IMPROVING QOS UNDER DDOS
ATTACKS IN WIRELESS SENSOR
NETWORKS USING ANT SYSTEM
K.SANTHI SAGAR REDDY
Assistant Professor, Department of ECE
Narayana Engineering College , Nellore, Andhra Pradesh, INDIA sagar12_k@yahoo.com
Dr. S. VARADARAJAN
Professor, Department of ECE SVUCE, Tirupati, Andhra Pradesh, INDIA
M.SUNIL KUMAR
Associate professor, Department of CSE CREC, Tirupati, Andhra Pradesh, INDIA
sunilmalchi1@gmail.com
Abstract:
Wireless sensor networks need to follow many constraints. This makes the Wireless Sensor Networks (WSN) to face many challenges for communicating with its peers. The Denial of Service (DoS) attack is more common in sensor networks using distributed wireless technology. This attack on sensor networks diminishes the network performance but also affects the reliability of the information. In WSN, detection of as DoS threat is very important than to recover from the attack. The physical layer is the first to be attacked by jammers. In this paper, the DoS attack on the physical layer is analyzed and an extension to the security of the physical layer of the sensor network model using the ant system is proposed. The genunity of the DoS attacks using receiver operating Characteristics (ROC) on nodes can be predicted by formulating the classification of the jammer under various attack scenarios. This novel approach helps in achieving maximum reliability on DOS claims improving QOS of Wireless Sensor Networks.
Keywords: Wireless Sensor Network, Denial of Services, Receiver Operating Characteristics, Quality of Service.
1.INTRODUCTION:
Sensor networks using distributed wireless technology is widely used in many applications like disaster relief and tsunami warning systems. These applications lack security and there is no guarantee for QoS.In Wireless Sensor Networks a group of Wireless Sensors are interconnected by means of a radio frequency communication links. These Nodes Functionality includes Sensing, Collecting and distributing dynamic information with in the network..Sensors are tiny and their batteries have limited power supply. So, there is a challenge during computation. In addition, these nodes can be affected by DoS attacks like forcing the node to be in idle or stand-by mode.This Effect the Performance of the node on the Network. In worst scenario, the node attacked by DoS may communicate with its neighbors unnecessarily and wastes its energy and there by considers itself as dead. So that WSN need to be adaptable with minimum wait period. Hence communication links in such an unpredictable environment are kept functional by applying robust routing algorithm. So the communication links must be robust by applying an APT routing algorithm. In this paper a novel approach is proposed. The jamming attacks are detected (which is more crucial than recovery) by using certain key performance parameters. The main problem with all the evolutionary algorithms suffer is to find a local solution instead of global.When choosing an appropriate algorithm ,some of the factors to be considered are optimality[3]i.e global instead or local, performance and rechability .The main focus of the paper is to detect a node under DOS attack and redirect the message to its appropriate destination node.
In Section 2 we discuss about ANT based system and Swarm Intelligence and Section 3 discusses about different DDOS attacks in WSN in Physical Layer using ANT.In Section 4 we describe about different Jammer Attacks and its characteristics and Section V describes about Mathematical Formulation and its Performance Parameters and its results. This paper concludes with Section 6 and in Section 7 we discusses about Future Work.
An Algorithm is Selected based on design Constraint and the performance expected from the application. Optimality finding the solution with the best performance and reach ability instead of local, are very important in choosing an appropriate algorithm. The time and probability of obtaining an optimal solution are the important factors in selecting robust algorithm .Swarm intelligence, is such algorithm that models the collective behavior of social insects namely the ants. Ant system is the evolution from this swarm intelligence with robustness, versatility, distributed problem solving, decentralization. The ant system solves any complex convex problem in which the agents move towards the optimal solution and communicate directly by sharing knowledge with their neighbours.
In the initial stage all the agents Which move randomly towards their destinations and deposit the pheromone on trails as means of communicating indirectly with other ants. The amount of pheromone left by the previous ant agents increases the probability that the same route is taken during the current iteration. Pheromone evaporation over time plays an important role in preventing sub optimal solutions from dominating in the beginning. By this, we can know the probability that same route is taken during current iteration. Since, energy is the key issue here, the agents minimize energy and keep track of network requirements. An Ant looses its energy when communication takes place. It stops traversing a node once its energy is depleted. So, now new paths are setup to avoid the node there by also avoiding degraded sensor.
