Wireless Personal Communications (2019) 107:393–416

https://doi.org/10.1007/s11277-019-06282-5

ITCA, an IDS and Trust Solution Collaborated with ACK Based

Approach to Mitigate Network Layer Attack on MANET
Routing

Nilesh Marathe1 · Subhash K. Shinde2

Published online: 1 April 2019

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Abstract
The feature of Dynamic topology configuration of MANET reciprocates the security con-
straints and bring in many security threats that hamper the routing and time bound deliv-
ery of packets. Many security schemes had been proposed to secure MANET routing
and improve its efficiency. The solutions proposed by existing systems are defined in one
dimension so that the targeted attack can be fixed up, but that might create flaws in other
dimension or introduce new attack. So it is necessary to create a multidimensional solu-
tion that empowers the routing process to become inherently secure rather than defend-
ing one particular attack. The selfish or maliciously behaving nodes in the network are
the key players in launching the attacks and disrupting the routing process. In this paper,
the proposed consolidated approach named, IDS and Trust solution Collaborated with Ack
based approach (ITCA), performs identification of attack, isolation of misbehaving nodes
and control behavior of nodes in the network. This enables the routing process to be more
robust by resisting the malicious nodes from being the part of a route, avoid attack for-
mation and thus supports to improve the efficiency. Even though the malicious nodes are
isolated, the proposed method allows them to be sender for transmitting their own data, but
under controlled environment defined by IDS so that the attempt to launch DOS attack can
be avoided. The reconsideration of isolated node that to under controlled IDS environment
in collaboration with Trust and improved ACK based scheme is key behind proposed mul-
tidimensional method, ITCA. Further the method is integrated with AODV and extensive
experimentation is done based on raising number of malicious nodes in the network to
measure its effectiveness and efficiency.

Keywords MANET security · Ad-hoc security · Secure AODV · Blackhole attack · Trust ·
ACK based system · IDS

* Nilesh Marathe
[email protected]
Subhash K. Shinde
[email protected]
1
RAIT, Nerul, Navi Mumbai, India
2
LTCOE, Kopar Khirane, Navi Mumbai, India

13
Vol.:(0123456789)
394 N. Marathe, S. K. Shinde

1 Introduction

The success of the wireless technology is its ability that enables the wireless nodes to
be connected and keep availing service even-though nodes are moving. There are two
models developed in wireless networks, the fixed wireless network with a backbone
consists of fixed wireless nodes with a limited mobility and high power and the other is
MANET, which can be set up as and when needed. The MANET facilitates the nodes to
be mobile in nature and enables them to operate co-operatively without any infrastruc-
ture which makes the topology of network Dynamic, continuous changing. In MANET,
the node can be a host (i.e. Source or Sink) or a router which reroute the packets to next
hop nodes in the network all the way towards destination.

1.1 MANET System Architecture

The limited transmission range of nodes, tend to follow the multiple hops to exchange
data with each other as shown in the Fig. 1. The dynamic nature of topology, may break
the established paths and tends to reroute the data from alternate or newly discovered
path. With a changing topology, maintaining connectivity by tracking alternate routes
which will not create flaws and also keep away the malicious nodes from being part of
route in network is a challenging task for routing protocols [1, 2]. By analyzing attacks
over the routing protocols of MANET, some common attacks which work on all kinds
of classifications of routing protocols and planted at different phases of route establish-
ment and data delivery process are listed below.

Fig. 1  MANET architecture [1]

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 395

1.2 Attacks on Routing in MANET

1. DoS attack The attacker take benefit of the protocol defined control packets to flood
the victim so that their resources are exploited and routing operation is disrupt so as
performance is degraded [3].
2. Black hole attack It is implemented by configuring a node to be a part of network by
claiming fake routing information. later the node starts dropping packet randomly or
periodically or consistently by being a part of route [4].
3. Replay attack The attack configured node use pre-broadcast control packets to make
false entries in the route table of the legitimate node. So that node forwards te packet to
non-exist route [5].
4. Worm hole attack The co-operative nodes recored the control packets of one region and
broadcast it some other region so that the topology of the network get disturbed [1, 5].

Table 1 elaborates comparative analysis of way of attempting an attack and their motive.
In this paper, the proposed method detect the packet dropping used to attempt the
black hole attack, isolate the malicious node and avoid DOS by controlling the percent-
age of broadcast for control packet by identified isolated malicious nodes and thus tries
to make secure robust routing process. The paper is organized as Sect. 2 give the litera-
ture survey, Sect. 3 discuss the proposed work, result and analysis discussed in Sect. 4
followed by conclusion and future work. The next section focus on analysis of related
work in the field of Trust, IDS and Ack based solutions.

