Professional Documents
Culture Documents
a r t i c l e i n f o a b s t r a c t
Article history: Nowadays Wireless Sensor Network (WSN) mainly faces security issue during packet transmission
Received 2 August 2018 between different sensor nodes in network combined with data mining. To overcome this challenge
Received in revised form 16 March 2019 an efficient clustering technique called adaptive chicken swarm optimization algorithm is proposed for
Accepted 12 June 2019
cluster head (CH) selection. By this adaptive method the time consumption is reduced to a greater extend
Available online 23 June 2019
along with that the lifetime of the network and the scalability is improved alternatively. Additionally a
two stage classification technique known as adaptive SVM classification a supervised learning technique
Keywords:
is proposed with Intrusion Detection System (IDS) where an acknowledgement based method is utilized
Wireless sensor network (WSN)
Intrusion detection system (IDS)
for reporting the malicious sensor nodes. By this acknowledgement different types of attacks such as
Security DOS, probe, U2R, R2L are detected incorporation with Intrusion Detection System (IDS). Once detected
Chicken swarm optimization (CSO) a high level security mechanism along with intrusion response is provided to other sensor nodes by
Rotated random forest (RRF) which a secure packet transmission occurs between different sensor nodes. The proposed methodology
Support vector machine (SVM) is implemented in python platform and the comparison results provided with existing methods proves
Clustering a better result.
High–level security © 2019 Published by Elsevier Inc.
1. Introduction avoided. According to Mehmood et al. [2], there are different types
of possible attacks on WSNs like routing attacks, Sybil attacks and
The Wireless sensor networks (WSNs) are infrastructure-less, denial of service (DoS) etc. Intrusion detection systems (IDS) can be
distributed and dynamic in nature [1]. The in richness capabilities of used in WSNs to detect the suspicious behaviour of nodes inside the
the WSN change to area of emergence technologies. Fog computing WSNs [3]. Cluster-based WSNs can reduce the performance load
has an excellent example. In order to satisfying mobility support, in terms of reducing the aggregate computation and energy con-
geo distribution, locational awareness, and to low latency needs sumption of all the nodes [4]. Due to technological development,
for the IoT applications, the Fog node facilitates the user in the exe- WSNs have become visible and are used for various purposes in our
cution of IoT applications. Due to the vulnerable nature of WSNs, daily life. Therefore, security in such networks is mainly focused
these networks are always exposed to severe types of threats which on ensuring reliable performance of nodes in the network. IDS-
can vitiate their whole functionality. Authentication protocols and based systems are very effective for detecting irregular actions of
secure routing protocols implement the use of cryptographic keys inner nodes of networks, preventing the whole network from var-
to ensure secure transmission of data but cannot give protection ious types of malicious attacks. The IDS agents will collect and
against the inside attacks knows as passive attacks. These protocols analyze the abnormal behaviour of nodes in a time period and
scramble. The valuable data from intruders who try to access them then apply appropriate actions. The work [5] has discussed various
from outside, but a passive attack from a node inside cannot be detection mechanisms for analysis. There are three possible ways
of implementing IDS agents: centralized, distributed and hybrid.
These agents are more efficient if installed at base stations, the
∗ Corresponding author. centralized approach, because it does not affect the performance
E-mail address: gautamborkar2@gmail.com (G.M. Borkar). on small nodes in the network. According to [6], the term Situation
https://doi.org/10.1016/j.suscom.2019.06.002
2210-5379/© 2019 Published by Elsevier Inc.
G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135 121
Ahmad. I et al. [19] presented genetic algorithm for search- 3. Proposed methodology
ing the genetic principal components that offers a subset of
features with optimal sensitivity and the highest discriminatory Security of data is considered to be one of the most important
power. The selecting of an appropriate number of principal com- concerns in today’s world. Data is vulnerable to various types of
ponents was a critical problem in subset selection. Before the intrusion attacks that may reduce the utility of any network (Mobile
process of classification, the raw dataset was pre-processed in Ad-hoc NETwork (MANET)) or systems. Identifying and preventing
three ways such as discarding symbolic values, feature transfor- such attacks is done by Intrusion Detection System (IDS) and it is
mation using PCA and optimal features subset selection using one of the most challenging tasks. Intrusion Detection System is a
GA. The support vector machine (SVM) was used for the classi- type of security management system for computers and networks.
