4. AN ADVANCED GRAMMATICAL EVOLUTION IN INTRUSION DETECTION ON MANETS
In this paper, we use grammatical evolution to evolve intrusion detection programs for known attacks against routing protocols on MANET. ODMRP is one of the most important protocol in on demand multicast routing protocols on MANET.
4.1.1 Black hole attack
Black hole attack is a attack in which malicious node advertises itself as having the shortest path to a destination in the network. This will cause Denial of Service by dropping the received network packets .When a node requires a route to the destination it initiates a route discovery process by claiming to have the shortest route ...view middle of the document...
However, if an attacker simply forwards the packet without recording its IP in the packet, it makes two nodes that are not within the communication range of each other believe that they are neighbours (i.e., one-hop away from each other), resulting in a disrupted route.
4.1.3 Dropping attack
Packet dropping attack is also the type of denial of service attack in which a router is supposed to relay packets instead discards them. It occurs from a router becoming compromised from the number of different causes. Most of the packet losses are due to congestion in the wired network incaseof MANET there can be some transmission errors and mobility. The packet dropping can impact a network service on several aspects such as delay(dropping the retransmission of packet will increase transferring time ),response time(waiting long time for response),quality(dropping some packets will degrade the quality of service) and bandwidth(packet retransmission will increase the usage of bandwidth). Mobility of the nodes is the major cause of the packet dropping.
4.1.3 Route disruption attack
In this attack scenario the attacker sends join reply message to the victim node without receiving any join control packet from that node. The attacker node chooses one node as victim and send reply messages continuously to this node for disrupting the active routes in its routing table since the attacker is the neighbour of the victim node.
The program generated by the Advanced Grammatical evolution is distributed to all nodes in the network and listening the response alarm if there is any attack.
4.2 Grammatical evolution
In Grammatical Evolution, a problem is defined using the fitness function and the BNF grammar. Using this grammar the program is evolved and the known attacks are detected in MANET and response is raised. Libge library is used to evolve the overall evolution process.
Grammar used for problem
::= if() raise alarm()
::= | ( ) |
() | () |
::= + | - | / | _
::= sin | cos | log | ln | sqrt | abs | exp | ceil | foor
::= max | min | pow | percent
::= < | _ | > | _ | == | =
::= and | or
::= packet related features
For this grammar the mobility related feature and the packet related features are considered at every time interval by each node.
The detection rate and the false positive rate of the intrusion is calculated using the fitness function, a fitness function is a particular type of objective function that is used to summarise, how close a given design solution is to achieving the set aims.
4.3 Experimental results
In this advanced grammatical evolution technique we used the simulator NS2 to simulate the results. Mobility of the nodes are generated using RandomWayPoint model using...