2 Literature Review

2.1 Ack Based Solutions

Naveena and Reddy have proposed a Hybrid model where they try to integrate cryptog-
raphy concepts and hash functions to protect the routing process. By this they can make
the node and transaction more secure but it might fail to patch the inherent flow in the
routing process [6].
Dave and Dave have proposed AOMSR based on PBAck that allows shuffling of
response path and the path from which the acknowledgment is received is been con-
sidered as secure routed path and helps to detect the malicious nodes. The co-operative
nodes may form a chain so that they can send the forged PBA to source node and the
source node will never able to identify that a co-operative black hole attack is formed
and receiver is not receiving any packets [7].
The overhearing based secure routing in DSR is proposed by Ashutosh Bhardwaj.
The promiscuous mode creates burden over the lightweight nodes, for which energy is a
scare resource, to overhear the packet forwarded. It is not a energy efficient solution and
also chances of falsification is more [8].
A new routing protocol named as AASR proposed by Liu and Yu. Even though the
anonymous routing is performed the authentic attacker may create a black hole to drop
the packets and being considered a link failure, so some mechanism should be added to
detect the root cause of failure and reduce the delay for path establishment [9].

13
 396

13
Table 1  Comparative analysis of common attacks on routing
Attacks Attacker Motivation Type Message utilized for attack Affected security aspect Protocol

DoS attack [3] Insider/outsider To exploit network and node Active Hello, route request, traffic Availability AODV, OLSR, ZRP
resource control msg, Beacon
Black hole attack [4] Insider To drop packets Active Route request, route reply, Route disruption, availabil-
traffic control msg, Beacon ity, data loss
Worm hole attack [1, 5] Insider/outsider To disturb the network Active/passive Route request, route reply, Data loss, availability
topology traffic control msg, Beacon
Replay attack [5] Insider/outsider To confuse authorities and Active Route request, traffic control Route disruption, integrity
prevent identification of msg, Beacon
node
N. Marathe, S. K. Shinde
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 397

Table 2 describes the comparative analysis of some of the Ack based solution proposed
for validating route establishment process for detection of the malicious node in routing
protocols for MANET scenarios.

2.2 IDS Based Frameworks Proposed for Secure Routing

Fine gained analysis FGA method is proposed by Khan et al. which focus on analyzing the
reason of packet loss. They tries to do classification of reasons of packet loss so that falsifi-
cation rate in identification of malicious nodes can be reduced. Again this will work better
if it able to identify the scenario of packet loss which seems legitimate but created by mali-
cious nodes from real wireless interference effect [10].
The IDS based on anomaly detection of packet dropping attack worked for both AODV
and DSR was proposed by Uyyala and Naik. The method designed to trace the black hole
and worm hole based packet dropping attack. The method depute some monitoring nodes
to observe the pattern of packet forwarding by nodes to keep a eye on their behavior. This
will be the key for detection of malicious nodes in the network. But reconsideration sce-
narios or modified packets are not consider by this method [11].
The cooperative approach for detection malicious node for DSR has been proposed by
Adhikari and Setua. The author has proposed a network-based intrusion detection system
that works with the cooperation of five components (CNIDS). This system is able to iden-
tify different ways of mis-behavior by node by a multidimensional approach it gets from
the collaboration of the five components. But the method was not considering the identifi-
cation for future prediction of malicious behavior. For this, they have to maintain the list of
the malicious node and check if any node in the path is from that list [12].
Table 3 describes Comparative analysis of some of the IDS based solution proposed for
detection of malicious node for MANET routing protocols discussed above.

2.3 Trust‑Based Solutions

The trust based method supported by authentication of nodes using certificate authority
is proposed in Trust-Based Authentication Routing with Bio-Inspired Intrusion Detection
System (TRAB-IDS) by Anusha. The inclusion of public and private key concept make
node authentication more stronger but leaves the inherent flaw of misbehaving nodes. Also
if malicious nodes became the part of this bogus key generation scheme then they can cre-
ate a mess. So isolating them first then securing transaction is more effective [13].
The algorithm proposed by Bhuvaneswari and Naik performs attack detection and pro-
vides the defense mechanism by using routing control packets and redundancy in route
discovery process of the routing protocols. The method has the limitation of relying on the
participating nodes to do the evaluation of trust value, the participating nodes may form a
collaborative group to give the highest trust value to each other. Thus the method become
vulnerable for colluding attacks [14].
The trust-based probing method proposed by by Bouabana-Tebibel et al. improves the
existing probing mechanism, so as the method able to isolate the malicious nodes from
being part of route. The safest route is the route which has the highest value of trust. The
trust calculation is based on direct and collaborative observations which result discarding
misbehaving nodes from the selected routes. The method carries more overhead to probe
periodically for ack. Also, there is no policy for reconsideration of the malicious node in
case of false detection [15].

13
 398

13
Table 2  Comparative analysis of Ack based solution proposed for validating route establishment process
Classification of solutions Algorithms proposed Description of method Advantage Limitations Proposed method

Ack based Approaches PBAck based AOMSR [7] Enhancement of AACK For one drop of packet two Cooperative black hole Proposes a Special ACK
to revalidates routing and TWO-ACK acknowledgments not get attack detection not mode for detecting and
process Permutation based received possible isolating malicious nodes
acknowledgment Not able to isolate a node Can use the rating of nodes
declare a link as mali- for selection of nodes in
cious route establishment
Secure routing in DSR Overhearing of forwarded In case of not forwarding Scheme uses promiscuous
to mitigate black hole packet for validation of the packets generate the mode which creates over-
attack [8] the node from whom the alarm head in terms of energy
RREP is received More false alarm may get
generated
AASR: Authenticated Route request packets Detect root cause of failure The authentic attacker may
anonymous secure rout- are verified by a group and reduce the delay for create hole to drop the
ing [9] signature path establishment packets and being con-
Key encrypted onion rout- sidered a link failure
ing with a route secret
verification message
N. Marathe, S. K. Shinde
 Table 3  Comparative analysis of different IDS based solution proposed
Classification of solutions Algorithms proposed Description of method Advantage Limitations Proposed method

