A lightweight technique for detection and prevention of wormhole attack in MANET

A mobile ad-hoc network (MANET) is an ordinary and self-orbiting communication network that is capable of managing mobile nodes. Many proposed protocols on MANET address its vulnerability against different threats and attacks. The malicious node exploits these vulnerabilities to lunch attacks, especially when nodes have mobility and network do not have constant topology, like wormhole attack. This paper presents a lightweight technique that detects the wormhole attacks in MANET. In the proposed technique, the source node calculates the average sequence number of the reply (RREP) packets. If the sequence number of the corresponding node exceeds the calculated average value of the sequence number, then all traffic is discarded, and the node is marked as malicious. The proposed technique is less complex, power-efficient, and enhances network lifetime as more data packets are delivered to the destination node. This technique is validated through comprehensive simulations results in NS2


Introduction
Mobile Ad-hoc Network is a wireless network without any infrastructure which includes mobile nodes that can move according to a pattern, and the topological structure of the network keeps on changing dynamically. The routes between any two nodes are made through the intermediate hops on the ad-hoc basis, i.e., these routes are temporary and may disrupt with the passage of time due to several factors. Due to the dynamic nature of MANET is considered as a distributed network [1] in which a large number of nodes exchange information through symmetrical or asymmetrical radio links in a multi-hop manner. In MANET, nodes can act as intermediate hop or router to provide a route between two end nodes that can communicate through this path formed by intermediate nodes. These paths are formed using one of several standards or customized routing protocols following a specific mechanism linked to those protocols which can be categorized as proactive, reactive, and hybrid [2]. All these routing protocols might create a loophole in the security of the network due to their intrinsic properties. All these features of MANET pave the way for a wide range of both active as well as passive attacks [3] that makes the issue of data security of critical importance. Even with these drawbacks, MANET has the bulk of features that makes it successful in various fields. MANET finds its application in the field where it is difficult to set up a wired network with centralized or decentralized infrastructure with fixed base stations around which the entire network is controlled [4]. MANET proves to be handy on these occasions as it involves mobile nodes that build paths and communicate act in a spontaneous and ad-hoc manner. MANET  to a wired network. Because no wires are deployed, all nodes are wireless [5]. In the existing work, the trust calculation is performed based on the number of packets sent or received generated by nodes. It is not only the situation to measure trust due to passive attacks [6]. Also, the attacker node only senses data or modifies then transfers the information to other malicious nodes again and again. Due to this, it split the security strategy of a trustworthy AODV routing protocol relevant to detecting or preventing MANET malicious behavior of the nodes. Trust state does not rely on receiving packets or forwarding other packets, but trust is a different technique to overcome all types of passive and active attacks. Among other problems in MANETs, the security of mobile nodes is a major challenge, because every node is free in MANET. Security is also a problem because there is a lack of a centralized control unit due to the MANET's infrastructure less environment [7]. Therefore, an efficient and safe mechanism is required to ensure the maximum efficiency and security of transmission of packets in the path between nodes. Two or more malicious nodes typically initiate a wormhole attack using a private tunnel channel, between them. Figure 1 shows the workings of the wormhole attack.
A malicious node at one end of the tunnel catches a control packet and sends it through a private channel to another colluding node at the other end, which retransmits the packet locally. The attack usually works in two steps. The wormhole nodes get involved in several routes during the first step. Those malicious nodes start exploiting the packets they receive in the second step [8].
These nodes can, in many ways, interrupt network functionality. For example, such nodes may confuse protocols that rely on node position or geographic proximity, or in the case of virtual tunnels, the colluding nodes may forward data packets back and forth to each other to exhaust the battery of other intermediate nodes.
Wormhole nodes can drop, change, or send data for malicious purposes to a third party [9].
DoS attacks are aggressive attacks where malicious nodes produce false messages to interrupt the operations of the network, or consume the resources of other nodes. In MANET, Wormhole, Blackhole, Gray hole, Jellyfish, etc. are well known DoS [10][11]

