Documentos de Académico
Documentos de Profesional
Documentos de Cultura
MASTER OF PHILOSOPHY
IN
COMPUTER SCIENCE
By
SUGANYA.S
Reg.No:157205ER043
2017
CERTIFICATE BY THE SUPERVISOR
Station:
Date:
Signature of the Supervisor
DECLARATION BY THE CANDIDATE
Station:
Date:
SUGANYA.S
ABSTRACT
Ad-Hoc networks are the self structured, controlled and configured networks that are
capable of operating themselves without using any specific communications and
infrastructures. Basically, here exist three different types of Ad-hoc networks such as
MANET- mobile ad-hoc networks, wireless mesh networks as well as wireless sensor
networks. All these ad-hoc networks are capable of operating in a infrastructure free
environment without using any configurations wires. In general, ad-hoc networks include
different types of routing protocols in order to perform the routing process by using the
MANET protocols such as proactive routing protocols, reactive routing protocols and Hybrid
protocols.
Generally, MANETs involve two different types of attacks such as passive attacks as
well as active attacks. The information and data present in the networks will be attacked by
the passive attacks, whereas the worm attacks take place in the networks which are known as
active attacks that duplicates as well as exchanges the data present within the network.
Within the total number of active attacks over ad-hoc networks, black hole attacks are
happened to be serious attacks that make the networks more vulnerable and it will not be able
to perform the routing tasks. In this black hole attacks process, the entire malicious nodes will
request for the new routing processes without transferring the data and information present in
the networks. In general, the black hole attacks that take place in the networks are been
categorized into two different types such as RREQ based black hole attack and RREP based
black hole attack. This study deals with the performance evaluation of AODV under the
black hole attacks by using the OPNET simulation.
TABLE OF CONTENTS
Page No.
CHAPTER-!
1. Introduction 1-1
1.1 Aim.................................................................................. 1-1
1.2 Objectives........... .................................................... ....... 1-2
1.3 Overview of Ad-hoc networks...................................... 2-4
1.4 Way to achieve the Objectives................................... .•». 4-5
CHAPTER-2
2. Literature Review 6-6
2.1 Overview of AODV Protocol........................................ 6-7
2.2. Unicast Routing of AODV Protocol..................... . 7-9
2.3. Multicast Routing of AODV Protocol........................ 10-11
2.4. Security Considerations of AODV Protocol................ 11-11
2.5 Route Discovery in AODV............................................. 12-13
2.6. Performance of TCP over MANET's............................ 13-14
2.6.1 Scalability....................................................... 14-15
2.7 Factors responsible for the low performance of TCP over
16-17
MANETs .
2.8 Behavior of TCP over CBR............................. 17-19
CHAPTER-3
3. Research Methodology 20-34
3.1 Introduction to software development methodology....... 20-21
3.2 Software Development Lifecycle Models........................ 22-22
3.2.1 Waterfall Model......................................................... 22-23
3.3 V-Shaped Model.................................................................. 24-25
3.4 Structured evolutionary prototyping model........................ 26-26
3.4.1 Structured Evolutionary Prototyping Strengths....... 26-27
3.4.2 Structured Evolutionary Prototyping Weaknesses... 27-27
3.4.3 When to use Structured Evolutionary Prototyping... 27-28
3.5 Rapid Application Model (RAD)........... ........................ 28-28
3.5.1 RAD Strengths..................................... ...................... 28-29
3.5.2 RAD Weaknesses............... 29-29
3.5.3 When to use RAD..................................................... 30-30
3.6 Introduction to Agile......................................................... . 30-32
3.7 Methodology Used...................................................... 32-32
3.8 Defining methodology....... .............................................. 32-32
3.9 Types of Research Methodologies.................................... 33-33
3.9.1 Quantitative research method........................ 33-33
3.9.2 Primary Data..............................i... ............ 33-33
3.9.3 Source of Primary Data............................................. 34-34
3.10 Ethical Issues......................... .................... ................... . 34-34
CHAPTER-4
4. Simulation Procedure 35-55
4.1 Introduction.......................................................................... 35-35
4.2 Mobile Ad hoc network setup for normal scenario...... 35-38
4.2.1Application configuration definitions................ ... 38-39
4.2.2 Profile configuration settings.................................... ^0-41
4.2.3 Mobility Configuration.............. :........................... 41-43
, . , . ' 43-46
4.2.4 Mobile nodes and wireless LAN Server configuration
4.2.5 Performance metrics........................... ................... 46-49
4.3 Blackhole attacks scenario............ .................................. 49-51
4.4 AODV perfonnance scenario................................ ........... 51-54
4.5 Running the simulation................................ .................... 54-55
CHAPTER-5
5. Analysis of Results 56-5
5.1 Introduction........................................ 56*66
5.2 AODV metrics considered for three scenarios.............. . 56-58
5.2.1 AODV route discovery time................. ................ ;. 58-59
5.2.2 AODV routing traffic received in bits per sec....... 60-61
5.2.3 AODV Routing traffic received in packets per sec. 61-62
5.2.4 AODV Routing traffic sent in bits per sec........... . 62-63
5.2.5 AODV Routing traffic sent in packets per sec 64-65
5.2.6 AODV Total cache replies sent............................ 65-66
5.2.7 AODV Total packets dropped........................ . 67-68
5.3 File Transfer Protocol results............ ........................... 68-68
5.3.1 Download response time......................................... 68-70
5.3.2 Traffic received bytes per sec................................ . 70-71
5.3.3 Traffic sent in bytes per sec..................... ............. . 71-72
5.3.4 Upload response time....................................... . 73-74
5.4 HTTP application results.............. ........,............................... 74-74
5.4.1 Page response time................................ 74-75
5.4.2 Traffic received bytes per sec................................ 76-77
5.4.3 Traffic sent in bytes per sec............................. 77-80
5.5 Wireless LAN Parameters............................................. 80-80
ix
CHAPTER-6
6. Conclusion and Future work
6.1 Conclusion..................... 81-82
6.2 Future work................... 83-83
6.3 Appendix.................... 83-119
REFERENCES.......................... 120-134
LIST OF PAPERS.,..,.............. 135-151
CHAPTER-1
1. Introduction
1.1 Aim
The actual aim of the proposed study is to perform the performance evaluation
process of AODV under the black hole attacks by making use of the OPNET
1.2 Objectives
protocols
networks
• To use the OPNET simulation tool for developing the design scenarios
1
• To test and examine the results by evaluating the AODV performance under
According to the views of David A. Maltz (2001) nowadays, ad-hoc networks are
playing significant role in the networking processes which includes different types
of routing protocols that are used for managing the routing process within the
mobile adhoc networks. The Unicast as well as multicast are the two different
routing processes that take place in adhoc networks and this particular process is
performed by the adhoc networks with use of the AODV- adhoc on demand
distance vector protocol. This AODV protocol involves a basic algorithm that
performs different tasks such as on demand process through which the main
routing processes will be managed by using different nodes that are present in the
networks.
Parikshit Machwe [2] stated that in order to add or change the predefined rotes
well as congestion the different rules are passed to the adhoc networks. In order to
connect the nodes within the networks, the AODV protocol will make use of the
tree based structure that contains different groups related to multicast routing
2
process. In general, the AODV protocol is a type of reactive protocol which is
The DSSR- dynamic routing protocol is been used for the purpose of implementing
the AODV protocol within the adhoc networks that performs the route discovery
process with use of DSDV- destination sequence distance vector that transfers the
hello messages within the networks. This AODV protocol performs each and every
activity in a timely manner and replicates the new nodes by replacing the old nodes
in the ongoing process. The AODV protocol will even update all the nodes present
in. the network regarding the changes that take place in the routing process of the
Clifton Lin (2008) opined that routing protocols will make use of the routing tables
for the purpose of managing the routing process because they appear in static
nature which has fixed routing process through which there are not capable of
managing the configuration changes that take place in the network topology.
Reactive routing protocols are known as the on demand routing protocols which
appear in dynamic nature and are highly capable of managing the entire
configuration changes that take place in the network topology. Whereas, hybrid
routing protocols are integrated with the proactive as well as reactive routing
protocol characteristics and will work on multiple conditions and performs the both
even known as on demand routing protocols are been widely accepted and used in
the mobile ad-hoc networks because they are present in dynamic nature and are
able to manage all die tasks that are to be performed in the network topology.
Among the total number of reactive routing protocols, AODV- Ad hoc on demand
vector is widely used within the ad-hoc networks. This AODV protocols has many
such as building work nature of the protocol by which the network will be able to
manage and detect the threats or attacks that take place in the networks [2,3].
In order to achieve the research objectives, different tasks are performed which are
which are used as the secondary data sources over the study.
• The existing literature reviews related to adhoc networks will be taken into
expected outputs.
• Different types of routing protocols of mobile adhoe networks will be
• The network setup will designed by making use of the OPNET scenarios
• Different routing attacks especially black hole attacks will be identified and
5
CHAPTER-2
2. Literature Review
MANET (Mobile Ad-hoc Networks) working Group in year 2001 for routing. This
protocol was one among DV (Distance Vector Routing Protocols) class. In DV,
each of the node be familiar with its neighbour node and even know the cost to
reach that particular node. Here, the function of node is to uphold its own routing
table, store the entire nodes in network, and the distance and next hop to this node.