Thus, these agents ensure an optimal route to the destination with limited resources.Initially,the Computational cost and time is high but this drops drastically once the agent learn the network and environment.
For deposing the pheromone, A tabu-list is used as memory listing the set of nodes that a single ant-agent has visited. The ant traverses the nodes depending on the number of hops assigned by user. Here a node is never re-visited. The pheromones on all the paths are updated at the end.all the deposited pheromones ,tabu-list,and energy monitoring help this ant system to obtain an optimal solution and adapt it as nodes degrade.
2.1 MATHEMATICAL APPROACH OF ANT SYSTEM:
Sensor nodes need no authorization to communicate with its peers and doesn’t have cluster heads.. The performance of Ant system is based on node spacing and 4 other parameters. They are Q , an arbitrary parameters,
ρ, trails memory, α , power applied to the pheromones in probability function and β, power of the distance in
probability function. The sensor network is considered in a 2D plane with Euclidean distance.
Dij =
(
x
i
x
j)
2
(
y
i
y
j)
2 (1)I is a source node, J is destination node and (xi,yj) are Cartesian coordinates of the node. The ant agent includes pheromones and releases energy as they move thru the nodes controlled by path probabilities. The pheromone update by each traverse is represented as
Ψij(t)=ρ(ψij(t-1))+Q/Dt.Et (2)
Where Dt is the total distance traversed by ant agents during the current tour, I is the index for the Source node with
coordinates (Xi,Yi),and j is the index for the Destination node with coordinates(Xj,Yj).
The Transition Probability between the nodes for a wireless network is computed from with its neighbours by means of pheromone deposition and tabu list using
pij=
k ik ik ik ij ij ijE
D
E
D
)
)
.(
)
1
.(
)
((
)
.(
)
1
.(
)
(
2 2
(3)It is assumed that more energy is consumed in wireless nodes than for a wired network. So we have to square the distance and energy is calculated as
∆Eij=K/(Dij)2 (4) The node’s remaining energy is calculated as
Ei(t)=Ei(t-1)-
jij
E
(5)AS the agents avoid re-visiting of nodes, the network remains partially functional even if some sensors fail. These features of the ant system along with key performance parameters enhance the predictive nature of sensor network.
3. DENIAL OF SERVICE IN WSN USING ANT SYSTEM:
performance of the network. So, detecting DoS attacks and defending the network is very important thereby we are avoiding the illegitimate users to reduce the performance of WSN.
3.1 Previous Work on DDOS:
An illegitimate user is capable of intercepting the secure information from the network. To defend the network from this interception, certain security measures have to be adopted at every layer of a protocol design. The intruders may have seldom or complete knowledge of the protocol. Based on this, different kinds of possible DoS attacks have been summarized by wood et al[7]. Different possibilities to reduce the attacks, like using spread spectrum in physical layer to reduce jammer attacks, were proposed in his survey.
In [11] mapping protocol to detect a jamming attack, using message diffusion is proposed. This mapping protocol is mainly meant for creating awareness to the neighbouring nodes about the jamming attack. This protocol was robust to failure rate of 20-25% of mapping nodes from twelve neighbouring nodes with in communication range.
In [8], identifying Sybil attacks on network and routing layers of WSN based on radio resource testing is analysed. Here, a sensor node is assumed to communicate with its neighbours using half-duplex and single radio with various channels. But here there is a chance of false identification of a Sybil attack when then spectrum is jammed.
In [9] routing security in sensor network is analyzed and defense mechanism for different DoS attacks such as spoofing, wormhole, selective forwarding, Sybil etc, is given these mechanisms are based on the assumption that using radio frequencies, alternations can be made to the data. In [10], Radio jamming in military environments is summarized.
The previous work on DoS attack was done based on the assumption that the intruder may inject wrong data into our sensor network. But the major attack that the sensor network can face is making the network non-functional and unable to communicate. This paper proposes an evolutionary algorithm which helps to maintain the performance of network and also a solution when a node is jammed by an intruder.
3.2 DoS attack on physical layer:
In[9] different types of attacks that occur in every sensor network layer are proposed. It’s shown in fig1.
Fig1.: Denial of service attack on sensor network layer.
