, RREQ, RREP, RERR etc., itincreases its own sequence number. Highersequence number is more accurate information andwhichever node sends the highest sequence number,its information is considered and route is establishedover this node by the other nodes. The sequencenumber is a 32-bit unsigned integer value.4 Flooding Attack4.1 RREQ Flooding AttackReactive routing protocols like AODV and DSR,used in MANETs, flood the network with routerequests whenever a new route is to be discovered.This technique of flooding can be easily misused bymalicious nodes to disrupt the network. Generallyall nodes have a limit beyond which requests cannotbe sent. Malicious nodes can easily bypass this limitand send out large numbers of fabricated routerequests in the network. Flooding RREQ packets inthe whole network will consume a lot of resource ofnetwork. To reduce congestion in a network, theAODV protocol adopts some methods. A node cannot originate more than RREQ_RATELIMIT RREQArunmozhi Annamalai, Venkataramani Yegnanarayananmessages per second. After broadcasting a RREQ, anode waits for a RREP. If a route is not receivedwithin round-trip milliseconds, the node may tryagain to discover a route by broadcasting anotherRREQ, up to a maximum of retry times at themaximum TTL value. Repeated attempts by asource node at route discovery for a singledestination must utilize a binary exponentialbackoff. The first time a source node broadcasts aRREQ, it waits roundtrip time for the reception of aRREP. If a RREP is not received within that time,the source node sends a new RREQ. Whencalculating the time to wait for the RREP aftersending the second RREQ, the source node MUSTuse a binary exponential backoff. Hence, the waitingtime for the RREP corresponding to the secondRREQ is 2 * round-trip time. The RREQ packets arebroadcast in an incrementing ring to reduce theoverhead caused by flooding the whole network.In the Ad Hoc Flooding Attack [10], theattack node violates the above rules to exhaust thenetwork resource. The attacker tries to sendexcessive RREQ without consideringRREQ_RATELIMIT within per second. Theattacker will resend the RREQ packets withoutwaiting for the RREP or round-trip time. In theFlooding Attacks, the whole network will be full ofRREQ packets which the attacker sends. Thecommunication bandwidth is exhausted by theflooded RREQ packets and the resource of nodes isexhausted at the same time. For example, thestorage of route table is limited. If mass RREQpackets are coming to the node in a little time, thestorage of route table in the node will exhaust sothat the node cannot receive new RREQ packet. Asa result, the legitimate nodes cannot set up paths tosend data.4.2 Data Flooding AttackWhen nodes in MANET find the correct routingpath, source nodes send the data packets throughthat route. In data flooding attack, the attacker firstmaintains the routes to destination node, then sendsfrequently the useless data packets. The destinationnode will then be engaged in receiving the excessivedata packets from the attacker and cannot workproperly. The attacker packets engage the networkand stop the processing of legitimate data packets.5 Black hole AttackA black hole attack is a type of denial of serviceattack accomplished by dropping packets. In blackE-ISSN: 2224-2864 333 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONS3.3. RREQ rate < LTIdentify the node which forwards thisRREQ packet as Normal Node4. Else RREQ rate < UT4.1 Identify the forwarding node as theSuspicious Node (SN).4.2 RREQ packet is delayed in a queue.5. ElseIdentify the node as Attacking Node (AN).6. Endif7. AN is blocked from the network.6.1.2 Algorithm II1. Different flows are transmitted fromdifferent sources to destinations.2. FIMT stores the information of each flow.3. From FIMT, the assigned rate AR ij iscalculated for each flow.4. Intermediate nodes send updated FIMT ofall flows to destination.5. If congestion is detected, distributed ratecontrol is applied and the actual rate of eachflow is assigned as ACR ij6. At the time interval T, the measured datarate is noted.7. if MR ij > ACR ij , then7.1. Source status = REJECTED7.2. Attacker address = Source IP address8. End if9. If source status = REJECTED, then9.1 Remove the node from the list.9.2 Block all the traffic from the attacker10. End if.6.2 Defense Scheme Against Black holeAttackTo resist the black hole attack, we propose a defensemechanism which could be potentially exploited bymalicious nodes. A Neighbourhood RouteMonitoring Table (NRMT) is maintained by eachnode in the network. The NRMT maintains packetrouting information of its neighbour nodes. Itcontains the source ID, destination ID, sourcesequence number, destination sequence number, anda threshold value of sequence number which isdynamically updated, the time at which RREQpacket enters the node (RREQ-IN-TIME), the timeat which RREQ packet leaves the node (RREQ-OUT-TIME), the time at which RREP packet entersthe node (RREP-IN-TIME) and the time at whichRREP packet leaves the node (RREP-OUT-TIME).If the node is the normal node, once it receives theRREQ packet, it checks its routing table to identifywhether it is the destination or not. According toArunmozhi Annamalai, Venkataramani YegnanarayananAODV protocol, if it is the destination node, it willsend the RREP packet to the source node through itsroute or it will forward the RREQ to its one hopneighbour. Checking the routing information fromthe table requires a minimum time period known asMIN-TIME. If the node is the black hole node, itwill send a RREP message without checking thetable. The NRMT maintains the record of the timeof Reply.The first step of the detection process isbased on the timing information of NRMT. Everynode in the network when it receives the RREPfrom its neighbour, finds DIFF-TIME which is thedifference between the RREQ-OUT-TIME andRREP-IN-TIME and compares this with MIN-TIME. If the RREP is from the black hole nodeDIFF-TIME will be less than the MIN-TIME. Thenode is identified as a suspicious node.It is well known that the black hole nodeassigns a high sequence number to settle in therouting table of the victim node, before other nodessend a true one. As the second step of detectionmechanism, RREPs sequence number is comparedwith the threshold value of sequence number. In thisprotocol, the threshold value is dynamically updatedat every time interval. If the current sequencenumber is greater than the threshold value the nodeis confirmed as black hole and it is eliminated fromthe routing table. Once a node is detected to bereally malicious, the scheme has a notificationmechanism for sending messages to all the nodesthat are not yet suspected to be malicious, so that themalicious node can be isolated and not allowed touse any network resources.7 Simulation and ResultsThe network simulator ns2 is used to simulate theexperiment. The parameter settings for thesimulations are: the radio propagation mode is TwoRay Ground, antenna type is Omni antenna,interface queue length is 50 (packets), queuemanagement scheme is Drop Tail, routing protocolis AODV, height of antenna is 1.5m, transmissiondistance is 250m, signal interference or sensingdistance is 550m. The speed of the mobile node is10m/s. The simulated traffic is Constant Bit Rate(CBR). The network covers the simulated area of1200m x 1200m.7.1 Simulation Implementation andEvaluation for flooding attackE-ISSN: 2224-2864 335 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONSArunmozhi Annamalai, Venkataramani YegnanarayananThe performance of our proposed scheme againstRREQ flooding attack is analyzed for MANET withand without defence scheme. The protocol wasimplemented and evaluated in the ns-2 networksimulation environment. Number of nodes is avarying parameter as it plays important role innetwork performance. The packet delivery ratio isthe ratio of the number of packets receivedsuccessfully to the total number of packets sent. Fig.1 shows how the packet delivery ratio (PDR) isvaried by varying the number of nodes to accountfor system scalability. It is seen that the PDR wasimproved up to 76.9% when our protocol wasimplemented. The pause time was also varied andthe PDR was obtained. Pause time can be defined astime for which nodes waits on