In case, whenever the node is not reachable then the distance for that particular
node is kept to infinity. All nodes in the network sends the whole routing table
periodically to its neighbours so that the node can verify whether there is a good
route to another node by making use of its neighbour as next hop. In this process if
means of diminutive delay. Here, the routes are set up only when required in order
to diminish the traffic overhead. This protocol further supports Unicast, Broadcast
and Multicast exclusive of other protocols. With the help of registration of costs
and sequence numbers, the problem occurred with count-to-infinity and loop issues
6
are solved[5]. Each and every hop in AODV contains constant cost of one. To put
up the mobile nodes movement the routes age very rapidly and link breakages can
be efficiently repaired locally. Moreover to typify AODV, the five norms used by
single path[5].
AODV protocol makes use of IP (Internet Protocol) and refers IP address as unique
255.255.255.255. However the aggregated networks are supported and these are
implemented as subnets. In the complete subnet, barely one router in each has an
ability to function AODV and further it serve as default gateway. It need to uphold
a sequence number for complete subnet and also to forward each and every
paekage[6].
Routing table in AODV is extended by sequence number to each of its target and
time to live for all its entry. Further even it is prolonged by interface, routing flags,
outdated routes the last hop count is stored and for list of precursors.
Whenever a source node wish to send a packet to other node where it doesn't have
any route then the source node sends RREQ message. If the node receives RREQ
message which it doesn't have seen before it set up reverse route to source node.
Here, if end node fails to route its detonation node (that is source node) then it just
rebroadcasts the updated RREQ message by incrementing the hop count and in
case if end node identify route to source node then it sends RREP message[7].
number, source IP address and sequence number along with hop count initialized
with zero and flags. RREP is unicasted to source node by taking benefit from its
reverse routes. Now when the source node receives RREP message then it verifies
whether the hop count in RREP is lesser than one in its own routing table or
sequence number of destination is higher than one in its own routing table. If in the
above case, none of the condition is true then it just throw the packet[8]. In case if
it is true then it just updates its routing table and if that is not its end node then it
network, if a node comprehends those routes to other nodes are not reachable then
this node broadcasts RERR message which includes list of unreachable nodes
along with their IP addresses and sequence number and some flags. The node that
receives RERR message will again iterate over the list of unreachable destination
nodes and verifies whether the next hop in its routing table includes one of these
nodes or not. If it has the node then it automatically updates its routing table. In
case if the receiving node still maintain routes to unreachable nodes it again sends
The life time of both routes and links are prolonged by sending the packet
through it and by hello messages. Here, a hello message is a special RRER which
is valid only for its neighbours. In a network, the node can periodically send a hello
message so that no link breaks are assumed whenever they don't get any message
In an active route if the link breaks then the node can easily repair the route
locally. To attain this, the node sends a RREQ message to locate a new route to its
detonation on out of order link side by not disturbing other routes. Here, even there
Apart from these, even there are mechanisms like precursors which is used to track
9
2.3. Multicast Routing of AODV Protocol
multicast routing. Here, in multicast routing table the sequence number of group
and IP address are stored. Apart from these, even it stores leaders EP address and its
hop count along with the next hop in multicasting tree and its lifetime.
If a node wants to join a multicast group then that particular node should
initially send an RREQ message to group address along with join flag set. Any of
the nodes in multicast tree that receives RREQ message can give answer through
RREP message. In this way a requester can receive numerous RREP from various
nodes. Among these entire RREP message the node can select any one of the
message having the shortest distance to its group. A Multicast Activation (MACT)
message is send to selected tree node in order to activate this branch. In case, if a
requester fails to receive any one RREP message from any node then this particular
node is referred as a group leader since there doesn't exist any multicast tree for
this group in that particular segment. The multicast RREP message comprises hop
count to next group member and additional IP of a group leader. Periodically, the
group leader sends group RREP (hello message) and further increments sequence
trees needs to be connected. Each group member that receives two group hello
messages from different leaders will identify a tree connection and simultaneously
emit RREQ message with repair flag set to group. In case, in a group tree if the
node fails to receive any group hello or other group then that particular tree must
be repaired with RREQ message and must make sure that not a RREP message
from node in its own tree is selected[12]. In a group tree if a group member (which
is a leaf) desire to go away from the group then with the help of MACT and flag
prune set the member an easily prune from branch, in case if the member is not a
leaf then that particular group member should carry on it process to serve as a tree
member.
dangerous point. AODV protocol fails in defining any security mechanisms to its
users. So it's very easy for a hacker to attack the information transferred through
AODV protocol. In order to overcome from this issue, it's very essential to make
can easily be intercepted: So, to overcome from this issue user can further can
make use of cipher. Here standard IP security protocols cannot be used with these
protocols[13].
11
2.5 Route Discovery in AODV
particular node build up some parameters and attributes which are discussed
below.
Initially the source node verifies its routing table to identify an access with
the target IP address node. In this process if the source node find the same then
simply it just uses the routing information from table and ends the communication
proeess[7,14].
In case, if the source node fails to identify any access in its routing table then it
V
follows some of the steps to further proceed its communication with destination
• Firstly source node creates RREQ message with some attributes such as
• Once it creates its attributes source node sends RREQ message and stay for
• Now the nodes which receives RREQ message will verify and compares its
message ID with the existing messages. If the node believes that the
12
• In case if the node identify that the request message is unprocessed then it
• If the received node is the destination node then the message is processed
and if this node already had a route to its source node then it forwards
• When the receive node processes RREQ message then it give reply to
source node in the form of unicast message RREP. Finally, source node
maintains IP address of node that delivered this message for further usage
[4,15].
transmission protocol across the data services such as file transfer, internet, etc.
Due to this reason even this protocol is being spread towards MANET [5,16].
Generally, there exist multiple TCP connections over MANETs and hence the
such as traffic load, mobility and scalability. Broad research had been carried out
13
on this aspect across CBR (Constant Bit Rate) against FTP (File Transfer
2.6.1 Scalability
discussed in above context. Almost in all cases, TCP in current form fails to
route failures. There are numerous existing techniques which talk about the TCP
performance over mobile ad-hoc networks, however it is showed that it's very
difficult to crack and thus a lot of research is being carried out towards TCP
performance over MANET. In case of route failures, the TCP performance can be
TCP-F, the intermediate node recognizes the link or route failures and further
sends the notification message called as RFN (Route Failure Notification) o TCP
source[17].
Once the sender TCP receives RFN notification, then it just quits sending the
wanted packets and just blocks the whole communication process. Here, if an
intermediate node has an ability to find out the path to destination node then it
hence the source node reactivates its state and further continues with data
transmission process. Hence, from this conversation it can be said that actual TCP
throughput completely relate with the time taken for average repair towards route
Link Failure Notification) to improve TCP performance over MANETs. When the
intermediate node informs TCP sender related to link failure the TCP sender will
freeze its- state along with transmission window and timer set. In this notification
the route re-establishment use is not carried out instead TCP sender constantly
send its packets and verifies for the route availability in the MANET. Among
many simulation methods using OPNET and NS2, ELFN is showed to be best
when compare to RFN and is considered as the better choice for improving the
Generally, TCP offers an end-to-end data delivery across wired networks and
fails in case of wireless networks such as MANETs. This is main reason why TCP
doesn't work in some conditions such as delay or packet loss where case of
MANET the packet delivery delay and packet losses are encouraged simply.
15
2.7 Factors responsible for the low performance of TCP over MANETs
Various factors are responsible for the low performance of TCP when compared
BER (Bit Error Rates): These are the vital errors rates which are most responsible
for the performance of the TCP compared with MANETS. Commonly the when
compared with wire routes wireless routes are more responsible to the high bit
error rates and this because of the some kind of the reasons that are present
internally such as multipath fading and signal degradation and then finally this
leads to decrement of packets and based on this the data segment of TCP
losses[20]. Due to this without any reason the TCP invokes the control mechanism
Multipath Routing: MANET’s one of the basic features is multipath routing and
for performance degradation this acts as the vital feature for TCP over MANET.
Most commonly the multipath routing is seen in the features where sender and
receiver signals flow and therefore this result in making the packets out of
sequence at the receiver end. Because of this across the network the duplicate
ACk’s are generated and this process completely similar to the TCP’s congestion
situation and again for reducing the duplicated the TCP again invokes the
16
Route Failures: Due to the mobility various reasons are there for the failure of
routes across MANETs and because of this the performance of TCP is affected.
The complete time for reestablishment of the route taken by MANET must be
based on the routing protocol that is completely used in them and in few cases the
time taken is more than expected. Later it starts the congestion control mechanism
For handling the CBR to transmit data such as audio or video User data protocol is
used, but still there are few limitations for the using UDP to support CBR that is
because of firewalls and due to this the connectivity which is achieved is limited. A
research was done for alternative protocols which can handle the CBR and SKYPE
which is one of the VOIP application that has been using the TCP over CBR.
There has been a lot improvement in the TCP for helping the mechanisms of loss
recovery such as SACK and after this the TCP is can be best used in the handling
the CBR workloads in real time. As there has been an increase in the applications
of multimedia and mobile every time a novel QoS are applied and in that most of
them are already existing routing protocols which are wireless and these try to
support the services of Qos and after testing it has been proved that these have
the mobile media a separate Qos standards were introduced and for that the CBR
17
was the initial requirement[22]. The consumption of energy for the MANETs is to
support the services of multimedia and this has been very high in most of the
conditions and in this the TCP has been proved to be an error correlation. There are
different attempts available for improving the TCP efficiency across MANET over
CBR and in this most of them are concentrated on the mechanisms of error control
[9,23].
