Effect of Flock Behavior in Worm Propagation in A Mobile Ad-Hoc Network
Effect of Flock Behavior in Worm Propagation in A Mobile Ad-Hoc Network
4, 2011
N. Moussa
Dpartement de Mathmatiques & Informatique Facult des Sciences, El Jadida, Morocco [email protected]
Abstract Mobile Ad hoc Networks (MANETs) are created on the fly. No fixed infrastructure is included in the configuration of the network, and all hosts are allowed to move freely through the network. Mobility of nodes is an important factor since it has a direct impact on the network topology. In this paper, we propose a cellular automaton based simulation model to study the propagation of worms in MANETs according to the flock behavior. The analysis points to the relationship between three important and interdependent concepts: mobility of nodes in the network, communication/interference between nodes and worm spreading among the nodes of the network. Keywords Worm propagation, Cellular Automaton, SIS model, Flock behavior
studies of virus and worm propagation have attracted more and more interests, and more papers address this problem [1-8]. Most of the studies have employed simple epidemiological models to understand the general characteristics of worm propagation. Epidemiological propagation models have traditionally been used to understand and model the spread of biological infectious diseases. The use of these models for the study of computer worms/viruses has been investigated in [3,6-8]. The aim of this paper is to propose a cellular automaton [9-10] based simulation model to study the propagation of worms in mobile ad hoc networks (MANETs) whose nodes move according to the flock behavior[11]. The choice of cellular automata models is because they are simpler, and can be easily implemented compared with other dynamical approaches. In cellular automata models, the space, the time and the velocity of hosts are assumed to take discrete values. When applied to MANETs, cellular automata uses a set of cells, each of them has two states to indicate if it is occupied or not by a host. A mobility model should attempt to mimic the movements of real mobile nodes in an ad hoc network. Currently, there is several mobility models used in the simulation of network [5]. In this paper we focus on two models largely used in simulations, namely, the Random Walk Mobility model [5] and the Flock Mobility model [11]. When entities of a system move in extremely unpredictable ways, the Random Walk Mobility Model [5] is adopted to mimic this movement. In its initial version, this mobility model assumes that a node moves from its current location to a new location by randomly choosing a direction and a speed in which to travel. The new speed and direction are both chosen from pre-defined ranges, [speedmin, speedmax] and [0, 2] respectively.
I- Introduction Mobile ad hoc networks (MANETs) are selforganizing and the constituent mobile nodes communicate with each other as autonomous hosts in the absence of a fixed infrastructure. Recently, MANETs are deployed to places where the network is required to be promptly established such as military operations, disaster relief, etc. However, networks and so the MANETs are the main target of attacks by worms and other types of malware. Since worms are self-replicating computer programs which can propagate without any human intervention, attacks pose very dangerous threats to the security and integrity of computer and telecommunications networks. In the early 1980s, worms propagate mainly through the physical contact of infected devices like floppy disks, for example. At that time, only a small number of computer viruses existed, and virus infection was usually restricted to a local area. As the networks (wired and wireless) are becoming increasingly popular, worms quickly evolved the ability to spread through the network by various means such as file downloading, email, exploiting security holes in software, etc. As a result, many
October Issue
International Journal of Computer Information Systems, Vol. 3, No. 4, 2011 Each movement in the Random Walk Mobility Model occurs in either a constant time interval t or a constant distance traveled d, at the end of which a new direction and speed are calculated. On the other hand, other models based on natural phenomena used to simulate the movement of entities of a system are proposed. Such phenomena can represents coordinate animal motion such as birds fly in flocks, fish swim in schools, and sheep move as a herd. Flocking behavior was first simulated on computer in 1987 by Craig Reynolds [11] with his simulation program. This program simulates simple agents that are allowed to move according to a set of basic rules. In its initial version, the flocking behavior is controlled by three simple rules: Collision avoidance (avoid collisions with nearby flockmates), Velocity matching (attempt to match velocity with nearby flockmates), and Flock centering (attempt to stay close to nearby flockmates). The basic model proposed by Reynolds has been extended in several different ways. These include, for example, the works of [1213]. The remainder of this paper is organized as follows. Section II is devoted to the description of our model. We will focus primarily on three important elements, namely, the mobility of nodes in the network, the communication/interference between nodes and the spreading of worms in the network. The analysis of the results of the simulation is given in section III. Finally, the conclusion is given in section IV. II- The model Creating models of worm propagation is beneficial for many reasons. It allows researchers to better understand the threat posed by new attacks and new propagation techniques, in order to predict future threats and to develop new containment measures. The model presented in this paper represents the ad hoc network as a square grid of n x n cells, with nodes placed at each intersection (cell) as illustrated in figure 1. Each node communicates with its direct vertical and horizontal neighbors, such that each node has exactly eight neighboring nodes. Each cell can be occupied by exactly one host. Initially, N hosts are randomly distributed on the network.
