Advertisement

Arabian Journal for Science and Engineering

, Volume 40, Issue 12, pp 3583–3594 | Cite as

A Novel Intrusion Detection System Based on Trust Evaluation to Defend Against DDoS Attack in MANET

  • M. PoongodiEmail author
  • S. Bose
Research Article - Computer Engineering and Computer Science

Abstract

With the increasing demand of data communication in Internet and electronic commerce environments, security of the data is the prime concern. Large-scale collaborative wireless mobile ad hoc networks may face attacks and damages due to harsh behavior of the malicious nodes. To protect the systems from the intrusion of the attackers, security of the system has to be improvised. In researches involving the designing of the intrusion detection system (IDS), performance efficiency of the system is bound to be compromised. For an effective data communication process in the secured system, there is a need for better IDS without reducing the performance metrics. Intrusion detection is the progression of monitoring node movements and data transmission events that occur in a system for possible intrusions. Distributed denial of service (DDOS) attacks are the primary threat for security in the collaborative wireless Mobile Ad hoc networks. The attacks due to DDOS are much severe when compared to the non DDOS attacks. So proper preventive measures are necessary to detect and revoke such attacks. Our proposed approach involves trust-based evaluation wherein the intrusion detection is done using secured trust evaluation policies. In this paper, a novel IDS is designed using the trust evaluation metrics. This is used for the detection of the flooding DDOS attacks in the networked architecture. The proposed system combines the existing Firecol-based security procedures with Dynamic Growing Self-Organizing Tree Algorithm in the trust evaluation-based environment. Simulation results show that the Trust-based IDS is found to be better in terms of Security metrics viz. Detection probability and Performance metrics viz. Packet Data Ratio, Average Delay, Throughput and Energy Consumption.

