Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc Network

Anudeep kauret.al.Int. Journal of Engineering Research and Applications www.ijera.com
ISSN: 2248-9622, Vol. 6, Issue 5, (Part - 5) August 2016, pp.55-60
www.ijera.com 55 | P a g e
Distributed Packet Filtering Firewall for Enhanced Security In
Mobile Ad-Hoc Network
Anudeep kaur*, Prof.Sandeep Raghuwanshi**,Dr.Y.K.Jain***
* Department of Computer Science, Samrat Ashok Technological Institute,Vidisha, M.P
** Assistant professor ,Department of Computer Science, Samrat Ashok Technological Institute, Vidisha, M.P
*** Head of Department, of Computer Science, Samrat Ashok Technological Institute, Vidisha, M.P
ABSTRACT
The nodes in MANET are free to move in a limited grid layout without the presence of vision of the superior
authority or administration. The nodes in network are free to move in any other network at any time. That means
the nodes are join or leave the network at any instant, that's why the security is the major issue in MANET.
Routing protocols are not able to handle the malicious activities of attacker because their function is to provide
the path in between sender to receiver and route data from the path which is selected for transferring information.
This paper proposed the distributed security scheme for providing reliable path and secure communication. The
proposed bloom filtering technique is not only filtering the unwanted infected packets of routing attacker. It's
also recovered the modified data and protects IP modification with the help of new route establishment
mechanism. The proposed bloom filter is provides the secure communication and stop the attacker infection. The
Bloom filter removes the IP modified packets that shows the presence of malicious routing attacker in dynamic
network. The normal routing performance and proposed bloom filter is almost equivalent. The performance of
network is measured through performance metrics and proposed distributed security scheme provides better
performance.
Keywords: Security, Routing attacker, IP modification, Bloom filter, MANET
I. INTRODUCTION
Mobile Ad-hoc Networks (MANETs) are
increasingly employed in both military and
commercial network situations where fixed
infrastructure is too costly or dangerous to deploy, or
has been rendered inoperable[6]. MANETs are
fundamentally different from the other network
because all peers act as both sources and routers
using the other participants to relay packets to their
final destination. MANETs are susceptible to both
insider and outsider attacks. Even a small number of
misbehaving nodes can successfully render the entire
MANET inoperable: malicious peers can abuse the
network exhausting all network and power
resources[6]. In traditional networks, malicious
nodes and traffic are kept away from a set of nodes
belonging to an organization or a group using
firewall[9]. This is feasible because of the existence
of a well defined network perimeter[6].All incoming
and outgoing traffic needs to transit through these
firewall nodes, which enforce the policies at the
perimeter. Within the perimeter, smaller sub-groups
can have more stringent policies by deploying their
own firewalls. Unfortunately, the concept of a
network perimeter does not exist in MANETs, and
policies need to be enforced in a distributed manner
while taking into consideration node mobility. To
address this, recently, paper proposed a deny-by-
default architecture [9] that enforces trust
relationships and traffic accountability between
mobile nodes through a distributed policy
enforcement scheme for MANETs.
In that architecture, extended the network
capability framework [10] and tailored it to the
resource-constrained MANET environment. A
capability is a token of authority that has associated
rights[13].The capabilities propagate both access
control rules and traffic shaping parameters that
should govern a node’s traffic[9]. In the deny-by-
default, model nodes can only access the services
and hosts they are authorized for by the capabilities
given to them[9]. The enforcement of the capability
is done in a distributed manner by all the nodes in
the path from the source to the destination.
Compromised or malicious nodes cannot exceed
their authority and expose the whole network to an
adversary[9].Upon detection, paper tells how to
prevent a compromised node from further attacking
the network simply by revoking its
capabilities[9].Moreover, that architecture helps
mitigate the impact of denial of service(DoS) attacks
because excess or unauthorized packets are dropped
closer to the attack source. Thus, it avoid
unnecessary data processing and forwarding at the
target node and the network .
RESEARCH ARTICLE OPEN ACCESS