Figure 1. A square grid model for the MANET. The central node (node S) has two types of neighborhood, the Von Neumann neighborhood (on the left) and the Moores neighborhood (on the right) For any given host S at time t, the model uses two types of neighborhoods [14]: The Von Neumann neighborhood of S includes only the four cells immediately neighboring the cell occupied by the host S. These four cells are namely North, South, East and West. The Moores neighborhood of S is an extended Von Neumann neighborhood which includes, in addition, the four diagonally neighboring cells North-West, North-East, South-West and South-East.
A. Mobility of hosts In this section, we describe in detail the mobility of hosts in the network. The hosts move on a square grid of n x n cells with periodic boundary conditions (number of hosts remains constant). The direction of each host is chosen according to Von Neumann neighborhood. Thus, each of the N nodes in the network moves in one of the four directions: = north, south, east and west. Let ( time t. 1. Random Walk Mobility Model As mentioned in the introduction, the Random Walk Mobility model assumes that a node moves from its current location to a new location by randomly choosing a direction in which to travel. Starting from a given configuration at time t, the configuration at the next time (t+1) can be obtained as follows: each host starts with choosing the direction in which to travel in the next time step. This direction is randomly selected among the four directions, namely, north, south, east and west. The , ) denote the position of the ith node at
October Issue
International Journal of Computer Information Systems, Vol. 3, No. 4, 2011 new position is then calculated based on the actual position and the new direction found previously. If this new position is unoccupied by another node, the host is moved according to this new position with probability pmove, else the host remains in its place. 2. Flock Mobility Model For sake of simplification, in this model we have considered the flock in its simplest form. Thus we have retained only the third rule of the original version of the flock model. This rule reflects the fact that hosts, like birds flying within a flock, are attracted to each other as long as they are within the detection range. The detection range in our case is represented by the Moores neighborhood. The only difference with the Random Walk Mobility model is the choice of the direction of hosts. In this model the direction is chosen according to the flock behavior. This behavior can be summarized as follows: at each time step, a host gets the list of its Moores neighborhood. From this list, the host can have an idea about the tendency of its neighboring nodes. This tendency constitutes the new direction. In real flocks, a bird can move away from the group for various reasons, like avoiding predators or obstacles, for example. To translate this, we introduce a probability . Thus, at each time step, a host is moved in the network according to the flock mobility model with probability This can be written formally as: If random then Moves the host using Flock Mobility model Else Moves the host using Walk Random Mobility model End if Algorithm1: Hosts in the network move according to the flock behavior with probability . B. Communication and interference between hosts The Moores neighborhood is adopted for the communication/interference between hosts in the network. That is, a given host S can communicate only with hosts located in his Moores neighborhood, and hosts of this neighborhood are the set of nodes that contribute towards interference with radio reception for node S. At a slotted time t, let Pi(t) [0, Pmax] be the transmit power of node i, and g(xi(t) xj(t)) be the channel gain function in the wireless medium, such that the signal emitted by node i and received by node j is Pi(t)g(xi(t) xj(t)), where xi(t) and xj(t) are the positions of node i and node j respectively. On the other hand, we have assumed that at time t, node i can transmit data to node j if the signal received by node j is strong enough compared to the thermal noise and interference. This can be written formally as: SNR = (1)
Where SNR is the signal-to-interference ratio, the SNR threshold requirement for successful communication and 2 is the background noise power. The term is the interference contribution from nodes within the neighborhood of the receiving node j. In this paper we have made some assumptions for sake of simplification. First, Pi(t) = Pmax for all i, i.e. every node emit a maximal power which correspond to the worst case for interfering communications. Then, g(xi(t) xj(t)) is distancebased and its value is given by where dij is the is the path
distance between node i and node j, loss exponent. Equation (1) becomes: SNR= Where Prec, j = (2)
