Accurate Detection of Multi-layer Packet Dropping Attacks Using Distributed Mobile Agents in MANET

Detecting multi-layer packet drop attacks may result in extraordinary computational overhead in Mobile Ad Hoc Networks (MANET). Most of the existing works consider only data packet drop ignoring the routing packets drops. In this paper, a technique for accurate detection of malicious multi-layer packet drop attacks using mobile agents (MPDDMA) is proposed. In this technique, mobile agents are deployed in each node to detect selective dropping of routing and data packets by the malicious nodes. The source node identities the nodes whose route request and route reply count significantly differs from others by a margin. Similarly, the source node identifies the nodes whose packet received count significantly differs from others by another margin. The source then applies Fuzzy logic decision model with these margin values and MAC layer packet drop value as input variables and returns the output as probability of maliciousness (PrM). Experimental results show that MPDDMA technique achieves better detection accuracy and reduced packet drops.


Introduction
MANET is an independent architecture of movable nodes which form a wireless network. In MANETs, the network topology may vary fast and randomly [1]. They are beneficial in presentation zones like tragedy managing crisis and saving processes where it is not at all likely to have definite set-up. MANETs are categorised by its inordinate suppleness. On the other hand, MANET's characteristic susceptibility upsurges their safety perils. Though MANETs are naturally active and supportive, it requires effectual and actual safety contrivances to protect the movable nodes. Interruption discovery and deterrence are main contrivances to lessen probable interruptions [2]. Because of the absence of approval amenities, it is tough to notice hateful nodes. In MANET, nodes may be battery-powered and may have very inadequate capitals that may do the usage of heavy-weight safety explanations disagreeable [3]. As the procedure of observation of nodes needs to be reiterated across numerous hops along a track, it experiences enormous communication overhead. Furthermore, midway observation nodes flop to notice the choosy tumbling bout [12].
Attack detection is a major concern of computer safety. It provides protection contrary to computer usage after physical, verification and admission control [4]. The old-fashioned method of defending wired/wireless systems with firewalls and encryption software is not adequate [5]. Because of the little sensing speediness and great incorrect optimistic amount of old-fashioned discovery methods, a novel design centred on movable means [6] have been industrialised. The Intellectual and movable features of the representative are chief benefits of using movable representatives [15]. There are three types of selective packet dropping attacks in MANET. In first type, the misbehaviour nodes may not forward the routing packets. In second type of attack, data packets may not be forwarded at the time of data delivery. In third type of attack, both routing and data packets may not be forwarded [16].

Problem Identification and Objectives
The Intelligent agent based IDS using multiclass SVM [2], the agent based IDS architecture [10] and the distributed mobile agent based IDS [11], need datasets for detecting DoS attacks only. Since it has a pre-processing phase, it consumes more time and results in high computational overhead. Moreover, it did not handle the misbehaviour attacks like packet dropping.
The MADSN [3] approach considers the packet drops only at the routing layer. But packet drops may occur at MAC layer also. Moreover, until the MA visits the malicious node, the packet drop attack could not be detected. The mobile agent based IDS [4] assumes the cluster heads are honest, which may not be true in all the cases. Though the Fuzzy based detection system [7] categorizes the attacker levels, it did not present the detailed methodology for detecting various attacks. The anomaly detection system (ADS) [8] has focused on malicious nodes which affect the routing process only, ignoring the data forwarding phase. The intelligent authorization agent [12] approach did not present any standard technique for detecting the packet dropping attacks.
In [9], by analyzing the correlations between lost packets, the packet losses can be distinguished as because of link failures or attacks. But it considers only data packet drop ignoring the routing packets.