II. RELATED WORK
Ali A. Ali, Saad M. Darwish, and
Shawkat K. Guirguis[1]“An Approach for
Improving Performance of a Packet Filtering
Firewall Based on Fuzzy Petri Net”. As a major
measure to implement enterprise security, firewall
technique ensures the security of local network.
Traditional firewall technologies have their own
weaknesses in architecture, configuration,
monitoring and management that affect to firewall
performance. Furthermore, it lacks to deal with
vague and uncertainty associated with filtering
packets from outside. Architecture of a new kind of
firewall, that is intelligence firewall was presented
in that paper.
Harleen Kaur, Omid Mahdi Ebadati E
and M. Afshar Alam [2]“Implementation of
Portion Approach in Distributed Firewall
Application for Network Security Framework”
Author described that Firewalls are typically
utilized in the main layer of network security
framework. The research presented the particular
segment of the proposed framework that DPFF
based on the developed iptable firewall to be the
layers of defense, which is protected front and
backend of the framework with a dynamic security
and policy update to control the framework’s
safeguard through proposed portion approach
algorithm that utilize to reduce the traffic and
efficiency in detection and policy update
mechanism. The policy update mechanism for DPFF
is given the way of its employment.
Salah Alabady [3] “Design and
Implementation of a Network Security Model for
Cooperative Network” Author had designed and
implemented network security model which was
presented using routers and firewall. It emphasis on
the network security weakness in router and firewall
network devices, type of threats and responses to
those threats, and the method to prevent the attacks
and hackers to access the network. It provides a
checklist to guide in evaluating whether a network is
adhering to best practices in network security and
data confidentiality. The main aim is to protect the
network from vulnerabilities, threats, attacks,
configuration weaknesses and security policy
weaknesses.
Jozef Filipek, Ladislav Hudec [4]
“Distributed Firewall in Mobile Ad Hoc
Network”.Author describe distributed firewall
architecture that is designed specifically for MANET
networks. This design is using the concept of
network capabilities and is especially suited for
environment which lacks centralized structure and is
composed of different devices. The model denies all
communication by default and nodes can access only
services and other nodes that they are authorized too.
Every node contains a firewall mechanism which
includes intrusion prevention system and
compromised node will not necessarily compromise
whole secured network. In this approach they add
additional security features for MANETs and help
them withstand security threats which would
otherwise damage, if not shutdown unsecured
MANET network. In this simulation shows, that the
solution has minimal overhead in terms of
bandwidth and latency, works well even in the
presence of routing changes due to mobile nodes and
is effective in containing misbehaving nodes.
Ting Zhang, Dale Lindskog[5] “Full
Function Firewalls on MANETs” Author propose a
routing storage and query mechanism for the ROFL
firewall scheme, a mechanism that combines a
hierarchical routing storage structure with a fast
routing query method. ROFL, which stands for
Routing as the Firewall Layer, is a firewall scheme
designed mainly to prevent insider attacks on Mobile
Ad Hoc Networks (MANETs). The proposed
mechanism also extends the filtering capabilities of
ROFL, allowing packet filtering based on most any
traditional packet filtering criteria, e.g., source IP
address, source and destination port numbers, TCP
flags, etc.
Mansoor Alicherry Angelos D.
Keromytis Angelos Stavrou [6] “Evaluating a
Collaborative Defense Architecture for MANETs”
Author describe that this solution incurs minimal
overhead in terms of network bandwidth and latency
even in the presence of cryptographic operations.
Furthermore, author show that the protection
remains effective even in the presence of
misbehaving nodes and routing changes due to
mobility. While further work is needed to fully
evaluate the scheme, author believe that the notion
of collaborative security in MANETs is a promising
direction for future research.
Mohammad M. Masud, Umniya
Mustafa, Zouheir Trabelsi [7] “A Data Driven
Firewall for Faster Packet Filtering” Author propose
a data mining based technique for packet filtering.
Author consider each rule in the rule set a class. A
classifier is first trained with labelled training data.
Each such labelled data point contains a packet
header info and the corresponding class label (i.e.,
rule number with which the packet matches).Then
the classifier is used to classify new incoming
packets. The predicted class (i.e., rule number) is
checked against the packet to see if this packet really
matches the predicted rule. If yes, the corresponding
action (i.e., accept or deny) of the rule is taken.
Otherwise (if prediction of the classifier is wrong)
go back to the traditional way of matching rules. The
advantage of this data mining firewall is that it offers
a much faster rule matching. Author have proven
both analytically and empirically that even with
millions of real network traffic packets and hundreds

