Scope of the project:

Scope of the project is to implement a new intrusion-detection system named

Enhanced Adaptive ACKnowledgment (EAACK) specially designed for MANETs.
Compared to contemporary approaches, EAACK demonstrates higher maliciousbehavior-detection rates in certain circumstances while does not greatly affect the
network performances.
Project Formulation:
In this paper a new Intrusion-Detection system technique is used to prevent a
malicious node in the MANETS, the malicious attacker used the wide distribution
and open medium features of the MANETS to establish the vulnerabilities in the
network.

Objective of Thesis:
This paper proposes a mechanism for a novel IDS named EAACK protocol
specially designed for MANETs and compared it against other popular
mechanisms in different scenarios through simulations and migration to wireless
network from wired network.
Overall Description:
MANET is a self-configuring infrastructure network of mobile devices connected
by wireless network it equipped with both a wireless transmitter and a receiver that
communicate each other bidirectional wireless either directly or indirectly. One of
the major advantages of wireless networks is its ability to allow data
communication between different parties and still maintain their mobility. This

means that two nodes cannot communicate with each other when the distance
between the two nodes is beyond the communication range of their own. MANET
solves this problem by allowing intermediate parties to relay data transmissions.
This is achieved by dividing MANET into two types of networks, namely, singlehop and multihop. Unfortunately, the open medium and remote distribution of
MANET make it vulnerable to various types of attacks. Due to the nodes lack of
physical protection, malicious attackers can easily capture and compromise nodes
to achieve attacks. In particular, considering the fact that most routing protocols in
MANETs assume that every node in the network behaves cooperatively with other
nodes and presumably not malicious. If MANET can detect the attackers as soon as
they enter the network, we will be able to completely eliminate the potential
damages caused by compromised nodes at the first time. IDSs usually act as the
second layer in MANETs, and they are a great complement to existing proactive
approaches.
Product perspective:
The security solution must encompass wider perspective involving both known and
unknown attacks. So developing multifence security solution is an area of future
research. There is a trade-off between security and network performance. The need
of the hour is to integrate security with QoS (Quality-of-Service) so that optimized
security solutions are developed for MANET.
Product Functions:
Intrusion detection is defined as the technique to identify any set of actions that
attempt to compromise the integrity, confidentiality, or availability of a resource.
For MANETs, the general function of IDS is to detect misbehaviors by observing

the networks traffic in a Mobile Ad hoc. There are two important models of
Intrusion detection systems namely:
signature based and anomaly based approaches [5] [6]. A signature-based IDS
monitors activities on the networks and compares them with known attacks.
However, a drawback of this approach is that new unknown threats cannot be
detected. In anomaly-based detection, profiles of normal behavior of systems,
usually established through automated training, are compared with the actual
activity of the system to flag any significant deviation. A training phase in
anomaly-based intrusion detection determines characteristics of normal activity; in
operation, unknown activity, which is usually statistically and significantly
different from what was determined to be normal, is flagged as suspicious.
Anomaly detection can detect unknown attacks, But the issue is that anomaly
based approaches yield high false positives for a wired network. If these statistical
approaches are applied to MANET, the false positive problem will be worse
because of the unpredictable topology changes due to node mobility in MANETs.
The specification based approach, is recently presented and is ideal for new
environments, such as MANETs. In specification-based detection, the correct
behaviors of critical objects are abstracted and crafted as security specifications,
which are compared to the actual behavior of the objects. Intrusions, which usually
cause an object to behave in an incorrect manner, can be detected without exact
knowledge about the nature of the Intrusions. Currently, specification-based
detection has been applied to privileged programs, applications, and several
network protocols. Most of recent researches focused on providing preventive
schemes to secure routing in MANETs [10-14]. Security is most important service
in MANETs.
User Characteristics:

Manet has different characteristic as compared to wired networks there are so

many challenges related with security that need to be addressed. Initially Manet is
designed for military applications but now days it is used for search and rescue
mission and data collection, virtual class, and conferences where laptops, PDAs
and other mobile phones are used. Since the wireless network is spreading the
security is main issue in the wireless network. In general, MANETs are vulnerable
based on the basic characteristics such as open medium, changing topology,
absence of infrastructure, restricted power supply, and scalability. In such case,
Intrusion detection can be defined as a process of monitoring activities in a system
which can be a computer or a network. The mechanism that performs this task is
called an Intrusion Detection System (IDS).