IDS Anomaly based IDS [11] Select the monitoring nodes Generate alarms for mis- How to select Monitoring Inclusion of multiple param-
for keeping eye over behavior nodes eters to reduce false detec-
behavior of communica- What about mobility of tion of malicious nodes
tion nodes Monitoring nodes Rating system can be utilized
Cooperative NIDS [12] Cooperation of 5 compo- To detect and isolate Not possible to discover at route establishment
ITCA, an IDS and Trust Solution Collaborated with ACK Based…

nents for malicious node malicious nodes in the existence of malicious phase to avoid inclusion of
detection context analyzer network through multiple node in future route malicious node in the route
watchdog system rating dimensions
system Alert message
verifier Intruder node
punishment
399

13
400 N. Marathe, S. K. Shinde

Sharma has proposed a trust-based method named TAODV, uses the trust value for cat-
egorization of nodes as unreliable, reliable and most reliable. The limitation of this method
is that trust value is calculated individually so no cross-check is done for verification of it,
this may lead to a cooperative black hole attack and it may encourage malpractice to edit
the trust value [16].
Wang et al. has followed the concept of attribute similarity for ZRP. The attribute selec-
tion for similarity calculation is a major challenge, so it can be integrated to integrate it for
trust establishment. The Proposed method was more domain specific. The choice of attrib-
utes used to describe entities will govern the predictions made by similarity models. It will
not able to make general assumption about the attributes [17].
The Xia proposes dynamic trust prediction model. TSR included fuzzy rules for pre-
diction of node behavior. It provides flexibility in selection of best switched route most
suitable for packet security requirements. The prediction is based on the nodes current
transaction with that neighbor so it may get influenced by malicious behavior which has to
incorporate some other attributes to make it more accurate and generalized [18].
Table 4 describes the comparative analysis of some of the trust based solution discussed
above.
The analysis of related work brief about the one dimensional solutions proposed over
the platforms like:

• Ack based Solutions

• IDS,
• Trust Model,

So need to have a solution to identify and isolate malicious nodes through multiple dimen-
sions considering different behaviors of such nodes, is discussed in next section.

3 Proposed Work, IDS and Trust Solution Collaborated with Ack Based
Approach (ITCA)

The proposed consolidated approach named, IDS and Trust solution Collaborated with
Ack based approach (ITCA) tries to detect malicious activity through multiple dimensions
hence is comparatively more efficient and effective. Considering limited battery power and
processing capability, proposed detection system will use least nodes resources. To accom-
plish this, ITCA had used inbuilt functions of routing protocol which reduce the code and
make it less complex. The proposed method does the detection of malicious activity and
responsible node by approaching in three different dimensions Attack detection and Mali-
cious node isolation (Ack based Solution), Role based terminology (IDS based solution)
and Node reliability checking (Trust based solution).

3.1 Attack Detection and Malicious Node Isolation

The proposed method is performing detection and isolation in two phase. The black hole
attack discovery is the first phase and in the second phase, it detect and isolate the mali-
cious node responsible for attempting attack.

13
 Table 4  Comparative analysis of trust based solution proposed
Classification of solutions Algorithms proposed Description of method Advantage Limitations Proposed method

Trust based solutions Secure optimal routing [14] Public key cryptography Confidentiality and integ- Evaluation of trust value Can be used by adapting
based authentication rity for route request and done by neighboring attribute and neighbor
scheme reply nodes so may vulnerable node based calculation of
Trust value is calculated by to colluding attacks trust value of nodes
neighboring nodes
The path with highest
trust index is selected as
secured path
Improved Probing Probe nodes The Diffie–Hellman proto- More overhead to probe
approach for DSR [15] Measure trustworthiness col, one time passwords, periodically for ack
Isolate malicious nodes and a trust mechanism to
secure data exchange
Trust based AODV [16] Categorization of nodes as Analyze and improve the No cross check is done for
ITCA, an IDS and Trust Solution Collaborated with ACK Based…

unreliable, reliable and security against Black verification of calculated

most reliable hole attack in AODV trust value
Trust value is calculated Prone to cooperative black
individually hole attack
Attribute Similarity [17] Co-operative node detec- Evaluate trust levels of Not open accept new node
tion by finding attribute others based on a set of Limits the functionality
similarity attributes to certain application
oriented services
TSR [18] Evaluate history to predict Nodes historical behaviors, Prediction is based on the
trust extended fuzzy logic nodes current transaction
rules prediction with that neighbor so it
may get influenced by
malicious behavior
401