of rules, the classifier can achieve very high
accuracy, thereby making firewall six times or more
faster in making filtering decision.
Zouheir Trabelsi, Liren Zhang, Safaa
Zeidan[8] “Dynamic rule and rule-field
optimization for improving firewall performance and
security” The proposed approach is based on the
calculation of the histograms of packet matching
rules and of packet not matching rule-fields. These
histograms are able to effectively monitor firewall
performance in real-time and to predict the patterns
of packet filtering in terms of rules order and rule-
fields order.Furthermore, the proposed approach
becomes even more significant when firewall is
heavily loaded with burst traffic. A comparison of
the proposed approach and the other conventional
approaches, including static rule order approach and
dynamic rule order approach is presented. The
numerical results obtained by simulations
demonstrate that the proposed approach is able to
significantly improve the firewall efficiency in terms
of cumulative processing time compared to other
conventional approaches. Furthermore, the proposed
scheme also has the capability to significantly
reduce the effect of many common network attacks
on firewall performance.
III. PROPOSED WORK
Mobile Ad-Hoc network is a self organized
network, where node independently works, but
MANET is more vulnerable because insider and
outsider attacks are easily capture the data and
modified it. The design of distributed firewall for
secure data delivery using unwanted packet filtering
in MANET. As a prerequisite studied various
research papers in the field of security or firewall
under mobile ad-hoc network were made but
overhead were greater in network protection. In this
proposed work, create various mobile nodes and at
least two or more preventer nodes are design, which
watch the miss-activity of the network. Where
attacker node receives the data packet from sender
and modified the sender IP or receiver IP address
and flooded the modified data in the network, those
data receives by the unauthorized node and increase
the network rush with corrupted packets. So in this
distributed filtering methodology has discarded
unwanted packets and defends the network.
Distributed firewall collaboratively work, where one
firewall receives the packets from outside network
and analyze the incoming data, while he found
modified or corrupted IP address than discard the
data packet and filtered data sends to the next hop,
those process name as a detection process, where
unwanted data are block and identifies the attack
activity, so further low overhead required for
filtering or identifying existing attacks. Next firewall
re-process are apply because some data are
corrupted which are not identified by first firewall,
so maximum reliability provide for communication.
In this proposed work filtering method will also
work as a prevention and recovery of data, while
data packet incoming in any of firewall than its
check the data and its IP address, while he found the
data is correct but IP addresses are corrupted so that
packet discarded and block the path or route and
firewall send the negative acknowledgment (warning
message) to sender through alternative reverse path
for new route establishment from sender to firewall.
While the sender receives the warning (negative
acknowledgment) than re-search path and send data
through secure path, similarly proposed distributed
firewall treat like recovery managers whose manages
that data recovery, while data comes through the
intermediate nodes with unsecure path same time
data part are modified by the any attacker node but
header part is not modified. Those packets while
comes in any firewall nodes than firewall execute
the recovery managers and reconstruct the original
data and forward to destination node, that recovery
process minimized the delay and improve the data
receiving percentages.
IV. PROPOSED ALGORITHM
In this section describe the proposed
algorithm for enhanced security using packet
filtering in mobile ad-hoc network ,through that
proposed algorithm our network architecture are
work and improve the network communication with
secure manner.
Input:
M Mobile nodes
S Sender nodes
R Receivers nodes
I intermediate nodes
A Attacker nodes
Ab modification behaviour (data, ip)
F set of firewall
t  modification threshold
∂modified variable
Output: Packet delivery ratio, Throughput, Delay,
Modified-ip and Modified-next-hop
Routine:
RP AODV
Broadcast(rp, s, r, ips)
While I receives data && I != R do
Forward(next-hop, r, ipi)
I store route info
End do
If I == R then
R create reverse route (r, s, ipr, ips)
Send ack to S (rip , sip)
Data(s, r)
End if
While I == Ado