fication process. This research work used knowledge discovery It gathers and analyzes information from various areas within a
and data mining cup dataset for experimentation. The perfor- computer or a network to identify possible security breaches, which
mance of this approach was analyzed and compared with existing include both intrusions (attacks from outside the organization) and
approaches. misuse (attacks from within the organization). Intrusion Detection
Ni. Q et al. [20] discussed about a solution for the problem of clus- (ID) uses vulnerability assessment, developed to assess the security
ter head selection which is an important step in WSN. This solution of a computer system or network. Data is considered to be the most
was based on fuzzy clustering preprocessing and particle swarm important aspect of any organization. If the organization’s data is
optimization. More specifically, fuzzy clustering algorithm was secure, only then it can successfully carry out its operations. In this
used to initial clustering for sensor nodes according to geographical work, an efficient classifier with data mining concept is introduced
locations, where a sensor node belongs to a cluster with a deter- for the detection of intrusions accurately with less time.
mined probability, and the number of initial clusters was analyzed Currently WSN suffers mainly from the problem of security issue
and discussed. Furthermore, the fitness function was designed with while transferring packets from one sensor node to another in a net-
the consideration of both the energy consumption and distance work. In order to overwhelm this problem, an efficient technique is
factors of wireless sensor network. Finally, the cluster head nodes introduced by proposing an efficient classification technique with
in hierarchical topology was determined based on the improved data mining. Firstly, a group of sensor nodes is given as input and
particle swarm optimization. it is clustered because clustering improves the lifetime of the net-
Wang. G et al. [21] presented an approach, called FC-ANN work and improves scalability. Here clustering is performed by a
based on ANN and fuzzy clustering, to solve the problem and novel clustering process known as stratified sampling based on
help IDS achieve higher detection rate, less false positive rate and the nodes weight. The advantage of this sampling technique is
stronger stability. Through fuzzy clustering technique, the hetero- that it has high degree of representativeness than other sampling
geneous training set was divided to several homogenous subsets. techniques. After that cluster head selection is performed by the
The general procedure of FC-ANN was given as follows: firstly fuzzy employment of adaptive chicken swarm optimization algorithm
clustering technique was employed to generate different training (ACSO). The main advantage of this algorithm over traditional CSO
subsets. Subsequently, based on different training subsets, differ- is the process of performing sampling which is absent in traditional
ent ANN model was trained to formulate different base models. CSO. The advantage of this adaptiveness is, it mainly aims to reduce
Finally, a meta-learner, fuzzy aggregation module, was employed the time consumption for selecting the best cluster head.
to aggregate these results. After the selection of cluster head (CH), an ensemble known
K. Kalaiselvi et al. [22] stated that Wireless body area network as Rotated Random Forest (RRF) is employed to reduce the fea-
(WBAN) is a promising methodology in present health care sys- tures in the database. The advantage of this RRF is that it performs
tems to monitor, detect, predict and diagnose the disease in people. more accurately with less time than ordinary random forest. Finally,
The performance of the WBAN network is affected by un-trusted the reduced features are given to the 2-stage classification pro-
nodes in WBAN network. The un-trusted sensor nodes are formed cess. For the process of classification, adaptive SVM (Support Vector
in WBAN network due to the attackers from outside the world. In Machine) classifier a machine learning technique is utilized. In the
this paper, sensor node classification algorithm is proposed which first stage, by the utilization of acknowledgement based method,
incorporates ANFIS classifier based trusted and un-trusted sensor the sensor node is recognized that whether it is attacked or not.
nodes detection and classification system is proposed in order to In the second stage, the malicious sensor nodes are processed to
improve the efficiency of the WBAN networks. This proposed sys- obtain the type of attack based on the given conditions. There
tem constitutes feature extraction and classification modules. The are four types of attack namely, DOS, probe, U2R, R2L and after
trust features are extracted from sensor nodes and these extracted the detection of attack in WSN it is rectified by use of High-Level
features are optimized using genetic algorithm. The performance Security Mechanism comprising of cryptographic function to offer
of the WBAN network is analyzed in terms of classification rate, security. The overall process flow for the proposed technique is
packet delivery ratio and latency. illustrated below in Fig. 2. With addition of data mining technique
Walid Balid et al. [23] stated that Real-time traffic surveillance the location and topology information is inferred without explicitly
is essential in today’s intelligent transportation systems and will knowing other network management data and localization.