The hypothesis given in [7] can be extended to other layers also. This hypothesis is useful in optimizing the cross-layer DoS attack. Depending on the modulation scheme choosen for physical layer, jamming the node from its peers varies. For example, in [12] the modulation scheme chosen for sensor network is adaptive modulation technique in Rayleigh fading channel. Because of this technique, jamming the network using DS/FH spread spectrum is not trivial. Hence, it is clear that different types of jammer shows different effects on the network performance.
4. JAMMER ATTACKS AND ITS CHARACTERISTICS:
A jammer can be defined as a device which partially or entirely disrupts a node’s signal by increasing its power spectral density (PSD). The signal strength, location , type of the jammer will disrupt the performance of the network but it cannot re-produce a signal and it cannot pretend like the receiver node.
The signal from jammer can be made resilient to jamming, noise and eavesdropping using Spread
sequence (DS), Frequency hopping(FH), time Hopping (TH) and hybrid. Using these SS techniques, there are both advantages and disadvantages in sensor networks. Advantages are like.
1. Ability to alleviate multi-path interference
2. Reduction of jamming attacks.
3. We can decrease the Spectral Density of the jammer.
Disadvantages are like:
1. Bandwidth inefficiency.
2. Computational cost is high in SS technique.
3. It compels the implementation.
For example, Bluetooth [14] uses FH spread spectrum technique. This SS consumes more power because it involves the synchronization of frequency hops. Other example is Zigbee[15] which uses IEEE 802.15.4 standard uses DSSS with CSMA-CA. In this, zigbee is wireless technology for wireless sensor networks as it consumes less power.
To defend the network and its environment from its environment, the knowledge of different types of attacks by an illegitimate user is to be increased. The characteristics of the attacks are like eliminating the coverage area and in applications where network cannot be immedietly updated and performance of the network is poor. The study of these characteristics and the knowledge of different types of attacks will help in taking the appropriate counter measure when attack occurs. In this paper, we mainly assumes four types of jammers. They are single-tone jammer, multiple tone jammer, pulsed-noise jammer and ELINT.
4.1 SINGLE-TONE JAMMER:-
The effects of this kind of jammer is seen mostly in traditional wireless networks which uses narrowbard technology[13]. The single-tone jammer’s frequency lies with in the specified bandwidth of the signal being jammed and so it targets mainly on narrowband communication. This jammer may disrupt the network and result in a dead link and diminishes the node’s coverage.
4.2 MULTIPLE-TONE JAMMER:-
This is very typical kind of jammer and detection of a jammed node is very important. This jammer can disrupt the signal of some or entire channel of a multiple channel receiver. This type of jamming leads to a complete node failure. The intruder turns off the jammer occasionally thus making the neighbouring node to assume that the node has lost its energy and needs recuperation.
4.3. PULSED-NOISE JAMMER:-
This jammer is wide-band jamming. It behaves like a pulsed signal by turning on and off periodically. It spreads the peak jamming power during the ‘on ‘ time. Two types of pulsed-noise jammers are considered called slowly switching and fast switching jammers.
4.4ELINT:-
This jammer is passive system that tries to break down or analyze radar or communication TCF signals. They may be integrated.
5. MATHEMATICAL FORMULATION:-
In this section, mathematical formulation based on the different types of jamming is described with simulations. Following considerations are taken into account while building a sensor network. They are:
1) Each node is initialized with its own energy level, thus giving it capacity to transmit messages.
2) Each node has varied threshold, so the probability of all nodes failing in the same coverage is very low.
4) The source and destination nodes are user defined
5) A node has to penalize for it’s behaviour if it crosses the tolerance set for packet loss and packet delivery.
6) Here sensor mobility is not considered. The links may be either wireless or wired.
The probabilistic system of the ANT system depends on the energy depletion and the percentage of false decision. These two factors need to maintained minimum.
The jamming attack can be classified into four possible decisions namely,
1) Sensors out of resources- is accepted.
2) Sensor encounters a resources outage but we falsely stated it as jammer attack.
3) DoS- Jammer attack is accepted and
4) DoS-Jammer attack is rejected and claimed as resource outage.
We can calculate the accuracy of the decision based on the rate with which the system makes decision 2 and 3, which are erroneous. The error in 3 is the False Acceptance Rate(FAR). Other performance measure is GAR(Genuine Acceptance Rate) where GAR=1-FAR and therefore quantities. Detection theory[16] consider the FAR,FRR and GAR as false alarm rate, miss rate and detection rate.