Capture data
New-data  data + ∂
Modified ip by A
End do
Data(S,R)
Sender generate data
Send (Data, Sip to Rip)
While A receives Data do
Abmodified (Data && Sip, Rip)
Bind(data+ ∂ && Sip+є, Rip+є)
Send updated packets to next hop or R node
End do
Firewall-module(I, data, Sip, Rip)
F receives data from I
Check (data, Iip, Sip, Rip)
While F identifies I as a Ab do
If (AbSip+є, Rip+є) then
Discard  packet
Else if Ab(data+ ∂ && ∂ < t)then
F execute recovery process
End if
AI
Send n-ack to S
Re-execute(Route)
End do
V. SIMULATION ENVIRONMENT
The simulator been used is to simulate the
ad-hoc routing protocols in is the Network Simulator
2 (ns) [12] from Berkeley. To simulate the mobile
wireless radio environment that used a mobility
extension to ns that is developed by the CMU
Monarch project at Carnegie Mellon University.
5.1 The Simulation Parameter
The subsequent parameters for case study shown in
table1.
Table 1 Simulation parameter of case study
Terrain Size 800×800
Network Protocol AODV
Analysis Time 100
Transmission Range 550m
Transport Layer Protocol TCP, UDP
Attack Type IP-Modification
Prevention Type Firewall
Application Data FTP, CBR
Data Size (bytes) 512
Number of nodes 50
Maximum Speed (m/s) Random
5.2 Network Simulator
Network simulator 2 is the result of an on-
going effort of research and development that is
administrated by researchers at Berkeley. It is a
discrete event simulator targeted at networking
research. It provides substantial support for
simulation of TCP, routing, and multicast protocols.
The simulator is written in C++ and a script
language called OTcl2. Ns uses an OTcl interpreter
towards the user. This means that the user writes an
OTcl script that defines the network (number of
nodes, links), the traffic in the network (sources,
destinations, type of traffic) and which protocols it
will use[12]. This script is then used by ns during the
simulations. The result of the simulations is an
output trace file that can be used to do data
processing (calculate delay, throughput etc) and to
visualize the simulation with a program called
5.3 Network Simulation Procedure
Figure 1: Network simulation steps
NAM is a very good visualization tool that
visualizes the packets as they propagate through the
network. An overview of how a simulation is done
in ns is shown in Figure 1
The whole network performance is store in .tr (trace
file) and the AWK is the "abstract window toolkit"
that retrieves the particular network information
store in trace file[12].
5.4 ABSOLUTE SUMMARIZED ANALYSIS
In MANET the complete performance
analysis is in three scenarios that is mentioned in
table below. The three scenarios are Normal routing,
Bloom detection and bloom prevention. In normal
routing no routing IP address is modified but in
Bloom detection, the attacker is accomplished
routing misbehaviour detected by bloom security
filter. In third scenario the performance of bloom
protection is measured and IP modification and next
hop modification is completely detected zero in
dynamic network, because the bloom filter is
provides the reliable path for data sending.
Output
is Trace
file
Write
TCL
Script
Netw
ork
Simu
lator
-2
Output is
Network
Animator
(NAM)
file
Evaluate through
AWK
Data
Process
ing
On
trace
file
Network
Perform
ance
Filter Data
Analysis

Parameters
Normal
data
Bloom
Detectio
n
Bloom
Preventi
on
IP Address
Modified 0 163 0
Next Hop
Address
Modified 0 548 0
Send 7453 6277 9363
Recv 6745 3836 8361
Routingpkts 2928 2918 2538
PDR 90.5 61.11 89.3
Average E-E
Delay(Ms) 0.87 1.2 0.72
NRL 0.43 0.76 0.3
5.6.Throughput Performance Assessment
The network performance is vigorous
because of better data receiving at destination. In
dynamic network it is very crucial to maintain link
in between sender and receiver. In dynamic network
the performance is also affected from heavy load,
battery power depletion and attacker data
modification. In this graph,throughput performance
of normal routing, bloom detection and bloom
prevention is evaluated and observe that the bloom
filter not only detect the presence of attacker which
affect the performance of routing but also provides
the secure route between sender and receiver.
Figure 2: Throughput Analysis
5.7Attacker Loss Analysis
The attacker is not only modified the actual data
packets in network but also drop or consumes the
packets, depends on the attacker behaviour. The
attacker malicious activities are only possible to
detect by filters and firewalls. The dynamic network
MANET is easily affected from attacker malicious
infection. In this graph the false IP and False Next
hop information is detected and confirm the
presence of attacker through bloom filter.
Figure 3: Attacker Loss Analysis
5.8 PDR Performance Assessment
The proper data receiving in network is also
provides the better PDR (Packet Delivery Ratio)
performance. The more packets receiving at
destination is provides the better PDR and less
packets receiving is provide the less PDR
performance. In this graph represents the percentage
ratio of normal routing, Bloom Filter detection and
Bloom prevention.
PDR=(Packet received/Packet send)*100
Figure 4: PDR Analysis
5.9 Routing Performance Assessment
The routing packets flooding in network is
essential to finding the destination in wireless
network. In MANET every sender is first sends
route request packets to neighbours and these
neighbours are flooded these packets to next nodes
till the destination is not found. In this graph the
routing packets flooding analysis of Normal routing,

