Performance Analysis of Malicious Node Detection and Elimination Using Clustering Approach on

Mobile Ad hoc Network (MANET) is a significant concept of wireless networks which comprises of thousands of nodes that are mobile as well as autonomous and they do not requires any existing network infrastructure. The autonomous nodes can freely and randomly move within the network which can create temporary dynamic network and these networks can change their topology frequently. The security is the primary issue in MANET which degrades the network performance significantly. In this paper, cluster based malicious node detection methodology is proposed to detect and remove the malicious nodes. Each node within the cluster gets the cluster key from the cluster head and this key is used for the data transaction between cluster head and node. The cluster head checks this key for every data transaction from node and match with their cluster table. If match is valid, and then only it will recognize that this node is belongs to this cluster, otherwise it is decided as malicious node. This paper also discusses the detection of link failure due to the presence of malicious node by determining the gain of each link in the network. The performance of the proposed method is analyzed using packet delivery ratio, network life time, and throughput and energy consumption. The proposed malicious node detection system is compared with the conventional techniques as OEERP (Optimized energy efficient routing protocol), LEACH (Low energy adaptive clustering hierarchy), DRINA (Data routing for In-network aggregation) and BCDCP (Base station controlled dynamic clustering protocol).


Introduction
Mobile Ad hoc networks (MANETs) are the currently emerging communication infrastructure which finds its application in several significant fields such as mobile devices and military applications in case of disaster and other crisis operations.MANETs are defined as the category of wireless networks that utilize multi-hop radio relaying and are capable of operating without the support of any fixed infrastructure (i.e.infrastructure less).The absence of any central coordinator or base station makes the routing a complex one compared to cellular networks.Ad hoc wireless network topology for the mobile network is shown in Figure 1.The communication between two nodes far apart takes place through an intermediate node.In a MANET, the routing and resource management are done in a distributed manner in which all nodes coordinate to enable communication among them.This requires each node to be more intelligent so that it can function both as a network host for transmitting and receiving data and as a network router for routing packets from other nodes.
MANETs are susceptible to extensive ranges of security attack which is mostly caused due to its rapid real time exploitation, infrastructure-less wireless communication channels, and the hostile environments in which they may be deployed, making them susceptible to a wide range of security attacks described in [1]- [3].Due to the quick and economically less demanding deployment of MANETs, they are used in military applications, collaborative and distributed computing emergency operations, etc.The security of communication in MANET is very important, especially in military applications.The lack of any central coordination and shared wireless medium makes them more vulnerable to attacks than wired networks.
Many research works have focused on the security of MANETs.Most of them deal with prevention and detection approaches to combat individual misbehaving nodes.Generally, the attacks against MANETs can be classified into two types: passive and active attacks.Passive attacks refer to the attempts made by malicious nodes to perceive the activities, whereas the active attacks are attacks performed by the malicious nodes that bear some energy cost to perform the attack.When more malicious nodes join together, then they perform a collaborative attack, causing more destructive damages to the network.In such a situation, a malicious node (black hole node) attracts all the packets using forged Route Reply (RREP) packet to wrongly choose the "fake" shortest route towards the destination and then discard these packets without forwarding them to the destination.In the case of gray-hole attacks, a node is not initially recognized as malicious since it turns malicious only at a later stage, thus a secure communication cannot be performed since its existence within the network cannot be identified.The malicious node then selectively forwards or discards the data packets as the packets go through it.
The various categories of attacks produced by the malicious nodes include Rushing attack, Black hole attack, Neighbor attack, Jellyfish attack and Denial of Service (DoS) attack.In Black hole attacks, all data packets are received on other paths instead of the actual routing path.In Rushing attack, as the source nodes flood the network with route discovery packets to locate routes to the destinations, each intermediate node processes only the first original packets and the duplicate packets are discarded which arrives later on.A rushing attacker makes use of this duplicate suppression mechanism by quickly forwarding route discovery packets to access the forwarding group.In Jellyfish attack, the forwarding group is first intruded and then the data packets are delayed unnecessarily for a certain time before forwarding.These results in significantly high end-to-end delay and thus the performance of real-time applications get degraded.Neighbor attack is that, upon receiving a packet, an intermediate node records its ID in the packet before forwarding the packet to the next node.An attacker simply forwards the packet without recording its ID in the packet making two nodes that are not within the communication range of each other to believe that they are neighbors.Denial-of-Service attack is an attack, in which the nodes are prohibited to send and receive data packets to its destinations.
In this paper we have taken insight of intrusion detection systems and different attacks on MANET security.Then we propose a technique in cluster based intrusion detection system which eliminates the malicious nodes.