13
402 N. Marathe, S. K. Shinde

3.1.1 Attack Detection Phase

This phase discovers the existence of attack in network. This is done by probing the
status about number of packet forwarded to each node in the route towards destination
node as depicted in Fig. 2.
While the packet is traveling through network each node will keep track of how many
packets it has forwarded from its source to destination. Source node will initiate the
attack detection process by sending request packet with destination node ID to each
node in route for their packet forwarding status. In Fig. 2, consider node A is sending
data to node D. After each predefined interval time, source node starts the first phase
in which it will ask each node in the route about the number of packets forwarded. By
scrutinizing their reply, the source node will identify the existence of attack and prepare
a list of possible malicious node (Suspicious list) as given below

1: If source node receives the zero packet forwarded Reply or not receive the Reply from
any of the node it will conclude the existence of attack and it will initiate malicious node
detection phase. It is not necessary that malicious node will tell the truth and send a reply
with zero packets forwarded or do not Reply anything. It may send wrong information
and try to escape from the detection system. Different replies that malicious node can
send like:

[1] It has not received any packet from the previous node.
[2] It has forwarded all packets to next node and next node may have dropped all pack-
ets.

In all above cases, the malicious node is either the node which has given reply of zero
packet forwarded, not at all given any Reply, fake Response or its previous node. So
we are not only marking the node which has suspicious behavior but also its previous
node as possible malicious node and include it in the Suspicious list. After analyzing
the response from all nodes participated in packet forwarding, it will take a decision of
initiating the malicious node detection phase.
Flow chart and algorithm
Algorithm 1 elaborates the attack detection technique discussed above and flow chart
for the same is depicted in Fig. 3.

Fig. 2  Attack detection phase

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 403

Fig. 3  Flow chart for attack discovery

13
404 N. Marathe, S. K. Shinde

Attack detection phase only detect the existence of malicious node and suspicious node.
It does not confirm that supicious node as malicious node and it is performing attack. Con-
firmation of malicious node is done by malicious node detection phase which is explained
in next section.

3.1.2 Malicious Node Detection and Isolation Phase

Scenario 1 The node which has given the reply of zero packet forwarded are declared as
malicious node by assuming that all nodes gives the honest reply about the number of
packets forwarded. Here declaration of suspicious node as malicious node is quite simple
it will take less time and generate less number of control packets. But it might possible
that previous node has not forwarded any packet but claims to source that has forwarded
the packets. In that case considering the node which has forwarded zero packet as mali-
cious will be wrong and might create false results. This scenario take less time to detect
malicious node but has more falsification ratio. So need to revise and have some rigorous
method for detecting exact malicious node by considering the node with zero packet for-
warded and its previous node as suspicious. The results by consideration of this method in
comparison with revised solution is given in result and analysis section.
Scenario 2 Malicious Node Detection Phase will confirm that suspicious node which is
found out in attack detection phase is malicious or legitimate. Here the suspicious nodes
are both maliciously behaving identified node and its previous node. To accomplish this,
the source node will inform other nodes about suspicious nodes list. Each node then search
for a suspicious node in its neighborhood and if it finds it will start malicious node detec-
tion system. Neighboring nodes of suspicious node will create one RREQ packet with fake
destination and will send to suspicious node. If suspicious node is malicious, it will defi-
nitely send RREP reply message without checking its routing table. If neighboring nodes
get RREP reply from suspicious node for fake destination, it concludes that suspicious node
is malicious node. It blacklist that malicious node, reset its trust values to zero, demote its
role as “USER” and will not respond to any RREP packet received from malicious node.
So such nodes are no more being considered for path establishment.

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 405

Flow chart and algorithm: Algorithm 2 elaborates the malicious node detection and iso-
lation technique discussed above and Flow chart for the same is shown in Fig. 4.

This method able to detect the malicious node from one dimension of ACK based solu-
tion but it might possible that malicious nodes are bit more sophisticated and will not

Fig. 4  Flow chart for malicious

node detection

13
406 N. Marathe, S. K. Shinde

respond to fake RREQ. Such nodes has to be tracked by observing their packet forward-
ing behavior and verifying their reliability which is done by other dimension that is Trust
based solution explained in next section. The results by implementing Scenario 2 is com-
pared with Scenario 1 and revised solution in Result section.

3.2 Node Reliability: Trust Value (trustValueNode)

The basic level attacker that is malicious nodes are trapped in phase I explained in last sec-
tion but if more sophisticated attack being planted they will not respond to fake RREQ so
need to be tracked through other dimension that is Trust, explained in this section. Trust
value is a major of genuinity or reliability of nodes which help to track dynamic behavior
of malicious nodes. By default, every nodes is configured with trust rating of 0.4. Its trust
value is increases gradually with 0.04 but decreases with 0.08 even for one bad transaction
as elaborated in Eq. 1.

⎧ 0.4, By default
⎪
trustValueNode = ⎨ trustValueNode + 0.04, 𝐈𝐟 DPFR ≥ 0.7 (1)
⎪ trustValueNode − 0.08, otherwise
⎩

Here if node consistently performance good for 70% of total transactions then we are
increasing its trust value by 0.04. where as consistency is calculated by finding the Data
Packet Forwarded ratio ( DPFRNode). If the DPFRNode for each node is greater than 70%
then we can say the node as consistent.