For some kind of predetermined lifetime the AODV protocols is being considered
as this maintains and stays there for atleast 3 seconds and due to this it has been
called as the hop by hop routing protocol. Basically in any stage a initial route
entry is maintained for certain period of time and this will be maintained even after
the entry is out of scope. It has always been advantageous for maintaining a
minimum life time in the route entry and this was across the dynamic protocols of
routing such as AODV for MANETs. In many cases the CBR decides the life time
of the period. It has been considered that if the CBR period is not that sufficient
then there will not be that need for maintaining the node and route data. Before
generating the data of CBR it is important to make a note of the routing table and
update it if required. Every single nodes life time is being set to the period of CBR
and that to in the static environments only as this may not work for the dynamic
environment. Basically the every nodes period must be set dynamically over the
routing protocol of AODV. When the protocol of AODV sends a request message
18
to the various other nodes then a different period field of CBR is generated and this
is added to the line and then this is broadcasted over the network.
When the message that is broadcasted, is reached to the preferred destination then
that fetches the nodes of the CBR field through the RREQ message and then a
novel CBR field is added to the message of RREP and then this sends back to the
main source. Therefore each and every node is them creates a new life that is based
on the CBR period to the message and through this the life period the route or node
entry is stopped[24]. Due to this there will be a huge burden on the system and this
implementing the dynamic CBR period in the RREO and RREQ messages which
19
CHAPTER-3
3. Research Methodology
As per the definition of Madsen [2] software development process had changed a
lot and the growth across the recent times is rapid and also includes various
techniques and methods and they are implemented across the overall software
life cycle steps are followed across this process. There are different types of
software development models and most of them are proved to be successful and
there are some failures even. Across the overall software development life cycle
requirements gathering can be considered as the vital step and this is the phase
As per the opinions of Sanjay [25] in the software development process the
which are developing the software methods. The requirements gathering phase
involves the different steps in which gathering the client requirements is the first
step, meeting with the client requirements is the second phase and satisfying the
clients requirements is the final step in this process. Most of the software research
20
methods will face failure because miscommunication process will take place
As per the opinion of Korson [26], most of software development models fail at
levels and even there are lots of cases where the projects fail in middle and finally
the clients and vendors need to face issues. Requirements gathering phase has the
key role to play across the overall software development process and there would
be many hidden issues and it is always required to make them clear before freezing
the requirements. It is the responsibility of both the vendors and clients to make
sure all the requirements are discussed at this stage and if anything is missed, the
overall design of the project should be changed [27]. Apart from lots of efforts
consumed across requirements gathering process, there are many chances for
issues and thus a perfect implementation tools are required in this context to avoid
these mistakes.
As per the definition of Vliet(2008), requirements gathering phase has the key role
to play across overall software development and it is always required for a separate
across the requirements gathering phase and thus to avoid all the mistakes possible
at this phase and thus implemented the desired software development model.
21
3.2 Software Development Lifecycle Models
As per the opinion of Cloete (2011), all the phases for software development cycle
are required against developing perfect software and all these phases are executed
development model and companies follow these models as per their own
phase across the software development process and the output of one phase will be
input to the next phase. The very first step across software development process is
requirement gathering and it plays the vital role. Once all the requirements are
gathered and freeze, they are translated to a raw design phase. Ample design is
generated across this phase and once the design is ready it is taken towards
implementation phase. The required business logic is developed using the code and
once the coding is done, it is sent for testing phase. Once the testing is done the
traditional models among all the software development models and it follows the
22
liner sequential lifecycle process and it can be considered as the easy process to
implement[31]. Every phase is started once the previous phase is completed and
thus a sequential method is followed. The most important advantage with this
model is that, at end of each and every phase a detailed evaluation of the project is
provided and a detailed analysis can be done against the overall success of the
phase. It can be observed that the phases across water fall model never overlap.
23
3.3 V-Shaped Model
sequential paths are executed across this process similar to waterfall model and
even in this model each phase is started once the previous phase is completed[32].
The main step across this model is the testing phase, where the main concentration
Requirements gathering are the very first phase even in this model and when the
requirements are done, a clear test plan is provided against the requirements
gathered. Once the core functionalities are defined across the requirements
gathering phase, a detailed test plan for these functionalities is developed and thus
the level of development requirements are understood. Design phase across this
model is divided into two levels like high level design phase and low level design
phase [33].
24
Figure - 2: V-Shaped model for SDM
As per the opinion of Ghezzi (2004) it is clear that the architecture and design of
the software system mainly concentrates across the high level design. All the
possible fragments of the software system being developed are considered and the
test plan is created after the design is done[34]. The actual design is done at the
low level design phase and once it is done unit test cases are done and they are
used across the testing phase. Coding and implementation is done once the design
and unit test cases are done, an execution path is developed and thus across the
shape-V the required test plans are created and implemented once the coding is
done.
25
3.4 Structured evolutionary prototyping model
A basic prototype is created across this model once all the requirements are
gathered and the created prototype is evaluated by the clients and based on the
feedback from the client the prototype is changed. Developers and clients need to
critically evaluated. This process is repeated till the client or end user is satisfied
and once it is done the prototype is finalized and the product is developed [35].
There are various evolutionary steps in this context and they are as given below
• This process is repeated till the end user is satisfied (Clayton, 1995).
The main advantage with prototype model is that the customer can understand all
the requirements and even the developers can gain the required knowledge based
on the customer requirements. This model is more flexible for both the design and
26
development and the requirements gathered can be easily analyzed based on the
As per the opinion of Griffith(2008), the main disadvantage with prototype model
is that code-and-fix is not all accurate and there are chances for the reputed quick-
and-dirty models. When it comes to maintenance phase few important issues may
The main usage of prototyping model can be analyzed across the requirements
clarification and thus when it is required to improve the user interface. Prototype
model provided the real demonstration of the products in prior to final release and
thus the developers and customers can have ample idea in this context and always
an object oriented development is done at this model. All the important phases
27
. • When a short lived demonstration is required to the customer
As per the opinion of Langer (2008), the key process included across Rapid
® All the required automated tools are reviewed and the user requirements are
® User acceptance testing is done at cutover phase, -where the user acceptance
There are many advantages with RAD software development model and few of
them are discussed in this section. The main advantage with model is that it
requires lower human resources and thus the overall costs are reduced. Time box
28
approach leads to reduce the overall costs and also the risk involved while
scheduling the project. The other advantage with this model is that there is a
Documentation is reduced a lot and coding is given more priority in this mode and
all the requirements are gathered using modeling (Kemzer, 2009) [3 8].
The key advantage with RAD is discussed in the previous section and apart from
these advantages there are few limitations and they are discussed in this section. As
per the opinion of Goertzel (2007), the main limitation with this model is that it is
always hard to apply for legacy systems. When the level of risk is analyzed the
modularized systems are more prone for skipping the risk analysis and thus the
29
3.5.3 When to use RAD
The main usage of RAD can be analyzed when all the requirements are gathered
and developer need to involved across all the lifecycle stage of software
RAD. This model is used when the performance of the system is given lower
priority and also when the technical risks are ignored across the process of
modularized.
As per the opinion of Attarzadeh(2008), agile can be defined as the light weight
process and it can be used widely across the project management. It has lots of
involves the role of project manager to define the tasks to all the team members
and thus take the required control over the project. Team involvement is always
required in this model and the deadlines are decided over the team meetings that
Project manager is involved across developing the high level project plan and this
can be considered as the main difference when compared to other models. The
actual start of project and work is done based on the high level plan developed and
thus all the long term requirements are analyzed and they are broken down in this
30
model. Solution to the project is created based on high level vision where iteration
achieved from the previous model across Agile and the required process
As per the opinion of Cohn(2004), it is clear that the main advantage with agile
project management is that, there is always required feasibility for the team
31
/
members to develop their own work plan irrespective of the plan followed by the
team members and top level project managers is streamlined with the
communication channel can be maintained when there are some changes across the
requirements and the roles of the team members can be clearly defined by the
A clear discussion is done against different software development models are done
in the previous section and the actual methodology followed in this project is given
in this section. Waterfall model is followed in the simulation process and the main
aim of this project is to evaluate the performance of AODV under black hole
effect.
resources to develop a research and following the require procedures while solving
the research problem. There are different types of research methodologies and few
32
3.9 Types of Research Methodologies
There are different types of research methodologies and among them qualitative
Quantitative research methodology is used in this research and it includes all the
required articles and also a case study as well. The main topic considered is
intruder detection using the data mining systems and thus internet resources are
used at this level and the required empirical analysis is done. The required primary
data is gathered from different sources and they are given as below
• Journals
• Articles
® Books
® Web materials
• Case studies
33
3.9.3 Source of Primary Data
The required primary source of data is gathered using the case studies, articles,
journals and websites and this information is analyzed for the research. All the
required articles, books and case studies are analyzed and the required information
There are few ethical issues involved across this research and they are discussed in
different articles and journals and this can be considered as the primary ethical
problem. As the main aim of this project is to develop intruder detection system
network administrators and thus while gathering information from them the ethics
need to be followed.
34
CHAPTER-4
4. Simulation procedure
4.1 Introduction
The main aim of this chapter is to discuss the simulation procedure followed in
evaluating the performance of AODV under black hole attacks. As discussed in the
previous chapters OPNET modeler is used as the simulation tool and three
scenarios are created. First scenario has normal mobile ad hoc network with
AODV as routing protocol and works under ideal working conditions. Second
scenario has Balckhole attacks and the third scenario is used to analyze and
improve the performance of AODV. The actual simulation setup used and the
below.