host j. The quantity Pother = represents the interference contribution from nodes within the neighborhood of the receiving node j. C. Worm spreading in the network Finally, for the worm spreading model, we describe how worms propagate in a Moores neighborhood
October Issue
International Journal of Computer Information Systems, Vol. 3, No. 4, 2011 using the Susceptible-Infected-Susceptible model (SIS) [1]. In the SIS model [1], a host stays in one of the two states: infected and therefore infectious, or healthy and then susceptible. If a host has been infected by network worms, then its current state is called infectious state. If a host has not been infected by any worm, then its current state is called susceptible state. Each susceptible host may become an infectious host with the probability . Similarly, an infectious host may be cleaned of worms, and becomes a susceptible host with the probability . In general, and have different values. Figure 2 below shows the sequence of spread of worms in an ad hoc network using the SIS model. periodic boundary conditions. Our simulation starts with one randomly chosen node as infected, and all the other nodes are susceptible. Each point is simulated for T=2000 time steps, of which the first half (1000) were discarded to let transients die out and for the system to reach its asymptotic steady state.
Figure 2. Worm spreading using the SIS model. Red discs indicate infected hosts, while blue discs are the susceptible hosts. We set the probabilities and to 1, such that an infected (susceptible) node becomes healthy (infected) at the next time step. The SNR threshold is set to 0 to represent the communication regardless to interference between nodes. Arrows are used to represent communications between hosts. The grid representing the network is populated with N mobile nodes. We start at time t=0 with only one randomly node as infected by a worm, and all the other nodes are in the susceptible state. At each time step, the infected node tries to transmit the worm to the nearby nodes located in Moores neighborhood. Susceptible nodes would be infected with probability as long as they receive a transmission containing a copy of the worm from an infected neighbor. We assume that each host in the network offers patch against worms. Infected nodes get patched and become then susceptible. III- Results and analysis This section presents the simulation results of the worm propagation in the wireless ad hoc networks comprising N (=80) mobiles hosts distributed randomly in a square grid of 20 x 20 cells with
Figure 3. Number of active connections as a function of the density Each point of the diagram represents the result from the latter 1000 iterations (to reach steady state) on a grid of 400 cells starting from a random configuration. The results of the figure 3 display the number of active connections as a function of the density of the network . We considered different values of the SNR threshold to examine the effect of nearby nodes on the signal strength between node i and node j. = 0 is used where a connection is always possible between two nodes in a given neighborhood regardless of other nodes in the neighborhood. On the other hand and in order to see the effect of other nodes within neighborhood of the transmitting pair of nodes, the values of must be positive ( > 0). In this latter case, a connection is only possible if the signal strength between node i and node j is greater than the SNR threshold . From figure 3, we can see clearly that for = 0, the relationship between the number of active connections and the density of the network appears to be exponential in nature. This is obvious since for this case, i.e. for = 0, all the nodes of the neighborhood communicate with the actual node.
October Issue
International Journal of Computer Information Systems, Vol. 3, No. 4, 2011 For > 0, the number of active connections increases, then after a certain value of the density , this number decreases as the network approaches saturation state. This result is expected, since increasing the number of nodes in the network increases the number of neighbors and therefore the number of active connections. But once the network approaches the saturation state, the number of interferences increases, causing then a reduction in the number of active connections. connections decreases (figure 3) and consequently the risk of infection. On the other hand, the mobility of hosts affects the worm spreading. In fact, for higher mobility, pmove = 0.9 for instance, the infection is reached earlier than for slower mobility. This result can be interpreted as follows: More nodes will have the freedom to move, the more the flock will have the chance to form. Thus, the number of active connections (i.e. the number of communications) increases and consequently the risk of infection.