Assumptions & Dependencies:

Initially the project can be tested on two workstations. However, the further increment in number
of workstations is doubtful.
Design Constraints:
The implementation of topologys nature has to be dynamic.
External Hardware & software Interface:
HARDWARE CONFIGURATION:a. Processor Pentium IV Speed 1.1 GHz
b. RAM 256 MB(min)
c. Hard Disk 20 GB
d. Key Board Standard Windows Keyboard
e. Mouse Two or Three Button Mouse

f. Monitor SVGA
SOFTWARE CONFIGURATION:a.

Operating System: Windows XP onwards.

b. Coding Language: .NET

c. Database : MS SQL

1. Process Summary:
The project implementation starts with the creation of topology and then a routing
protocol is used (AODV or DSR) according to the requirements. Then, among the nodes
in the topology any of the two nodes are selected as the source and destination pairs. The
source and destination nodes then exchange the simple Digital Signature according to the
DSA and RSA algorithms. The signatures are then used to implement the three stages of
EAACK mechanism.
2. Algorithms:
a. DSA Algorithm: To generate and exchange digital signatures between source and
destination. In this algorithm, the original message is required for the verification of
the signature.
b. RSA Algorithm: To generate the digital signatures for the nodes. This algorithm does
not require any other information besides the signature itself in the verification
process.
c. EAACK Algorithm: The algorithm for EAACK protocol to implement the stages
within EAACK intrusion detection system.

3. Modules Information:
a. ACK Implementation:
ACK is basically an end to end acknowledgment scheme .It is a part of EAACK
scheme aiming to reduce the network overhead when no network misbehavior is
detected. The basic flow is if Node A sends an packet p1 to destination Node D, if all
the intermediate node are cooperative and successfully receives the request in the
Node D. It will send an ACK to the source (Node A) , if ACK from the destination get
delayed then it S-ACK process will be initialized.
b. Secure ACKnowledgement:
In the S-ACK principle is to let every three consecutive nodes work in a group to
detect misbehaving nodes. For every three consecutive nodes in the route, the third
node is required to send an S-ACK acknowledgment packet to the first node. The
intention of introducing S-ACK mode is to detect misbehaving nodes in the presence
of receiver collision or limited transmission power.
c. Misbehavior Report Authentication:
The MRA scheme is designed to resolve the weakness of watchdog with respect to
the false misbehavior report. In this source node checks the alternate route to reach
destination. Using the generated path if the packet reaches the destination then it is
concluded as the false report.
d. Digital Signature Validation:
In all the three parts of EAACK, namely, ACK, S-ACK, and MRA, are
acknowledgment-based detection schemes. They all rely on acknowledgment packets
to detect misbehaviors in the network. Thus, it is extremely important to ensure that
all acknowledgment packets in EAACK are authentic and untainted. Otherwise, if the
attackers are smart enough to forge acknowledgment packets, all of the three schemes
will be vulnerable.
Proposed Work: The proposed work for the base paper is the detection and removal
of black hole attack. For this, an algorithm is proposed where a modification to
AODV protocol is performed with respect to the EAACK requirement. The algorithm
can be defined in two phases as follows:-

a. Route Discovery Phase:- In this phase, the sender first requests the certificate
from the cluster head of the cluster it belongs to of the intended destination node.
The cluster head first verifies the node and then replies with the certificate of the
intended node to the requesting node. Then, the sender node initiates the AODV
protocol and broadcasts RREQ packets to all its neighbors. The neighbors will
broadcast this RREQ packet to their own neighbors and this continues until, the
RREQ packet is reached to the destination. In this process, each node appends its
own address to the packet datagram so that if, a node receives a packet with the
datagram that contains the appended address as the same node which the received
the packet, the node drops the packet as the packet might posses the undesired
looping address and repetition of the redundant address. Once, the destination
node receives the RREQ packet it sends RREP packet to its intermediate hop
towards the packet source. The RREP packet is forwarded the same way RREQ
packet was along the path but in reverse order of that of the RREQ packet. After
the source receives the RREP packet, it extracts the traversed path information
from the packet datagram. This route is the discovered route for the source,
destination pair.
b. DATA packet sending phase: - In this phase, a data packet is sent through every
route discovered between a particular source and destination pair. An ACK
threshold RTT is defined which is used as the measure to determine whether a
route contains a malicious node. If the source node receives an ACK packet
within time more than that of the threshold then it initiates a node verification
process to determine the malicious node in the route. Then after the detection of
the malicious node the source node broadcasts the node removal from the network
to all the nodes which are present in all the routes from that source node to
selected destination node. In this way, the malicious node(black hole) is
determined and is removed from the network.