AODV routing protocol under black hole attacks and thus in this context a simple
MANET is simulated using OPNET. Following steps are followed to create the
basic MANET
35
• A new project is chosen from the file menu and a blank scenario is used to
• Campus is chosen as the required network scale and the size is set to
1000X1000 meters and thus now the MANET operates within a campus
• MANET is chosen as the model family from the list of models available
• Now a blank workspace is created and the required objects can be used for
the simulation from the object palette and a typical object palette provided
36
Find Next""]-
jjjsj Search by name: jj
Dragmodefor subnet icon into workspace ; •
0' _____
MANET Defalt GT
EKia Node Models
Hi Application Config
i/l
Application !|
Fixed Node
manet_gt’Ayjftten_ethemet_sIip4 Fixed Node MANET 6*
j-~§§ manet_station fixed Node Wireless J V.j
j-~g manet_station Mobile Node Wireless li
j-gj Mobility Config fixed Node Ml
i~itft Profile Config fixed Node Profile Con j
l~S Fbcgroup Config fixed Node Receiver C.'i
I--” Task Config fixed Node Custom Apr -
V-'f
l~|| vdan2_router fixed Node
wbn2_router Mobile Node
wian_etbemet_router fixed Node Wireless b " '* -
ydan_ethemet_router Mobile Node Wireless Li" Logical Subnet -K
j~tfj w!an_sejver Fixed Node Wireless b;
{H*| wlan_server Mobile Node Wireless b';,
I—g wlan wkstn fixed Node Wireless bT]
I ‘~g wian_wkstn Wireless b ' • SatelBe Subnet
Mobile Node
L.f
Wireless Domain Models
| HU Mobffity Domain Wseless Domain
3
Hp-Xl McData S-i • MobileSubnet
11-^1 MIPvSjadv
f)-^ mobileJp
JE&-S1. MPLS . ..... ........... .............................. Wr.
,. ■. Subnet ;;
From the above screen it can be observed that there are number of objects for
MANET simulation and few of them are used across this scenario and they are as
listed below
37
• Wireless LAN mobile workstations are used as the mobile clients and in this
scenario a total of 26 mobile nodes are used[43]. They are dragged from the
network and in this scenario FTP and Web applications are used.
• Profile configuration object is used to set the required profiles for the
sections
• Mobile configuration object is used to set the mobility profiles for all the
sections[2,12,44].
Above listed objects are used for the simulation of the MANET and the detailed
generate the traffic over the network. Application configuration object has an
option to create any number of applications and in this simulation two applications
38
are used like FTP (File Transfer Protocol) and Web. Required configurations are
used to set the applications and the corresponding screenshot is as given below
From the above graph it can be understood that there are two applications used like
FTP where medium load is imposed over the network and for the Web application
a simple HTTP is used with heavy browsing[45]. Once the required applications
are create now the corresponding profiles should be created to support the
given below
39
4.2.2 Profile configuration settings
There are two applications across the network and to generate the required
object is used to create the profile and as there are two application two profiles are
type: J Utilities
, jMrib’ijte::. ■'y;’ : • ’■ ' iValue .•*(
; j-Number of Rows 1 < ■ -^
17....IjBFTP............. ...... ^7........... ............... . _""j
® _...~ 77.77.1 1777.7... 1 J .1717 7.. 7.171 77 '1 . T
Si. b Start Time Offset (seconds)
: constant (100) _ ^ 7.'
(§) f- Duration (seconds) _ 'End of Profile _ j
sr i rr rcRepe^iy.7~~7~~ (). 777 7111 11 717711
. . ~ ,J ■
©' {-Operation Mode__ ________ :S^ (Ordered) __ __f; . /
<j|£........f Start Tmne^econds) ^constant (TOO)_____ ____ _ j
(J); ^ |;{^i^Bon (seccnds) End of SimuJation _ ! . ;
(f) © Repeatability _ ;Once at Start Time j • J
.... Lj3w<*.... _ .7*7 ............ ..7... 1.. ... 77777.777.7.77.77 1:;
(fj__ i-Profile^Name__ _ ______ iWeb _ _ ______ i. .
(f)!..... SApplications ____ __ ;(.„) _ ___ _____ __
!- Number of Rows 1 1"
g Web
(f)i j^Name Web ’
Sl._............. j- Start Time Offset (seconds) ^constant (100) ___ 1 /
(f)£ __ h Duration (seconds) __End of Profile | .
®> __ iUnSjnted^ _ ___f7-
(f)l j-Operation Mode _ -Send (Ordaretfli _ _ ^ 7~
(?) i- Start Time (seconds'! constant (100) IZJ;.
From the above screen it is clear that there are two profiles like FTP and Web and
the corresponding settings are done. Start time offset for both the profiles is set to a
40
constant value of 100 seconds and duration is set to end of simulation. Once the
profiles are created now all the mobile nodes and the wireless LAN server should
support the corresponding application traffic and the configuration are explained in
Mobility configuration is required to set the mobility patterns for all the 26 mobile
nodes used across the simulation. There are number of mobility models available
for simulation and in this scenario default random way point mobility is used and
41
.Attribute. Value-; •" '.j'. -,
■name iMob% _
t- Mobility Modeling Status Enabled
0 Random Mobility Proves IF. 7;::::::
Number of Rovvs_ ;3 .............. ............ i
.J
B Default Random Waypoirrt t
__t\
v-,
ProfijeName • Default Random Waypoint _3
(-Mobility Model : Random Waypoint _
ES Random Waypoint Parameters ¥£37.1777
(f); ___ |- Mobility Domain Name •Not Used _
<2),......... .. j-x_min (meters) ;o'o 7 7.........
@i, hy_min(meters) 0.0"
j-?c_max (meters) :500 ........ ~"7
(f)‘ ___ j-y_max (meters) ____ ■500' 7733; ’
(f)i_____ |- Speed (meters/seconds) constant (50)___ _
<_|~Pai«e11iw|»ecaKfe) ^constant®
(Dt___ ___{-SartjQme (seconds)....... ^constant (IS__________
<f>‘ j- StopTime^seconds) End of Simulation
(f)j_
^
J-AnimationUpdate Frequencyj(se._.
L RecordTr^edtoiy;
to
• Disabled
777' 33 Jy
'{
j ® Random Waypoint (Record Trajectory)
i B Satie
- V Advanced
filter Tj Apply to selected objects
■I”; trari'matah’-. ’ y,-. :y Cancel ‘ |
QK
From the above screen it is clear that default random way point is used as the
required mobility model for the mobile nodes. Speed of the mobile nodes is set o a
constant value of 50 seconds, pause time I set to 0 seconds, start time is set to a
constant value of 15 seconds and the stop time is till end of the simulation. Once
the mobility model is set for the mobile nodes across the network now the nodes
should support the mobility and the corresponding procedure is as explained below
42
4.2.4 Mobile nodes and wireless LAN server configurations
As discussed in the previous sections there are 26 mobile nodes and a single
wireless LAN server and these mobile nodes acts as application clients and WLAN
server acts as application server. For communication among these clients and
server always a protocol is required and in this simulation AODV is used as the
required routing protocol. The actual procedure followed in this context is given in
From the above screen it is clear that AODV is used as the ad hoc routing protocol.
All the mobile nodes and the wireless LAN server are selected and similar settings
are done. Now all the nodes and server communicates using the AODV protocol
and as the main aim of this simulation is to evaluate the performance of AODV
under Balckhole attacks the corresponding AODV attributes are modified due to
the attacks in the next scenario. In this scenario default AODV routing protocol
43
parameters are used. Once the AODV routing protocol is set for the simulation
now the next process is to assign the application traffic to the mobile nodes and the
menu
• All the mobile nodes are deployed towards the FTP and Web clients and the
wireless LAN server is assigned to both the FTP and HTTP server and the
ndevica
' '•inOrtyseleSsi;.,' o
FM 'iiytovaa''*- ’’ I Ms:7IP
Sxice
.* :'N*ak|aS5S3ff V;_ •-j:
I fWk'tfsb’
Sate
-jj mbfejwteO 1$
isibtejtxfeJ i.
iradejwfeJO
11
-g roWsjwfe.W ' I
-g (nfcfejwfetE
-g iwHsjBde.H
-g robfejofeJS
MeW
Application: "WEb* t f.
-jj nnifejafeJE
rrifejwte.1?
-g frobtejwfeJE
-g wife mdsJS
44
From the above screen it is clear that all the mobile nodes are assigned to source of
both the FTP and Web profiles and the WLAN server is assigned to FTP and Web
server. Now the mobile nodes act as the FTP and Web clients and the WLAN
server acts as both the FTP and Web server. Now all the mobile nodes should
support the mobility model created across the mobile configuration object and the
Terrain .■
Define Trajectory...
Clear Trajectory; Assignment..
'y
’ s' •*< r‘
—*—‘ re
off m
..... ”” '*
‘
\ .-Random^obility • Set Mobility Profile.;. / .. ____ :
A ■
; ClearMobilityPrbfile... ; 4 .
Import STK Orbit.. y -1
,• { Set Trajectory Created from Rand om Mobility.,,
Verify, Links... • Ctrl+L *-
configuration and as the mobility used is default mobility all the mobile nodes now
follow the corresponding mobility patterns. Once the basic network setup is ready
45
4.2.5 Performance metrics
As the main aim of this simulation is to evaluate the performance of AODV under
to evaluate the performance across global level, node level and link level and in
this simulation global level metrics are chosen and the corresponding screenshot is
as given below
46
igrchdose Results'” ~r?8awaB5jWWi—w
n~i . ass.
