EsECC_SDN: Attack Detection and Classification Model for MANET

1  Introduction

Mobile Ad Hoc Network (MANET) comprises a vast range of mobile nodes to establish the network connection based on the demand in the network. Within the MANET environment, every packet in the network act as a router [1]. Furthermore, MANET has been widely utilized in a vast range of applications such as disaster management, military, personal area, networks, and so on. MANET environment comprises the dynamic or mobile environment with the estimation of failure point detection in the mobile ad-hoc environment [2]. However, the effective design of the protocol is involved in the transmission of packets in a dynamic environment between sender to receiver in topology. MANET environment comprises of the different categories such as the reactive, proactive, and hybrid environment. MANET environment provides connection-less, server, and permanent models in the centralized environment for dynamic access of data in a remote-control environment for improved security [3]. The functionality of MANET comprises the data blockage and time for the communication environment. MANET network offers a realistic framework with a broad range of social networking environments. The data transmission in the network is involved in information transmission based on reaction and query [4].

To improve the trusted user’s privacy, needs to be maintained for effective maintenance of security. In a multi-hop MANET environment, explored packets need to be concerned about reaching the destination within the stipulated period. It is thought to be necessary for the construction of networks that connect nodes that are cooperative with one another [5]. In a MANET environment, data transmission routing is considered an effective parameter for the identification of optimal paths between nodes. The optimal performance of MANET is increased with spatial reusability of the nodes with increased throughput and end-to-end packet delivery [6]. Generally, the MANET is subjected to a vast range of security issues like the overflow of the routing table, wormhole, poisoning, snooping, packet replication, and denial of service (DoS).

The attacks affect the data transmission path between nodes to reach the destination without packet dropping [7–9]. Those attacks can be either single or collaborative in the case of single; in which packets are dropped independently, those are forwarded to the neighbors. In collaborative attacks, malicious nodes cooperate with packet dropping with the elimination of detection time [10]. To achieve the desired security in MANET, secure data transmission needs to be achieved using the cryptographic method. A similar key distribution within the network needs to be achieved. However, key distribution is a challenging task in the MANET environment. Usually, key management is involved in key setting, distribution of keys, and reversals of keys. In addition, this cryptographic scheme is subjected to the challenge of load balancing for handling public keys [11].

This research concentrated on improving security in the MANET environment due to the mobility and openness of the network. To achieve security in the MANET environment, this paper incorporates the following things.

•   This paper incorporates SDN architecture to maintain the architecture of the MANET environment.

•   In this paper escrow-based, Elliptical Curve Cryptography (ECC) is applied for data encryption. The generated keys are updated in the SDN for MANET security.

•   To detect the attack transductive attacks integrated with Hidden Markov model (HMM) with hyper alerts.

•   Within the transductive matrix, k-centroids are implemented for examination of attacks in the network.

•   To classify the attack Intrusion Detection Evaluation Dataset (CIC-IDS2017) [12] is utilized for detection of attack in the MANET.

•   The performance of the proposed EsECC_SDN is evaluated under two scenarios with attackers and without attackers. Finally, the proposed EsECC_SDN is a classifier based on a Support Vector Machines (SVM) classifier for attack classification.

This paper is organized as follows: In Section 2, related works are presented. The proposed EsECC_SDN for MANET with hidden Markov model (HMM) and transductive model for security is presented in Section 3. The simulation setting and classification of attacks are presented in Section 4 followed by the overall conclusion in Section 5.

2  Related Works

A MANET subjected to challenge of security to achieve desired communication performance of the network. This section provides the data transmission scheme between the nodes and the security scheme.

In [13], the authors developed a security scheme for MANET focused on DDoS attack prevention. The model involved in classification of DDoS attack with uses of dataset LIBSVM. The dataset for examination is generated through NS2 simulator for prediction accuracy. The testing and validation of the dataset s based on the consideration of bit rate, delay and packet delivery ratio PDR. The analysis expressed that the characteristics of the DDoS attack is minimal traffic network. However, the developed model involved in reduction of overall accuracy of the network.

