COGNITIVE AGENTS BASED SECURITY SCHEME TO HANDLE ROUTING LOOPS IN WIRELESS NETWORKS

Routers in wireless networks are often prone to variety of attacks like a man in the middle, distributed denial of service, smurf, ping of death, routing loops, counting to infinity, . Among all these attacks routing loop is the most common one and it have a harmful effect on network performance. In this study, we have proposed a novel cognitive agents based security scheme to handle routing loops in wireless networks. The proposed scheme uses Cognitive Agents (CAs) on every routers with Observation-Belief (O-B) model, which detect and handle routing loops efficiently. As a result, network performance improves with respect to various performance metrics like delay, packet loss ratio, bandwidth consumption, throughput, latency, queue length and so on.


Wireless Network Security
In recent years, wireless networks are gaining more popularity because they have become cheaper and more effective source of information (Kanawat and Parihar, 2011;Fan et al., 2005;Barman et al., 2007). However risks are inherent in wireless networks due to a variety of attacks, which have devastating impact on the network performance (Chou et al., 2009;Lashkari et al., 2009). Therefore security plays a vital role in wireless network.

Routing Loops
Routing is the process of forwarding the packets from source to destination through the shortest and secure possible path. Routing loops is a common problem in wireless networks. In a general wireless routing scenario, the source sends the packets containing destination address to the network of routers. It is the job of the routers to intercept the packet and forward it to the intended destination. If the router is witnessing routing loop attack then the packets continue to be in a loop forever (Chakrabarti and Manimaran, 2003;Yeung and Fung, 2004). Consider an example (Fig. 1), where there exists a source node 'S' and destination node 'D', along with a set of routers (R1,R2, R3 and R4). S first forwards the packets to R1, then to R2, which in turn forwards it to R3. In the usual case R3 was supposed to forward the packets to destination 'D'. Suppose R3 and R4 are under routing loop, then R3 forwards packets to R4 and R4 forwards it back to R1. This forces the packets to circulate in the loop until there Time To Live (TTL) value expires.
Routing loops are classified into two types i.e., transient routing loops and persistent routing loops. In transient routing loop, packets get trapped in a loop for a short period of time. Factors that cause transient routing loop are propagation delay, uneven routing table updation, changes in network topology and so on. In persistent routing loop, packets gets trapped in a loop for a prolonged period of time. Factors that causes persistent routing loop are routing table poisoning, miscon-figuration of router, duplication of router control information, overloading of shared links and so on. Compared to transient loop, persistent loop causes devastating impact on network performance (Xia et al., 2005;Saini and Khari, 2011).

Impact of Routing Loops on Network Performance
Usually lack of consistency in routing table data causes routing loops. Among all routing attacks, routing loop attacks are the most common one and has a harmful effect on net-work performance, which includes unbounded delay, increased packet loss, out of order delivery of packets, excessive band-width consumption, degrading the quality of service, booming jitter, decreased throughput, packets get distracted and swing into wrong location, routing cache poisoning, count to infinity problem. Hence there is a need to detect routing loops in its early stages and develop counter measures to handle it properly (Waichal and Meshram, 2013).

Cognitive Agents
CA is a software entity which functions continuously and autonomously in a particular environment, able to carry out activities in a flexible and intelligent manner. CAs are good at handling routing problems in wireless network (Minar et al., 1999;Muraleedharan et al., 2007;Hengartner et al., 2002a). The following features of CAs helps in handling routing loops problems: CAs observes the behavior of surrounding routers and makes decision accordingly. Suppose if the router is exhibiting suspicious behavior (i.e., frequently dropping packets, excessive link bandwidth consumption and so on) then CAs suspects that the packets routed over that path is in routing loop.
CAs learns the traffic pattern on the ongoing link, then compares the current traffic pattern with the earlier one. If the deviation among them is high then it senses that the link is getting over utilized and suspects the packets passing over that link to be in indeterminate loop.
The proactive nature of CAs helps in detecting the packets that are mistreated i.e., those packets will be prevented from further broadcasting and sending speed of the packets will also be reduced. Thereby the CA successfully determines the compromised router with malicious intent.
If the routing table is taking much longer time to concenter, then the CA with opportunistic nature helps in spotting the count to infinity problem.
CA diagnoses the network topology for artificial partitions. If it finds any artificial partition then the routing table is considered to be poisoned. Because artificial partitions are created by the wrong entries present in the routing table.
Since the wireless routers are restrictive in resources, having CAs based scheme will efficiently make use of resources to propose required security.