&{*] tijlaiaLStatistics. r. Safe*® WomeHon;
a* ace
a-$• ACE Whiteboard
Description: .
AODV
a- Cache
a- - Custom Application . .
a- DB Entry
a- - DB Query
® DHCP
&■ DSR
a- Email
$- k RP
a- 1 ; GRP
m -E; H323 ‘ ,y
a- s'} HAIPE
®. V
a-
HTTP
IP
.El
» IPv6 Draw style: Mocf1/;.
a* Mobile IP
m A. MobSe IPv6 ! ■
s* GcHeciion mode:' Sfedf/...
OLSR
& OLSR Peifoimance . -
S’ P1M-SM
T"
a- Print
eh i Remote Login - Data axsciion —
a- RSVP
& RTP :■ j«7 Generate-veda date '
a- i: SIP :.£rwiSiion
a- tcp ;
& TORA IMEP I~ Generate livdsiaii'sLc
£ j
V5deo Conferencing
a- Voice _ jeratS'Sceiocoeia
a* VPN h-
a- Wireless LAN LEf Using last Value -: L'ZJ
a- WLAN O’er HCF Access Category) LtJ
From the above screen it can be observed that four levels of performance metrics
are chosen for this simulation like AODV, FTP, HTTP and wireless LAN and the
Following are the performance metrics used for AODV routing protocol
47
• Number of hopes per route
• Routing traffic received and sent in bits per sec and packets per sec
• Total traffic sent and received in bytes per sec and packets per sec
• Traffic sent and received in bytes per sec and packets per sec
Following are the performance metrics used for Wireless LAN server
48
® Data dropped
® Delay
® Load
• Network load
• Retransmission attempts
® Throughput
Once the required simulation metrics are chosen first scenario is ready to simulate
and the procedure followed to create the second scenario is as given below
First scenario is duplicated to create the second scenario and the main aim of this
changes are done for creating the simulated Blackhole attacks. In general when
there are some Blackhole attacks over the network behavior of the AODY routing
protocol is altered against the configuration details. Following are few changes
49
0 AODV Parameters (...)
B Route Ois
(fX j- Route Request Retries^ ___ ,2
M, __ ••• Route Request Rate Limtt fekts/.- 5
(f) ____|" Gratuitous Route Repiy Hag __ _ i Disabled
01.............j-DesMnaBon Only Hag .......... JDisabled _
(|X ______- AckntrA-ledgement Required _ ! Disabled
0____ j-Mtye RoiAeJimeotA (seccmds)___
0__ 1-Heio Interval (seconds) iunifonn (1.1,1}
0___j-Allowed Helto Loss_______ J4_ _
Ml.__ j-ttoDiameter...... __ __ ____ -20 _
0 j- Mode Traversal Time (seconds) )0.07 ________
(f), Route Error Rate Limit (pkts/sec) 15____ ______
0[__ _|jmMut Bi#er^ __> 4 __
^ ©TILParameters __ _______________ iDefeuI
®L r- Packet Queue Size (packets) jjnfinBy __
M_ j-Local Repair ___ Enabled
Ml „ ^Addresi^Hode ____ __ |IPv4
From the above screen it is clear that route discovery parameters, active route
timeout, hello interval loss, allowed hello loss and other parameters are altered
when compared to first scenario. Few changes are also made to wireless LAN
50
' (Attribute • ; "• - |Va!ue • /
(|); Wireless LAN Mfe Address Auto Assigned
ti Wireless LAM Parameters
(f); _ j-BSS Identifier __ ____ iAuto Assigned __
(|) Access PoirfiFunctionality _ {Disabled
____ j-Physical Characteristics {Direct Sequence
j;Date Rate____J5.5Mbps _
(f)i S Channel Sitings ___ _____ ;Auto Assigned
(f)i _ I- Transmit Power (W)_ _ _ _ _ _ __ ■0.030 ______
(£>,____j~ Packet Reception-Power Threshold... -35_____
<£); j- Rs Threshold kbytes) _____ jNone.
(jj): ___ Fragmentation Threshold (bytes) None
<D j- CTS^o-self Option Enabled
m r Short Retry Limit
1- Long Retry Unfit
i9
;7
®L |~ AP Beacon Interval (secs) ;o.o2
j- Max Receive Lifetime (secs) ;0.5
®,
j- Buffer Size (bits) 256000
j- Roaming Capability Disabled
®\
!•• Large Packet Processing ‘Drop
@
ffi PCF Parameters i Disabled
®.
© HCF Parameters Not Supported
With this configurations simulation of Blackhole attacks over the MANET is done
and the third scenario is used to improve the performance of AODV and the
51
Configuration changes are made to AODV routing protocol parameters and
Above are change changes made to AODV routing protocol parameters and with
improved under Blackhole attacks as well. Following are the changes made to
52
B Wireless IAN Parameters
j-BSS Identifier _ _ jAuto Assigned
J-Access^PoW RfficBoneffly {Disabled
J" Pl^ical Qiaracten^cs ‘Direct Sequence
j- Data Rate {bps}................... !2 Mbps
© Channel Settings__ jAuto Assgned
p Transmit Power^/V) 0.100
^ PacketReception-PowerThreshold...j-90
j- Fits Threshold (bytes) _,None __
j- Fragmentation Threshold (bytes) . JNone
wl._{-CTSitKjdf Option, __ _ {Enabled
0 J-ShoftRetiyUmft >7
.......j-l^ng R^iy LM;________ _________ ,9
(f); j-APEeacon tnteiyaljsecs) ___ !0.02
(f):__ j-- Max Receive Lifetime (secs) ;1.D ___
<&'" t ' rrr.......
!
(f) !■• Roammg Capiifiy 'Disabled
®: j- Large Packet Processing _ jDrap _
0 __ JS PCF Parameters __ I Disabled _ __
0; S HCF Parameters ^Not Supported
Once all the three scenarios are created simulation is run for 1 hour and manage
scenarios option is used. Similar performance metrics are used for all the three
53
V
Once the simulation is done results are compared for performance evaluation and a
simulated using OPNET modeler and three scenarios are created. First scenario has
normal MANET working conditions with AODV routing protocol, second scenario
has Blackhole attacks and third scenario has improved AODV working conditions.
AODV routing protocol parameters and wireless LAN parameters are configured
54
to simulate the Blackhole attacks and same parameters are used to improve the
Performance metrics are chosen at AODV, FTP, HTTP and Wireless LAN server
level and the simulation is run for one hour to evaluate the results and they are
55
CHAPTER-5
5. Analysis of Results
5.1 Introduction
hoc network and the estimating the performance of AODV routing protocol under
previous chapter there are three important scenarios where the first scenario has
idle working conditions of AODV routing protocol, second scenario has Blackhole
attacks on the network and the third scenario has improved performance of AODV.
Three scenarios are run for one hour and the corresponding results are explained in
this chapter. Performance metrics are chosen at global level like AODV, FTP,
HTTP and Wireless LAN level and the corresponding graphs are explained as
below
As the main aim of this simulation is to evaluate die performance of AODV under
black hole attacks, AODV routing protocol parameters are chosen. Comparison
56
Number of hopes per route
Number of hopes per route indicates the overall hopes traversed during the
From the above graph it is clear that across the first scenario the number of hopes
is constant at the beginning of simulation and later it was decreased against its
normal working conditions. When the case with attacks scenario is considered the
57
number of hopes traversed is always increasing and also more when compared to
rest of the scenarios. In the third scenario a standard rate of hopes are traversed and
this indicates that the performance of AODV has increased even in case of
Blackhole attacks[20,21,55].
Route discovery time indicates the overall time taken to discover the route across
the communication process. Route discovery time depends on several factors like
the overall traffic over the network and the nature of the applications and the actual
58
From the above graph it is clear that across the first scenario the route discovery
time is constant at the beginning of simulation and later it was decreased against its
normal working conditions. When the case with attacks scenario is considered the
discovery time is high initially and later on decreased due to increase number of
hopes when compared to rest of the scenarios. In the third scenario a standard route
discovery time is recorded and this indicates that the performance of AODV has
59
5.2.2 AOD V routing traffic received in bits per sec
Routing traffic received across the network indicates the overall performance of
the mobile nodes and the wireless LAN server. The actual performance of AODV
is estimated based on the routing traffic received in bits per sec and the actual bit
m ATTACKSAODV-AODVPER-DES-1
BATTACKSAODV-Madks-DES-1 .
B ATTACKSAODV-Normaf-DES-1
avera^ pi AODVJRcWinO Tralfic ReoBived Olis/sec))'r 5
J- 300,000
\ 280,000
] 260,000
| , 240,000
jv:220$0
| 200,000
f 180,000
!• 160,000
j 140,000
|, 120,000
] 100,000
j 80,000
j - .60,000
f .40,000
|"^‘i(§jqo
\ 0
.;
'
: OM
&
■
From the above graph it is clear that the overall traffic received in bits per sec is
more across the first scenario as there are normal working conditions. When the
60
case with second scenario is considered the overall traffic received is very less due
to the Blackhole attacks and in the third scenario the overall traffic received has
increased and the performance of AODV has improved a lot when compared to
second scenario[57].