The DoS attack on physical layer can be formulated by two hypothesis: H0-DoS claim is false and H1:Dos claim is genuine.
Fig 2. Flowchart –Predictive Sensor Network
The flow chart is the representation of algorithm used in sensor network. The network layer is given as input to the algorithm and later the location of the sensor and certain parameters are initialized for the ANT system. The no of ant agents are randomly placed in the network and their number is proportional to the no. of sensors in the network.all the ant agents are randomly placed on the sensors.not all the sensor nodes are assigned an agent.
The three key elements of ANT system specified in the second section plays very important role in making the network robust. Every node must know resource availability sot that it can predict the link for the agent’s next visit. Here the transition probability helps in making decisions. Taking into account, the weights on each of the factor, the movement of ant agent in the network is analyzed. Link factor is incorporated into the ant system, hence the transition probability is given as
Where ηij is given by normalization of Hop(Hij), Energy (Eij),Bit Error Rate(Bij), signal to Noise Ratio(SNRij), Packet
Delivery (Pdij) and packet loss (Plij) in [7].
ηij= Hij . Eij . Bij . SNRij . Pdij . Plij (7)
The normalized value is obtained by difference between total and actual value of the performance parameter. These parameters help in computing the transition probabilities in a route while traversing the data set formed by the agents. Later, the information about the link i.e, whether it is active or dead is incorporated in the pheromone (8) The pheromone is
ψij(t)=P(ψij(t-1)+Q/Dt - ηt (8)
The table list is update with values of the energy available in the nodes that too particularly for sub-optimal route with high reach ability.
5.1 RESULT:-
A sensor network with 16 nodes is considered in this simulation run with agents randomly placed on the nodes. After converging, the ant agents adapt to the network using the knowledge acquired from their neighbours. The table below illustrated scenarios using different types of jammers and effectiveness of evolutionary algorithm in accessing the performance of the network. The proposed detection and defence mechanism is simulated using mat lab 6.5, and simulation link R14. The performance of the network can be evaluated based on varied jamming to signal ratio (J/S), energy to jamming density ratio, energy to noise density ratio, multi-path interference.
The parameters of ant system are assume to be a=4,b=7,r=7,q=9 and initial pheromone value, y as and the source and destination nodes were assumed constant. The stability of the algorithm is analyzed by iterating all scenarios for 100 runs. The actual hops is user defined which caries depending on the problem assigned. The
normalized value of hops is given as HOPS Norm. The predicted energy and distance helps in making a decision
whether the node in the current route is still capable of communicating with its peers in the next iteration.
#node jammed Average packet loss Average packet delivery
3 0.040
97.34
6 0.094 94.89
9 0.3245 70.12
12 0.3892 77.67
Fig: Table 1. Performance of sensor Network-single tone Jammer
Table1
modulation used here is DS/FH, therefore the probability of finding the PN sequence by the jammer is low. The performance of the network, based on the distance, energy depleted, percentage of packet loss and packet delivery for the worst case, when 12 nodes is 92.373, 50.0292, 0.3792 and 78.7423. only 78% message delivery is due to the fact that in some of the iteration it’s the destination node, which was jammed and hence it triggered increased packet loss rate.
#node jammed Average packet loss Average packet delivery
3 0.0148
98.32
6 0.031 97.52
9 0.1066 93.13
12 0.4328 61.34
Table 2: Performance of sensor network-multiple Tone Jammer
Table2
Table 2 shows the performance of the network when multiple tone jammer is applied. In this type of jammer, all the carrier is jammed in a single node if its under attack. The node recovers from the attack only after+ seconds, so the chances of assuming the node has depleted its energy is a possibility. Since, ant agents uses memory tool the jamming attack can be differentiated with sensor energy depletion. Tracking SNR and energy conserved from previous routes, helps in detecting jamming attack. The number of node attacked by multiple tone jammers is 9but the average distance taken is only 20.203 with energy depletion of 42.482.
#node jammed
Average packet loss
Average packet delivery
3 0.0032 98.95
6 0.0021 99.34
9 0.03 99.123
12 0.14 79.34
Table3
In Table 3 performance of the network when attacked by pulse-noise jammer is shown. In this case, the number of nodes under attack did not affect the networks performance. when 12 nodes where under attack the networks performance was fairly good as the average packet loss is 0.1037 with energy depletion of only 31.92.
