Cooperative wireless sensor networks have drastically grown due to node co-opera - tive in unaltered environment. Various real time applications are developed and deployed under cooperative network, which control s and coordinate s the flow to and from the nodes to the base station. Though nodes are interlinked to give expected state behavior, it is vital to monitor the malicious activities in the network. There is a high end probability to compromise the node behavior that leads to catastrophes. To overcome this issue a Novel Context Aware - IDS approach named Context Aware Nodal Deployment-IDS (CAND-IDS) is framed. During data transmission based on node properties and behavior CAND-IDS detects and eliminates the malicious nodes in the explored path. Also during network deployment and enhancement, node has to follow Context Aware Cooperative Routing Protocol (CCRP), to ensure the reliability of the network. CAND-IDS are programmed and simulated using Network Simulator software and the performance is verified and evaluated. The simulation result shows significant improve ments in the throughput, energy consumption and delay made when compared with the existing system.
In the past ten years, wireless sensor network is getting more important due to various applications which make use of emerging technology. One of the main advantages of wireless sensor networks is that the fundamental devices used are cheap, intelligent which function in various network configurations. Wireless sensor networks can send and receive different types of data with various applications [
Cooperation among different devices in a multi-communication network is always a major issue. To provide the effective access between the hybrid networks a single strand protocol is required, which accepts the mobility based access and delivers the useful information to the end users. Cooperative network is an efficient mode to explore the quality in ad hoc, cellular, vehicular and wireless sensor networks. The prime focus is to distribute or share the load between the nodes and thus by extending the life time. Cooperative network is essential because of distinct technologies utilized by various networks; there may be a significant impact on the users perceived service quality and resource utilization. The devices participating in the cooperative network should co-operate each other in terms of communication. Some of the generic features are to be corrected in MAC layer that will enable new protocol that supports in a cooperative network. The control elements in the cooperative network should not have keen account about the communication. It gives the platform to find the useful information between the global accesses. Major issues like routing updating, relaying and network coding are cumbersome. In case of heavy traffic the cooperative process functionally reduces its performance due to various reasons. Apart from data transmission, each node work is loaded to be a monitor node for other nodes in the network, secured way of information exchange between the nodes or between the networks, exploring alternate path in the network by local decision if malicious node identified. Detection is a common process which calls unconditionally at each node. If any detection means, information exchange will not happen, and leads to block the node with the help of the base station. The node which is called malicious by cooperation coefficient [
In the proposed approach, a nodal node is selected and whenever a node wants to transmit then a path is generated which comprises the nodal node. The nodal node has the control over the transmission. Nodes other than the nodes in the path are considered as malicious nodes and those nodes are eliminated from the path and the network.
In the cooperative network the malicious activity can disturb the network performance [
Yiqing Zhou et al. [
Laneman et al. [
Wireless channels physical characteristics are exploited implementing the security at physical layer. This technique in turn prevents intruders from intercepting the transmission between the sender and the receiver. Wyner et al. [
Wireless sensor network has certain limitations such as it should operate the nodes in specific energy level, there should be a possibility scarcity of the node, and no equal- distance approach maintain between the nodes though they were connected. Traffic between the nodes during communication is a major issue. Load on nodes due to overlap reduces the energy level high. To overcome these anomalies, certain measures are identified and implemented in proposed Context Aware Cooperative Routing Protocol.
In this paper detecting and eliminating malicious nodes using the proposed approach named CAND-IDS method. Where detecting the malicious node by monitoring all the sensor-nodes through nodal nodes in the network. The nodal node is deployed in all the layers where the number of nodal node is 1% of the total number of nodes deployed in the layer. Nodal nodes are monitoring and verifying the behavior and properties of the sensor-nodes in the explored path before data transmission. Verification is applied during and after data transmission, hence CAND-IDS can detect and provide prevention for malicious activities. In the earlier research work, the author attempt to analyze the route [
CCRP is flexible for node deployment, it is reliable with system behavior, it is scalable in terms of number of nodes and the size of the network increases and it is available throughout the communication. CCRP extends its functionality for various types of application under various domains. Since, it is cooperative network, nodes under CCRP cooperate with each other, aware the behavior of other nodes and they can easily identify the misbehavior node under various situations.
Consider a network G = (V, E), V is the set of all sensor nodes and E is the communication pointer between the sensors. Though it is connected graph it doesn’t mean that all sensor nodes interconnected with each other and it is cooperative. The path is the ways which nodes are identified between sources and sink node and it is open-path based on the nearest neighbor node. The basic assumption is the explored path doesn’t contain any cycle. The explored path must have one or more nodal nodes which act as a bridge between the sensor nodes in the path. Nodal node which in turn called as sensor node will keep track information about the set of nodes attached to this nodal node. The node is able to transmit data to any node in the network, nodes are deployed in random manner and all nodes are static in nature. Node to be added to the network based on the following conditions.
1) Node energy is greater than or equal to the commanded value.