In [14], the authors proposed a Diffie-Hellman method of key exchange and elliptic curve cryptography (HDHECC) for reliable data transmission with cryptography algorithm. Initially, the proposed HDHECC perform clustering with Low-energy adaptive clustering hierarchy (LEACH) protocol with selection of head with assigned weights in each node. Moreover, the proposed HDHECC incorporates trust mechanism for management of keys to retain public keys in the member node. With centralized key management public key are stored for estimation of packet loss, end-to-end delay and Packet delivery ratio. Similarly, in [15], the authors implemented multicast delay with cooperative multicast scheme for routing in MANET. The developed multicast algorithm with implementation of two-hop relay, where the packet transmitted between relay nodes to source node. The destination node involved in reception of packet from source node to the relay nodes. With implementation of multi-cast scheme cooperation and non-cooperation scheme is implemented for unicast algorithm with destination node those are equal to one. Furthermore, theoretical based Markov model cooperative multicast scheme for characterization of packet delivery.

To increase the overall security in the MANET network, in [16] the authors developed a modified ad-hoc on-demand multipath distance vector (AOMDV). The AOMDV model involved in detection of black hole attack in MANET for secure data transmission. In addition, AOMDV comprises of multi path message transmission for secure data with homomorphic encryption scheme. The examination of the results expressed that the PDR and throughput is higher. In [17], the authors examined the different MANET attacks for the security improvement than the conventional technique. The performance of the network is computed based on the estimation of routing table with minimal delay. The MANET efficiency is based on consideration of the different factors such as flow rate, mobility, traffic, attackers, and position of nodes. Similarly, in [18], the authors presented a decentralized traffic monitoring system based on optimization model. The optimization-based approach uses bio-inspired algorithm stated as Artificial Immune System Based Algorithm (AISBA).

The proposed AISBA algorithm incorporates Artificial Immune System (AIS) for estimation of selfish and genuine nodes. With implemented protocol design, PDR is achieved as 93.47%. In [19], the authors focused on optimization and secure routing in MANET environment. The optimal routing in MANET is achieved through Ant Colony Optimization (ACO) for improved routing through estimation of difficulties in the network. To evaluate the network complexity, fuzzy logic model is implemented termed as Safety Aware Fuzzy Enhanced Ant Colony Optimization (SAFEACO) for effective routing in the network. The designed SAFEACO exhibits significant performance for the black hole, Sybil and inundation attacks in the network with computation of PDR and end-to-end delay.

In addition, in [20], the authors evaluated the MANET network performance based on Ad hoc On-Demand Distance Vector Routing (AODV), Dynamic Source Routing (DSR) reactive protocols. The evaluation is based on consideration of QoS matrices for guaranteed sensitivity level. The estimation is based on the consideration of node (PHY) layer. The estimation is based on the consideration of end-to-end delay, PDR and control overhead. In [21], computation is performed based on the peer-to-peer computing in the MANET. The performance is based on overlay participating peers (OPPs) for efficient processing in the MANET environment. With increase in node mobility overlay of protocol is minimized with increased maintenance, computation, control overhead, and lookup latency. In [22], the authors developed a AODV-BS protocol for prevention of black hole attack in MANET environment. The estimation is based on the consideration of different MANET model for normalization of the routing. The performance of the MANET is computed for the normalized routing, network delay and packet delivery ratio. Tab. 1 shows the summary of the literature.

3  Security Scheme in MANET

The proposed escrow technique comprises the trustworthy SDN environment for security enhancement with the classification of attacks in the MANET [23–32]. The SDN acts as a centralized environment for data transmission and reception between nodes. With the SDN, the environment performs encryption and decryption. The environment of MANET is focused on improving authentication, confidentiality, integrity, and availability [33–42].

•   Authentication–The legitimacy of the engaged data source that needs to be authenticated.

•   Confidentiality–The system that involved in data processor execution in a devices.

•   Integrity–The unauthorized user information is

•   modified or corrupted.

•   Availability–The capability of a network involved in the provision of appropriate services.

The proposed EsECC_SDN comprises five phases. The five steps involved in the model are Setup Phase, Key Generation, Encryption, decryption of node phase and decryption of the head phase. The proposed escrow scheme uses third party identification with the SDN controller. With SDN architecture MANET, network environment involved in the provision of global, versatility, optimization, and process. The proposed EsECC_SDN incorporates limited availability of resources and an appropriate strategy for connectivity for an unfeasible environment. The constructed escrow comprises the networking scenario with a structured, hierarchical, configuration of the separate data in the control plane.