0,6
0,5
pmove=0.9 =0.2
0,4
0,3
0,2
0,1
0,0 0,0 0,1 0,2 0,3 0,4 0,5 0,6 0,7 0,8 0,9 1,0 1,1
Probability of infection
Figure 5. The proportion of infected hosts as a function of infection rate for different values of Finally, as one can see from Figure 5, the probability has an impact on the infection of the hosts in the network. If we increase the value of , the value of c decreases. This result is immediate since a larger value of promotes the formation of the flock (see algorithm 1.). The number of communications between nodes in the network is then increased, and therefore increasing the risk of infection. IV- Conclusion In this paper we have studied the worm propagation in mobile ad hoc networks (MANETs) using two different methods of mobility: the Random Walk Mobility model and the Flock Mobility model. We are interested mainly by the study of factors affecting worm spreading in the network. Our results show that the behavior of worm spreading in the population of mobile nodes of an ad hoc network is greatly affected by several factors, such
Figure 4. The proportion of infected hosts as a function of infection rate for two values of pmove=0.1 (a) and pmove=0.9 (b). The figure 4 represents the proportion of infected hosts as a function of infection rate for different values of the threshold . It can be seen clearly that there is a critical threshold c below which a worm cannot spread in the network and above which it infects a finite fraction of the hosts. The value of depends on the threshold . Indeed, when the value of increases, the number of active
October Issue
International Journal of Computer Information Systems, Vol. 3, No. 4, 2011 as the mobility of hosts (pmove), the way by which hosts move in the network (Random Walk Mobility or Flock mobility) and the value of the Signal to Interference Ratio (SNR) threshold. REFERENCES
[1] [2] F. Cohen, Computer Viruses: Theory and Practice, Computers & Security, vol. 6, Feb. 1987, pp. 2235. Z. Huang, S. Wang, X. Xu, J. Sun and Y. Wang, Mobile Agents affect worm spreading in wireless ad hoc networks, Journal of Statiscal Mechanics: Theory and Experiment, Vol. 2009, Sept. 2009. X. Wang and Y. Li, An Improved SIR Model for Analyzing the Dynamics of Worm Propagation in Wireless Sensor Networks, Chinese Journal of Electronics, vol. 18, N1, Jan. 2009 C.C. Zou, W. Gong, and D. Towsley, Email Virus Propagation Modeling and Analysis, Amherst, Technical Report: TR-CSE-03, 2003, Citeseer G. Serazzi and S. Zanero, Computer Virus Propagation Models, Tutorials of the 11th IEEE/ACM intl Symp. On Modeling, Analysis and Simulation of Computer and Telecom Systems MASCOTS 2003, Springer-Verlag, 2003. C.C. Zou, W. Gong, and D. Towsley, Code Red Worm Propagation Modeling and Analysis, Proc. 9th ACM Conf. on Computer and Communications Security, Nov. 2002, pp. 138147. C. Wang, J.C. Knight, and M.C. Elder, On Computer Viral Infection and the Effect of Immunization, Proc. 16th Annual Computer Security Applications Conf., 2000, pp. 246256. J. Kim, S. Radhakrishnan, and S.K. Dhall, Measurement and Analysis of Worm Propagation on Internet Network Topology, Proc. 13th Intl Conf. Computer Communications and Networks (IEEE ICCCN2004), Oct. 2004, pp. 495-500. K. Nagel and M. Schreckenberg, A cellular automaton model for freeway traffic, Journal of physical I France, Vol. 2, pp. 2221-2229, 1992. A. Schadschneider and M. Schreckenberg, Cellular automaton models and traffic flow, Physics A, (26):679{683, 1993. C. W. Reynolds, Flocks, Herds, and Schools: A Distributed Behavioral Model, Published in Computer Graphics, 21(4), July 1987, pp. 25-34. (ACM SIGGRAPH '87 Conference Proceedings, Anaheim, California, July 1987.) Delgado-Mata C, Ibanez J, Bee S, et al. (2007). "On the use of Virtual Animals with Artificial Fear in Virtual Environments". New Generation Computing 25 (2): 145169. doi:10.1007/s00354-007-0009-5. Hartman C, Benes B (2006). "Autonomous boids". Computer Animation and Virtual Worlds 17 (3-4): 199206. doi:10.1002/cav.123. P. Orenstein and Z. Marantz, Application of cellular automata to modeling mobility and radio wireless communication in wireless networks, Proc. IEEE SARNOFF Symposium, April 2005.
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
October Issue