2) The node should have a specific amount t of internal storage which is used to support during data transmission in case of any failure.
In this paper, it is assumed that the topology of the network is mesh, but the connections between the nodes are applicable when it requires. The network is differentiating in specific levels; each level has certain nodes [shown in
Nodal Node in each layer is selected by:
Let N = {N1, N2, ∙∙∙, Nm}
L1 = {N1, N2, ∙∙∙, Ni}
L2 = {N1, N2, ∙∙∙, Nj}
…
Ln = {N1, N2, ∙∙∙, Nk}
where (L1 È L2 È L3, ∙∙∙, È Ln) = N.
L1 is the highest energy gain nodes
Ln = centric node can access easily by all other nodes in the layer
Sn = (GN Ç Ln)
NN1 <- SN and these above criteria is considered for all the other layers.
A set of associated nodes in the path identified for data transmission is monitored and controlled by this nodal node. It has a provision to initiate data transmission or to skip some of the node associated with it from data transmission. The only restriction is this nodal node access is limited, to ensure safety access throughout the path.
The path considered for data transmission is {1, 3, 5, 13, 17, 23, 26} where 1 and 26 are the source and destination nodes available in the open-path depicted in
As per the protocol each node has internal storage to keep a replica of data packet if the sensor node is considered as nodal. Due to the different rounds nodal node will change according to energy level. Throughout the data transmission till sink node receives data, the nodal node participated in the path will keep redundancy of the data packet. This process is also called as “efficient check point” technique. After successful data transmission redundant data packets from nodal nodes is cleared along with the path. In case of contingency, the nodal node which has information about the data transmission where the data packet get lost. Hence, it initiates the transmission from the corresponding nodal node instead of transmitting from the source node. The general assumption here is nodal node has to wait for commendable timing which includes minimum delay between the nodes transmitted to a next nodal node. Once the data packet reached to next nodal node the previous nodal node shall reset the data packets stored. It makes the efficiency in terms of memory maintenance and less time.
Each node activity is monitored by nodal nodes in the layer. Here the algorithm identifies malicious nodes where 1) the node is a non-nodal node; if the node is not a part of the path in a data transmission and it is accessing the non-nodal sensor node in a path with different identity may or may not represent the other non-nodal nodes in the path. In this case, based on node information the nodal node easily identifies the nodes which try to compromise the node in the path and sends the information to the base station. If the node is considered as a compromised node in the path, in this case nodal node dismantle the path considered for data transmission and provides the information about the compromised node to the base station. Base station initiates the data transmission between the source and destination with different path by eliminating the compromised node permanently. 2) The node is a nodal node. If the nodal node is actively as a compromised node, then it reacts to explore the new path or it monitors and control beyond the allotted nodes in the path. In this case, data transmission is called OFF by the base station to establish data transmission between the source and destination with new nodal nodes. Say node Ny is a nodal node, Ny
Phase 1:
Phase 2:
Phase 3:
Algorithm for CCRP
Step 1: Initialize the network G with nodes deployment and the connection between them.
Step 2: Select the node N and the layer L in which it will be placed. i.e. n/L nodes will be placed in a layer Li.
Step 3: List out the number of layer L1, L2, L3, ∙∙∙, Ln and the nodes present in it.
Step 4: Exit if all the nodal nodes (Nn1, Nn2, ∙∙∙, Nmn) are identified in all the layers separated.
Algorithm for Check_point
Step 1: Find out all the nodes that are in the network G.
Step 2: For each layer Li, do the following:
1) Select the nodes that present in concerned layer Li.
2) Calculate the energy of all the nodes in that layer.
3) The node with the highest energy level will be elected as the nodal node for that layer.
Step 3: The step 2 has to be repeated for the other layers present in the network and the nodal node has to be elected as above.
Step 4: Select the path between the source and the destination with the nodal node in the selected path. Nodal node will have the details about the path and then it controls the transmission in it.
Algorithm for CAND_IDS
Step 1: Valid path given by the Check_Point will be the input.
Step 2: If any node not in the path tries to forward data to the nodes in the path then the nodal node will consider it as malicious and information about location of that node will be forwarded to the Base station. Base Station will eliminate this node from the network and in the future communications.
Step 3: If the node present in the path act as malicious node then the nodal node will stop the data transmission of that node and inform the base station.
Step 4: If the nodal node acts as a malicious node and if it tries to communicate with a node which is not a nodal node then the data transmission will be stopped.