Literature Survey
Chand et al. [4] proposed a cluster-based routing protocol "Optimized Energy Efficient Routing Protocol" (OEERP) using the principle of uniform battery drain of nodes.The election of Cluster Head (CH) occurs randomly and once the cluster head is selected, the CH broadcasts an advertisement message to all the nodes.A few nodes that are left out during cluster formation may become a member of any other cluster or may become a cluster head of any other cluster.Singh et al. [5] presented LEACH (Low Energy Adaptive Clustering Hierarchy) protocol to form a cluster of self-organizing nodes.The cluster heads were selected in a random manner based on the highest energy and accessibility.The selected cluster head performed data fusion for data compression and helped in increasing the network lifetime and throughput.The entire knowledge of the network was not necessary to cluster the nodes in the wireless environment, in this protocol.
Abidoye et al. [6] have made use of Data Routing for In-Network Aggregation (DRINA) protocol which performs Routing Tree construction to find the shortest path linking all the nodes within the network.The base station after receiving the node's information, it starts the formation of clusters using these nodes.The intermediate nodes between the cluster head and the destination node are called Relay nodes and forward the sensed data.Chatterjee et al. [7] proposed the Base-station Controlled Dynamic Clustering Protocol (BCDCP) for the routing of a centralized network.The base station after receiving the energy level of all the sensor nodes, cluster formation is performed and the cluster head is selected.This method splits the whole network into two sub-clusters, and then further into many small clusters up to the required level.The Cluster Heads are placed far apart within the network to provide uniform coverage all over the network.The BCDCP method implemented CH to CH multi-hop routing scheme using the minimum spanning tree, to identify the lowest energy path for routing and to forward the messages like Cluster formation and CH information in this route.
Rejina Parvin and Vasanthanayaki [8] have used Particle Swarm Optimization (PSO) based clustering algorithm for the detection of residual nodes in wireless sensor networks.The implementation of PSO avoids individual node formation since clustering is performed until every node becomes a member of any other cluster, thus improving the network lifetime.Using this method, the term force between the CHs is considered during route construction phase to determine the next best hop.Chang et al. [9] implemented Cooperative Bait Detection Approach for the detection of malicious nodes in MANETs.Their method attempted to detect the malicious nodes by designing a dynamic source routing (DSR)-based routing mechanism, which is referred to as the cooperative bait detection scheme (CBDS), which is a combination of both proactive and reactive defense schemes.
Proactive detection schemes [10]- [14] are schemes that constantly detect or monitor the nearby nodes.In these schemes, despite the existence of malicious nodes, the overhead of detection is constantly created.Liu et al. [12] proposed a 2ACK Proactive detection scheme to detect the routing misbehaviors in MANET.In their method, after the data packets are successfully received, the two-hop acknowledgement packets are sent in the opposite direction to signify the successful reception of packet.Deng et al. [13] designed Mobility Based Clustering (MBC) protocol, in which all the sensor nodes possess an opportunity in electing the cluster head based on the threshold value.MBC protocol performed better than LEACH, HEED and other protocols on mobility-based environment, but failed to address the critical node occurrence problem which causes packet dropping, link breakage and reduces the network utilization.
Xue and Nahrstedt [15] proposed the best-effort fault-tolerant routing (BFTR) method.Their BFTR scheme used end-to-end acknowledgements to monitor the quality of the routing path (measured in terms of packet de-livery ratio and delay) to be chosen by the destination node.The source node selects a different route under the situation that the path deviates from a predefined behavior set for determining "good" routes.The main demerit of BFTR is that malicious nodes may still exist in the new chosen route, and this scheme is subjected to repeated route discovery processes.
The conventional methods were based on clustering and no security issues were considered.The link failure due to malicious nodes was considered in the conventional protocol.This paper proposes a malicious node detection technique using clustering based approach and provides solution for link loss due to malicious nodes.It will increase the performance of the MANET system.