surely play a vital role in tomorrow’s smart cities. The work detailed
in this paper reports on the development and implementation of a 3.1. Dataset
novel smart wireless sensor for traffic monitoring. Computationally
efficient and reliable algorithms for vehicle detection, speed and This work is tested with aid of KDD cup 1999 dataset compris-
length estimation, classification, and time-synchronization were ing of 41 features labelled as attack or normal. These features has
fully developed, integrated, and evaluated. Comprehensive system continuous and symbolic forms described into four categories such
evaluation and extensive data analysis were performed to tune and as intrinsic features, content features, same host features and sim-
validate the system for a reliable and robust operation. Several field ilar service features. This dataset also illustrates about the types of
studies conducted on highway and urban roads for different scenar- attack as in Table 1.
ios and under various traffic conditions resulted in 99.98% detection In User-to-root attack, the attacker tries to access normal user
accuracy, 97.11% speed estimation accuracy, and 97% length-based account and gains root access information of the system. The U2R
vehicle classification accuracy. The developed system is portable, attacks leads to several vulnerability such as sniffing password, a
reliable, and cost-effective. dictionary attack and social engineering attacks.
G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135 123
A delay De is said to occur when the time between departure of a cumulative time T v , the initial energy E v , Distance between Base
collected packet from a source and its accession to the base station station to each sensor node BS v , the six coefficients w1 to w6.
and is given as in (4) STEP1: Find the neighbors (node degree) Nv of each node v,
within Rv .
De = (Deque + Detra ) × Hopcount (4)
Nv = {v|dis tan ce(v, v) ≤ Rv }
Where Deque is queuing delay and Detra is transmission delay.
Then clustering is done by which lifetime of MANET is maximized STEP 2: Compute the degree difference v = |dv − M| for every
which is the time from deployment of WSN along with minimized node v. M is maximum node degree.
energy consumption of sensor nodes. The moveable destination STEP 3: Compute the sum Dv of the distances between nodes v
sensor node is called as MANET sink. The energy consumption of with all its neighbors.
sensor nodes is minimized by minimizing the distance between
sensor nodes. Consequently, scalability of MANET is improved Dv = {dis tan ce(v, v)
veNv
since any increase in number of sensor nodes will not affect the
performance of WSN, with reduced network traffic. Then cluster STEP4: Compute the mobility speed of every node v by
1
formation is done that includes some characteristics such as cluster
count, cluster density, message count, stability, intra-cluster topol- Mv = (Xt − Xt−1 )2 + (Yt − Yt−1 )2
ogy etc. When more number of clusters with small size cluster is T i=1
distributed, better energy consumption is yielded since the trans- Where (Xt, Yt ) and (Xt -1 , Yt -1 ) are the coordinate positions of node
mission distance is minimized. When the total energy consumption v at time t and t − 1.
is minimized then automatically the lifetime of MANET is increased STEP 5: Assume the cumulative time Tv in which node v has
and the energy consumed is given as in (5). acted as a cluster head. A larger Tv value with node v implies that it
has spent more resources (such as energy).
ECm = ICm × EPR + ICm × EPA + EPT (NextHop) (5) STEP 6: Assume initial energies Ev of each sensor nodes.
Where ECm is the energy consumed, EPR is the energy consump- STEP 7: Calculate distance between Base Station to each sensor
tion due to packet received, EPA is the energy consumption due to nodes.
packet aggregation, EPT is the energy consumption due to packet
MBS−v = (XBS − Xv )2 + (YBS − Yv )2
transmitted, ICm is the number of sensor nodes sue to inter-cluster
topology. Also the transmission power TPm is measured in joules Where, (X BS , YBS ) and (X v , Yv ) are the coordinate positions of base
in order to estimate the weight of the nodes by stratified sampling station and each sensor node respectively.
based on nodes weight as in (6) STEP 8: Calculate the combined weight
xNNm + yECm + z Wv = w1 v + w2 Dv + w3 Mv + w4 Tv + w5 Ev + w6 BS v
Wem = ; (x + y + z ≤ 1) (6)
TPm
Where,
Where Wem is the weight of sensor nodes. Based upon this weight w1 = 0.1-weight of Degree difference (v )
obtained, clustering is performed in the sensor networks result- w2 = 0.05- weight of Sum Dv of the distances between node v
ing in different cluster formation, minimum number of clusters C with all its neighbors
(1–10) with maximum number of sensor nodes and is given in (7) w3 = 0.1-weight of Mobility speed of every node (Mv )
as w4 = 0.05-weight of Cumulative time (Tv )
C = C1 , C2 , ....., Cn (7) w5 = 0.3-weight of Initial energy (Ev )
w6 = 0.4-weight of Distance between Base Station to each sensor
Where n describes the total number of clusters. This processing for node (BS v ).
determining clusters is given in algorithm 1 and the sensor nodes STEP 9: Choose the node with a minimum Wv as the cluster head.
before and after clustering is given in Fig. 3. STEP10: Consider the nodes which are there within the trans-
mission range as member/follower nodes of that cluster.