3.2.1 Data Packet Forwarded Ratio (DPFRNode)

The ratio of the number of data packets received at the intermediate node and the number
of data packets node has successfully forwarded is known as DPFRNode. Here, pktForwarded
is the number of packets forwarded successfully by the intermediate node and pktReceived is
the number of packets received at the intermediate node for routing as given in Eq. 2 .
pktForwarded
DPFRNode = (2)
pktReceived

The trust calculation of nodes has to be supported by Role based mechanism which will
able to trace or keep eye over random misbehavior of nodes and bifurcated their roles
which will give us the credibility factor of node is explained in next section.

3.3 Role Based Mechanism: IDS

The motive of IDS is to keep eye over behavior of communication nodes if it finds some
suspicious activity verify the nodes authenticity or isolate it, if it is malicious, from being a
part of network.
Trust value is a measure of behavior of node in the network while forwarding the packet.
It is used to check node reliability. In proposed IDS we classify the nodes in the Trust
Value range of 0–1. The nodes are classified based on the calculated Trust value as
Recommender Trust value Range (0.8–1.0)

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 407

Forwarder Trust value Range (0.4–0.79)

User Trust value Range (0.1–0.39).

1. Recommender Recommender nodes helps for selection of trustworthy nodes for secure
route. The suggested node by these peers can be consider for inclusion in trusted path.
2. Forwarder When nodes trust value reaches to this range it will be eligible to work as
the forwarder and to be part of any trusted route.
3. User If any nodes fails in delivering the service or behave maliciously its trust value fall
down to this range where it can just use the services. It can ask for route establishment
for communication with other nodes in the network.

By default, every nodes is configured with trust rating of 0.4. Its trust value is increases
gradually with 0.04 if it

1. consistently performance good for 80% of total transactions when it is a recommender.

2. consistently performance good for 70% of total transactions when it is a forwarder.
3. but decreases with 0.08 even for one bad transaction. After reducing the trust level if it
falls below the threshold of 0.4 its role is changed to USER and intimated the neighbors
about it and all route entries belongs to this node are purged. Also the node is removed
from current on going route and use alternate route for delivery. This helps to improve
the performance of ongoing transactions.

The consistency is observed after regular interval of every 10 transactions. Performance

of the proposed system measured by implementing it on simulator. For this, we have used
Qualnet tool, results of simulations are discussed briefly in next section.

4 Result and Analysis

4.1 Simulation Environment

For simulation purpose, we have used QualNet 5.1 simulation tool. In this simulation, we
created a virtual model with multiple nodes which uses wireless technology for commu-
nication and create MANET. Different parameters used in the simulation are given below
Table 5.

4.2 Performance Metrics

The result shows comparative analysis of proposed method ITCA, Scenario 1, Scenario 2
with normal AODV and Two-Ack protocol based on standard performance metric of net-
work as Delivery Ratio, Avg Delay, Packet Drop, Control Packet etc.

1. Packet Dropped by malicious nodes

  The performance of the proposed system can be measured in terms of identified
malicious nodes. Also the effect of early or late identification of malicious nodes can be
shown in terms of number of packet drops. So the effectiveness of the proposed system

13
408 N. Marathe, S. K. Shinde

Table 5  Simulation environment Parameter Value

parameters
Area (m) 1500 × 1500
Number of nodes 40
Number of transaction 10
Data traffic transmitted by each transaction 100 packets
Packet size 512 Bytes
Number of malicious nodes 0–50%
Mobility model Random Waypoint
Nodes maximum speed 10 mps
Nodes minimum speed 0 mps
Routing protocol AODV
MAC protocol 802.11
Radio type 802.111b Radio
Data rate 2 Mbps
Antenna model Omnidirectional

is clearly visible as packet dropped by malicious nodes are less the system proves to be
more effective.
2. Packet Delivery Ratio (PDR)
  The PDR is the reflection of efficiency of proposed method in comparison with exist-
ing system. Here, pktri is the number of packets received by the destination node in the
ith application, and pktsi is the number of packets sent by the source node in the ith
application. It is defined as the average packet delivery ratio of the application traffic n,
which is denoted by PDR, is obtained as

1 ∑ pktri
n
PDR = (3)
n i=1 pktsi

3. Control packets
  The routing overhead is measured against the number of control packets generated.
The RREQ, RREP and RERR are considered along with the control packets generated
by the proposed method for detection of exact malicious node. Here the comparison is
elaborated using three graphs one of total control packet, Captured fake packets from
malicious nodes and final count of control packet except fake packets so that overhead
is clearly depicted.
4. Average end-to-end delay (E)
  The effect of calculation of trust or additional overhead by the proposed method is
measured against the timed delivery. The delay represents an additional time taken by the
new method against existing. The total delay of packets received by the destination node
is di , and the number of packets received by the destination node is pktdi . The average
end-to-end delay of the application traffic n, which is denoted by E, is obtained as

1 ∑ di
n
E= (4)
n i=1 pktdi

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 409

5. Trust value
  The reliability of node can be measured in terms of trust value. The graph of trust
value against each node reflects the control of proposed system over the behavior of
malicious nodes. The legitimate nodes which forwards the data properly are reflected by
increasing trust value in the unit of 0.04 where as trapped malicious nodes trust value
is decreased by 0.08. If while reducing the trust value of node falls below 0.4, its role
changed to User and it no more get considered in routing is reflected by no change value.
For example node value decreased by 0.08 from existing value of 0.4, so it will be 0.32
as it is below 0.4 it will no more get considered in path so it is reflected as no change in
trust value once reach to user range.

