IJCA Special Issue on “Network Security and Cryptography” NSC, 2011 28 Fuzzy Logic based Intrusion Detection System against Blackhole Attack on AODV in MANET Kulbhushan Asst. Prof,Department of Electronics & Communication Engg., GTBKIET,Malout Jagpreet Singh Research Scholar,Department of Computer Science & Engg., IIT Ropar ABSTRACT Security[16] is an essential feature for wired and wireless network[1]. But due to its unique characteristics of MANETs[10], it creates a number of consequential security challenges to network. MANETs are vulnerable to various attacks[2], blackhole[12] is one of the possible attack. In this paper, we represent an intrusion detection[5] system for MANETs against blackhole attack using fuzzy logic[4]. Our system successfully detects the blackhole in the network and this information is passed to other nodes also. We also provide a detailed performance evaluation based on various network parameters. Our results show that the proposed system not only detects the blackhole[12] node, but improves the performance of AODV under the blackhole attack. General Terms Computer Network, Wireless Network, Manets, Security Issues. Keywords MANET, AODV, Blackhole Attack, Fuzzy Logic. 1. INTRODUCTION A Mobile Ad-hoc Network (MANET)[10] is an infrastructure less, multi hop network, in which mobile nodes communicate directly or co-operatively with each other. As there are no access points or routers, no co-ordination or configuration prior to setup of a MANET is required. Also, due to high mobility, resource constrains (power, storage and bandwidth) in MANET environment, and nodes operating in a dynamic topology, more challenges are encountered in routing. The Ad-hoc on demand distance vector (AODV)[3][9] routing protocol[15] is designed for use in MANETs. AODV is a reactive protocol i.e. the routes are created only when they are needed. It uses traditional routing tables, one entry per destination, and sequence numbers to determine whether routing information is up to date and to prevent routing loops. An important feature of AODV[3] is the maintenance of time-based states in each node: a routing entry not recently used is expired. In case of a route is broken the neighbors can be notified. Route discovery is based on query and reply cycles, and route information is stored in all intermediate nodes along the route in the form of route table entries. The following control packets are used: routing request message (RREQ) is broadcasted by a node requiring a route to another node, routing reply message (RREP) is unicasted back to the source of RREQ, and route error message (RERR) is sent to notify other nodes of the loss of the link. HELLO messages are used for detecting and monitoring links to neighbors. Wireless Ad-hoc networks are vulnerable to various attacks[2]. These include passive eavesdropping, active interfering, impersonation and denial of services. One of these attacks is blackhole attack. In blackhole attack, node will pretend as if it is a destination node for a particular route and absorbs all data packets in itself, similar to a hole that sucks everything in. In this way, all packets in a network are dropped. A malicious node dropping all traffic in a network makes use of vulnerabilities of the route discovery packets of the on demand protocols, such as AODV. In this paper, we have proposed a novel method based on fuzzy logic[4] to detect blackhole[12] attack. The system isolates the blackhole node from the network. The proposed solution is used by every node in the network. So, every node in the network can determine the behavior of its neighbors, if neighbor is malicious, an alarm packet is broadcasted in the network with the IP address of malicious node and that node thereafter is not allowed to participate in packet forwarding operation. Following is an overview of this paper: in section 2, we describe our fuzzy based intrusion detection system and its implemented features. In section 3, the results of simulation are discussed and finally the conclusions are summarized in section 4. 2. PROPOSED SYSTEM The proposed system is based upon fuzzy logic[4][14]. Fuzzy logic is a form of multi valued logic derived from fuzzy set theory to deal with reasoning that is approximate rather than precise. In contrast with “crisp logic”, where binary sets have binary logic, fuzzy logic variables may have a truth value that ranges between 0 and 1 and is not constrained to the truth values of classic propositional logic. The fuzzy model[6] is integrated with AODV[3][9] routing protocol as shown in figure 1. It consists of following four components namely Fuzzy Parameter Extraction, Fuzzy Computation, Fuzzy Verification Module and Alarm Packet Generation Module. During fuzzy parameter extraction, the system extracts the parameters required for analysis from network traffic. These parameters are passed to fuzzy computation module, which applies various fuzzy rules and membership functions to calculate fidelity level of the node. This fidelity level is compared with threshold value in fuzzy verification module to check the behavior of node and if, fidelity level is less than threshold level, an alarm packet with the IP address of detected malicious node is broadcasted in the network.