FSM based Intrusion Detection of Packet Dropping Attack using Trustworthy Watchdog Nodes

Abstract

Introduction: * The proposed TWIST model aims to achieve a secure MANET by detecting and mitigating packet dropping attack using finite state machine based IDS model. * To determine the trust values of the nodes using context-aware trust calculation * To select the trustworthy nodes as watchdog nodes for performing intrusion detection on the network * To detect and isolate the packet dropping attackers from routing activities, the scheme uses FSM based IDS for differen-tiating the packet dropping attacks from genuine nodes in the MANET. Method: In this methodology, instead of launching an intrusion detection system (IDS) in all nodes, an FSM based IDS is placed in the trustworthy watchdog nodes for detecting packet dropping attacker nodes in the network. The proposed FSM based intrusion detection scheme has three steps. The three main steps in the proposed scheme are context- aware trust calculation, watchdog node selection, and FSM based intrusion detection. In the first process, the trust calculation for each node is based on specific parameters that are different for malicious nodes and normal nodes. The second step is the watchdog node selection based on context-aware trust value calculation for ensuring that the trust-worthy network monitors are used for detecting attacker nodes in the network. The final process is FSM based intrusion detection, where the nodes acquire each state based on their behavior during the data routing. Based on the node behavior, the state transition occurs, and the nodes that drop data packets exceeding the defined threshold are moved to the malicious state and restricted to involve in further routing and services in the network Result: The performance of the proposed (TWIST) mechanism is assessed using the Network Simulator 2 (NS2). The proposed TWIST model is implemented by modifying the Ad-Hoc On-Demand Distance Vector (AODV) protocol files in NS2. Moreover, the proposed scheme is compared with Detection and Defense against Packet Drop attack in the MANET (DDPD) scheme. A performance analysis is done for the proposed TWIST model using performance metrics such as detection accuracy, false-positive rate, and overhead and the performance result is compared with that of the DDPD scheme. After the compare result we have analyzed that the proposed TWIST model exhibits better performance in terms of detection accuracy, false positive rate, energy consumption, and overhead compared to the existing DDPD scheme. Conclusion: In the TWIST model, an efficient packet dropping detection scheme based on the FSM model is proposed that efficiently detects the packet dropping attackers in the MANET. The trust is evaluated for each node in the network, and the nodes with the highest trust value are selected as watchdog nodes. The trust calculation based on parameters such as residual energy, the interaction between nodes and the neighbor count is considered for determining watchdog node selec-tion. Thus, the malicious nodes that drop data packets during data forwarding cannot be selected as watchdog nodes. The FSM based intrusion detection is applied in the watchdog nodes for detecting attackers accurately by monitoring the neigh-bor nodes for malicious behavior. The performance analysis is performed between the proposed TWIST mechanism and existing DDPD scheme. The proposed TWIST model exhibits better performance in terms of detection accuracy, false positive rate, energy consumption, and overhead compared to the existing DDPD scheme Discussion: This work may extend the conventional trust measurement of MANET routing, which adopts only routing behavior observation to cope with malicious activity. In addition, performance evaluation of proposed work under packet dropping attack has not been performed for varying the mobility of nodes in terms of speed. Furthermore, various perfor-mance metric parameters like route discovery latency and malicious discovery ratio which can be added for evaluate the performance of protocol in presence of malicious nodes. This may be considered in future work for extension of protocol for better and efficient results. Furthermore, In the future, the scheme will focus on providing proactive detection of packet dropping attacker nodes in MANET using a suitable and efficient statistical method.