Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Detection for Black Hole and Gray Hole in MANETs.

Published byMoises Gervase Modified over 9 years ago

Similar presentations

Presentation on theme: "Intrusion Detection for Black Hole and Gray Hole in MANETs."— Presentation transcript:

1 Intrusion Detection for Black Hole and Gray Hole in MANETs

2 S E G D F H C B M A Black hole and gray hole attack

3 S E G D F H C B M A 1 1 2 2 2 3 3 3 4 4 1

4 S E G D F H C B M A

5  Black hole: drop all data packets & cheat the previous node.  Gray hole: drop part of the data & cheat the previous node.  Gray Magnitude: the percentage of the packets which are maliciously dropped by an attacker(a node received 100 packets, and forwarded 70 packets, gray magnitude=70%)  Black hole drop 100% (special gray hole)  Goal of this paper: find the black or gray hole, and calculate the Gray Magnitude.  They calculate the Gray Magnitude to make sure the node is a gray hole, in case of mismarking(collision problem). Black hole and gray hole attack

6 A Path-based Detecting Method S A D B C E A, C, E, B are neighbors of S, Only A is on the path to D, so S only watch A.

7 A Path-based Detecting Method S A D 1, every node should keep a FwdPktBuffer; 2, S send p01 to A, a signature is added into the FwdPktBuffer and S overhears A. 3, when A forwards P01, S releases the signature. B Forward Packet Buffer Sign 01 Overhear Sign 01 Overhear

8 overhear rate S A B D Explain: A forward 10 packets to B------------total overheard packer number=10; B forward 8 packets to D -----------total forwarded packer number=8; Overhear rate: OR=10/8 If the forwarding rate is lower than the overheard(8<10), the detecting node(A) will consider the next hop(B) as a black or gray hole. Latter, the detecting node(A) would avoid forwarding packets through this suspect node(B). 10 8

9  ln this scheme, each node only depends on itself to detect a black or gray hole. The algorithm does not send out extra control packets so that Routing Packet Overhead  requires no encryption on the control packets to avoid further attacks on detection information sharing  There is no need to watch all neighbors' behavior. Only the next hop in the route path should be observed. As a result, the syste1n performance waste on detection algorithm is lowered. Advantage of the Algorithm

10  When A find B is a BH or GH, A chooses another path. A Path-based Detecting Method: SA D B C Watch dog: SA D B C  When A find B is a BH or GH, A tell S to choose another path.

11  In fig 2, Node S is source node and Node C is destination node.  Packet I is transmitted from Node B to Node C. At the same time, Packet 2 is transmitted from Node S to Node A.  Consequently, Packet 1 and Packet 2 will collide at Node A.  Then Node S will retransmit Packet 2; but Packet 1 will not be sent again because Packet 1 has been received by Node C successfully.  As a result, Node A misses Packet l and treats it being dropped by Node B deliberately. Collision problem

12 How do they define whether a node is a gray hole or not? OR(N) <(I-Tf ) ·(l- ACR(N)) Td(N) = 1- (l - T1 ) ·(l - ACR(N)) But briefly, when Dropped packets > collided packets The next node is a gray hole. They use a lot of equations to calculate the drop packets rate, the overheard rate and the collided rate

13  maximum transmission range is 250m  distance between two neighbors is 200m  so that a node can only have 4 neighbors Simulation Results and Discussion

14  Overall Packet Delive1y Rate: the percentage of the data packets which are actually received by the destination.  GM = gray magnitude  Based on this result, we will only focus on gray hole With gray magnitude of 0.6 or above, because a lower gray magnitude cannot bring about great damage to the network

15 Reported Collision Rate

16 Detection Rate

17

18  Detection Rate & False Positive Rate vs. Gray Hole Number: Detection threshold is set to 0.6, and the attackers' gray magnitude is between 60% to 100%  Approximately, detection rate still keeps above 90%, and false positive rate is lower than 5%. This result reflects that our detection scheme is valid for attackers with gray magnitude between 60% and l 00%.