Related Works
Ganapathy et al [2] have described a novel intellectual agent-based interference discovery prototype for MANET by means of a mixture of characteristic choice, outlier discovery, and improved multiclass SVM organisation means. For this cause, an effectual pre-processing method is suggested that advances the discovery exactness and decreases the dispensation period. Furthermore, two novel procedures, viz., an Intellectual Instrument Biased Expanse Outlier Discovery procedure and an Intellectual Agent-based Improved Multiclass Provision Vector Machine procedure are planned for sensing the interlopers in a dispersed record atmosphere that practices intellectual means for faith organisation and synchronization in business dealing.
Binod Kumar Pattanayak et al [4] have presented mobile agent centred intrusion recognition and defence design for a collected MANET. Mobile agent exists in every group and every group runs a precise solicitation at any time. This solicitation's precise method marks the network healthier to exterior interruptions focussed at the nodes.

SHANTHI et al [7]
have suggested a joint method called fuzzy centred interruption recognition and group centred genuine direction-finding. This method includes the recognition of assailant level of the nodes in network layers using fuzzy logic method. The conviction worth of every node is rationalised based on the perceived assailant level. When basic node needs to transfer a data package to the terminus, the path with dependable nodes is nominated by means of group based ant colony optimization (ACO) method.
Vikram Narayandas et al [8] have offered system for detecting a malevolent node in a group centred MANET. It uses AODV protocol that achieves track detection and data progressing. In a group centred 3 topology a verge is smeared to look if this core response numeral is more than the verge cost. If so the node is malevolent. Then every node directs awareness to its group head and its nearby nodes. The planned ADS eludes the routing to a malevolent node thus averting high dynamic depletion of the linked nodes and defence the data transmission in the MANET.
Tao Shu et al [9] have established a homomorphic linear authenticator (HLA) centred communal reviewing design which permits the sensor to check the openness of the package loss info conveyed by nodes. This structure is secrecy conserving, complicity resilient, and experiences small communication and stowage overheads. To decrease the calculation overhead of the standard system, a technique is also proposed, which permits one to employ recognition exactness for inferior calculation intricacy.
Sampath et al [10] have suggested a mediator centred interruption recognition and deterrence scheme has been intended by means of ant colony procedure. Every node is supervised by means of a movable mediator of the network and every node turns a precise solicitation. Multi Depot packet routing (MDPR) is used to examine the packets from numerous nodes. Support vector machines (SVM) is utilised to recognize the malevolent actions of present package with canned actions.
Maad Kamal Al-Anmi [11] have established the signature-based IDS method in a MANET by applying the rear broadcast procedure. As a result, the sign of malevolent actions or unwanted actions are frequently predicted and competently reckoned by augmenting the parametric arrangement of rear broadcast procedure at the time of investigational outcomes. This empirically exposes its efficiency for the proportion of recognition table up to 98.6 percentage.
Aranganathan et al [12] have suggested a scheme by means of Intelligent Authorized Agent based Detection (IAAD) for the sensing tenacity. The projected approval mediator centred scheme effectively implemented authentic nodes in the networks with enhanced presentation metrics of package transfer proportion, package loss degree, endwise suspension and output in contrary to malevolent nodes in mobile adhoc networks.
Basant Subba et al [13] have suggested a novel cross IDS system that includes a verge based frivolous unit and a influential variance based tough component. The frivolous component computes the Packet Forwarding Rate (PFR) of the possible malevolent nodes. The interruption discovery procedure was demonstrated as a multi-stage Bayesian game amid the group head and the possible malevolent node, to trigger the tough component.
Yu Zhang et al [14] have established an Audit-based Misbehavior Detection (AMD) mechanism for sensing and dividing package dipping bouts. AMD puts together repute based path detection and misconduct recognition. The status managing scheme guesses the features of nodes by reviewing.

Brief Description of work
This work aims to design a technique for accurate detection of malicious multi-layer packet dropping attacks using mobile agents. In this work, mobile agents are deployed in each node to detect the selective drop attack of routing and data packets. During route determination phase, source node identities the nodes whose count significantly differs from others. Similarly, during data transmission phase, source node identifies the nodes whose count significantly differs from others based on the MAC layer packet drop value. Then source applies Fuzzy logic decision model which margin values and MAC layer packet drop value as input variables and returns the output probability of maliciousness (PrM) is returned as the output.
By checking the value of (PrM), the malicious nodes are confirmed and categorized as follows: ▪ Dropping only routing packets

Packet Delivery Ratio
It is termed as the proportions of package onward stand to the package obtain stand.