Routing traffic received across the network indicates the overall performance of
the mobile nodes and the wireless LAN server. The actual performance of AODV
is estimated based on the routing traffic received in packets per sec and the actual
61
From the above graph it is clear that the overall traffic received in packets per sec
is more across the first scenario as there are normal working conditions. When the
case with second scenario is considered the overall traffic received is very less due
to the Blackhole attacks and in the third scenario the overall traffic received has
increased and the performance of AODV has improved a lot when compared to
second scenario[58].
Routing traffic sent across the network indicates the overall performance of the
mobile nodes and the wireless LAN server. The actual performance of AODV is
estimated based on the routing traffic sent in bits per sec and the actual bit rate for
62
From the above graph it is clear that the overall traffic sent in bits per sec is more
across the first scenario as there are normal working conditions. When the case
with second scenario is considered the overall traffic sent is very less due to the
Blackhole attacks and in the third scenario the overall traffic received has
increased and the performance of AODV has improved a lot when compared to
second seenario[59].
63
5.2.5 AODV Routing traffic sent in packets per sec
Routing traffic sent across the network indicates the overall performance of the
mobile nodes and the wireless LAN server. The actual performance of AODV is
estimated based on the routing traffic sent in packets per sec and the actual bit rate
64
From the above graph it is clear that the overall traffic sent in packets per sec is
more across the first scenario as there are normal working conditions[60]. When
the case with second scenario is considered the overall traffic sent is very less due
to the Blackhole attacks and in the third scenario the overall traffic received has
increased and the performance of AODV has improved a lot when compared to
second scenario.
Total cache replies sent indicates the overall response sent from the wireless LAN
server and the actual performance of AODV routing protocol depends on the cache
replies sent[61,62]. Cache replies should be less for the idle working conditions of
65
From the above graph it is clear that the overall cache replies are less in the first
scenario and thus indicates the idle working conditions of the network. When the
case with second scenario is considered the overall cache replies sent is more due
to the Blackhole attacks and thus the value has increased a lot[63,64,65]. When the
case with third scenario is considered the number of cache replies are reduced
when compared to the second scenario and thus the performance of the AODV has
increased.
66
★ (AJW. LIBRARY)^
^^S££RS] ^ 3
5.2.7 AODV Total packets dropped
not for loan
Total packets dropped indicate the traffic conditions over the network due to
routing protocol performance. The actual number of packets dropped across the
network and performance of AODV for the three scenarios is given in the below
screen
137907
i average (in AODV.TotalPackets Dropped)^ assaaBBH
■ ATTACKSAODV-AODVPER-DES-1.'; ' f - ;'
’ ■ ATTACKSAODV-Attacks-DES-1 ’ -
B ATTACKSAODV-Normal-DES-1 ' =
, > average (in ApDV.Total PacketsDropped)
50-
•-
as 45;
40-
35-
30
■ *;
25-
20-
'1S-
: 10-
-- 5-
O'® #
4? 4* Ǥ?: 4'
67
137907
From the above graph it is clear that across the first scenario initially the packet
drop is low and later on the value has maintained a constant value due to the idle
working conditions of the network and AODV[66,67]. When the case with second
increasing as the overall intruder traffic has increased. When the case with third
scenario the performance of AODV has improved a lot and the packet drop has
Two applications are used across the simulation like FTP and HTTP and the
performance metrics of FTP are evaluated in this section and given below
Download response time indicates the actual time taken to download a file from
the server by the clients. The actual download response time consumed across the
68
From the above graph it is clear that the overall download response time is
increasing across the first scenario and later on the value has reduced due to idle
working conditions[68]. When the case with second scenario is considered the
download response time has increased due to Blackhole attacks over the network
and initially the value was very high and due to less traffic conditions the value has
has increased across the third scenario and the download response time is reduced
69
when compared to rest of the scenarios and thus the performance has improved a
lot[4,8,69].
Traffic received due to the FTP application across the network indicates the overall
performance of the AODV routing protocol across the network. In general the
overall traffic received should be less for a better performance of AODV and the
70
From the above screen it is clear that the overall traffic received is less across the
first scenario and this is due to the idle working conditions of the network. When
the case with second scenario is considered the overall traffic received is more due
to the Blackhole attacks as the attacks always pretend fake traffic to access the file
access and thus the server can’t be reached. The overall traffic received has
reduced when compared to attacks scenario and thus the performance has
increased[61,70,71].
Traffic sent due to the FTP application across the network indicates the overall
performance of the AODV routing protocol across the network. In general the
overall traffic sent should be less for a better performance of AODV and the actual
71
From the above screen it is dear that the overall traffic received is less across the
first scenario and this is due to the idle working conditions of the network. When
the case with second scenario is considered the overall traffic received is more due
to the Blackhole attacks as the attacks always pretend fake traffic to access the file
access and thus the server can’t be reached. The overall traffic received has
reduced when compared to attacks scenario and thus the performance has
increased[72].
72
5.3.4 Upload response time
Upload response time indicates the actual time taken to upload any file to the
server and the role of AODV routing protocol is significant in this context. The
actual upload response time recorded across the three scenarios is given in the
below screen
Upload response time is high across the first scenario due to the normal and ideal
conditions across the network and the values are varying as well. When the second
73
scenario is considered due to the Blaekhole attacks the upload response time is
reduced a lot and the upload response time has improved in the case with the third
parameters set across the third scenario the overall performance of AODV under
the AODV routing protocol under Blaekhole attacks[74]. There are many aspects
under HTTP that can be considered while estimating the performance of AODV
Page response time indicates the actual time taken to load a page from the web
server and in ideal conditions the response time should be high. When the three
74
From the above graph it is clear that the overall page response time is high across
the first scenario due to the normal working conditions of the MANET and AODV
routing protocol[75]. When the case with second scenario is considered the overall
page response time is very low due to the Blackhole attacks. Across the third
75
5.4.2 Traffic received bytes per sec
Traffic received across the web server indicates the application range and also the
performance of AODV routing protocol. The actual traffic received in bytes per
76
From the above screen it is clear that the application traffic received across the web
server for the first scenario is low when compared to other scenarios and this is due
to the normal working conditions of AODV. When the case with second scenario
is considered the overall traffic received is very high when compared to rest of the
scenarios as the routing protocol is affected with Blackhole attacks. Third scenario
has improved a lot in terms of overall traffic received and thus the performance of
AODV has improved due to the internal configurations done to AODV and
Traffic sent across the web server indicates the application range and also the
performance of AODV routing protocol. The actual traffic sent in bytes per sec
77
From the above screen it is clear that the application traffic sent across the web
server for the first scenario is low when compared to other scenarios and this is due
to the normal working conditions of AODV. When the case with second scenario
is considered the overall traffic sent is very high when compared to rest of the
scenario has improved a lot in terms of overall traffic received and thus the
78
performance of AODV has improved due to the internal configurations done to
Following are some of the important tables that can be used to compare the
performance of the network with tested IDS with rest of the normal and attacks
scenario. AODV routing protocol parameters are as listed in the tabular format
Performance
scenario
discovery time
received in packets
per sec
dropped
79
sent
sent
requests sent
performance
scenario
per sec
attempts
per see
80
CHAPTER-6
6.1 Conclusion
Wireless communication has gained lots of popularity these days due to the nature
of flexibility and usage standards. There are wide ranges of applications that are
being supported across the wireless networks and thus gained more research
interest as well. The main aim of this research is to evaluate the impact of
Blackhole attacks over AODV routing protocol and thus mobile ad hoc network
simulation is done to create the MANET and three scenarios are used to evaluate
nodes and wireless LAN server are set to support the AODV routing protocol and
two applications are created like FTP and Web applications. Second scenario is
created by duplicating the first scenario and Blackhole attacks are imposed over
the network. As it is not possible to impose physical attacks over the network,
AODV and WLAN server parameters are configured in a way such that Blackhole
attacks are simulated over the network. Third scenario is duplicated from second
scenario and AODV and WLAN parameters are edited such that performance of
AODV is improved[5,82]. All the three scenarios are run for one hour and the
corresponding results are evaluated. Performance metrics are chosen at global level
including the metrics of AODV, FTP and HTTP. Three scenarios are compared
against the performance metrics and from the overall analysis of the results it is
clear that performance of AODV has reduced a lot due to Blackhole attacks and
can be observed from the graphs of second scenario. Overall routing traffic and
other important aspects of FTP, HTTP and AODV are high affected with the
Blackhole attacks and when the case with first scenario is considered performance
of AODV is as per the required conditions as there are no attacks and it works
under normal ideal conditions[83]. Performance of AODV was affected a lot due
to Blackhole attacks and when the results from third scenario are analyzed
scenario. As the internal configurations of AODV and WLAN are altered the
impact that was created with Blackhole attacks was reduced. Thus from the overall
analysis of the simulation it is clear that Blackhole attacks can degrade the
performance of AODV routing protocol and with utter care taken across the
82
6.2 Future work and recommendations
There are few recommendations and scope for fixture work and as listed below
the Blackhole attacks and in future wireless sensor networks and Zigbee
• External and internal configuration level attacks are used across the
simulation and in future physical attacks can be imposed for better analysis
• AODV is used the routing protocol and in future more number of routing
protocols like TORA and DSR can be used and compared for a better
analysis
6.3 Appendix
• Detailed simulation steps followed in this project is given with the required
83
Above screen shows the basic network with 30 mobile nodes, application
configuration, profile configuration and the wireless LAN server[l 1,85]. All
these nodes are dragged from the object palette and this palette is shown in
84
s a e c |
i _jg ! **»•■*>
[ *>«■*
ll ® -m
•M
cocarcrcoT;
J
I if) - ktkmor U/rtcrt
'crt* i =oi I
i 1
| ® fH—
*08
:<
I ® -*r y
1 | I*K4« JXC
I ® « y
! t * y
■'•‘l.'Wj J ® •» y
*«**.'■*.» i ji »« y
» \J) • ^-ott -^7 y
1 | .'4n Ccrtnrcr^ y
* .90* y
•J; ♦ r5« roar kvti H >T«i
If 'r»k.ne»J] Z J1
r ‘c.tae )
®i r jfCff X WKXC X*C1 I
ti r 305 -*s 2< | i«* |
1
Above screen shows the application configuration and from this it is clear
that DB is used as the application and it is set by medium load across the
database option.