Algorithm 1. Trust evaluation
STEP 11: First cluster formation
Input: Array of nodes, node ID value, list of neighbors STEP 12: Eliminate the chosen cluster head and its neighbors
Output: Trust value is set for all the nodes. from the set of original sensor nodes.
Parameter used: Node forwarded, node dropped, node misrouted, node STEP 13: Repeat 1–12 for the remaining nodes until each node
falsely injected is assigned to a cluster.
Step 1;Collect data forRp , Sp , f, d, m, i
Step 2: Assign the threshold values associated to each behavior fn , dn , mn , in
Step 3: Calculate ratio fs , ds , ms , is of each behavior and Rp , Sp ,total sent or 3.3. Adaptive chicken swarm optimization for CH selection
received packet accordingly
Step 4: Calculate the deviation fd , dd , md , id from the corresponding threshold After formation of clusters C the CH for each cluster is to be
fs = f/Rp andfd = fn /fs
ds = d/Rp anddd = dn /ds
detected by aid of ACSO algorithm. By use of this adaptive algo-
ms = m/Rp andmd = mn /ms rithm the time consumption for selecting CH is reduced due to
is = i/Sp andid = in /is stratified sampling weight for performing clustering. Formally the
Step 5: Calculate the Corresponding direct trust value using the formula, fitness value for determining CH is given in (8)
Trust(t) = (wl ∗ fd ) − (w2 ∗ dd ) + (w3 ∗ md ) + (w4 ∗ id ).
Where w1, w2, w3, w4 – pre-defined weights.
IC Dis tan ce
Fitness = ERm + (m − n) + + (8)
n n
Algorithm 2. Clustering by stratified Sampling based on Nodes
Weight Where ERm is the remaining energy. The trust value is estimated as
in (9)
Input: A set of sensor nodes, each with the same transmission
radius Rv , degree difference v , sum Dv , of the distances between packets correctly forwarded
Trust value = (9)
node v with all its neighbor’s, mobility speed M v , its individual total packets forwarded
G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135 125
Table 3
Features in KDD Cup 1999 Dataset.
N number of nodes.
STEP 6: Total energy consumption is sum of energy used in all
CH node and energy used in all non-CH node.
Table 4 Table 6
Attributes after Feature Reduction by RRF. Estimated Values for Proposed System.
The attacks are identified by set of rules given in Table 1. Based on • Sybil attack
the attack features thus the different types of attack such as DOS,
U2R, R2L and Probe are identified. By using radio resources, random key pre-distribution, registra-
tion procedure, verification of position, and code testing Sybil entity
3.5.3. Intruder identifications attacks are detecting.
After identification of attack, the CH initiates intruder identifi-
cation and applies intruder identification rules that are specific to 3.5.3.3. R2l attack. Information or data spoofing: Efficient use of
the known attack. The dataset comprises of known attack listed in the resources. Protects the network even if part of the network is
Table 1 and some other additional unknown attack such as apache compromised, Attacks Information in transit: Provides flexibility
2, httptunnel, mailbomb, mscan, named etc. in the network protects the network, even if part of the network is
compromised, provides authentication measures for sensor nodes,
3.5.3.1. DOS attack. The main feature of DOS attack is Centered on providing message authenticity, integrity and con-
Point to point nodes used to stop avoidance of the jammed fidentiality messages works in the link layer, Semantic security,
region., Utilizes Wormholes to avoid jamming., selected forwarding Replay protection, data authentication, low communication over-
is compromised sensor node globules pocketing a particular desti- head.
nation, The dataset comprises the known training dos attack such The training data set in the R2L attack are guess password, imap,
as, apache, back, land, Neptune, pod, smurf, teardrop, processtable, multihop, phf, spy,waremaster,dictionary,ftpwrite,guest, httptun-
dosnuke, mailbomb, ping of death, sshprocesstable, syslogd, tcp- nel,imap,named,netbus,phf,ppmacro,sendmail,sshtrojon,xsnoop
reset, udpstorm, jamming, selected if above the attack are known is satisfied the condition in classification technique it is said to be
attack which is consider as a DOS attack. R2L attack.