Figure 1. Wormhole attack in MANET
In this paper, we proposed a technique which detects the wormhole attack by using sequence number. In the proposed technique, the source node temporarily stores all replies (RREP) packets from other nodes with their sequence numbers. Then source node (S) calculates the average of all sequence numbers and stores it. After calculating the average, it discards all replies packets if the sequence number of any node exceeds the average value S. In this way, wormhole nodes can be excluded from the route, and only trusted nodes can communicate in the network. Contribution of the research follows: The proposed technique is lightweight, which detects the wormhole nodes in very little complexity. In order to achieve accurate attack detection and security assessment, the proposed technique provides a simple and less complicated solution to identify the malicious as compared to existing solutions. (ii).
Due to the rapid detection of wormhole attack of the proposed technique, causes an increase in packet delivery ratio and throughput of the network. (iii).
The proposed technique does not create extra overhead in the network.

Related Work
In the above literature, various solutions are based on trust and threshold values which detects the wormhole nodes. However, these solutions create high routing overhead and delay in the network. Additionally, some techniques have computational complexity and required extra hardware, which affects the standard routing protocol and increases the cost [28], [29]. The main problem, the literature identifies is the improper detection of malicious nodes and huge routing overhead in the network; this work motivates us to propose this technique. Many researchers focus only on the packet delivery ratio but ignore the routing overhead and delay.
Our proposed technique is different from all the above exiting solutions, which does not require any extra hardware or computational complexity. The proposed technique is a less complicated and lightweight solution because, based on the average value of sequence numbers, identifies the wormhole nodes in the network.

Proposed Methodology
Most of the defending strategies use intermediate nodes to prevent attacks or uses some techniques such as intrusion detection systems (IDS) to detect malicious nodes. Where this solution becomes more complicated, expensive, and it also decreases the lifetime of the network [30]. In this paper, we have suggested a defensive method in this article that is very simple to enforce and will protect against wormhole attacks. In our proposed solution, the source node accepts various reply (RREP) packets from different nodes, all RREP packets (for a specific moment) will be stored by the sender with their respective sequence numbers. Then the corresponding node calculates the average number of all sequence numbers.
Here (n) represents the total number of reply (RREP) packets whereas a1, a2 …. an is the sequence number of reply (RREP) packets. Discard all reply (RREP) packets that exceed the value of avg with a sequence number.
The Pseudocode of the proposed technique Calculate: Discard that path, node is (wormhole node)    Fig.3 shows the result of the packet delivery ratio of the proposed technique and simple AODV with & without attack. The PDR of AODV with an attack is very low, because the malicious node drops the data packets during communication. The PDR of AODV without attack is very high due to the malicious node does not exist in the network. Moreover, PDR of the proposed technique is higher than AODV with attack and less than simple AODV. This shows that the rapid detection of a malicious node by the status packet increases PDR. However, PDR decreased by either a link failure or a malicious node, where the malicious node is close to the source node and sends false information to the source node more quickly.  The throughput of AODV with an attack is low because the malicious node disturbs the communication. Whereas, the throughput of AODV without attack is high because no malicious node is found, and nodes can communicate freely. Similarly, the throughput of the proposed technique is better than AODV with attack and less than simple AODV. However, throughput of the proposed technique is decreased; either when the link inflicted failure during communication, or when the malicious node dropped the data packets. The delay of AODV with an attack is low. Therefore, data packets cannot reach a destination node within due time.

Packet Delivery ratio
The performance of AODV without attack is better than both simple AODV and proposed technique. There is no disturbance of the attacker node, whereas the proposed technique is better than simple AODV and less than AODV under attack.

Conclusion
Security is one of the critical aspects of the network of wireless communication. During communication, DoS attacks disturb the routing process and damage the network resources. Wormhole attack is difficult to detect because it creates the tunnel to drop the data packets. In this paper, we have proposed a lightweight technique to detect the wormhole nodes based on calculating the average sequence number with very delay in the network. Hence, the rapid detection of wormhole nodes saves the battery of the nodes, which helps to increase the network lifetime. In the future, we will deploy this technique to other routing attacks by considering the mobility of the nodes. The proposed work is limited only to detect the wormhole attacks.
In the future, the proposed can merge with machine learning techniques for the detection of malicious nodes. Furthermore, the proposed technique can be extended by calculating the energy consumption of the nodes during the transmission phase.