a destination beforemoving to other destination. Low pause time meansnode will wait for less time thus giving rise to highmobility scenario. Our simulations from Fig. 2 showhow PDR is varied by varying the pause time of anode in the network. It is clear that PDR increasesas pause time increases. This is because lowmobility allows more stable routing paths. However,it is not possible to achieve 100% packet deliverydue to the unreliable links in wireless networks.Fig.3 and Fig. 4 show the performance ofour proposed work against data flooding attack. Allthe source nodes negotiate a rate of 100 kbps fortraffic flow and begin sending traffic on flow at arate of 100 kbps at time t = 1.0 sec. The attackingflow is set at a rate of 500 kbps. The capacity of thelink is set to 2 Mbps. It is seen that PDR is muchimproved with our proposed scheme. Our protocolconfirms the ability to provide resistance againstdata flooding attacks.Fig.2 Impact of defense scheme against RREQflooding attack with varying pause time.Fig.3 Impact of defense scheme against dataflooding attack with simulation timeFig.1 Impact of defense scheme against RREQflooding attack with varying number of nodesFig.4 Impact of defense scheme against dataflooding attack with varying number of attackersE-ISSN: 2224-2864 336 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONS7.2 Simulation Implementation andEvaluation for black hole attackTo defend against the black hole attack in MANET,the NRMT protocol was implemented and evaluatedin the ns-2 network simulation environment. Wehave implemented the simulation of MANET with 2different cases. In the first case, we have established2 UDP traffic flows with the data rate of 50kbps andthe packet size of 512 bytes. We have implementedan AODV protocol that simulates the behaviour of ablack hole and we simulated 50 scenarios eachinvolving different ad-hoc networks with 30 nodeseach moving randomly. We have introduced a blackhole in each scenario and compared the performanceof the networks with and without a black hole. Wethen implemented the NRMT method to detect anddiscard the black hole node.The performance of the network isevaluated based on the packet delivery ratio. Theeffect of black hole attack in AODV and the effectof NRMT method are observed from Fig. 5. Sincethe black hole attack is effectively detected based onNRMT, it can be informed to all the other nodes inthe network immediately. Hence the attack isremoved easily from the network. This follows thatthe number of successfully received packets getincreased and it improves the packet delivery ratio.However, the packet delivery ratio for the AODVprotocol without attack will be more for any numberof nodes in the network.The average end-to-end delay calculates thedelay of all the packets that have been successfullytransmitted from the source to the destination. Itincludes all possible delays caused by bufferingduring route discovery latency, queuing in theinterface queue, retransmission delays at the MAC,propagation, and transfer times. In the proposedscheme we have adopted the 2 step procedure todetect the attack. Hence the average end to enddelay for the NRMT scheme is greater than theother two cases. The effect of average end to enddelay is shown in Fig.6.The number of routing packets transmittedper data packet delivered at the destination. Eachhop-wise transmission of a routing packet is countedas one transmission. The routing load metricevaluates the efficiency of the routing protocol. Therouting overhead is also evaluated with varyingnumber of nodes. The overhead with the defensescheme is greater than the black hole attack case.This is because of the control packets that are sent tothe nodes in the network by the node which detectsthe black hole. But the routing overhead required forNRMT method is less than that required for theAODV protocol without attack. The effects ofrouting overhead are shown in Fig. 7.In the second case of simulation the numberof UDP flows is varied. The packet delivery ratio,average end to end delay and routing overhead areevaluated. The impact is shown from Fig. 8 to Fig.10. It is observed that the proposed scheme givesbetter packet delivery ratio than the black holeattack case. But the average end to end delay andthe routing overhead are greater than the black holeattack case.Packet Delivery Ratio1.210.80.60.40.2Packet Delivery Ratio Vs Number of Nodes010 20 30 40 50Number of NodesblackholeproposedaodvFig.5 Impact of Packet Delivery Ratio with varyingNo. of NodesDelay (sec)0.250.20.150.10.05Delay Vs Number of Nodes010-0.0520 30 40 50Number of NodesblackholeproposedaodvFig. 