A novel secure routing scheme using probabilistic modelling for better resistivity against lethal attacks

Received Jul 10, 2019 Revised Feb 29, 2020 Accepted Mar 18, 2020 Study towards wireless adhoc network dates two decades back with various researchers evolving up with new solutions towards addressing its problems. Irrespective of various other problems, the issues related to the secure routing is yet unsolved owing to massively increasing fatal strategies of the adversary. Review of existing literature shows that the existing secure routing scheme can only govern over the stated attacks reducing the applicability in case of dynamic attacks. Therefore, this manuscript introduces a novel probabilistic model which offers the capability to wireless nodes to identify the malicious behavior and react accordingly. Different from existing intrusion prevention system, the proposed system allows the malicious node to participate in the data forwarding process and exhaust its resources with no chance of launching an attack. The simulated outcome of the study shows that the proposed secure routing scheme offers better data forwarding characteristic in contrast to the existing system in the aspect of intrusion detection and secure data transmission.


INTRODUCTION
Wireless Adhoc network is characterized by the lack of supportive infrastructure and consists of various communicating devices (also called peers) in a very dynamic manner. These self-organizing peers are capable of maintaining connectivity among them by sharing their wireless capabilities [1]. This characteristic assists the wireless communication device to establish connectivity among each other where the source node can forward the data packet to the destination node either directly or indirectly through intermediate relay node [2][3]. Due to this decentralized mechanism of communication establishment and routing, there is less possibility of the availing key distribution center in the ad-hoc wireless network [4]. Neither it is feasible for availing a robust certificate authority because of which reason ad-hoc wireless network lacks precise identification of nodes [5]. Wireless Adhoc network is one suitable for the decentralized architecture deployment in the wireless network [6]. According to the theoretical study, it is believed that nodes in the ad-hoc wireless network always assume that any new node that joins its network has to follow the certain protocol of conduct. Unfortunately, this logic does not hold good in the majority of the practical communication system as there are various dynamic attacks in the ad-hoc wireless network evolving [7].
Owing to the decentralized scheme, there are various challenges associated with communication. Majority of the challenges are either associated with data forwarding/traffic related operation while other forms of problems are related to security problems in the ad-hoc wireless network [8][9][10][11]. At present, there are many security schemes evolved toward security applications of the ad-hoc wireless network [12][13][14][15][16], but very few approaches towards safeguarding the generalized architecture of the ad-hoc wireless network. It is because there are different types of applications in an ad-hoc wireless network with respect to the perspective of a communication protocol; therefore, the applicability of security solution of one application is never applicable to solve the same security problem in another application. For example, the same security solution cannot be offered towards securing blackhole attack in the mobile ad-hoc network and wireless sensor network as their routing management system is very different from each other. At the same time, another significant problem is that majority of the secure routing protocol is developed on the top of conventional routing protocol, e.g., adhoc on-demand distance vector (AODV), destination sequence distance vector (DSD), dynamic source routing (DSR, etc. Unfortunately, all these protocols already have challenges in its routing operation [17]. Therefore, without addressingsuch challenges, it is quite unwise and unpractical to use such protocols for securing the network. For example, AODV suffers from the problem of retaining stale routing information where the updates are less frequently carried out. The adversary can easily misuse such properties of routing problems by any means. Various encryption-based schemes have been evolved up for secure routing scheme, but there are very less benchmarked studies in this regards. Hence, there is a need for such a security solution that offers a security solution based on the malicious behavior of the ad-hoc nodes, which works on the arena of all applications in the ad-hoc wireless network. Therefore, the proposed system introduces a simplified analytical model that is meant for taking a dynamic decision based on current local and global trust in order to assess the intention of the nodes present in the network. The current work also presents probabilistic modeling towards assessing various critical situations of the threats. There are various approaches witnessed in the existing system towards addressing the security problems in the ad-hoc wireless network [18]. This section, the approaches associated with the malicious behavior of the node is reviewed. The work of Sharma et al. [19] has presented an authentication protocol for its neighboring nodes for resisting blackhole attack in the ad-hoc wireless environment. It has also been seen that frequently used routing schemes, e.g., adhoc on-demand distance vector (AODV) has been modified to offer dual acknowledgment scheme for authentication. Study towards incorporating bio-inspired algorithm has been seen in the work of Chintalapalli and Ananthula [20], which is about the selection of the secure routes in the mobile ad-hoc network. Considerations of the behavioural semantics, Yadav, and Gaur [21] have presented a framework that is developed based on the algebraic concept for secure data communication in the mobile ad-hoc network. A unique study carried out on Zheng et al., [22] has introduced a strategic mechanism using a hybrid duplex receiver. This logic confuses the malicious node to perform eavesdropping followed by forwarding as well as jamming the adversary signal.