Proposed Cognitive Agents Based Adaptive Security Scheme
The proposed security scheme for routers in wireless networks, mainly consists of two functional components i.e., Action-Taker and Belief-Analyzer. The presence of routing loops are detected by incorporating O-B model in CA on every router. The Action-Taker with two sub components Observation-Identifier and Belief-Generator generate beliefs over the connections and then takes security actions based on the generated beliefs. If the generated belief is No-Routing-Loop, then the connection is considered as trustworthy and it will be continued as earlier; if the belief is Suspect-Routing-Loop, then the connection is considered for further analysis, suspected belief will be sent Science Publications

JCS
to Belief-Analyzer component, which either confirms or ignores the suspected belief; if the generated belief is Confirm-Routing-Loop, then based on the deviation, the connection is declared as malicious or not.

Organization of Paper
The rest of the paper is organized as follows, section 2 gives some of the related works, section 3 provides some of the terminologies used in the study, section 4 explains CA with O-B model, section 5 discusses the proposed security scheme in the detail, section 6 gives a sample packet flow diagram for various formulated beliefs, section 7 discuss the results obtained, finally section 8 draws the conclusion.

RELATED WORKS
Routing loops are caused by inconsistencies in routing table. Hengartner et al. (2002b), routing loops are classified based on loop sizes and loop durations. Here, routing loops causes are identified and then an analysis is carried out to determine its impact on packet loss, delay incurred, link utilization and jitter. The results obtained shows that the routing loops have a profound impact on network performance.
Detection and analysis of routing loops in (Garcia-Lunes-Aceves, 1993), discusses routing loops manifestation in packet traces. Here an algorithm is presented that detects the presence of routing loops based on the packet replica streams. The algorithm first detects the packet replicas, validates the replicas and then merge the replica streams. The merged replicas are considered as routing loops and all the packets in the merged replicas are trapped in the routing loop. The algorithm is applied on packet traces of sprint IP backbone network and packet replicas is analyzed with respect to TTL value and several other factors. The paper does not consider per connection analysis for routing loops.
Loop free routing algorithms i.e., diffusing update algorithms are designed in (Francois and Bonaventure, 2005). These algorithms treat the distributed shortest path routing as diffusing computations problem and converges in finite time after any topological changes and link failures. It performs better than the existing loop free routing algorithms which involves message and storage ambiguities. But it lacks practical implementation and results for the newly proposed diffusing update algorithms.
In routing loops (Francois and Bonaventure, 2005) various topological changes that occur in large networks are discussed. Then it proves that by ordering the updates of the routing tables, transient loops can be avoided during interior gateway protocol convergence period. A protocol is also proposed for updating the routing table content, which in turn avoid the transient loop with less computation overhead. But the problem of updating consistent forwarding information base is not addressed.

DEFINITIONS
In this section, we provide definitions for some of the terminologies used in the study.

Looping Parameters
The networking parameters that causes a routing loop are referred as Looping Parameters. e.g.,: TTL value, Internet Protocol (IP) header checksum, link utilization rate, packet transmission rate.

Observation
Primarily, Observation means becoming aware of connections behavior based on their looping parameters value. Example: Conventional packet format, regular traffic, endangered integrity.
An observation is obtained from the collection of various looping parameter. E.g., an observation called Conventional packet format is obtained by a set of looping parameters like {TTL value of the packets passing through the router are unique, Packets are passing through a particular router only once, IP header checksum matches with the checksum of every hop along the path}.