3.1 ESECC_SDN Cryptographic Scheme for Security

The proposed EsECC_SDN comprises the 5 phases those need to be encrypted and decrypted through ECC [43–53]. The basic scenario in the encryption and decryption process is presented in Eq. (1)

I={setup,Encrypt,decrypt,SDN decrypt}(1)

Consider the two prime numbers p and q with the bit size of k (i.e., 2k−1<p,q<2k). The generated random numbers are stated as N=p2q with the random component value of g∈Zn and the order is stated as gp:=gp−1mod p2. Based on the computed value hashing is performed H:{0,1}∗→Z2k−1G:Zn→{0,1}M∗{0,1}k−1 for the positive integer value of M. In this public key are generated as PK=(N,g,H,G).

3.1.1 Key Generation

The input obtained with the random integer k is transmitted to the escrow for signature verification. The selected integer is stated as k−1 for sk∈{0,1,…,2k−1−1} is computed as pk=gskmod N.

3.1.2 Encryption

The process of ECC in the encryption is involved in the computation of message as m ϵ{0,1}m with the public key generation of pk for the random integer k−1. The ciphertext is computed as c=(A,B) with symmetric key encryption of A=gH(m||r)mod N and B=k+(m||r).

3.1.3 Decryption

The decryption of the encrypted data of the nodes in the MANET network is computed based on the secret key sk with the deciphering of the encrypted text as C=(A,B) with the computation of m‖r=B+G (Askmod N). As the proposed EsECC_SDN overall architecture of the encryption and decryption process are evaluated for analysis.

In MANET environment SDN estimated the escrow value for the estimation of the centralized environment. Upon the verification, the established trust between nodes is computed for data transmission and authentication. The computed network with SDN comprises the encryption and decryption for the classification of attacks in the network. The developed architecture process is presented in Fig. 1 and the Algorithm 1 is presented as follows.

Figure 1: Overall architecture of EsECC_SDN

The public keys of the system are formed by (G, B) and can be publicly in an open channel while the private key of ECC is represented as m.The encrypted data is available at the centralized SDN, the node those wants assess to within the network needs to get permission within the network that is performed in the revocation phase. The network revocation phase comprises the deep learning techniques AdaBoost integrated regression model that classifies whether the particular node is an attacker or a normal user.

The proposed EsECC_SDN uses AddDH to denote the secure addition gate, which is given the ciphertext CT1 and CT2 of plaintext kp1 and kp2 under public key pkDH1 and pkDH2 respectively, the calculates the sum as c1 + DH c2 = AddDH(CT1, CT2). Similarly, MultiMF denotes the secure multiplication gate, the calculates the products as CT1 × DHCT2 = MultiMF(CT1, CT2). Similarly, MultiMF denotes the secure multiplication gate, the calculates the products as CT1 × DHCT2 = MultiMF(CT1, CT2). With the proposed EsECC_SDN transductive based HMM model is applied for the prevention and detection of attack in the MANET. As the HMM model belongs to the class of Bayesian network with computation of the probabilistics feature in the time-series analysis. The Hidden Markov model utilizes the sequences of the Hidden Markov chain in the hidden form for the computation of the different sequences randomly. In this paper the HMM is applied in the intrusion detection system for the temporal estimation of the undefined sequences in the network. The malicious within the network are computed based on the consideration of the multiple attacks with computation of the network characteristics to detect network accuracy. With estimation and identification of the temporal relationship attacks are computed and identified with consideration of the different states in the hidden layer for alerts transmits in the layer. Through application of the HMM in the malicious attack detection in the network cloud with transfer probabilities are presented in Fig. 2. The state of HMM model is denoted as s with the time instances t with the node count of ni. The HMM model applied in the MANET network are presented in Eq. (2)

λ=(B,H,C,J,π)(2)