19  1, What is Gray Magnitude ?  the percentage of the packets which are maliciously dropped by an attacker(a node received 100 packets, and forwarded 70 packets, gray magnitude=70%)  Black hole drop 100% (special gray hole)  2, What is FwdPktBuffer?  Forward packet buffer.(put forwarded packet’s signature)  3, What’s the difference between A Path-based Detecting Method and Watchdog mechanism? Questions:

20  When A find B is a BH or GH, A chooses another path. A Path-based Detecting Method: SA D B C Watch dog: SA D B C  When A find B is a BH or GH, A tell S to choose another path.

Download ppt "Intrusion Detection for Black Hole and Gray Hole in MANETs."

Similar presentations

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Collaborative Attacks on Routing Protocols in Ad hoc Networks Neelima Gupta University of Delhi India.

Collaborative Attacks on Routing Protocols in Ad hoc Networks Neelima Gupta University of Delhi India.
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.

21-23 November, 2012, 5th IDCS, Wu Yi Shan, China Smartening the Environment using Wireless Sensor Networks in a Developing Country Presented By Al-Sakib.
DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.

DSR The Dynamic Source Routing Protocol Students: Mirko Gilioli Mohammed El Allali.
Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.

Mitigating Routing Misbehavior in Mobile Ad Hoc Networks By Sergio Marti, T.J. Giuli, Kevin Lai, & Mary Baker Department of Computer Science Stanford University.
1 Location-Aided Routing (LAR) in Mobile Ad Hoc Networks Young-Bae Ko and Nitin H. Vaidya Yu-Ta Chen 2006 Advanced Wireless Network.

1 Location-Aided Routing (LAR) in Mobile Ad Hoc Networks Young-Bae Ko and Nitin H. Vaidya Yu-Ta Chen 2006 Advanced Wireless Network.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team 2009.07.20.

Defending Against Traffic Analysis Attacks in Wireless Sensor Networks Security Team
Transmission Time-based Mechanism to Detect Wormhole in Ad-hoc Networks Tran Van Phuong U-Security Group RTMM Lab, Kyung Hee Uni, Korea 2006.11.10.

Transmission Time-based Mechanism to Detect Wormhole in Ad-hoc Networks Tran Van Phuong U-Security Group RTMM Lab, Kyung Hee Uni, Korea
A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.

A Probabilistic Misbehavior Detection Scheme towards Efficient Trust Establishment in Delay-tolerant Networks Haojin Zhu, Suguo Du, Zhaoyu Gao, Mianxiong.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni

Jorge Hortelano, Juan Carlos Ruiz, Pietro Manzoni
On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences.

On Security Study of Two Distance Vector Routing Protocols for Ad Hoc Networks Weichao Wang, Yi Lu, Bharat Bhargava CERIAS and Department of Computer Sciences.
Wireless Capacity. A lot of hype Self-organizing sensor networks reporting on everything everywhere Bluetooth personal networks connecting devices City.

Wireless Capacity. A lot of hype Self-organizing sensor networks reporting on everything everywhere Bluetooth personal networks connecting devices City.
SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.

SUMP: A Secure Unicast Messaging Protocol for Wireless Ad Hoc Sensor Networks Jeff Janies, Chin-Tser Huang, Nathan L. Johnson.
Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.

Mitigating routing misbehavior in ad hoc networks Mary Baker Departments of Computer Science and.
Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.

Denial of Service Resilience in Ad Hoc Networks Imad Aad, Jean-Pierre Hubaux, and Edward W. Knightly Designed by Yao Zhao.
Congestion Control and Fairness for Many-to-One Routing in Sensor Networks Cheng Tien Ee Ruzena Bajcsy Motivation Congestion Control Background Simulation.

Congestion Control and Fairness for Many-to-One Routing in Sensor Networks Cheng Tien Ee Ruzena Bajcsy Motivation Congestion Control Background Simulation.
Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Security of wireless ad-hoc networks. Outline Properties of Ad-Hoc network Security Challenges MANET vs. Traditional Routing Why traditional routing protocols.

Similar presentations

Ads by Google