Some DOS attack description are
3.5.3.4. Probe attack. Altered Routing Information, Attack, Reply
i Apache-2
Routing Information, Spoofed Routing information attack,
The training features dataset in probe attacks are inside sniffer,
The Apache2 attack is a denial of service attack against an apache IPsweep, IPdomain, mscan, NTinfoscan, nmap, quesosaint, Satan.
web server where a client sends a request with many http headers. The above major four attacks are DOS, R2L, U2R and probe are
If the server receives many of these requests it will slow down, and the features of various attacks are trained and tested for the based
may eventually crash on known attack, finally find whether node is attack or normal
• Back using proposed classification technique,if suppose unknown attack
are found Let us consider unknown attack, looping attack, it is the
main cause circulation of data in a particular region in the network.
In this denial of service attack against the Apache web server, an
This attack stops data to send the destination node and revolve in
attacker submits requests with URL’s containing many frontslashes.
the same region which increases network traffic as well as causes
As the server tries to process these requests it will slow down and
latency, it is consider as malicious node, send random value that
becomes unable to process other requests
may (or) may not coincide with the value sent by the good node.
• Land Attack Since in this work dealing with unknown attacks, clustering algo-
rithm are trained with data that have no traces of attacks, in this
The Land attack occurs when an attacker sends a spoofed SYN paper already approach the performance when attack are present
packet in which the source address is the same as the destination during the training. Suppose attack is unknown that have been are
address treated as malicious. Compromised node (Table 1) do not perform
any malicious activity based on the result they should remain iso-
• Smurf attack lated until the security response system deal with the attack. (e.g.)
until the base station change their id. Following intruder identifi-
The Smurf attack can be identified by an intrusion detection sys- cation, an anomaly IDS respond to intrusion. However deficiencies
tem that notices that there are a large number of ’echo replies’ being occur and therefore, to improve the overall effectiveness of the
sent to a particular victim machine from many different places, but protection mechanism an intrusion response scheme is involved.
no ’echo requests’ originating from the victim machine.
3.5.4. Intrusion response
• Mail bomb
Consequently, flexible intrusion response scheme is given
describing a set of intrusion response actions for MANETs. The
A Mail bomb is an attack in which the attacker sends many mes- intrusion response is also implemented by CH where initially
sages to a server, overflowing that server’s mail queue and possible the confidence level of the attack is detected based on detection
causing system failure. information, utilizing detection information. Then the network per-
formance degradation is evaluated by utilizing percentage change
3.5.3.2. U2R attack. Hello flood: Two-directional verification and in parameters that provides measure of severity of the attack.
multiple base station routing and multi- routing are used. And also Finally a response action is selected and the necessary actions
adopts a secret, probabilistic, sharing compartment, for intrusion response are taken. This information are given by
The training attack are buffer overflow, load module, Perl, root means of a decision table. To enhance the effectiveness of intrusion
kitanypw, casesn, eject, ftbconfig, fdformat, load module, ntfsdos, response and to reduce its adverse effects on MANET, the effect of
perl,ps, sechole,xterm, vaga intrusion is analyzed. After detection of effect the following actions
Some features description of U2R attack are performed.
• Black-hole attacks 3.5.4.1. Isolation. In this response action all nodes in the network
completely isolate it from the network (MANET) immediately by
Uses geographic routing and takes advantage of being the sender imposing restriction by data forwarding and routing service. Sensor
to see the nearer transmission and detects black-hole attacks nodes do not forward any data packets, routing packets originating
128 G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135
from destined to the intruding node and ignore all routing pack- of packets or other criteria for defect and based on that a particular
ets originating from intruding node. Probabilistic Isolation is also solution is given based on steps in intrusion response. After detec-
done where nodes do not isolate the intruder completely instead tion of attacks additionally security mechanism is carried in other
some restriction are applied in terms of forwarding its data. Here sensor nodes to prevent the nodes.
the sensor nodes only forward some of the intruding node’s data
packets, with a specified probability and do not send any routing 3.6. High level security mechanism enchancing security
packets through the intruder.