85
C *(rtow »Q
A *C* PWB'TS
w
4*
’»rtr ? 1
* C€£t»<
$
’W.’WO'
4
'jn :i
a ir.'ntyvraKT*
jjxr »ura •”i *
* * **mx*;- IWK
■*>V»-3 $ CWrjKr »»!
•
»*MW 9k '<M =re»t23
4 i.o' irtj Sn/ea-
4 • iw*!i >» 1 Jar. V<
s . SSI
•<*«t.<eoi^) J
' *virc*:
From this it is clear that DB application is used to set the profile and the start
time and duration are set in the profile settings as shown in the above screen
86
* I
From this screen it is clear that application destination preferences and the
created.
87
Tmj’Jtta
1 t«u
■J1 'rt •sofrjrca**; .
<J) Mn r«<ec
•J * Ryoo- Uoa*>
'txtci 3
* Mwt Zmr Wsewt
'$ ’»r*< s»w iv»K»t
■J) 'tofc'W :r«r AviOOrt
M )
•J Moo4t> jonr '«jr« Not JWC
•J «.«r r«i: CS
>.w r«*r C3
<.*» P**! sc
sc
$ 'xx*: r*r. wxnt snMrtAC
<$ -IM V* iKT&
® Saf.Tnesecr* arm K5
(J) Sue 'n* SKj-ss rKi
screen[87]. From this screen it is clear that default random waypoint is used
as the required mobility model and few' aspects like speed, pause time, start
time and stop time are set as shown in the above screen[69.76,87].
88
P’CtocoH 0f$ ttndDM Hrip
AppiMcns >
itr.tr. >
* ■JM s
Mpflfcvnc *
TCP •
ye*i{
t ► Aasrnjn^ > A(/tc Any. P Apdtfwi.
—a-----a
Assigning the IP addresses to all the mobile nodes is shown in the above
screen and it is clear from the above screen that IPV4 address are added to
89
0 ‘ttrar,«)iOflMts £ n
1
• hV nwrc :TT«*!
?<a*c«rs
ft «:a»cxjr
ft * kwcjw '.«! / C «8
ft * TWtoJsr «c«(J sm
ft • ka'.*<c *>.-.«■:
'«r* ,»^cr
J
*CJT1
9 0?
90
- , Lny/ m.'
Drift jfKwMti
Diffc-* ftvttes Ntt«rt.
Dtfri Tr*j«ctC^. •'ox.'o*.* pg^ HH -w.ra.l!
(’<!' Tfjjtctcr, Asvytmrf -OM.ttt.S pg^
S*tf3*MceriY » S«tM<i6*v*0H«
ClurMctriyfcc'tt-
V»pO<t STl. Or*t -cm.mo*.;"
Set TlqtCftty CrtHti hem F.tfJCf'" Uzt‘ t)
V«nf> Iris- Cst*1. r-
Procedure to set the mobility to all the mobile nodes against the mobile
configuration is shown in the above screen and by this the default random
Fittowli, MS Http
iffaCIbcn Dtp<. ~ 'A <r. U i! r.j Ntc^tri. *
Stfttr, Ccf.*t AC? Tttftc lf«tn < • • DtCffe)
■K
Wtri-tme Otpki Cttmed Afpetbem. Cw»A«*A
OfV Appfjff* DfptCyf't'W!
TC*
Dtpffr MS AppUttW' 0t"tnei
V
1(S*
£K»
W®
5-5
05®«
np
•9^)
91
Process to deploy the application is shown in the above screen and this
option is available from the protocols menu and applications sub menu and
-weii/cet.2
-tXM.X&j:
•XOH.X&.V
» ;
■yXitjVttJj
•CtM/o>.T*
*
J
J
- jtqtrC------------
‘OP csv.- D*<iq Set Mp» .* d*&><*•$ Pw ►Sft-CKU'l r. n* mSyW-Ts cofrtau'r • P'tfk or r ipctason * « roarer « w» s' t»<
1- S«i«! ISwrr * S* Mr*0>t SM 0* !M *<t SW *fc
2 StW tM pro** cr aostuCon Mr v P» rqM hand sde See
J- Q*a 1M entp {»' Sjdor te Mptai !M s*! e» ne4« » 9» »*el*a Sr
as shown above. From this screen it is clear that all the mobile nodes are
shown on the left side and the corresponding source and destination are
defined at the right side. Arrow mark av ailable on middle of the window can
be used to deploy the nodes and server to the source and destination
respectively [ 11,72,74,92],
92
Go Tc
Zccm Tc
Zccm Tc Li
Zc&nk
Zoom Out
futrt$**c!«Cfcj«cisIr9**uv« »
l* SdtCfcd Otafftt
V*» r.«wS:
CpwKSUj
DsS (a $«to«t
Once the applications are deployed the next step is to choose the individual
statistics are used to set the performance metrics and the corresponding
93
CCbOOKfou*! o -6 gg
DSR parameters are set across the performance evaluation process and the
actual parameters chosen from the global statistics are shown in the above
screen
94
S 'Imobit.AOfc O <!>
!p? »*t«r
tot* »*ue 1
t
ft irjnor* •rdtfsruxr
ft * Sr: :rrttr. u
ft rift.
ft boo''r3Kyii X
ft ? xat Dee*y :vrm
ft alarm i:
ft '>ers ’a <anf K
ft ■V^nr^ui^trrsK
ft «mr vjjrf?wu»ar i:
ft rti Vx«:«w:9ecy*; ft
»rf
ft •w
ft i
ftl ; fei* ¥»tfrjet ’tnim In
ft '4«rv &/e S* pKMb IX
ft Kirtenrce t*39* Tr* j*« cx
ft Mmur Mertews "Ott: 2
ft Hlflwai ^towWywW n
*W
ft ■&SS%uew* Cc'ctstf
The actual attributes edited for the DSR routing protocol in the second
scenario are shown in the above screen and thus the node 2 acts as the
intruder node[6,73].
95
0 (meWe.ncdHitofcwte o «/
■e-bjt Vau 4i
1
^ «A
$ Tr» 9»«rA IS
'!> * Sr4 wV 0
"<U &/* i.t p»CMtt ixe
$ &O0 Tear v:r* so
$ * Ss/» Onwjvy s«nr<ri ()
3> Segue* ’*« >]* CMW it
<!> Mwrwr Segue* ’aw 4ett It
Q 'Sstrii' Rrw^sk 1}
$ '<wv «iegjf* crcd jr.r >v
Q hM Segue* htK xcra cs
$ V ^spsrg Segue* W 903
$ jrtJba Swe Sep* Tne- ix 1
k)
<M 3 fiwe Urtenrce 'rrWm
$ ''bcnj- bfr S:t tX
e Vtenrce So®? Ire jkj 02i
$ M®n.r '4rwr\rc« fierrs 2
$ '■'jne’gra Syo^cj-rer jg
G DSflRM»&o« Dc'es-ctf
Sx:e s«*« jr; 3gre: =At«5 ■TX*
r Sji.rctf
$ ft*
1 __ r fppylowKStCstiecSi
r a»2*'*J [“_c*__ i__ ~—~ !
DSR parameters set for the node 4 is shown in the above screen
96
Q (fflcMt.ncde.6) Wtnbwfn o
: V*J* J
® w* C*h* rTrty
® Swe ocr> ’rp worUs MC
® * jWWd* ()
® Ssj been
$ * Tires; Spectator ( )
't/w 1 s<*n I
a end 4 jruascr
® Tire je»rej £r^>rv«w
$ • j«rc &>(!• *wws U
d> u* 5/e" Sre 1500
®_ sore W sKPVi «
a D*ccverv Prr**j fu
® Sea.es T»e S* ran w
® Sea** Tsoe etrtf i
® u«mu> -exes srmiK 15
® w«crur sea** taod secer 50
® rt* SeaitS sccrot •k
® • 'O'- rr»mift; Seaett Tr* :c3
® Jisuxs Salt new Trer « i
® * =ojt* '-V«rer>j* ?«r*« u
(?) u«v BtAr >« w>.«j K d
a r
r Jcfircec
®l * 1
r s&> !c Kteaed objeci*
F t«4c:raw | -__ . |
DSR parameters set for the node 6 in the third scenario are shown in the
above screen and thus there are three attack nodes across the network.
