International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 02 Issue: 02 | May-2015 www.irjet.net p-ISSN: 2395-0072 © 2015, IRJET.NET- All Rights Reserved Page 410 Intrusion Response with Dempster Shafer theory of evidence to detect and overcome routing attack in Mobile Ad hoc Networks Mr. S. G. Phule 1 , Mr. G. T. Chavan 2 1 Student, Computer Engineering Department, Sinhgad College of Engineering Savitribai Phule Pune University, Maharashtra, India 2 Associate. Prof., Computer Engineering Department, Sinhgad College of Engineering Savitribai Phule Pune University, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Mobile Ad hoc Networks are extremely exposed to attacks because of the self-motivated nature of its network infrastructure. Out of all these attacks, routing attacks need sizeable attention since it could root the most upsetting harm to MANET. There exist several intrusion response techniques to mitigate such critical attacks, still the existing solutions typically attempt to isolate malicious node based on immature unclear response decisions. However these responses may consequence in the unforeseen network separation, causing supplementary damages to the network infrastructure, and also could lead to ambiguity in countering routing attacks in MANET. In this paper an intrusion response mechanism is proposed to thoroughly deal with the recognized routing attacks. This approach is based on an extended Dempster-Shafer mathematical theory of evidence with belief of value factors. Also result shows the helpfulness of this approach. Key Words: Mobile Ad hoc Networks, Intrusion Response, Dempster-Shafer theory 1. INTRODUCTION Mobile Ad hoc Network is a self governing system of movable nodes connected by wireless links. Every node functions as a router to move on packets in addition to act as an end system. The nodes are free to move about and systemize themselves into network. These nodes change location repeatedly. A number of attacks are likely in MANET and among them routing attack could cause the worst damage. Quite a few work [1], [2], [3] concentrate on the intrusion response actions in MANET by separating un-cooperative nodes based on the node reputation derived from their behaviors. These responses often neglects the potential harmful side effects caught up with the response actions. These improper countermeasures in MANET may cause unexpected network separation. In this paper, Dempster Shafer Theory is used which has several characteristics. First one is, it facilitate us to describe both subjective and objective evidences with basic probability assignment & belief function. Second it supports Dempster rule of combination to combine several evidences together with probable reasoning. To tackle the limitations of this Dempster rule of combination Dempster rule of combination with value factors in DS evidence model is introduced. In this paper a response mechanism to thoroughly cope with routing attacks in MANET is proposed. The paper structuring is as follows: Section II provides the related work in MANET intrusion detection & response systems. Section III provides problem definition Section IV express how our extended D-S Evidence model can be incorporated with value factors & mathematical modeling. Section V conveys fine points of our intrusion response mechanism. Section VI shows the result snapshots. Section VII concludes the paper 2. RELATED WORK A number of study efforts have been made to look for preventive solutions [11], [12], [13], [14] for protecting the routing protocols in MANET. Even though these approaches can prevent illegal nodes from joining the network, they bring in a major operating cost for key exchange and verification with the limited intrusion removal. Besides, prevention based techniques are less supportive to deal with malicious insiders who hold the genuine identification to communicate in the network. Many IDSs for MANET have been lately introduced. Due to the nature of MANET, most IDS are structured to be distributed and have a supportive architecture. Similar to signature-based and anomaly-based IDS models for the wired network, IDSs for MANET use specification-based or statistics-based approaches. Specification-based approaches, like [15], observe network behavior and evaluate them with identified attack features, which are impractical to deal with new attacks. On the other hand, statistics-based approaches, such as Watchdog [16], and [17], evaluate network behavior with typical behavior patterns, which consequence in higher false positives rate than specification-based ones. Because of the existence of false positives in both MANET IDS models, intrusion alerts from these systems always go together with alert confidence, which indicates the likelihood of attack incident. Intrusion response system (IRS)[18] for MANET