The non – malicious sensor nodes recognized from the two stage
3.5.4.2. Route around attacker. Here nodes route data packets classification process is then additionally secured with aid of high
around the intruding node to stop attacks from intruding node level security mechanism that includes
while allowing the intruder to forward data packets for other nodes.
For this intrusion response nodes allows the intruder to forward • Secure group management
data packets for other nodes in the network for existing routes. • Secure data aggregation
Nodes process these data packets so that they will reach their des-
tinations and will include intruder in new route discoveries. Also 3.6.1. Secure group management
ignore all routing packets generated and forwarded by intruder. After clustering and detection of attacks in WSN it is necessary
to incorporate a security mechanism for secure communication
3.5.4.3. Service denial. By this mechanism sensor nodes deny between each sensor node. The CH which is receiving a data from
services provided to by the intruder while utilizing it as an interme- another cluster has to authenticate the data by group key manage-
diate router. Here the sensor nodes do not forward any data packets ment. The key management technique is done by a cryptographic
to intruding node then it ignores any further services provided to function including encryption and decryption with aid of keys usu-
other nodes in the network. Finally it allows data packets to be ally 16 byte of length that provide secure transmission of data or
routed through intruder nodes i.e. use the intruder as an interme- packet.
diate router in the network. In some cases when the attack is not
severe the attack is simply ignored. 3.6.2. Secure data aggregation
Data or packet aggregation (fusion) is necessary in sensor net-
3.5.4.4. Relocation. By another response action a node is physi- work to reduce the amount of data transmitted to the base station.
cally moved so that it is closer to intruder node before isolating The aggregator technique is responsible for creating proof of neigh-
the intruder. The network topology information is required by this bor’s data that verify the purity of the collected data to the base
approach to identify critical nodes in the network, and also requires station. Therefore by the implementation of this efficient technique
the network to be able to command its nodes to move as required. the overall time consumption, energy consumption and bagging
error is reduced with accurate classification performance. Subse-
Algorithm 4. Intrusion Response Mechanism
quently, this proposed technique shows better improvement in
performance than the existing techniques.
4. Results
Initially the sensor nodes is created in a MANET (say 50) and the
estimation of parameters such as the lifetime, energy consump-
tion, distance between the nodes, hop count, delay, intercluster
topology, weight, transmission power etc. are estimated with aid
of equation specified.
Thus the known attacks are provided a better solution based on 4.1.1. Encryption time
these predictions given by intrusion response. Then to detect the The encryption time of packet sent is the time calculated during
unknown attacks the effect of it is first analyzed such as dropping encryption i.e. during conversion of plain text to cipher text by High
G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135 129
data size
time = (12)
speed
4.1.3.3. Accuracy. Accuracy is the most essential metric for defin- 4.2. Malicious attack before prevention and after prevention
ing classification system performance. It is also used as a statistical using different parameter strategy
measure of how well a classification test appropriately classifies
or removes a condition. It is taken as the ratio of the number of The malicious node attack (i.e. Known and unknown attacks)
correctly classified samples to the total number of samples (i.e. before prevention similarly after prevention node the different
accuracy is the proportion of true results both TP and TN among parameter values are calculated such as Throughput, End to End
the total number of cases examined and is given in (15) Delay, Transmit Energy, Distance, channel load, buffer occupancy,
Bandwidth, Bit Error Rate, Packet Delivery Ratio and QOS.
TP + TN
Accuracy = (15)
P+N
4.2.1. Throughput
Throughput is the rate of successful message delivery over a
4.1.3.4. False positive rate (FPR). FPR is responsible for classification
communication channel. Throughput is usually measured in bits
test and is estimated as the ratio of FP to the sum of false positive
per second (bit/s or bps), and sometimes in data packets per second
and True Negative and is given as in (16)
(p/s or pps) or data packets per time slot. The throughput formula
FP is given below
FPR = (16)
FP + TN Sum ((no.ofsuccessfulpackets) ∗ (avg.packet size))
Throughput = (21)
Time
4.1.3.5. Fault detection rate (FDR). FDR is responsible for classifica-
In the above Table 7 that described the parameter value of
tion test to predict the detection rate and is estimated as the ratio
throughput with different number of node which indicates the
of FP to the sum of false positive and True Positive and is given as
before prevention of malicious node that comprises of known and
in (17)
unknown attack. After prevention of malicious node using pre-
FP vention mechanism the value of throughput is increased which is
FDR = (17)
FP + TP clearly plotted in the Fig. 6.