6 Impact of Average End to End Delay withvarying No. of NodesRouting OverheadArunmozhi Annamalai, Venkataramani Yegnanarayanan80000700006000050000Routing Overhead Vs Number of Nodes40000300002000010000010 20 30 40 50Number of NodesblackholeproposedaodvFig. 7 Impact of Routing Overhead with varying No.of NodesE-ISSN: 2224-2864 337 Issue 9, Volume 11, September 2012

Packet Delivery Ratio1.210.80.60.40.2Packet Delivery Ratio Vs No. of Flows02 4 6 8 10No. of FlowsblackholeproposedaodvFig. 8 Impact of Packet Delivery Ratio with varyingNo. of FlowsDelay(sec)0.040.0350.030.0250.020.0150.010.0050Delay Vs No. of Flows2 4 6 8 10No. of FlowsblackholeproposedaodvFig. 9 Impact of Average End to End Delay withvarying No. of FlowsRouting OverheadWSEAS TRANSACTIONS on COMMUNICATIONS160000140000120000100000800006000040000200000Routing Overhead Vs No. of Flows2 4 6 8 10No. of FlowsblackholeproposedaodvFig. 10 Impact of Routing Overhead with varyingNo. of Flows8 Related WorkArunmozhi S.A. and Venkataramani Y. [1] haveproposed the Flow Monitoring (FMON) scheme forMANETs that is resistant to the Reduction ofQuality (RoQ) attack. RoQ attack is a new style ofDDoS attack which is difficult to detect. RoQattacks throttle the TCP throughput heavily andreduce the QoS to end systems gradually rather thanArunmozhi Annamalai, Venkataramani Yegnanarayananrefusing the clients from the services completely.The FMON protocol employs MAC layer-baseddetection scheme and a response scheme based onExplicit Congestion Notification (ECN) marking.The scheme requires each node to maintain stateinformation for each aggregate in out traffic streamtraversing an input-output pair, as opposed to everyflow, thus making the scheme more scalable. Eachnode performs rate monitoring/adjustment functionson each in out stream to prevent DoS conditions.When a node experiences congestion due to attackflow, ECN mechanism helps the legitimate sender toreduce the sending rate. If the channel continues tobe congested, updated FMON helps to detect theattackers and reject the attacking flows. This makesthe network resources available to the legitimateusers. FMON protocol confirms the ability toprovide resistance against RoQ DDoS attacks.Jelena Mirkovic and Peter Reiher [2] haveproposed a source-end DDoS defense system thatachieves autonomous attack detection and adaptiveresponse at the source-end. Ping Yi et al. [3] havedeveloped Flooding Attack Prevention (FAP), ageneric defense against the Ad Hoc Flooding Attackin mobile ad hoc networks. The FAP is composed ofneighbour suppression and path cutoff. When theintruder broadcasts exceeding packets of RouteRequest, the immediate neighbours of the intruderobserve a high rate of Route Request and then theylower the corresponding priority according to therate of incoming queries. Ming-Yang Su [7] hasproposed several intrusion detection system (IDS)nodes which are deployed in MANETs in order todetect and prevent selective black hole attacks. TheIDS nodes estimate a suspicious value of a nodeaccording to the abnormal difference between therouting messages transmitted from the node.Supranamaya Ranjan et al. [8] have proposed acounter-mechanism called DDoS Shield againstDDoS attack that consists of a suspicion assignmentmechanism and a DDoS-resilient scheduler.Zhiqiang GAO and Zhiqiang [15] have proposed atechnique to defend against distributed denial ofservice attacks based on TCP. It uses proactive teststo identify and isolate the malicious traffic. ElmarGerhards-Padilla et al. [17] proposed a centralisedapproach, using topology graphs to identify nodesattempting to create a black hole. It