Ali and Prasad [23]. The work of Girnar and Kaur [24] have studied the security of the ad-hoc network with respect to a neural network where the simulated outcome shows that the proposed system is resistive of blackhole attack and wormhole attack. The study towards enhanced data forwarding scheme presented by Kaurav and Joshi [25] is shown to offer resistance from eavesdropping attack to prove that the presented scheme offers better throughput, overhead, and data delivery performance. Adoption of a reinforcement learning scheme has been witnessed in the work of Mayadunna et al., [26] where a secure routing scheme has been developed using trust factor thereby contributed towards malicious node identification. Prevention mechanism towards conflicting behavior was discussed by Samreen and Jabbar [27] where an elimination strategy of the malicious node is developed based on the trust factor. Analysis of security strength of conventional ad-hoc routing scheme is carried out by Shabut et al., [28] where the technique is claimed of better performance on detection of eavesdropping attack mainly.
The existing system has also noticed the usage of classifier-based approach towards detection of the adversary in the ad-hoc network. The work of Shams and Rizaner [29] have used support vector machine to show that it can resist potential attacks with better data forwarding performance. Usage of trust management has been seen in the study of Guo et al. [30] where an integrated approach of fuzzy logic as well as information quantification concept for resisting potential attacks in the ad-hoc wireless network. The work of Trivedi et al. [31] has used reputation-based modeling towards the identification of intrusion in the presence of mobility in the ad-hoc network environment. The work presented by Patwardhan et al. [32] has used encryption and key-based management towards strengthening the authentication process. Apart from this, the other approaches are predictive (Sowah et al., [33]), modified AODV based (Zant et al., [34]), study-based (Chandan et al. [35]), routing-based (Vadavi et al., [36]) and signal strength-based (Faisal et al., [37]). Abdullah et al., [38] have illustrated data gathering algorithm for wireless sensor networks by using joint mobile aspects.
Bhatia and Tomar [39] have presented bandwidth optimization and power efficient dynamic source routing protocol in MANETs. Jyoti Neeli et al., [40] have presented various approaches undertaken by existing literature to a discrete security issue and also examine the effectiveness point of the security. The research study was done by Tuberquia and Hernandez [41] a novel approach in cognitive radios by using an algorithm called evolutionary. The work of This study mainly focuses on reconfigurable fault tolerant on chip architectur with hierarchical agent based monitoring system for enhancing the performance of network based multiprocessor system on chip against faulty links and nodes. Jati et al., [42] this works mainly focuse on classification methods to enhance the security technique based on the humn gaint. The GAIT is one ofthe biometric techniques that might be employed to recognize the person. The next section briefs of problems that are targeted to be addressed in the proposed system.
Existing system towards securing the routing mechanism in the ad-hoc wireless network is more or less symptomatic where the prime inclination of the presented approaches are focused on offering security solution towards specific attacks. After reviewing the work carried out towards the secure communication in the ad-hoc wireless network, it was seen that majority of the work carried out is towards addressing particular security breach which loses its applicability towards resisting other forms of attacks. It is because every attack has different strategies, but the mode of initiating the attacks are more or less the same. If the malicious behavior of the node cannot be accurately confirmed, then offering protective measures will be quite a difficult task. Another essential review finding is that there are very less journals representing security problems in the ad-hoc wireless network and there is a number of research on specific applications, e.g., mobile ad-hoc network, vehicular network, sensor network, etc. Irrespective of all of these fall under the domain of ad-hoc network, but their routing mechanism vary from each other. It shows that secure routing scheme of sensor network has lesser applicability on the mobile ad-hoc network and vice-versa. Hence, a generalized scheme is required. There are few studies where attack resistivity strategy is developed based on generalizing or complex malicious behavior. Therefore, the research problem is "Developing a resistivity against maximum attack using cost-effective modeling approach in the ad-hoc wireless network using the unique features of malicious behavior".
The proposed study consider analytical research methodology in order to investigate the behavior of the lethal attacks in the ad-hoc wireless network as well as develop a strategy for resisting the spread of such intrusion further. The block diagram of the proposed system is shown in Figure 1. The block diagram exhibits the scheme towards the identification and prevention of variants of attacks on the ad-hoc wireless network. The proposed model develop an adversarial model using three different, which is about observing the malicious behavior of the destination/intermediate node in the neighborhood. The complete observation is carried out based on trust management, where trust is calculated using the probability concept. The final stage of the study implementation is about identifying the malicious, which is further followed by either continuing the communication or stopping the communication using the allocation of the award/penalty. The formulation of the award and penalty is developed based on various extrinsic factors, e.g., amount of resources utilized in undertaking a specific task, profit obtained by undertaking a specific task, the penalty for false alarm (for regular node), etc. These parameters are developed in such a manner that computation of them will always give an outcome in the range of 0 and 1. This is carried out to use the scope of statistical inferencing system for the numerical outcome obtained. The prime contribution of the proposed system is that it implements a unique adversarial model which not only increases the applicability of the proposed system but also introduces a scheme to resist such lethal threats. The next section discusses the algorithm design.