Belief
A strongly held notion about routing loop existence or non-existence is known as belief. Example: No-routing loop, Suspect-routing-loop and Confirm-routing-loop.
A belief is deduced from various observations. E.g., a belief called Suspect-Routing-Loop is derived from a set of observations like {Unconventional packet format, Irregular traffic and Preserved integrity}. A detailed belief generation model is shown in Fig. 2.

Time Window
Time window is the measure of the number of packets that are transmitted in a specified period of time over a connection.

Belief Database
This database is available at Belief-Analyser for maintaining history of beliefs generated over the connections. The entries in Belief database are represented in tree form i.e., root node and intermediate node identify the network to which the connections belong to and leaf nodes stores the beliefs generated over the connections. A sample belief database tree structure is shown in Fig. 3, for some of the class C IPV4 addresses mentioned in Table 1.

COGNITIVE AGENTS BASED SECURITY SCHEME TO HANDLE ROUTING LOOPS
In this section, we first explain a wireless networking model considered for the proposed scheme and then discuss the functioning of CA along with its components and corresponding algorithms.

Network Model
Consider a wireless networking environment i.e., comprised of N nodes (connections) distributed over a wide geographical area (Fig. 4). Packet streams are forwarded from source nodes to destination nodes through several routers along the path. CA with O-B model is placed on every router, receives packet streams from various source nodes then intercepts looping parameters from each stream. After intercepting the looping parameter values, it generates a belief over that particular packet stream using O-B model. Then the generated belief will be analyzed further to determine the existence or non-existence of routing loops.

CA on Router
CA is placed on every router, mainly consists of two important components i.e., Action-Taker and Belief-Analyser. Action-Taker receives all the incoming connections and generates beliefs over the connection. Based on the generated belief, actions will be taken on the connections. Action-Taker will make use of Belief-Analyser while diagnosing any suspicious connections. CA along with its components is pictorially depicted in Fig. 5.
Action-Taker: Action-Taker with O-B model is one of the important functional components in the proposed architecture. The O-B model has two sub components i.e., Observation-Identifier (OI) and Belief-Generator (BG).
Three kinds of beliefs are generated over a connection i.e., No-Routing-Loop, Suspect-routing-loop and Confirm-Routing-Loop. In case of No-Routing-Loop, the connection is genuine without any malicious intent. In case of Suspect-Routing-Loop, connection is suspected to be malicious, Belief-Analyzer component is used for further analysis. In case of Confirm-Routing-Loop, connection immediately starts exhibiting steep looping parameters and decision cannot be taken based only on that. So if the number of times Confirm-Routing-Loop beliefs generated exceeds the Confirm-Routing-Loop threshold i.e., Th crl then it is considered as malicious and will be terminated permanently else the connection is prone to be malicious, as a proactive measure its time window size will be shrinked for a CRTT period. The functioning of Action-Taker is given in algorithm 1.
The process of computing Th crl is given as follows.

Observation-Identifier
The OI helps in identifying observations for connection based on its current looping parameters value. The looping parameters are logically combined to form observations. A sample working of OI is given in algorithm 2:

Belief-Generator
The BG generates beliefs based on the observations that are identified over each connection. Here, logical AND. operation is applied on the identified observations, based on the resultant value belief will be generated over the connection. A sample working of BG is given in algorithm 3.