4.3 Simulation Result

In the simulation, we have used area of 1500 × 1500 m area and insert 40 nodes ran-
domly. As shown in Fig. 5, we have configure 10 node pairs to initiate Constant bit Rate
(CBR) data transactions of 100 packets each to respective destination nodes. Simulation is
repeated by increasing presence of malicious node percentage from 0 to 50% and results
are recorded for comparative analysis at each stage. Here we have incremented number of
malicious nodes by 10%.
We have plotted comparative graph by combining results for AODV, Two-Ack, Sce-
nario 1, Scenario 2, and ITCA. As proposed approach contains the use of additional con-
trol packet to detect malicious node, so as shown in graph, the number of control pack-
ets in Scenario 1 and 2 are increases, but ITCA when get collaborated it suppress the

Fig. 5  Topology used in simulation

13
410 N. Marathe, S. K. Shinde

Fig. 6  Graph for packet drop

consideration of malicious nodes at very early stage of data routing which helps to reduce
generation of additional control packets. The analysis of results are given by different
graphs like packet dropped by malicious nodes, packet delivery ratio, end to end delay,
number of control packets. First graph of our result shows the packet dropped by malicious
nodes.
Packet Drop The graph for packet drop by malicious nodes in the network depicted in
Fig. 6. It is obvious that packet drop will increase with increasing number of the malicious
node. From the graph, it is very much clear that our proposed system is working well and
have reduced packet drop percentage. In the Scenario 1 and 2, there are chances of false
identification or delayed detection of malicious nodes which tends to have the drop per-
centage more than the ITCA. This clearly indicates that if attack is bit sophisticated and if
system is compromised by attacker the count of packet forwarded is get manipulated and
malicious node remains hidden where as some legitimate nodes can be falsely declared as
malicious. The effect of this is clearly seen in graph. ITCA will able to detect even such
sophisticated attackers and successfully isolate the malicious nodes results in less packet
drop percentage. Later over the time period many malicious nodes will be detected, packet
drop will reduced. After detecting all malicious node by all legitimate node, no malicious
node will be consider in formation of path.

Fig. 7  Graph for packet delivery ratio

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 411

Fig. 8  Graph for end to end delay

PDR Figure 7 shows graph of packet delivery ratio where in case of less number of
malicious nodes packets delivered are almost 90% and even more than 60% in case half of
the nodes are malicious. ITCA able to detect and isolate exact malicious node so that it is
not get considered in future path as well as get removed from current on going path that
helps to reduce packet drop and improve performance as reflected in graph. In case of Sce-
nario 1 and 2 this is also reaching to 50%. The proposed system works better than normal
AODV and Two-Ack. Also the detection possibility of malicious node increases in ITCA.
This results in improvement of system performance.
End-to-end delay Figure 8 shows a graph of an end to end delay. As the proposed
system ITCA are transmitting control packets for detection of the malicious node, some
delay will definitely add in the delivery of the packet to the destination. Since the pro-
posed system require some time to detect malicious nodes in the network, it is not per-
forming well in early stage but as our system detects more malicious nodes over time,
the performance will improve and packets drop is reduced. As reflected in the graph the
ITCA is a collaborative approach so it will take bit more time than even Scenario 1 and
2 but it might be considerable as number of packets delivered are comparatively more
and control packet generated are less.

Fig. 9  Graph for control packets

13
412 N. Marathe, S. K. Shinde

Fig. 10  Graph for captured fake packets

Fig. 11  Graph for control packets excluding fake RREP

Control packets A number of control packets generated during the simulation of

ITCA are shown in Fig. 9. This graph includes all control packets like RREQ, RREP,
RERR, etc. It also includes those RREP packets which are generated by the malicious
nodes. But many of these RREP packets are captured by legitimate nodes who has
blacklisted that malicious node and prevent forwarding that RREP packet to the source
which results in disabling the attack. Since these packets are not allowed to spread over
network, increase in network traffic is prevented. Also ITCA keep on tacking the behav-
ior of nodes and update the trust values which restrict the isolated node from generating
the more control packets at very early stage. So the number of control packets generated
by ITCA are comparatively less than other solutions.
Captured fake RREP control packets is depicted in Fig. 10. As number of malicious
nodes will increase, number of fake RREP packets will also increase. So the graph for
captured fake packets is increasing with number of malicious nodes. In Fig. 11, we have
shown a graph of control packets excluding RREP packets which are captured as a fake
reply. From all three graphs (Figs. 9, 10, 11), it is clear that reason of an increase in con-
trol packet is not proposed system rather it is the malicious nodes.