performsplausibility checks of the routing informationpropagated by the nodes in the network. An alarm istriggered if the plausibility check fails.E-ISSN: 2224-2864 338 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONS9 ConclusionSecurity is an important feature for widedeployment of MANET. A variety of attacks havebeen discussed. In this paper, we have analyzed twotypes of DDoS attacks such as flooding attack andblack hole attack. Defense scheme against RREQflooding attack based on binary exponential backoffand RREQ_RATELIMIT was proposed. Forresisting the data flooding attack, a FIMT schemewas developed based on the flow information. Theattackers are effectively identified with the proposedscheme. We have also described the black holeattack that can be mounted against a MANET, andproposed a feasible solution for it on the top ofAODV protocol to avoid the black hole attack, andalso prevented the network form further maliciousbehaviour. We have developed a NRMT scheme forMANETs that is resistant to the black hole attack.The scheme identifies the attacker based on timinginformation and destination sequence number.Hence a secure routing is provided with theproposed solution. Simulation is carried out usingNS2. Simulation results validate the effectiveness ofour proposed schemes. The experimental resultsprove that the proposed solution improves thenetwork performance. The proposed defensemechanisms can also be applied for securing thenetwork from other routing attacks by changing thesecurity parameters in accordance with the nature ofthe attacks. As a future work, we plan to experimentthe proposed scheme for securing the network withother routing protocols and also to experiment thescheme for Preventing Cooperative Attacks inMobile Ad Hoc Networks.References:[1] S.A.Arunmozhi and Y.Venkataramani, A FlowMonitoring Scheme to Defend Reduction-of-Quality (RoQ) Attacks in Mobile Ad-hocNetworks, Information Security Journal: AGlobal Perspective, Vol.19, No.5, 2010, pp.263- 272.[2] Jelena Mirkovic and Peter Reiher, D-WARD: ASource-End Defense against Flooding Denialof-ServiceAttacks, IEEE Transactions OnDependable And Secure Computing, Vol. 2, No.3, 2005, pp. 216-232.[3] Ping Yi, Zhoulin Dai, YiPing Zhong andShiyong Zhang, Resisting Flooding Attacks inAd Hoc Networks, Proceedings of theInternational Conference on InformationTechnology: Coding and Computing (ITCC'05),Vol. 2.Arunmozhi Annamalai, Venkataramani Yegnanarayanan[4] Hyojin Kim, Ramachandra Bhargav Chitti, andJooSeok Song, Novel Defense Mechanismagainst Data Flooding Attacks in Wireless AdHoc Networks, IEEE Transactions onConsumer Electronics, Vol. 56, No. 2, May2010, pp. 579-582.[5] N. Karthikeyan, V. Palanisamy and K.Duraiswamy, Optimum Density Based Modelfor Probabilistic Flooding Protocol in MobileAd Hoc Network, European Journal ofScientific Research, Vol.39, No.4, 2010,pp.577-588.[6] Xuan Yu, A Defense System On Ddos AttacksIn Mobile Ad Hoc Networks, Ph.D dissertation,Auburn University, Alabama, May 2007.[7] Ming-Yang Su, Prevention of selective blackhole attacks on mobile ad hoc networks throughintrusion detection systems, ComputerCommunications, Vol. 34, 2011, pp. 107–117.[8] Supranamaya Ranjan, Ram Swaminathan,Mustafa Uysal, Antonio Nucci and EdwardKnightly, DDoS-Shield: DDoS-ResilientScheduling to Counter Application LayerAttacks, IEEE/ACM Transactions OnNetworking, Vol. 17, No. 1, February 2009, pp.26-39.[9] Amey Shevtekar and Nirwan Ansari, A routerbasedtechnique to mitigate reduction of quality(RoQ) attacks, Computer Networks, Vol. 52,2008, pp. 957–970.[10] Ping Yi, Zhoulin Dai, Shiyong Zhang andYiping Zhong, A New Routing Attack inMobile Ad Hoc Networks, InternationalJournal of Information Technology, Vol. 11,No. 2, 2005, pp.83-94.[11] Michele Nogueira Lima, Aldri Luiz dosSantos and Guy Pujolle, A Survey ofSurvivability in Mobile Ad Hoc Networks,IEEE Communications Surveys & Tutorials,Vol. 11, No. 1, 2009, pp. 66-77.[12] S.Sanyal, A.Abraham, D. Gada, R.Gogri,P.Rathod, Z.Dedhia and N.Mody, Securityscheme for distributed DoS in mobile adhocnetworks. ACM, New York, 2004.