130 G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135
Table 7
Parameter value of Throughput.
Fig. 6. performance value of Throughput under before and after prevention. Fig. 8. performance value of Transmit Energy with and without IDS.
Table 8
Parameter value of End to End Delay.
Table 9
Parameter value of Transmit Energy.
Table 10
Parameter value of Distance.
Fig. 9. performance value of Distance with and without IDS before and after pre- Fig. 10. performance value of Channel with before and after prevention.
vention.
4.2.6. Buffer occupancy
single component may increase reliability and availability through Source node broadcasts REQ packet to the destination through
redundancy. Load channel formula are the intermediate neighbor node. In response to the REQ packet the
destination sends RREP packet along with buffer occupancy to the
no. ofRequest intermediate node. Then source node chooses the best path using
channel load = (25)
no of sloted node shortest distance and buffer occupancy. Through the shortest path
urgent data packets are routed. And for the rest best disjoint paths
In the above Fig. 10 represents the performance of Load Chan-
are chosen for normal data packet transmission. The formula for
nel of different node using before prevention of malicious attack
buffer occupancy is
node which consist of known and unknown attack after preven-
tion of the malicious node using prevention technique i.e. IDS in Transmit Energy
Buffer occupancy = (26)
AODV protocol the performance is increased when compared to channel load
before prevention of malicious attack.in the Table 10 represents In the above Fig. 11 indicates the performance comparisons of mali-
the increased value of channel load before prevention and after cious node before prevention and after prevention that comprises
prevention (Table 11). of known attack and unknown attack after prevention of mali-
132 G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135
Table 11
Parameter value of Channel Load.
Table 12
Parameter value of Buffer Occupancy.
Fig. 11. performance value of Buffer Occupancy with before and after prevention. Fig. 12. performance value of Bandwidth with before and after prevention.
cious node using prevention mechanism the AODV protocol has interval. Bit error ratio is a unit less performance measure, often
increased their performance value of Buffer Occupancy the varia- expressed as a percentage
tion values are indicated in the Table 12.
2Eb
Bit Error Rate(BER) = Q ∗ (28)
N0
4.2.7. Bandwidth
Bandwidth is defined as the amount of data that can be transmit- Where, N0 is the noise spectral density and Eb is the energy per bit.
ted in a fixed amount of time. the bandwidth is usually expressed In the above Table 14 that described the parameter value of
in bits per second(bps) or bytes per second. For analog devices, Bit Error Rate with different number of node which indicates the
the bandwidth is expressed in cycles per second, or Hertz (Hz). the before prevention of malicious node that comprises of known and
formula for bandwidth is unknown attack. After prevention using prevention mechanism the
value of Bit Error Rate is decreased. that is clearly plotted in the
Transmit Energy Fig. 13.
Bandwidth = (27)
Channel Load
In the above Table 13 that described the parameter value of 4.2.9. Packet delivery ratio
Bandwidth with different number of node which indicates the The calculation of Packet Delivery Ratio (PDR) is based on the
before prevention of malicious node that comprises of known and received and generated packets as recorded in the trace file. In gen-
unknown attack. After prevention using prevention mechanism eral, PDR is defined as the ratio between the received packets by
the value of Bandwidth is increased when compared to before the destination and the generated packets by the source. Packet
prevention of different node. The comparison graph indicates the Delivery Ratio is calculated using formulae are
performance value of bandwidth in the Fig. 12. send data
packet delivery ratio = × 100 (29)
received data
4.2.8. Bit error rate (BER) In the above Table 15 that described the parameter value of
The bit error ratio (also BER) is the number of bit errors divided Throughput with different number of node which indicates the
by the total number of transferred bits during a studied time before prevention of malicious node that comprises of known and
G.M. Borkar et al. / Sustainable Computing: Informatics and Systems 23 (2019) 120–135 133
Table 13
Parameter value of Bandwidth.
Table 14
Parameter value of Bit Error Rate.
Table 15
Parameter value of Packet Delay Ratio.
Fig. 13. performance value of Bit Error Rate value for before and after prevention. Fig. 14. performance value of Packet Delay Ratio with before and after prevention.
Table 16
Parameter value of Quality of Service.
Table 17
Comparison for Encryption Time and Decryption Time.
Fig. 15. performance value of Quality of Service before and after prevention.
References