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 413

Fig. 12  Graph for trust values (for 0% malicious nodes)

Fig. 13  Graph for trust values (for 50% malicious nodes)

The proposed system will increase control packets in network, as it initiate the addi-
tional control packets to reach to exact malicious node but it able delivers 60% of the
packet even there are 50% malicious nodes present in the network. In the Scenario 1 and
2 when any malicious node is detected, legitimate node breaks that route and inform
source node. The source node then sends another RREQ to find a new path and this
makes malicious node transmit more fake RREP in the network but this is avoided in
ITCA by having the control of trust value which restricts them from being part of route
in future this reduce the generation of fake packet over other solutions. This effect can
be clearly visible from Fig. 10. As time will go on and more malicious nodes will be
detected, the number of fake control packets generated by malicious nodes will be sup-
pressed and blocked from spreading over the network in-turn reduce malicious traffic.
Trust values Trust or reputation based mechanism provides way of detection and
isolation of malicious nodes based on trust value. A statistics of trust values while no
malicious nodes is shown in Fig. 12 and with 50% of nodes are malicious is shown
in Fig. 13. As shown in Fig. 12 no nodes has the trust value less than 0.4 that is no
false detection of legitimate node as malicious is being done in proposed system. The
graph clearly shows as discussed in IDS system the inconsistency of node in delivering

13
414 N. Marathe, S. K. Shinde

the data reduce trust value of that node by 0.8 and not able to participate in any path.
The nodes those are inherently malicious and respond to fake request are reflected by
reducing their trust value to zero. These nodes intension is to disrupt the routing pro-
cess so they respond to any request for being the part of route. These node are blocked
and never even have chance of improvement. There are some malicious nodes which
does not respond to fake request they are bit intelligent and have random dropping pat-
tern, also get detected by observing their consistence and reflected in graph by reduc-
ing trust value by 0.08 and then remove them from path which helps to improve packet
delivery. But we are not isolating it from being using services most of traditional sys-
tem does that. The user node can ask to setup the route to deliver packets for its speci-
fied destination.

5 Conclusion and Future Work

The implementation of current project shows the successful tracking of exact malicious
nodes through multiple dimension and isolation of the detected node from being a part
of any path in future. So the effect of which improves the Packet delivery ratio in turn as
malicious nodes are not participate in further packet forwarding, the packet dropping per-
centage is reduced. But still we are allowing the malicious node, by changing its role to
“USER”, to use services for forwarding its own packets rather completely isolating it from
network. The identification of malicious nodes by using this multidimensional approach
helps to keep them away from being the part of any route in future and that is our major
goal which is achieved. There are some limitations of our method as IDS system should
be modified so as to give the scope to “USER” node to improve their performance and be
again the forwarder and increase the complexity level of trust value calculation. This will
be incorporated in my next paper.

References
1. Gupta, R., & Jain, C. (2011). Mobile adhoc network (manets): Proposed solution to security related
issues. Indian Journal of Computer Science and Engineering (IJCSE), 2(5), 738–746.
2. Kannhavong, B., Nakayama, H., Nemoto, Y., Kato, N., & Jamalipour, A. (2007). A survey of rout-
ing attacks in mobile ad hoc networks. IEEE Wireless Communications, 14(5), 85–91. https​://doi.
org/10.1109/MWC.2007.43969​47.
3. Das, K., & Taggu, A. (2014). A comprehensive analysis of dos attacks in mobile adhoc networks, In
2014 International conference on advances in computing, communications and informatics (ICACCI)
(pp. 2273–2278). https​://doi.org/10.1109/ICACC​I.2014.69685​61.
4. Gupta, K., & Gujral, M. (2013). Secure detection technique against blackhole attack for zone routing
protocol in manets. International Journal of Application or Innovation in Engineering and Manage-
ment (IJAIEM), 2(6), 444–448.
5. Abdelaziz, A. K., Nafaa, M., & Salim, G. (2013). Survey of routing attacks and countermeasures in
mobile ad hoc networks In 2013 UKSim 15th international conference on computer modelling and
simulation (pp. 693–698). https​://doi.org/10.1109/UKSim​.2013.48.
6. Naveena, A., & Reddy, K. R. L. (2018). Malicious node prevention and mitigation in manets using a
hybrid security model. Information Security Journal: A Global Perspective, 27(2), 92–101. https​://doi.
org/10.1080/19393​555.2017.14153​99.
7. Dave, D., & Dave, P. (2014). An effective black hole attack detection mechanism using permuta-
tion based acknowledgement in manet. In 2014 International conference on advances in computing,

13
ITCA, an IDS and Trust Solution Collaborated with ACK Based… 415

communications and informatics (ICACCI) (pp. 1690–1696). https​://doi.org/10.1109/ICACC​