Cluster Based Malicious Node Detection
MANET consists of number of nodes spreading over a certain area.The nodes are grouped into smaller regions, which are called as cluster.Each cluster has cluster head (CH) and it is responsible for controlling all the nodes within their limit.MANET consists of number of CHs and all CHs are linked with the sink.One CH can directly transmit the packet to the sink or through other CHs.Each CH maintains a cluster table and each node maintains a neighbor table.The cluster table consists of the details of all nodes, the distance from cluster head to each node within the cluster and cluster key.
Figure 2 shows the cluster formation in MANET environment.It consists of clusters named as Cluster 1 and Cluster 2. Cluster 1 contains the nodes N1 to N7 and it maintains a cluster table.The format for cluster table of each cluster is given as described in Table 1.
Each node within the cluster gets the cluster key from the cluster head and this key is used for the data transaction between cluster head and node.The cluster head checks this key for every data transaction from node and match with their cluster table.If match is valid, and then only it will recognize that this node is belongs to this cluster.

Determination of Euclidean Distance (ED)
The Euclidean distance (ED) between each node within a cluster and cluster head is determined using the following expression, ( ) ( ) where, (x 1 , x 2 ) represents the coordinates of the cluster head location and (y 1 , y 2 ) represents the coordinates of the node within the cluster.The Euclidean distances are variable due to the mobility of the nodes in and out from the cluster.The mobility of the node can be determined as, ( ) ( ) where, W denotes the weight of the node, V t-1 is the previous velocity of the node, P t-1 is previous location of the node and P t is the current location of the node.The weight of each node can be computed as, where, "a 1 " and "a 2 " represents constant value and it follows {a 1 , a 2 } ε {0 to 1}; and 3 where, ( ) denotes the distance from cluster head to the neighbouring nodes around the cluster head and c n denotes number of cluster heads.

Determination of Number of Clusters
Number of clusters in a mobile ad-hoc network can be found by the Equation ( 7), where, M and N represent the width and height of the network area, respectively.X and Y represent the width and height of each cluster area, respectively.Let us assume the width and height of each cluster is equal and it is assumed as X Y t = = .Then Equation ( 7) can be re-written as, The radius "r" of each cluster is related with t and it is given as, Then, Equation ( 9) can be written as,
The following procedure is adopted for generating first 8-bit key as, Step 1: For example, the key (1010000010) is permuted to (1000001100).
Step 4: Pick out and permute 8, (don't use 1 and 2) which will generate first 8-bit key (K1), of the 10 bits according to the following rules: Step 5: Follow the same procedure for LS-2 to generate next 8-bit key "K2" Step 6: XOR the two 8-bits K1 and K2 and resultant 8-bit key is assigned as node key for the first node within the cluster.
Step 7: Initial 10-bit key is changed randomly and apply the steps 1 to 6 inorder to generate the next 8-bit key for the next node within the cluster.

Algorithm to Remove the Malicious Node
Step 1: The cluster head finds the malicious node and add this node to malicious node list available in cluster table.
Step 2: Send this malicious node list to all the cluster heads in the MANET.
Step 3: All cluster heads broadcast this information to their corresponding nodes within their cluster limit.
Step 4: If the data coming from the malicious node, then the nodes within the cluster does not respond to the malicious nodes.

Detection of Link Faults
The link faults in the mobile adhoc networks will affect the performance of the routing.The faults in the network occur due to the link failure between nodes in the network.The faults are categorized into persistent faults and transient faults.The faults in the network can be occurred due to the following reasons:  Low battery in nodes in the network. Physical/Hardware problem. Obstacles in the nodes.
The faults in the node due to the above reasons are called as persistent faults.Transient noises are occurred due to background noises.In this paper, the persistent faults are detected and alternate routing is selected.The lossy of the link in the node is determined by estimating average loss rate in the node.
Figure 4 shows the detection of link failure based on link cost algorithm.There are three primary source nodes s 1 , s 2 and s 3 .All these three source nodes send the data to the sink.Node s 1 use the links l 2 and l 1 to reach the sink.Node s 2 use the links l 3 and l 1 to reach the sink.Node s 3 use the links l 4 and l 1 to reach the sink.The node s 3 also may send the data to the sink through link l 5 .Each link in the network has 1 unit link cost.Assume link l 1 and l 5 are lossy links.These lossy links can be determined using link cost algorithm as described in the following: Step 1: Determine the probability of the link to be lossy.In Figure 4, there are five links and each link has 0.2 probabilities for a link to be lossy.
Step 3: Find the gain of each link in the network as described in Equation ( 11).
( ) where, k p is the probability of a link to be fault.kb Φ is the cost of the link when the particular link is fault.
kg Φ is the cost of the link when the particular link is not-fault and C k is the cost of the link to be tested.
Step 4: Find the lowest gain of the link and this link is concluded as a faulty link.
The following parameters are used to determine the performance of the proposed method.