PDR = Cf /Cr
(1) The path with the least delay and high delivery probability is selected as the route for data transmission.

Packet Drop Rate
The packet error rate (PER) is given by Where vn and wn are factors depending on AMC mode and packet size Where  -(SINR) The packet loss rate (PDropMAC) is termed as the amount of data packages which are not efficiently transferred to the terminus.

Neighbor Setup Phase
This phase is explained as follows: 1. Initially mobile agents (MA) are deployed in each node to detect the selective dropping of routing and data packets from the malicious nodes.
2. MA broadcasts a HELLO message with source and destination node ID, hop count and PDR (estimated in section 3.2.1) to the one hop neighbours nodes.

Route Discovery Phase
Let RFV be the route forward verification message Let VR be the verification reply message.
The route discovery phase can be explained as below • Similarly, it counts the number of RREPs (NO_RREP) received at Nj from Nj+1.
• Once S receives the RREPs from various paths, it broadcast a RFV message to all mobile agents and waits for a time period of Treq seconds. • Within Treq, each MAj replies back the VR which contains the NO_RREQ and NO_RREP at Nj. • S then aggregates the replies and analyzes them by cross checking the replies from various agents.
• S then identifies the nodes whose count significantly differs from others by a margin  1.

Data Transmission Phase
The data transmission phase can be explained as below 1. MAs at each node estimate the MAC layer packet drops PDropMAC (estimated in section 3.2.2) by determining the channel condition and contention. 2. Similar to Route Discovery phase, • Within Treq, each MAj replies back the VR which contains the NO_RREQ and NO_RREP at Nj. • S then aggregates the replies and analyzes them by cross checking the replies from various agents.
• S then identifies the nodes whose count significantly differs from others by a margin  2 .

Fuzzy Logic Decision (FLD)
The Fuzzy logic decision model is applied by S which considers  1,  2 and PDropMAC as input variables. By applying the fuzzy rules, the output probability of maliciousness (PrM) is returned as the output.FLD architecture consists of four major divisions specifically Fuzzification, Rule generation, Inference System and Defuzzification. The FLD model is shown in Figure 1.   Thus, by checking the value of (PrM), the malicious nodes are confirmed and categorized as follows: ▪ Dropping only routing packets ▪ Dropping only data packets ▪ Dropping both routing and data packets The centroid of area method is used for defuzzification, which is given by the following equation: The MPDDMA scheme has been implemented in NS2. It is compared with the Privacy Preserving Truthful detection (PPTD) of packet dropping attacks [9]. The metrics detection delay, packet drop, packet delivery ratio and detection accuracy are measured. The simulation parameters are listed in Table  2 Packet size 1000 bytes Table 2 Simulation parameters

Results and Description
The performance results of varying the number of misbehaving nodes, launching data packet and routing packet drop attacks, are varied from 2 to 10.  Figure 5 shows the detection delay for both the techniques. It shows that the E2D of MPDDMA increases from 0.2 to 1.2seconds and the E2D of PPTD decreases from 3.8 to 1.7seconds.Ultimately, the delay of MPDDMA is 61% of lesser than PPTD.    Figure 8 shows the detection accuracy for both the techniques. It shows that detection accuracy of MPDDMA varies from 594 to 1925 and the detection accuracy of PPTD varies from 1209 to 2925.Hence, the detection accuracy of MPDDMA is 34% of lesser than PPTD.

Conclusion
The technique of Multi-layer Packet Dropping attack detection using Distributed Mobile Agents has been proposed in this paper. In this work, mobile agents are deployed in each node to detect the selective dropping of routing and data packets. The source node applies Fuzzy logic decision model which margin values and MAC layer packet drop value as input variables and returns the output probability of maliciousness is returned as the output. Performance comparison results indicate that the proposed MPDDMA technique increases the detection accuracy thereby reducing the number of packet drops and detection delay.