In the table 4 network performance when ELINT jamming attacks the sensor network. Since ELINT can disrupt the network based on the nodes’ signal detection. This type of jammer affects the network performance very poorly. When 12 nodes are attacked by ELINT jammer, the packet loss is 92% where as the successful packet delivery is a low value of 0.34% when compared to the other jammer.
#node jammed
Average packet loss
Average packet delivery
3 0.21 83.1
6 0.31 72.94
9 0.541 41.213
12 0.9374 0.0071
The influence of jammer attack is primarily based on the type of jammer, which can be avoided by knowing the characteristic and by predicting the attack.
Table4
6. CONCLUSION:
7. FUTURE WORK:
We run the Simulation on the sensor networks with 16 nodes and ant agents. We can extend the paper by collecting all the data sets from sensor nodes and suggest a plan ,how to recover from a particular jamming attack. we can predict the solution by predicting even the jamming attack such as ELINT. This automatically increase network performance which decreases packet loss. The formulation of DOS attack based on each layer can be combined to optimize the attacks by using a simple optimization algorithm. A sensor network with predictive nature could be applied to many applications where decisions plays an important role such as Medical controller, Military applications, Traffic Monitoring and others.
8.REFERNCES:
[1] Kennedy J, Shi Y. and Eberhart R.C., “ Swarm Intelligence ” , Morgan Kaufmann Publishers, San Francisco, 2001.
[2] Rajani Muraleedharan and Lisa Ann Osadciw, “ Balancing The Performance of a Sensor Network Using an Ant System “, 37th Annual
Conference on Information Sciences and Systems, John Hopkins Unversity, 2003.
[3] Rajani Muraleedharan and Lisa Osadciw, “Sensor Communication Networks Using Swarming Intelligence”, IEEE Upstate New York
Networking Workshop, Syracuse University, Syracuse, NY, October 10, 2003.
[4] Luca Maria Gambardella and Marco Dorigo, “ Solving Symmetric and Assymetric TSPs by Ant Colonies“, IEEE Conference on
Evolutinary Computation(ICEC’96), May20-22,1996, Nagoya, Japan.
[5] Yun-Chia Liang and Alice E. Smith, “ An Ant system approach to redundancy allocation," Proceedings of the 1999 Congress on
Evolutionary Computation, Washington D.C., IEEE, 1999, 1478-1484.8]
[6] H. Van Dyke Parunak, Sven Brueckner, “ Ant like Missionaries and Cannibals : Synthetic Pheromones for Distributed Motion Control ”,
Proc of the 4th International Conference on Autonomous Agents(Agents 2000), pp. 467-474.
[7] A.D. Wood and J.A. Stankovic, “Denial of Service in Sensor Networks“, IEEE Computer, Vol 35, Issue: 10, Oct2002.
[8] J. Newsome, E. Shi, D. Song and A.Perrig, “The Sybil Attack in Sensor Networks: Analysis and Defenses“, ThirdInternational Symposium
on Information Processing in Sensor Networks (IPSN), 2004.
[9] C. Karlof and D.Wagner, “Secure Routing in Sensor Networks: Attacks and Countermeasures“, First IEEEInternational Workshop on
Sensor Network Protocols and Applications, May 2003.
[10] R. Anderson, “ Security Engineering: A Guide to Building Dependable Distributed Systems”, pages 326{331.Wiley Computer Publishing,
2001.
[11] A.D. Wood, J.A. Stankovic and S.H. Son “JAM: A Jammed-Area Mapping Service for Sensor Networks“, In Real-Time Systems
Symposium (RTSS), Cancun, Mexico, 2003.
[12] Bernard Sklar, “Digital Communications: Fundamentals and Applications“, Chapter 12. Spread SpectrumTechniques, Englewood Cliffs,
NJ:Prentice Hall, 1988.
[13] K.D.Wong, “Physical Layer considerations for Wireless Sensor Networks“, IEEE Int’l Conference Net, Sensingand Control, Mar 2004, pp
1201- 1206.
[14] Technical Information of Bluetooth: Official website www.bluetooth.com
[15] Technical Information of Zigbee: official website www.zigbee.org