CCRP algorithm initializes the network by node, node deployment, assigning nodal nodes based on higher energy and centric to the respective levels of the network. Based on the number of nodes in each level nodal node is identified by 1 to 2. If a node Ni needs to transmit data to node Nj then a path P is established inclusive of nodal nodes. Nodal nodes keep the information of data packets handled throughout the transmission. After successful delivery of data packet to next nodal node or to a destination node, the current nodal node shall clear the data information. In case of contingency, the latest nodal node is considered to initiate the data transmission from that point to destination node as per path information. If a sensor-node which is not considered in the path P but it is connected to graph G is considered as a compromising node tries to communicate with other sensor node in path P. Through this algorithm particular node is treated as a malicious node and information regarding the node is transferred to the base station (BS). BS will consider the issue by location information of the malicious node and eliminates the node from the network present and in the future rounds. If a sensor-node which is considered as a non-nodal node in path P, is ensured as malicious node and trying to communicate with other nodes which are not really communicable. In this case, nodal node identifies the malicious node and stops the data transmission with immediate effect and the same can be informed to BS and algorithm will initiate by eliminating malicious node. If a nodal node in the path P is identified as a malicious node and trying to communicate with the nodes in which nodes are not associated with the nodal set. In this case, BS calls OFF the data transmission by eliminating nodal node which misbehaves from the network and recalls the algorithm.
Theorem-1:
Let U be set of nodes which is finite and S be the set of nodes in path P and T' be the complement of S and then
The check point algorithm is coded in TCL language and simulated in Network Simulator-2. The parameters assigned for simulating the proposed CAND-IDS is given in
CCRP is derived from AODV protocol and many rounds of simulation are applied to verify the performance. Various rounds are verified with different number of nodes deployed in the network and it leads to verify the path with different number of nodes based data transmission effectiveness. In the initial round the node number is less com- pared with the other rounds and the measured performance value is also less. The performance is calculated in terms of number of malicious activities detected, throughput, energy and time taken for transmission with and without CAND-IDS inclusion. The obtained results are shown in Figures 2-8.
Parameter | Values Assumed |
---|---|
Examined Protocol | AODV, CCRP |
Number of Nodes | 100, 200, 300, 400, 500 |
Simulation Area Dimension | 1200 × 1200 sq m |
Simulation Time | 50 Sec |
Radio range | 250 m |
Traffic Type | CBR, 5 pkts/s |
Packet Size | 256 to 512 |
Traffic Connections | TCP/UDP |
Node Speed | 10 m/s |
Type of Attack | Generic |
approach the energy efficiency is a cumbersome when number of nodes are participated in a huge manner. The remaining energy after one round for various numbers of nodes in the simulation is shown.
be active to complete the data transmission. There is a minimum delay which has been noticed in the proposed approach, whereas earlier approach leads to stall for minimum or fixed delay in each case. Say for 100 nodes, time taken for a single round of operation, it requires 6 to 7 seconds. 18 to 19 seconds is recorded in case of 500 nodes deployed in a network.
In
Assume for 100 nodes 5 DoS attack node is exercised, the algorithm will refine all the 5 attack nodes and removal the same before data transmission. In further iterations, nodes were exercised for 500 and 9 intruder is considered as DoS, all the DoS attack nodes were identified and removed for layer and path interaction. Similarly for DDoS attacks the nodal nodes will identify the intruder; here this attack will be common to become compromised node in a network. Though the entry protocol defines set of rules for node, this DDoS will be generic to the environment; identification includes all the DDoS for the extent and eliminates it and network is reframed with all the remaining
nodes. Say for 300 nodes it detect 15 nodes out of 17 intruder nodes. Same for 500 node environment out of 28 nodes 27 intruder nodes were detected. Comparatively the algorithm suits to identify all the above said threat through nodal node analysis.
The performance of the proposed approach is evaluated by comparing the performance metrics, delay, throughput and detection rate is calculated and compared with the existing approach LBIDS, DAD [
delay taken by the LBIDS and CAND-IDS methods in terms of number of nodes. From
This paper describes the way of detecting and preventing malicious activity by monitoring approach. The proposed approach doesn’t affect the performance of the normal network functionality such as throughput, delay and energy consumption. The proposed approach has lots of benefits which make the cooperative network functions well than other networks without getting affected by any malicious threats. CAND-IDS provide a precise guideline for making efficient protocol for improving the QoS. The performed simulations are motivated to assess the efficacy of the proposed approach in terms of malicious detection without affecting the network behavior. The simulation is designed to obtain the entire performance variable by deploying various numbers of nodes in various rounds. From the simulation results CAND-IDS proved itself and it is an efficient method and its performance is better than the existing approach LBIDS in terms of energy consumption, throughput and delay taken. In future CAND-IDS can be extended by including data security using efficient cryptography method. Data security has not been considered in CAN_IDS and in a communication; security of the data is as important as the communication. A natural continuation of this work is to enrich the set of simulations to test variations in relevant factors or importance that were not considered in this work and their statistical analysis trying to discover relations among the factors which are identified in the experiments so far.
Gopal, R. and Parthasarathy, V. (2016) CAND-IDS: A Novel Context Aware Intrusion Detection System in Cooperative Wireless Sensor Networks by Nodal Node Deployment. Circuits and Systems, 7, 3504-3521. http://dx.doi.org/10.4236/cs.2016.711298