[13] H. Deng, W. Li and D.P.Agrawal, Routingsecurity in wireless ad hoc networks, IEEECommunications Magazine, Vol. 40, No. 10,2002, pp. 70- 75.E-ISSN: 2224-2864 339 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONSArunmozhi Annamalai, Venkataramani Yegnanarayanan[14] P.Ebinger and M.Parsons, Measuring theImpact of Attacks on the Performance of MobileAd hoc Networks, ACM PE-WASUN:Proceedings of the 6th ACM InternationalSymposium on Performance Evaluation ofWireless Ad Hoc, Sensor, and UbiquitousNetwork, 2009.[15] Zhiqiang Gao and Zhiqiang, DifferentiatingMalicious DDoS Attack Traffic from NormalTCP Flows by Proactive Tests, IEEECommunications Letters, Vol. 10, No. 11, 2006,pp. 793-795.[16] Junhai Luo, Mingyu Fan and Danxia Ye,Black Hole Attack Prevention Based onAuthentication Mechanism, 11th IEEESingapore International Conference onCommunication Systems, 2008, pp.173-177.[17] Elmar Gerhards Padilla, Nils Aschenbruck,Peter Martini, Marko Jahnke, and Jens T¨olle,Detecting Black Hole Attacks in TacticalMANETs using Topology Graphs, Proceedingsof 32nd IEEE Conference on Local ComputerNetworks, 2007, pp. 1043-1052.[18] M.Al-Shurman, S.Yoo and S.Park, Blackhole Attack in Mobile Ad Hoc Networks. ACMSoutheast Regional Conference, 2004, pp. 96-97.[19] Jieying Zhou, Junwei Chen and HuipingHu, SRSN: Secure Routing based on SequenceNumber for MANETs, InternationalConference on Wireless Communications,Networking and Mobile Computing, 2007,pp.1569-1572.[20] Nital Mistry, Devesh C Jinwala andMukesh Zaveri, Improving AODV Protocolagainst Blackhole Attacks, Proceedings of theInternational Multiconference of Engineers andComputer Scientist, Hong Kong, Vol. II, 2010.[21] Z.Gao and N.Anzari, Differentiatingmalicious DDoS attack traffic from normal TCPflows by proactive tests, IEEE CommunicationsLetters, Vol. 10, No. 11, 2006, pp. 793-795.[22] X.Wu and D.K.Y Yau, Mitigating denialof-serviceattacks in MANET by distributedpacket filtering: A game-theoretic approach,Proceedings of the 2nd ACM Symposium onInformation, Computer and CommunicationSecurity, 2006, pp. 365–367.[23] P.Ebinger and M.Parsons, Measuring theimpact of attacks on the performance of mobilead hoc networks. ACM PE-WASUN:Proceedings of the 6th ACM InternationalSymposium on Performance Evaluation ofWireless Ad Hoc, Sensor, and UbiquitousNetworks, Canary Islands, Spain, 2009.[24] J.Haggerty, Q.Shi and M.Merabti,Statistical signatures for early detection offlooding denial-of-service attacks, Security andPrivacy in the Age or ubiquitous Computing,IFIP Advances in Information andCommunication Technology, Vol. 181, 2005,pp. 327-341.[25] X.Luo, E.W.W.Chan and R.K.C.Chang,Detecting pulsing denial-of-service attacks withnondeterministic attack intervals, EURASIPJournal on Advances in Signal Processing,Vol.2009, pp.1-13.[26] S. Buchegger and J. Boudec, Nodes BearingGrudges: Towards Routing Security, Fairness,and Robustness in Mobile Ad Hoc Networks,Proceedings of the 10th Euromicro Workshopon Parallel, Distributed and Network-basedProcessing, Canary Islands, Spain, 2002.[27] S. Marti, T. Giuli, K. Lai, and M. Baker,Mitigating Routing Misbehavior in Mobile AdHoc Networks, Proc. of the Sixth AnnualInternational Conference on Mobile Computingand Networking (MOBICOM), Boston, 2000.S. A. Arunmozhi obtained her B.E.degree from Regional EngineeringCollege, Trichy, and M. Tech. fromNational Institute of Technology,Trichy. She is an Associate Professorat Saranathan College ofEngineering. Her research interests are in ComputerNetworks and Wireless Network Security.E-ISSN: 2224-2864 340 Issue 9, Volume 11, September 2012

WSEAS TRANSACTIONS on COMMUNICATIONSArunmozhi Annamalai, Venkataramani YegnanarayananDr. Y. Venkataramani obtained hisB. Tech. & M. Tech. degrees fromIndian Institute of Technology,Chennai, and Ph.D. from IndianInstitute of Technology, Kanpur. Hehas served as a faculty for 34 yearsat National Institute of Technology, Calicut. He ispresently Dean (R & D) and P.G. Professor atSaranathan College of Engineering, Trichy. Hisareas of interest of include Computer Networks,Speech Processing and Image Processing.E-ISSN: 2224-2864 341 Issue 9, Volume 11, September 2012