Figure 2: HMM model for attack detection

As shown in Fig. 3, the observation layer sequences are measured as N = (n1,n2,…, nT) with the attack intents represented as nt= vi. At some instances, the intents within the hidden layer is presented as H(i1,i2,…,iT). At some times the instances can be it=Si based on the attack sequence conditional probability for the vertical attacks is given as P(ali|Si). Also, with the intents with horizontal attack the conditional probability of the network scenario is defined as Sj as P(Sj|Si). Generally, the application of HMM model comprises of the different challenges such as parameter estimation probability and decoding. The attack in the network at every stage are evaluated using transductive learning with transmission of sequence of hyper alerts with the random length of L=(n1,n2,…,nM). In the network the positive integer value is denoted as M denoted as N=(al1,al2,…,aln). The intents of the hidden layer attack is stated as H and the probabilistic model values are represented in Eq. (3):

P(N|λ)=∑IP(N,I|λ)=∑IP(N|I,λ)P(I|λ)(3)

Figure 3: Overall Architecture of ESECC_SDN

To reduce the intents for each attack both forwarding and backward operation are performed. The network hidden state is denoted as ti with the observed node n1,n2,…,nt with the forward probability of αt(i). For hidden state t+1 the corresponding state in the network is represented as nt+1,nt+2,…,nT with the backward probability of βt(i) those are represented in the Eqs. (4) and (5).

αt(i)=P(n1,n2,…,nt,it=qi|λ)(4)

βt(i)=P(nt+1,nt+2,…,nT|it=qi,λ)(5)

The present state of intent probability is given in Eq. (6)

γt(i)=P(it=qi|N,λ)=P(it=qi,N|λ)P(N|λ)(6)

For backward probability, it is given in Eq. (7),

P(it=qi,N|λ)=αt(i)βt(i)(7)

Which provides,

γt(i)=αt(i)βt(i)∑j=1Nαt(j)βt(j)(8)

With the defined states of model λ, the observation sequence N, the probabilities are computed for each states as qi and qj for the time instances t and t+1 given in Eqs. (9)–(11)

δt(i,j)=P(it=qi,it+1=qj|N,λ)=P(it=qi,it+1=qj|N,λ)P(N|λ)(9)

P(it=qi,it+1=qj,N|λ)=αt(i)aijbj(Nt+1)βt+1(j)(10)

δt(i,j)=αt(i)aijbj(Nt+1)βt+1(j)∑i=1N∑j=1Nαt(i)aijbj(Nt+1)βt+1(j)(11)

The simplified form of the equation is presented in Eq. (12),

P(N|λ)=∑i=1N∑j=1Nαt(i)aijbj(Nt+1)βt+1(j)(12)

With the HM model the trained model is represented as λ=(C,J,π).

3.2 Transductive Transfer Learning Framework

In second phase of the proposed ESECC_SDN architecture transfer learning with the transductive (TL) is formulated for the attack prevention. The constructed TL model involved in binary classification process for the labelled instances represented as Ls. The attack prevention can be denoted as As with assignment of label classes in the label cluster. With the defined technique the soft label instances are computed for the threshold values those are involved in data transfer clustering process. The labels in the TL are evaluated and derived with the HMM model values without any attack stated as λ. As stated earlier the HM model uses the attack detection and prevention denoted as λ=(C,J,π). The Fig. 3 illustrates the overall architecture for the proposed ESECC_SDN model is presented.

3.2.1 Attack Prevention with ESECC_SDN

The attack prevention in the network is evaluated based on the domain capturing semantics with calculation of the HMM model ranking with consideration of the cluster group mean. The formulation of cluster is based on the consideration of the length of the cluster defined as (i−1th and i+1th) for the different domains. In the constructed cluster the similarity index is formulated as Msp,q. In the cluster domain p and ith offers the q value of 1. Similarly, with the domain p and q for instances (i−1)th and (i+1)th the values are measured as 0.5 else it will be assigned as 0. Through source transformation domain the mapping function targeted to compute the latent space d for the different attack scenarios. Subsequently, the attack domain conversion is evaluated based on the label instances latent space for the classification of the target domain to prevent attacks. To perform attack prevention soft labelling is applied in the target instances with the appropriate training within the classifier. Through the derived HMM model the deep learning framework model uses the cluster score assignment for the attack prevention. Initially, the source cluster are assigned with labels either “normal” or “attack”. The network target domain is denoted as D1t and D2t based on source label Euclidean distance estimation and ranking as ri,ri+1,ri−1, the labelling process in the HMM model is defined in sequence of steps those are listed as follows:

Step 1: Initially, all labels are stated as zero

Step 2: If ranked as ri in the source cluster then consider the attack α is applied in the cluster else it eliminates form the cluster group

Step 3: If the source cluster ranking is provided as ri+1, with the attack α2 in the system else it will be eliminated from the group cluster.