I.2014.69684​17.
8. Bhardwaj, A. (2014). Secure routing in DSR to mitigate black hole attack. In 2014 international con-
ference on control, instrumentation, communication and computational technologies (ICCICCT) (pp.
985–989). https​://doi.org/10.1109/ICCIC​CT.2014.69931​02.
9. Liu, W., & Yu, M. (2014). Aasr: Authenticated anonymous secure routing for manets in adversarial
environments. IEEE Transactions on Vehicular Technology, 63(9), 4585–4593. https​://doi.org/10.1109/
TVT.2014.23131​80.
10. Khan, M. S., Midi, D., Khan, M. I., & Bertino, E. (2017). Fine-grained analysis of packet loss in
manets. IEEE Access, 5(2017), 7798–7807. https​://doi.org/10.1109/ACCES​S.2017.26944​67.
11. Uyyala, S., & Naik, D. (2014). Anomaly based intrusion detection of packet dropping attacks in
mobile ad-hoc networks. In 2014 international conference on control, instrumentation, communica-
tion and computational technologies (ICCICCT) (pp. 1137–1140). https​://doi.org/10.1109/ICCIC​
CT.2014.69931​32.
12. Adhikari, S., & Setua, S. K. (2013Cooperative network intrusion detection system (CNIDS) in mobile
adhoc network based on DSR protocol. In Proceedings of 2013 3rd international conference on com-
puter science and network technology (pp. 929–935). https​://doi.org/10.1109/ICCSN​T.2013.69672​57.
13. Anusha, K., & Sathiyamoorthy, E. (2017). A new trust-based mechanism for detecting intru-
sions in manet. Information Security Journal: A Global Perspective, 26(4), 153–165. https​://doi.
org/10.1080/19393​555.2017.13285​44.
14. Bhuvaneswari, M., & Naik, D. (July 2014). Secure optimal routing protocol in manets. In 2014
international conference on control, instrumentation, communication and computational technolo-
gies (ICCICCT) (pp. 1320–1323). https​://doi.org/10.1109/ICCIC​CT.2014.69931​65.
15. Bouabana-Tebibel, T., Tebibel, N., & Zemmouri, S. (2014). A trust-based probing to secure data
routing. In 2014 international conference on advances in computing, communications and infor-
matics (ICACCI) (pp. 1592–1597). https​://doi.org/10.1109/ICACC​I.2014.69684​50.
16. Sharma, A., Bhuriya, D., Singh, U., & Singh, S. (2014). Prevention of black hole attack in AODV
routing algorithm of manet using trust based computing. International Journal of Computer Sci-
ence and Information Technologies.
17. Wang, J., Liu, Y., & Jiao, Y. (2011). Building a trusted route in a mobile ad hoc network con-
sidering communication reliability and path length. Journal of Network and Computer Applica-
tions, 34(4), 1138–1149. https​://doi.org/10.1016/j.jnca.2010.11.007. (Advanced Topics in Cloud
Computing).
18. Xia, H., Jia, Z., Li, X., Ju, L., & Sha, E. H.-M. (2013). Trust prediction and trust-based source
routing in mobile ad hoc networks. Ad Hoc Networks, 11(7), 2096–2114. https​://doi.org/10.1016/j.
adhoc​.2012.02.009. (Theory, algorithms and applications of wireless networked robotics recent
advances in vehicular communications and networking).

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.

Nilesh Marathe received B.E in Computer Engineering from Marath-

wada University in July 2001, M.E. in Computer Engineering from
Mumbai University in March 2011 and currently pursuing Ph.D. from
Ramrao Adik Institute of Technology, Nerul, Navi Mumbai, affiliated
to University of Mumbai. He is presently holding position of Associate
Professor in Information Technology at Ramrao Adik Institute of
Technology, Nerul, Navi Mumbai. He has published about 35 papers
in International and National Journals and Conferences. He has guided
15 PG students and 3 are ongoing and life member of, Indian Society
for Technical Education (ISTE). His research area includes Network
Security, QoS in Network, VANET Security.

13
416 N. Marathe, S. K. Shinde

Dr. Subhash K. Shinde has received B.E degree in Computer Engineer-

ing from Marathwada University in July 1999 , M.E. Degree in Infor-
mation Technology from Mumbai University in January 2005 and
Ph.D. from S.G.G.S. College of Engineering and Technology Nanded,
affiliated to Swami Ramanand Teerth Marthwada University Nanded
in October, 2012. He is presently holding position of Professor in
Computer Engineering and Vice-Principal at Lokmanya Tilak College
of Engineering, Navi Mumbai. He is working as Chairman, Board of
Studies in Computer Engineering under Faculty of Technology, Uni-
versity of Mumbai, and Member of the Academic Council, BUTR,
RRC, of University of Mumbai from 1st July 2015 to till date. Also
Member of Board of Study in Information Technology under Faculty
of Engineering Technology of Pune University from 1st July 2015 to
till date and member of the Board of Study in Information Technology
under the Faculty of Technology, University of Mumbai, 1st July 2014
to till date. He has published about 35 papers in International and
National Journals and Conferences. He has written 3 books through
reputed publisher. Under his supervision five research scholars are working towards their Ph.D. He has
guided 30 PG students (ME) and 3 are ongoing. He is a life member of, Indian Society for Technical Educa-
tion (ISTE), Computer Society of India (CSI) and International Association of Computer Science and Infor-
mation Technology (ASCIT). He is reviewer of reputed journal like International Journal Big Data,
Springer, and Expert System with Application, Elsevier publication. He is actively involved on many Uni-
versity aimed at designing syllabus revision for UG and PG programme as well as working as member of
academic advisor committee.

13