 Packet delivery ratio (PDR):
It is defined as the ratio of the number of packets correctly received at the destination node to the total number of packets sent by the source node.The average packet delivery ratio is given by the expression as: where, Packets d N is the number of packets received at the destination node and Packets s N is the number of packets sent from the source node.

 Network life time:
It is defined as the total time taken for the packet to reach the destination from source node.The network life time will be high when there are large numbers of nodes between source and destination node.

 Throughput:
The rate at which the total amount of packets transmitted from source to destination node over a time period "t" is called as throughput.It is simply defined as the number of bits transmitted per second.It is expressed as,

Throughput
Total number of bits time t = ∑ '' Throughput is defined as the number of bits successfully transmitted to the destination over a time period.

Results and Discussion
The proposed clustering technique is implemented using Network Simulator 2.0.For measuring performance analysis purpose, we have carried out a thorough experimental analysis to understand the impact of the proposed clustering mechanism on MANET.Table 2 shows the initial network parameters for performance evaluation.
Total number of nodes used in this paper is 100 and these nodes are spread over 1000 × 1000 m.Each node has 1000 J of initial energy and packet size of 512 bytes.
The proposed malicious node detection system is compared with the conventional techniques as OEERP (Optimized energy efficient routing protocol) [3], LEACH (Low energy adaptive clustering hierarchy) [4], DRINA (Data routing for In-network aggregation) [5] and BCDCP (Base station controlled dynamic clustering protocol) [6] using the following performance evaluation parameters.
Packet delivery ratio (PDR): PDR defines the percentage of number of packets correctly received at the receiver side.For better performance of the system, PDR should be high.The PDR is high when there is a high number of nodes between source and destination and it will reduces the packet losses.Table 3 shows the PDR of the proposed system with conventional system.The PDR gradually increases over linear increment of number of nodes in the proposed system.The maximum PDR achieved in proposed system is 98% at 300 ms time duration.

 Network life time:
The network life time will be high when there are large numbers of nodes between source and destination node.Table 4 shows the network life time over different time period of the proposed method with conventional methods.

 Throughput:
Throughput is defined as the number of bits successfully transmitted to the destination over a time period.The performance of the system is improved if the throughput is high.Table 5 shows the performance comparisons of proposed method with different conventional protocols.From Table 5, the throughput of the proposed system is proved to be better than the conventional systems.

 Energy consumption
The network life time can be improved by reducing total energy consumption.The energy consumption of the node is based on sensing the data, conversion from one format to another format and transmission.The energy consumption of the individual node in MANET is computed as,   where, the initial energy of the node is denoted as node initial

E
and the energy after processing the data is denoted as E r The total energy consumption of the network is computed as, _ 1 where, "n" represent number of nodes in the network.The total energy consumption is based on the number of nodes available in the network.The energy consumption will be high when there are large numbers of nodes in the network.The energy consumption of the proposed method is compared with conventional methods at different time slots and it is illustrated in Table 6.The energy consumption of the proposed method is compared with other protocols OEERP, LEACH, DRINA and BCDCP.From Table 6, there is a linear increment of energy consumption over different time slots.The proposed method consumes low energy consumption when compared with other conventional protocols.The network life time will be improved by consuming less energy.

Conclusion
The malicious nodes in the MANET are detected and removed using clustering approach.Each node within the cluster gets the cluster key from the cluster head and this key is used for the data transaction between cluster head and node.The cluster head checks this key for every data transaction from node and matches with their cluster table.If the match is valid, then only it will recognize that this node is belongs to this cluster, otherwise it is decided as malicious node.This paper also discusses the detection of link failure due to the presence of malicious nodes by determining the gain of each link in the network.

Table 1 .
Cluster table for the nodes in a cluster.

Table 4 .
Network life time comparisons.