Step 4: For ranking as ri−1 in source cluster, then attack α2 is incorporated in the cluster else it will be removed in the cluster.

Finally, the target score is computed for the estimated attacks in the instances of the cluster group. The instances threshold values T1 provided for the soft labels of “attack” else the network T2 considered below the threshold and considered as “normal”. The instances target is defined as follows:

T1=α ∖∖ Assign as attack

T2=1−α ∖∖ Assign label as normal

In those assigned labels the instances are classified and prevented in the network with generation of the soft labels. Within the cluster group the labels are assigned based consideration of different attack parts to perform classification. The cluster within the node are evaluated based on consideration of different factors such as conditional probability table (CPT), prior knowledge and edge probability. Through the causality the attacks are estimated in the HMM model with the transductive transfer learning. Hence, the unknown attack label instances are estimated and updated as given in Eq. (13)

Uijt={δ+(1−δ)Uijt−1,P(ui|yt)=1P(uj|yt)=1(1−δ)Uijt−1,P(ui|yt)=1P(uj|yt)=0Uijt−1otherwise(13)

Based on the assigned label instances for the unknown attack T1 and T2 instances with the CPT are denoted as Uij=P(X=xj|U=ui). In Fig. 4 the overall architecture process involved in proposed ESECC_SDN is presented for attack prevention and detection. The attack detected with the HMM model comprises of the transductive network model for the attack training and computational process.

Figure 4: Overall Flow of ESECC_SDN

In the dataset the assigned label is evaluated with the elimination of the attacks represented as D(D={y1,y2,y3,…}) through elimination of the data attack yt. The attack scenario in the HMM model is stated as S=(I1,I2,…,In). The Algorithm 2 provides the estimation of attack scenario in the network is presented below.

In transductive model the source mapping is generated for the targeted source with computation of the latent space in the domain. Through the conversion of the latent space the labels are assigned to the attack classifier. The soft label assignment provides the data accuracy process for the classifier training in the instances of the target. The assignment of the attack estimation is presented in Algorithm 3 for the prevention and classification.

The HMM based attack estimation computes the attack instances in the network through the calculated threshold values with the threshold label assignment and construction of the parameters. The developed model uses the transductive deep learning model for the training in which the attack are characterized as Aattack and network real data is represented as D. In real-time data the training sequences are defined as D(S(z)) for the transductive layer value of 1. The maximization process in the transductive learning is given as V(S,D) for the trained data D in the layer S. Similarly, with the minimization of the second order training in data D(S(z)) the attack prevention and detection is evaluated using V(S,D) as minS⁡ maxD⁡ V(D,S)=Ex−Aattack(x)[log⁡D(x)]+Ez−pz(Z)[log⁡(1−D(S(z))). The distributed data convergence is denoted as V (D, S) with the detection of attack in transductive learning process is computed as (Zij). The convergence in data is presented in Eq. (14).

Zij=∑a=0m−1∑b=0m−1wijxij(14)

In the TDL system the attacks are computed as presented in Eqs. (15) and (16)

minS⁡log(1−D(S(Z)))(15)

⇔D(S(Z))≈1(16)

⇔S(z)≈x∈χ;

In above condition the χ represets the dataset in real-time scenario. The training process in the HMM-TDL is given in Eq. (17) as follows:

P(D∗,S∗)≤P(D∗,S)∀S(17)

With incorporated HMM model with transductive deep learning attack is detection and those are subjected to constraints represented as in Eqs. (18)–(28)

Case 1: If Aattack≈As data used in the training process xConsider P(D∗,S∗) for the minimal data value of Aattack(x)≤As(x)

This will beAattack(x)≤A∗S(x)