ALGORITHM IMPLEMENTATION
The development of the complete algorithm is carried out based on the observation towards the secured trust computation by the source node towards the intermediate node selected for forwarding the data packet. The mechanism of confirming the node to be communicated with is an attacker, or regular node depends upon novel analytical modeling of the three test environment as follows: a. Test-Environment-1: In this test environment, the model will consider that both attacker and the regular node will adopt an action that offers than maximum award towards their motive. It means that regular node will be awarded maximum when they choose to capture the attacker while the attacker node will get the maximum award when they can successfully launch the attack. This test environment is opted for challenging modeling of a dynamic attack scenario. b. Test-Environment-2: In this test environment, the action adopted by the next node is unknown and cannot be predicted by the other node. It also ensures that action adopted by a specific node is selected with a hidden agenda of obtaining the maximum award. The difference in all the test environments are: In the 1st test environment, once a node executes its actions then the action of next node is somewhat predictable and defined, which is different in the 2nd test environment. c. Test-Environment-3: In this test environment, the information associated with the execution of the actions of either of the nodes is completely unknown or impartial. It offers a balance between both the regular node and attacker in terms of obtaining more awards. The difference between the 1 st -2 nd test environment and 3 rd test environment is that the information is quite complete in 1 st -2 nd test environment while 3 rd test environment does not have any form of the definition of attack. This makes the 3 rd test environment more lethal and appropriate to assess the identification of different forms of attacks. Apart from the test-environment mentioned above, the proposed study defines the term action as a specific task carried out by nodes. For clarity in implementation, the proposed model considers that there are two sets of actions viz. A comm and A dist . It means that there are a certain common set of actions A comm between regular and attacker node while there is a specific set of action A dist , which is highly unique and different from each other. It will also mean that an attacker node will not easily execute A dist as the probability of them being caught will be high. So, an attacker will attempt execution of A comm in order to gain the trust of a regular node. Hence, there are various complex scenarios artificially and analytically developed in order to develop a secure routing scheme. The first algorithm is designed for identification of the attacker node, and its steps of execution are as follow: Algorithm for Identification of Attacker Node Input: n (number of nodes), C (Cut-off) Output: identification of the attacker node Start 1. while H1<C Do 2.
re-compute P1, P2, H2, and P4 8. End 9. Flag i node as the attacker End The algorithm initially checks for a condition H 1 to be lesser compared with the cut-off value C (Line-1). The computation of H1 is carried out by obtaining the product of two significant information viz. i) probability of intrusion and ii) complete information of probability (i.e., certainty). The next step of the algorithm is to check if H 2 is lesser than the empirical value of G (Line-2). Here, H 2 can be defined as the probability of intrusion while the empirical variable G depends upon various external parameters, e.g., the profit received by a node after assisting it to forward a data, resources deployed by a node after assisting in forwarding data, and profit obtained after launching an attack. The variable G can also be defined as a probability of maximal profit during the intrusion. In such a case, the algorithm chooses M as a set of action representing forwarding of the data packet with maximum probability (Line-3); otherwise, it computes a new probability (Line-5). Finally, the algorithm updates the probability score, i.e., P 1 (Probability of regular node), P 2 (probability of data dropping), and H 2 (Probability of intrusion) and P 4 (Probability of incomplete information) (Line-7). All this computation is carried out by the source node for its immediate neighbor node and based on this probability computation; the algorithm makes a decision of flagging the node to be a malicious node. After the identification of the node is over, the next task is to offer preventive measure against the malicious node. The algorithm responsible for preventing the node from further intruding is as follows: If ij 3.
update all neighboring nodes & isolate i; 7.