Bloom detection and prevention is evaluated. The
routing packets flooding in presence of filtering of
modified data is more because of data retransmission
Figure 5: Overhead Analysis
VI. CONCLUSION
MANETs are flexible in the sense that any
node can come and join the network without having
to register itself to a central administrator. The ease
with which any node can join or leave a network
introduces a number of security attacks. In this
defined the various types of attack and the ways in
which the attacker can harm the network. The
attacker is always the intermediate node that perform
the malicious activities and do the routing
misbehavior by modified the actual IP. The IP
modification is infected the number of data packets
that's why packets receiving at the destination is
reduces and network performance is degrades. In
this paper the distributed security scheme i.e.
proposed Bloom filter is identified the modified IP
and filter that modified IP from the network. The
proposed Bloom filter is provides the secure path to
sender to reduce the possibility of routing attacker
existence in network and also removes the prospect
of IP modification. The proposed security scheme is
provides the better throughput and PDR with
minimum routing overhead. This scheme is also
completely removes the attacker presence i.e. not
exist in proposed security scheme. The proposed
scheme is provides the secure communication and
removes attacker infection in network.
REFERENCES
[1]. Ali A. Ali, Saad M. Darwish, and Shawkat
K. Guirguis“An Approach for Improving
Performance of a Packet Filtering Firewall
Based on Fuzzy Petri Net” Journal of
Advances in Computer Networks, Vol. 3,
No. 1, March 2015.
[2]. Harleen Kaur, Omid Mahdi Ebadati E.and
M. Afshar Alam“Implementation of Portion
Approach in Distributed Firewall
Application for Network Security
Framework” IJCSI International Journal of
Computer Science Issues, Vol. 8, Issue 6,
No 2, November 2011.
[3]. Salah Alabady “Design and Implementation
of a Network Security Model for
Cooperative Network” International Arab
Journal of e-Technology, Vol. 1, No. 2,
June 2009.
[4]. Jozef Filipek, Ladislav Hudec “Distributed
Firewall in Mobile Ad Hoc Networks”
SAMI 2015 IEEE 13th International
Symposium on Applied Machine
Intelligence and Informatics January 22-
24, 2015 Herl’any, Slovakia.
[5]. Ting Zhang, Dale Lindskog “Full Function
Firewalls on MANETs” World Congress on
Internet Security (WorldCIS-2013).
[6]. Mansoor Alicherry Angelos D. Keromytis
Angelos Stavrou “Evaluating a
Collaborative Defense Architecture for
MANETs”978-1-4244-4793-0/09/$25.00
c_2009 IEEE.
[7]. Mohammad M. Masud, Umniya Mustafa,
Zouheir Trabelsi “A Data Driven Fire-Wall
for Faster Packet Filtering” 978-1-4799-
3764-6/14/$31.00 c_ 2014 IEEE.
[8]. Zouheir Trabelsi, Liren Zhang, Safaa
Zeidan “Dynamic rule and rule-field
optimisation for improving firewall
performance and security” IET Information
Security (Volume:8 , Issue: 4 ) 2014
[9]. M. Alicherry, A. D. Keromytis, and A.
Stavrou. Deny-by-Default Distributed
Security Policy Enforcement in Mobile Ad
Hoc Networks. SecureComm, 5th
International ICST Conference,
SecureComm 2009, Athens, Greece,
September 14-18, 2009
[10]. T. Anderson, T. Roscoe, and D. Wetherall.
Preventing Internet Denialof- Service with
Capabilities. Proc. of Hotnets-II, 2003.
[11]. The Network Simulator ns–2 and Network
Animator Nam. Online:
http://www.isi.edu/nsnam.

Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc Network

More Related Content

What's hot (19)

Similar to Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc Network (20)

Recently uploaded (20)

Distributed Packet Filtering Firewall for Enhanced Security In Mobile Ad-Hoc Network