Keywords

Cluster Collaborative networks Network security Self-organizing tree Trust evaluation Wireless mobile ad hoc networks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Milliken, J.; Selis, V.; Yap, K.M.; Marshall, A.: Impact of metric selection on wireless DeAuthentication DoS attack performance. IEEE Wirel. Commun. Lett. 2(5), 571–574 (2013)Google Scholar
  2. 2.
    Chung, C.-J.; Khatkar, P.; Xing, T.; Lee, J.; Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)Google Scholar
  3. 3.
    François, J.; Aib, I.; Boutaba, R.: FireCol: a collaborative protection network for the detection of flooding DDoS attacks. IEEE/ACM Trans. Netw. 20(6), 1828–1841 (2012)Google Scholar
  4. 4.
    Kompella, R.R.; Singh, S.; Varghese, G.: On scalable attack detection in the network. IEEE/ACM Trans. Netw. 15(1), 1034–1036 (2007)Google Scholar
  5. 5.
    Mzrak, A.T.; Cheng, Y.-C.; Marzullo, K.; Savage, S.: Detecting and isolating malicious routers. IEEE Trans. Dependable Secure Comput. 3(3), 230–244 (2006)Google Scholar
  6. 6.
    Tartakovsky, A.G.; Rozovskii, B.L.; Bla-zek, R.B.; Kim, H.: A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods. IEEE Trans. Signal Process. 54(9), 3372–3382 (2006)Google Scholar
  7. 7.
    Eric, Y.K.; Chan, H.W.; Chan, K.M.; Chan, P.S.; Chan, S.T.; Chanson, M.H.; Cheung, C.F.; Chong, K.P.; Chow, A.K.T.; Hui, L.C.K.; Hui, S.K.; Ip, C.K.; Lam, W.C.; Lau, K.H.; Pun, Y.F.; Tsang, W.W.; Tsang, C.W.; Tso, D.Y.; Yeung, S.M.; Yiu, K.Y.; Yu, W.J.: Intrusion detection routers: design, implementation and evaluation using an experimental testbed. IEEE J. Sel. Areas Commun. 24(10), 1889 (2006)Google Scholar
  8. 8.
    Collaborative Internet Worm Containment, Infrastructure Security”, PUBLISHED BY THE IEEE COMPUTER SOCIETY, 1540-7993/05/$20.00 © 2005 IEEE, IEEE SECURITY & PRIVACYGoogle Scholar
  9. 9.
    Manikopoulos, C.; Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. Telecommunications network security. IEEE Commun. Mag. 40(10), 76–82 (2002)Google Scholar
  10. 10.
    Aivaloglou E., Gritzalis S.: Hybrid trust and reputation management for sensor networks. Wirel. Netw. 16(5), 1493–1510 (2010)CrossRefGoogle Scholar
  11. 11.
    Poongodi, M.; Bose, S.: Design of Intrusion Detection and Prevention System (IDPS) using DGSOTFC in collaborative protection networks. In: Advanced Computing (ICoAC), 2013 Fifth International Conference on IEEE, 2013.Google Scholar
  12. 12.
    Poongodi, M.; Bose, S.; Ganesh kumar, N.: The effective intrusion detection system using optimal feature selection algorithm. Int. J. Enterp. Netw. Manag. Forth Coming issue. http://www.inderscience.com/info/ingeneral/forthcoming.php?jcode=ijenm (2015)
  13. 13.
    Poongodi M., Bose S.: The COLLID based intrusion detection system for detection against DDOS attacks using trust evaluation. Adv. Nat. Appl. Sci. 9(6), 574–580 (2015)Google Scholar
  14. 14.
    Tartakovsky, A.G.; Polunchenko, A.S.; Sokolov, G.: Efficient computer network anomaly detection by changepoint detection methods. IEEE J. Sel. Top. Signal Process. 7(1), 4–11 (2013)Google Scholar
  15. 15.
    Zargar, S.T.; Joshi, J.; Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)Google Scholar
  16. 16.
    Luo F., Khan L., Bastani F., Yen I.-L., Zhou J.: A dynamically growing self-organizing tree (DGSOT) for hierarchical clustering gene expression profiles. Bioinformatics 20, 2605–2617 (2004)CrossRefGoogle Scholar
  17. 17.
    Dopazo J., Carazo J.: Phylogenetic reconstruction using an unsupervised growing neural network that adopts the topology of a phylogenetic tree. J. Mol. Evol. 44, 226–233 (1997)CrossRefGoogle Scholar
  18. 18.
    Heylighen, F.: The science of self-organization and adaptivity. In: Kiel, L.D. (ed.) Knowledge Management, Organizational Intelligence and Learning, and Complexity. In: The Encyclopedia of Life Support Systems (EOLSS). Eolss Publishers, Oxford. http://www.eolss.net (2001)
  19. 19.
    Heylighen, F. : Complexity and self-organization. In: Bates, M.J.; Maack, M.N. Encyclopedia of Library and Information Sciences, CRC Press, Boca Raton (2009)Google Scholar
  20. 20.
    Oswaldo Aguirre, M.S.; Taboada, H.: A clustering method based on dynamic self organizing trees for post-pareto optimality analysis. Sciverse Science Direct, Procedia Computer Science 6 (2011) 195–200, Conference Organized by Missouri University of Science and Technology 2011- Chicago, ILGoogle Scholar
  21. 21.
    Li, X.; Zhou, F.; Du, J.: LDTS: a lightweight and dependable trust system for clustered wireless sensor networks. In: IEEE Transactions on Information Forensics and Security, pp. 451–551 (2013)Google Scholar
  22. 22.
    Bao F., Chen I.-R., Chang M.J., Cho J.-H.: Hierarchical trust management for wireless sensor networks and its applications to trust-based routing and intrusion detection. IEEE Trans. Netw. Serv. Manag. 9(2), 169–183 (2012)CrossRefGoogle Scholar
  23. 23.
    Fultz, N.; Grossklags, J.; Blue versus red, towards a model of distributed security attacks, in financial cryptography and data security. In: Dingledine, R.; Golle, P. (eds.) Lecture Notes in Computer Science, vol. 5628, pp. 167–183. Springer, Berlin (2009)Google Scholar
  24. 24.
    Liu P., Zang W., Yu M.: Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans. Inf. Syst. Secur. 8(1), 78–118 (2005)CrossRefGoogle Scholar
  25. 25.
    Criscuolo, P.J.: Distributed denial of service, tribe flood network 2000, and stacheldraht CIAC-2319, Department of Energy Computer Incident Advisory Capability (CIAC), UCRL-ID-136939, Rev. 1.,Lawrence Livermore National Laboratory, February 14, 2000Google Scholar
  26. 26.
    Mirkovic J., Reiher P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)CrossRefGoogle Scholar
  27. 27.
    Peng, T.; Leckie, C.; Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39, 1, Article 3 (2007)Google Scholar
  28. 28.
    RioRey, Inc. 2009-2012, RioRey Taxonomy of DDoS Attacks, RioReyTaxonomy Rev 2.3 2012 (2012). http://www.riorey.com/x-resources/2012/RioRey Taxonomy DDoS Attacks 2012.eps
  29. 29.
    Douligeris C., Mitrokotsa A.: DDoS attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)CrossRefGoogle Scholar
  30. 30.
    Poongodi M., Bose S.: A firegroup mechanism to provide intrusion detection and prevention system against DDoS attack in collaborative clustered networks. Int. J. Inf. Secur. Priv. 8(2), 1–15 (2014)CrossRefGoogle Scholar

Copyright information

© King Fahd University of Petroleum & Minerals 2015

Authors and Affiliations

  1. 1.Anna UniversityChennaiIndia

Personalised recommendations