End End
The above algorithm is responsible for resisting the further spread of the attack. This algorithm becomes functional only after the identification of the i th node as an attacker node from the prior algorithm (Line-1). Different from any existing intrusion prevention approach, the proposed system doesn't directly stop the malicious node, but rather, it checks the intention of the malicious node. If the probability calculation carried out by the regular source node, suggest that a malicious node is assisting in forwarding the data packet than it is allowed to do so. Interestingly, once the regular node has identified that the other node is malicious (Line-1) and has a harmful intention, it calculates the probability of attack. If the probability of an attack is very low (irrespective of being a malicious node), it is permitted to forward the data packet. However, while doing so, the malicious obtained a reduced amount of award (Line-3) from the source node. Hence, this mechanism optimizes even the malicious node in a highly controlled environment to assist in data packet forwarding. Moreover, better control over the vulnerable situation is made by allocating the only reduced value of incentive as an award; otherwise, they are allocated with penalty value (Line-5). On the other side, the algorithm also checks for if there was any form of error in flagging the other node as a malicious node. In order to avoid any form of false positive in flagging the other node as the malicious node, the regular node double check the local as well as a global trust factor for the targeted node from all the neighboring node of the targeted node. It is because as per the test-environment-1, the regular node should get the highest award if they can positively capture the attacker node; however, this might be challenging due to test environment-2 and test environment-3. In such a case, the attack information will be vague and improper, and there are probabilities of error in flagging correctly. Hence, in such case, the regular node is also penalized if they make a mistake of flagging a wrong node into malicious.
The complete idea of the prevention technique adopted in the proposed system is as follows: Whenever a node makes any decision of undertaking a task (it could be related to forwarding beacon/data, rejecting forwarding data, raising an alarm of malicious node, launching an attack, etc.), there is an incentive allocation for it. This incentive is allocated in the form of award and penalty. Hence, based on the 1 st test environment, both regular, as well as the malicious node, will try to be dominant with each other; however malicious node does so with the caution of not getting caught if the incompleteness about the trust factor is spontaneously found to be increasing with increase of simulation than it is a better scenario to tell that the node is malicious node. Interestingly, direct detection of the malicious node makes the malicious node much more aware of the surveillance system; hence, the algorithm covertly computes and confirm about the illegitimacy of the node and harness them to highest extent to forward data packet. In such case, if the malicious node assists in forwarding data, their motive of presence in the network never fulfills, and instead, they will be just drained of their resources only for assisting in data forwarding. The moment the probability computation predicts that a specific malicious node could launch an attack in its next task execution, they are offered with the penalty. Once the malicious node is isolated, the routing is continued, and information about the successfully established routing path is given more weightage, and all intermediate node involves get increased trust value. This principle of secure routing by identifying malicious behavior applies to any form of adversaries in the ad-hoc wireless network. It is because irrespective of any specific characteristics of the adversary, all malicious nodes initially mimic the regular node to gain trust and then initiate attack after suitably finding an appropriate time. The next section of the paper discusses the results obtained after implementing the proposed logic.

RESULTS ANALYSIS
The prime strategy of the proposed analysis is to assess the performance of the identification of the malicious node as well as trace out the respective performance of the data forwarding features. A secure routing protocol can be only said to be robust it is capable of maintaining a good balance between the security as well as the data forwarding performance. The scripting of the proposed logic was carried out in MATLAB over the normal 64-bit windows platform. The simulation environment consists of 200 mobile nodes combining both regular and malicious nodes with no direct input of node identity for malicious node prior to simulation. The assessment is carried out with respect to throughput, routing overhead, latency, and processing time. A comparative analysis is carried out with respect to SEAD [43] and SRP [44] protocol, which is also secured routing schemes in the ad-hoc wireless network. The graphical outcome shows that the proposed system offers better throughput see Figure 2 and lower routing overhead see Figure 3 compared to existing SRP and SEAD protocol. The prime reason behind the throughput improvement is that the proposed system offers better formulations of routes in faster track as it has frequent updates about the global trust values. Moreover, the adoption of probability based modeling further boosts up the process of exploring and confirming the secured path.
The outcome shown in Figure 4 exhibits that there is a considerably lower routing overhead. A closer look into Figures 2-4 shows that increase of malicious nodes in terms of percentile doesn't offer many challenges to communication performance. As the mobile nodes access their routing table from their shared memory, hence, obtaining global trust factor is quite faster. Moreover, the proposed system offers faster processing time see Figure 5 as it has no inclusion of any iterative operation, e.g., encryption as well as it doesn't have any dependency of storing any secret keys as authentication is always done when demanded. Therefore, the proposed system can be said to offer better security options cost-effectively.

CONCLUSION
Security breach and vulnerability has always been a significant threat to the ad-hoc wireless network owing to the lack of centralized architecture. Existing approaches are quite specific to the forms of the threats, and hence, they are slightly non-practical when the application of the ad-hoc wireless network is exposed to the different adversary. Hence, the proposed system addresses this problem by developing a probability model that is capable of identifying the malicious behavior of node and hence is effective against the maximum number of attacks. The contribution of the proposed study are as follows: i) without any usage of encryption, the proposed system is capable of identifying and resisting the threat, ii) a successful implementation of an attacker module under three challenging test environment is carried out to show enhanced scope and applicability, iii) it also offers faster updated of non-stale information unlike the conventional secured routing approaches, and iv) proposed system offers better data forwarding performance in contrast to existing security scheme.