Belief-Analyzer
Belief-Analyzer finds the Cumulative Deviation Factor (CDF) between the received suspected belief of a connection and that connections beliefs in belief database. It establishes a threshold for suspectrouting-loop beliefs i.e., Th srl based on the history of beliefs in Beliefs database. If the CDF is within the Th srl then the suspect-routing-loop belief will be ignored, but as looping parameters exhibited by the connection are little more than the normal range, as a proactive measure that connection will temporarily disconnected for a CRTT period else the connection is confirmed to be malicious and it will be terminated permanently. The logic of Belief Analyzer is shown in algorithm Equation 4 and 5:

PACKET FLOW DIAGRAM FOR VARIOUS BELIEFS FORMULATED OVER THE CONNECTIONS
In this section, we discuss the general structure of the packet and routing table then sample packet flow diagram is drawn for every different kinds of beliefs (i.e., No-Routing-Loop, Suspect-Routing-Loop and Confirm-Routing-Loop) generated over the connections. Figure 6 shows the general structure of the packet and routing table. Figure 7 shows a sample packet flow diagram for No-Routing-Loop belief. Here, we can observe that TTL value of the packets are unique, header checksum of the packet and checksum at every hop are same and packet passes through the router exactly once. By seeing all these features CA on router formulates a belief called No-Routing-Loop over the connection. Figure 8 shows a sample packet flow diagram for Suspect-Routing-Loop belief. Here, we can observe that TTL Value of the packets are unique, header checksum of the packet and checksum at every hop are not same and packet passes through the router twice. By seeing all these features CA on router formulates a belief called Suspect-Routing-Loop over the connection. Figure 9 shows a sample packet flow diagram for Confirm-Routing-Loop belief. Here, we can observe that TTL value of the packets are same, header checksum of the packet and checksum at every hop are not same and packet passes through the same router very often. By seeing all these features CA on router formulates a belief called Confirm-Routing-Loop over the connection.

RESULTS
In this section, we discuss the performance of the pro-posed cognitive agent based security with respect to various networking parameters like packet drops, latency, packet re-transmission rate. Figure 10 shows a plot on beliefs over the connections Vs average delay incurred. Here, beliefs are classified into three types i.e., no routing loop, suspect routing loop and confirm the routing loop. In case of No-Routing-Loop (NRL), looping parameter values are within the normal range, so Action-Taker immediately formulates the belief and the amount of computation involved is less. As a result, the packet experiences zero incurred delay; In case of Suspect-Routing-Loop (SRL), the looping parameter values are slightly above the normal range so Action-Taker consults Belief-Analyser to ignore or confirm the belief. Here, the amount of computation involved may be slightly more so the packets may experience increased delay; In case of Confirm-Routing-Loop (CRL), exceeds the normal range at a sudden, but will be handled efficiently by the Action-Taker. As a result, the delay experienced by the packets will be less. Figure 11 shows a plot on transmission time (sec) Vs throughput (bps). Here, CAs are built with O-B model so they are intelligent enough in tracking the routing loops. So the chances of packets getting trapped in a routing loop and wasting the bandwidth decreases. As a result, network throughput increases over time. Meanwhile, its history database will be updating so it can accurately detect the presence or absence of routing loop. Figure 12 shows a plot on transmission time Vs packet loss ratio. Here as the packet transmission time proceeds the packet loss ratio experienced will be reduced because of the two factors i.e., belief generation and use of the time window. The CA on every router generates beliefs over the connections for every time window period. Time window helps in choosing an optimal rate for packet transmission over the connection and belief generation helps in selecting reliable path i.e., free from all kinds of routing loops for packet transmission. As a result the packets sent will be successfully delivered to the destination and packet loss experienced will be reduced over time. Figure 13 shows a plot on the number of connections Vs efficiency in detecting the routing loops. As the number of connection increases the efficiency in detecting the routing loop also increases. CA diagnoses many connections, it gains more knowledge about the connections and its packet streams.

CONCLUSION
In this study, we have presented a novel cognitive agents based adaptive security scheme for routers in wireless net-works. Cognitive thinking is employed in the router, which makes it more proactive and opportunistic in nature. Routers with cognitive agents can effectively detect the presence of routing loops and handle it efficiently. It also makes sure that the packets get transmitted only through the secure path that is free from all kinds of routing loops. The proposed security scheme enhances the network performance with respect to various performance metrics such as routing delay, latency, packet drop ratio, throughput, bandwidth consumption, queuing length.