97
RESULTS
Few of the AODV routing parameters are compared and the corresponding data is
(sec) of Hops per Route Hops per Route Hops per Route
98
396 1.004196 1.003816 1.006804
99
1116 1.001629 1.003802 1.002498
100
1836 1.001704 1.002971 1.001588
101
2556 1.001825 1.003177 1.001212
102
3276 1.002529 1.003277 1.001017
103
108 #N/A #N/A #N/A
105
1548 0.013332 0.014862 0.007138
106
2268 0.010757 0.012848 0.006767
107
2988 0.009625 0.011075 0.006569
108
ATTACKSAODV- ATTACKSAODV- ATTACKSAODV-
180 #N/A 1 42
324 14.25 9 29
109
576 11.90909 8.416667 23.75
110
Q
1296 9.774194 8.21875 20.0625
111
2016 8.882353 8.75 19.94231
112
2736 8.464789 8.680556 20.11111
113
3456 8.428571 8.336957 19.80435
(sec) Route Replies Sent Route Replies Sent Route Replies Sent
114
288 133.5 163.5 161
115
1008 108.0833 131.625 107.125
116
1728 103.2955
•
124.4091 98.04545
118
3168 118.7738 122.2738 93.95238
Sample2.pdf.
http://jist.ece.comell.edu/docs/040421 -swans-aodv.pdf.
http://mobiledevices.kom.aau.dk/uploads/media/AmeTutorial_02.pdf.
Available:http://www.worldcolleges.info/College/E-Books/ download
/tcp.pdf.
EMERGINGNETWORKS/pages/pubs/chinacom2006.pdf.
120
7. Salman A. Baset. (2007). Understanding the Behavior of TCP for
colnmbia.edu/~salman/publications/votcp-conext07.pdf.
(3), p2-4.
3.
Network.Available:http://www.technicaljoumals.org/JPDF/TJ~
secure.mcafee.com/japan/products/pdf/Deciphering_Detection_Techn
2012.
121
12.Steve Petri. (2001). An Introduction to Smart Cards. Available:
13th-sep 2012.
http://doc.hackbbs.org/Docs HackAngel/Svngress%20-%20Snort%20
Students/HarleyKozushko/Papers/IntmsionDetectionPaper.pdf. Last
accessed sep5th-2012.
122
18. T J Samuell. (2009). Security Certification. Available: http: //
axishosting.net/books/Certifications/CompTIA/Mike.Meyers.CompTI
2012.
Challenges. Available:http://cs.millersville.edu/~csweb/lib/userfiles/h
gress%20-%20Securitv %20Sage's%20Guide%20to%20Hardening
www.ifi.uzh.ch/archive/mastertheses/DA_Arbeiten_2004/Joho_Dieter
123 -
23. Craig Valli. (2006). Honeypots: How do you know when you are
2011
http://baggins.nottingham.edu.my/~hsooihock/G54ACC/Intemet_Fire
124
29. David Henning. (2009). Creating a Patch and Vulnerability
30. Karen Rustad. (2008). Suck It Up, Princess": Outreach and Diversity
A
32. Christopher Ger. (2004). Managing Security with Snort and IDS
Tools.Available: http://seclab.pl/pdf7Q,Reillv%20-%20Managing
Edition.Available:
34. Sven Dietrich. (2004). Internet Denial of Service: Attack and Defense
Mechanisms. Available:
125
ce_-_Attack_And_Defense_Mechanisms_2004.pdf. Last accessed
26th sep-2012.
26th sep-2012.
http://www.cs.waikato.ac.nz/pam2000/pdf_papers/pam2000c.pdf.
126
downloads/Info/info_agile__programming.pdf. Last accessed 12th-sep-
2012.
40. Dr. Timothy Korson . (2002). The Misuse of Use Cases . Available:
http://www.usna.edu/Users/cs/needham/courses/ic470/fallAY 11/Uie
PHASE.Available: http://www.skatelescope.org/~cloete/2011-
02_System_delta_CoDR_Documents/l 7-WP2-005.010.030-PLA-
acikarsiv.atilim.edu.tr/browse/192/205.pdf.
127
USERCENTERED SOFTWARE NEW PRODUCT
citeseerx.ist.psu.edu/viewdoc/download?doi=l 0.1.1.157.23&rep.
5th-sep-2012
http://www.scribd.com/doc/26455407/Proiect-Management-A-
Svstems -Approach-to-Planning-Scheduling-and-Controlling.
128
pdf.cgi/Deshpande%20Shweta.pdf?osul299620089. Last accessed
5th-sep-2012.
52. RJ Madachy. (2005). Early Draft Version - Center for Systems and
/spd%20all%204.9.02.doc.
/Rannikko_Pirkka.pdf.
www.orbytesolutions.com/services/images/doc/cmmvsagile.doc. Last
accessed 3rd-sep-2012.
http://ulir.ul.ie/bitstream/10344/95/3/0SSE2015.pdf.txt.
http://www.few.vu.nl/~JC.van.Vliet/SEguide08.pdf.
129
57. Carlton Northern. (2010). Handbook for Implementing Agile in
ll_0401.pdf
ksu.edu.sa/zohair/Documents/CSC541/Chap2SWE%20processes/Scru
m%20Primer.pdf
130
(W3C), Online:http://www.dwheeler.com/secure-programs/, last
accessed November 2005, 3rd edition, March 2003.
64. James D. Wynne. Learning Statistics, A Common-Sence Approach.
MacMillanPublishing Co., Inc., New York, 1982.
65. Paul Innella and Oba McMillan, Tetrad Digital Integrity, LLC “An
Introduction to Intrusion Detection Systems” December 6, 2001
66. Micheal E. Whitman and Herbert J. Mattord, “Principles of
Information Security” page 289-294
131
measure", Computers & Security, Vol: 26, No: 7-8, pp: 488-495,
2007.
75. Shi-Jinn Homg, Ming-Yang Su, Yuan-Hsin Chen, Tzong-Wann Kao,
Rong-Jian Chen, Jui-Lin Lai, Citra Dwi Perkasa,"A novel intrusion
detection system based on hierarchical clustering and support vector
machines", Expert Systems with Applications, Vol: 38, No: 1, pp:
306-313,2011.
76. Abadeh, M.S., Habibi, J., "Computer Intrusion Detection Using an
Iterative Fuzzy Rule Learning Approach", in Proceedings of the IEEE
International Conference on Fuzzy Systems, pp: 1-6, London, 2007.
77. Bharanidharan Shanmugam, Norbik Bashah Idris, "Improved
Intrusion Detection System Using Fuzzy Logic for Detecting
Anamoly and Misuse Type of Attacks", in Proceedings of the
International Conference of Soft Computing and Pattern Recognition,
pp: 212-217, 2009.
78. O. Adetunmbi Adebayo, Zhiwei Shi, Zhongzhi Shi, Olumide S.
Adewale, "Network Anomalous Intrusion Detection using Fuzzy-
Bayes", IFIP International Federation for Information Processing,
Vol: 228, pp: 525-530, 2007.
79. Arman Tajbakhsh, Mohammad Rahmati, Abdolreza Mirzaei,
"Intrusion detection using fuzzy association rules", Applied Soft
Computing, Vol: 9, No: 2, pp: 462-469,2009.
80. Zhenwei Yu, Tsai, J.J.P., Weigert, T., "An Automatically Tuning
Intrusion Detection System", IEEE Transactions on Systems, Man,
and Cybernetics, Vol: 37, No: 2, pp: 373 - 384,2007.
81. Qiang Wang and Vasileios Megalooikonomou, "A clustering
algorithm for intrusion detection", in Proceedings of the conference
132
on Data Mining, Intrusion Detection, Information Assurance, and
Data Networks Security, vol. 5812, pp.31-38, March 2005.
82. Cordon O, Gomide F, Herrera F, Hoffmann F, Magdalena L, “Ten
years of genetic fuzzy systems: current framework and new trends”,
Fuzzy Sets and Systems, vol. 141, no.l, pp. 5-31,2004.
83. M. Saniee Abadeh, J. Habib and C. Lucas, “Intrusion detection using
a fuzzy genetics-based learning algorithm”, Journal of Network and
Computer Applications, vol.30, no.l, pp. 414-428, 2007.
84. R. Agrawal, T. Imielinski, A., Swami, “Mining association rules
between sets of items in large databases”, in Proceedings of 1993
ACM SIGMOD Inti. Conf. on Management of Data, Washington, DC,
pp. 207-216, 1993.
85. http.7/www.ll.mit.edu/mission/communications/ist/corpora/ideval/data
/1998data.html
86. http://www.sigkdd.org/kddcup/index.php?section=1999&method=dat
a
87. Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu and Ali A. Ghorbani,
"A detailed analysis of the KDD CUP 99 data set", in Proceedings of
the Second IEEE international conference on Computational
intelligence for security and defense applications, pp. 53-58, Ottawa,
Ontario, Canada, 2009.
88. Zadeh, L.A., “Fuzzy sets”, Information and control, vol.8, pp. 338-
353, 1965.
89. Jiawei Han, Jian Pei, Yiwen Yin, Runying Mao, "Mining Frequent
Patterns without Candidate Generation: A Frequent-Pattern Tree
Approach", Data Mining and Knowledge Discovery, Vol: 8, No: 1,
pp: 53 - 87, 2004.
133
90. B.V. Dasarathy, “Intrusion Detection”, Information Fusion, Vol.4,
No.4, pp.243-245, 2003.
91. R.G.Bace, “Intrusion Detection”, Macmillan Technical Publishing,
Indianapolis, USA, 2000.
92. Marcos M. Campos, Boriana L. Milenova, “Creation and
Deployment of Data Mining-Based Intrusion Detection Systems in
Oracle Database lOg”, in Proceedings of the Fourth International
Conference on Machine Learning and Applications, 2005.
134