Predicting Malicious Node Behavior in Wireless Network Using DSR Protocol and Network Metrics

: This paper describes a set of network metrics are helpful to predict behavior of malicious node in wireless network. The Network and internet is the device in which multiple people can communicate with each other through the wired or wireless media. Nowadays, Internet of Things, Mobile, vehicular, and wireless ad hoc networks all merge into one shared network. These networks are often used to send receive confidential data and information. The unauthorized or malicious node misuse these secrete information. With a rise in rogue nodes, network performance will suffer. A rogue node in the network can cause variations in network metrics including the packet dropping percentage, throughput, latency, energy consumption, and average queue duration. This behavior used to identify the malicious node.


Introduction
The two things we need most in our daily lives are a computer network and the internet. To pass the personal information or official information quickly to the essential place network or internet is one of the most powerful media. The network is used as wired networks and wireless networks. Data packets are basic entities in all types of networks. Security of network implies security of data packets. The enormous attacks from networks or the internet increase day by day. The quality of network service and security is becoming more issue; hence it requires a powerful network monitoring system, traffic analysis, and secured distribution engine for the network application.
Int. J. Comput. Commun. Inf., 1-10 / 2 A group of wireless mobile nodes that form a temporary network without the use of a centralized access point or centralized administration is known as a mobile ad hoc network. In this research work we employed five network metrics to identify behavior of malicious node.

Performance Parameters
In this research paper, five performance parameters are used to assess the network's performance in the event of DSR without an attack and DSR with an attack. They are Throughput, Packet Dropping Ratio, Energy consumption, Latency, and Average queue length. The following table shows the value of these metrics for the network simulator time 10, 20, 30 and 40 ms with malicious and without malicious node using NS2 tools [1][2][3].

Throughput
It refers to the volume of data sent through a communication network in a particular time from one node to another. The amount of data transferred between multiple locations over a given time period is tabulated to determine throughput, which typically results in the unit of bits per second (bps), which has since evolved into bytes per second (Bps), kilobytes per second (Kbps), megabytes per second (Mbps), and gigabytes per second (Gbps) . Numerous elements, including the limitations of the underlying analogue physical medium, the computing power available to system components, and end-user behavior, can influence throughput [4,5]. The network throughput is computed as Network Throughput =Σ n Total number of packets/ T -T.
The Ttp indicates the quantity of packets sent, and the Ttr indicates the quantity of packets received. Bits per second are used to measure throughput capacity. The time needed to transport a request from a source to a destination or a response from a destination to a source is represented by this throughput measure. The overall reaction time that each node experiences is significantly influenced by this value. It is based on the amount of data necessary for the request and answer as well as the transmission's quality.

Packet Dropping Ratio
When one or more data packets going over a network are unable to reach their destination, this is known as a packet loss event. Network congestion or data transmission failures in a wireless network are the two main causes of packet loss. A packet dropping rate is calculated as a percentage of lost packets compared to transmitted packets. These are metrics calculated as Packet Dropping = (Number of Packets sent -Number of Packets Received) ×100 When a specific router gets a packet and decides not to deliver it to the next hop, the packet is lost. The cause of packet loss may be natural or artificial interference. "Dropping" is the term for this type of packet loss [6][7][8].

Energy Consumption
The switching, transmission, and access networks all utilize energy, which is the amount used by a single node to transport a packet [9].Overconsumption of energy can result from a number of circumstances, including: re-transmissions, mobility. The main problem of the host which is in a wireless network is energy consumption node will take more energy while its data transmission [8]. It wastes its resources due to delays in packet transmission and packet dropping. The encryption of the packet will take more energy consumption. If the distance is quite far, the transmission in one hop uses more energy. Retransmissions, collisions, idle listening, control packets, and overhearing all affect how much energy is used. The energy consumption will be increased when the malicious node exists.

Latency
Latency, also known as delay, is the amount of time it takes for a message to be delivered in its entirety from the source to the destination over a network, beginning with the time the first bit of the message is sent out and ending with the time the last bit of the message is received at the destination. Low-Latency-Networks are network connections that experience brief delays, whereas High-Latency-Networks are network connections that experience significant delays.
Any network communication that experiences high latency develops bottlenecks. It effectively reduces the communication network's bandwidth by preventing data from fully utilizing the network channel. Depending on the cause of the delays, the impact of latency on a network's capacity may be momentary or permanent. Ping rate, another name for latency, is a millisecond-based unit of measurement (ms).

Average Queue Length
Queuing in a network directly relates to congestion. Various queuing techniques are used to manage the Buffers on network devices. Effective queue management can reduce dropped packets and network congestion while also enhancing network performance.
In Drop-head queuing technique, packets drop at the head of the queue, and in Droptail queuing technique, packets Drop at the tail of the queue. The most fundamental queue management method is called FIFO (first-in, first-out), where packets are processed in the order that they enter the queue. However, more sophisticated techniques, such as the priority queuing scheme, employ numerous queues with various priority levels so that the most crucial packets are dispatched first.

Scenario for Simulation
We use the NS-2 Simulator with DSR protocol to develop the wireless network performance evaluation model [10][11][12]. To imitate node movement, the random way approach is used. Within the simulated area, each node begins moving at a random speed from its source node to its destination node. 10 nodes are first placed for the simulations in random locations. After that 20, 30, and 40 node has been created for the simulation. We have created these environments with malicious nodes and without malicious nodes and a DSR routing protocol is implemented.

Result Analysis
This effort aims to assess the effects of malicious nodes and gauge network performance using the DSR routing protocol at various node densities both with and without malicious nodes.
To find the performance of the wireless network with DSR protocol under malicious attack we included a few nodes as malicious nodes. Initially, we measured Throughput, Packet Dropping Ratio, Energy consumption, Latency, and average queue length by varying number of nodes [5]. We fix few malicious nodes with pause time 10 m/s, 20 m/s, 30 m/s and 40 m/s. The DSR routing protocol's throughput with more nodes is depicted in Figure 1. In comparison to regular DSR, malicious attacks on throughput are less frequent.
As Figure 2. shows the packet Dropping Ratio of a wireless network using DSR protocol with and without malicious node. As the malicious node increases the packet dropping ratio but takes the value Packet Dropping ratio without malicious node 9.4328 for 200 nodes at 40 m/s pause time. The result shows without malicious nodes have a low packet dropping ratio for 200 nodes.
The Figure 3. shows the Energy consumption of wireless networks using DSR protocol with ad without malicious nodes. As the malicious node increases the Energy consumption but takes the value Energy consumption without malicious node 9.67 for 200 nodes at 30 m/s pause time. The result shows without malicious node has low energy consumption.
The Figure 4. shows the Latency of wireless networks using DSR protocol with and without malicious nodes. As the malicious node Latency level is high (9.78) for 200 nodes at 20 m/s pause time. But taking the value of latency without malicious node 9.77 for 200 nodes has a low value The Figure 5 shows the Average Queue Length of a wireless network using DSR protocol with and without malicious nodes. With the malicious node [13] increase the packet transmission time due to congestion {traffic) problem. Its average time is 9.55 for 200 nodes at 10 m/s pause time. But taking the value of average queue length without malicious node 9.65 has a high value.
The Figure 6 shows a comparison of important network matrices such as throughput, Packet Dropping Ratio, Energy consumption, Latency, and Average queue Length of a wireless network using DSR protocol with a malicious node for 200 nodes at 0 ms, 10 m/s, 20 m/s, 30 m/s and 40 m/s simulator time. The Figure 7 shows a comparison of network matrices of a wireless network using DSR protocol without malicious nodes for 200 nodes at different simulator times. From the comparison graph [14,15], we can observe the malicious node consisting of the network always decrease the performance of the network.

Conclusion
The attack made on networks has risen dramatically for many years. Due to the unlimited access to and use of software written and uploaded by technical experts. Network disruption is caused by several types of directed attacks. Therefore intrusion detection system is considered to use one of the best technologies to detect the attack and network performance. With this method, we are able to determine the effects of a rogue node on the DSR routing protocol at various node densities subject to an attack from a malicious node. The outcome demonstrates that DSR without a malicious attack performs better in terms of throughput, packet dropping ratio, energy consumption, latency, and average queue length. It has been discovered that the inclusion of malicious nodes causes the DSR routing protocol's network performance to decrease.