P(D∗,S)=∫xAattack(x)D∗(x)dx+∫xAdata(x)D∗(S(z))dz(18)

=∫xAattack(x)D∗(x)+AS(x)(1−D∗(x))dx(19)

=∫xAattack(x)D∗(x)−pS(x)dx+∫xps(x)dx(20)

=∫x1Aattack(x)>As(x)(Aattack(x)−As(x))dx+∫xAs(x)dx(21)

≥∫xAS(x)dx(22)

Case 2: Consider P(D∗,S∗) as minimal value for data

Aattack(x)≥As(x)

This will be Aattack(x)≥A∗S(x)

P(D∗,S)=∫xAattack(x)(1−D(x)dx+∫xAdata(x)D(S∗(z))dz(23)

=∫xAattack(x)(1−D(x))dx+∫xAS(x)(D(x))dx(24)

=∫xD(x)−(pG∗(x)−pdata(x))dx+∫xpdata(x)dx(25)

=∫x1Aattack(x)>AG∗(x)(AG∗(x)−Adata(x))dx+∫xAdata(x)dx(26)

≥∫x1Adata(x)>AG∗(x)(Adata(x))dx(27)

≥−M(28)

3.3 Dataset Description

The proposed EsECC_SDN concentrated on the attack classification mechanism for MANET environment. To estimate the attack detection and classification this paper uses CICICS 2020 dataset. The SDN mechanism focused on the attack classification and detection rate of the network. The proposed scheme uses the SVM classification model for attack detection. However, for efficient processing of data optimal subset features need to be processed with the elimination of irrelevant features without impact on the computational cost and accuracy. The attack classification model for MANET is presented in Fig. 5. The developed EsECC_SDN uses the CICIDS dataset for training and testing the attack. Based on the attributes of the given dataset, attacks in the MANET are computed for training and testing of the attack sequences. The separation of the dataset for training and testing is presented in Tab. 2.

Figure 5: EsECC_SDN attack classification Model

With the distribution of training and testing of the dataset, attacks are computed in the MANET network. The training of data comprises 70% of data for training to achieve the desired accuracy with the remaining data is utilized for testing the performance of the network.

4  Simulation Results

The performance of the proposed EsECC_SDN is implemented in Network Simulator [3] attack detection and prevention in the MANET environment. Tab. 3 presents the simulation setting for the proposed EsECC_SDN. With SDN centralized architecture performance characteristics of EsECC_SDN are evaluated. The simulation is computed under two scenarios such as:

•   A varying number of nodes

•   Attackers Scenario

The performance characteristics of the proposed EsECC_SDN with the different parameters are computed those are Delay, Jitter, End-to-End delay, Packet Delivery Rate (PDR) and Throughput.

The performance of the proposed ESECC_SDN scheme performance is computed based on the varying mobility of nodes. The mobility of nodes is varied with respect to 4, 6 and 10 (ms/s). Similarly, for varying the mobility number of nodes are varied as 10, 20, 30, 40, and 50. Tab. 4 presented the performance of the network for varying mobility of nodes.The performance of the proposed EsECC_SDN is comparatively examined with the existing technique such as Dynamic Source Routing (DSR) [19], Three-Dimensional Clustered (TDC) [20] and Artificial Danger Theory (ADT) [17]. The performance of the proposed EsECC_SDN architecture involved in encryption and decryption of MANET data for analysis. The comparison of the performance is estimated based on the varying number of nodes and the attack nodes in the MANET environment.

Fig. 6 shows the delay of the proposed EsECC_SDN compared with the DSR, TDC, and ADT. Simulation results show that the proposed method gives a minimum delay when the node count is from 10 to 50 nodes.

Figure 6: Comparison of delay

Fig. 7 shows the loss of the proposed EsECC_SDN compared with the DSR, TDC, and ADT. Simulation results show that the proposed method gives a minimum loss when the node count is from 10 to 50 nodes. Fig. 8 shows the packet delivery ratio of the proposed EsECC_SDN compared with the DSR, TDC, and ADT. Simulation results show that the proposed method gives a maximum packet delivery ratio when the node count is from 10 to 50 nodes.

Figure 7: Comparison of loss

Figure 8: Comparison of PDR

Fig. 9 shows the control overhead of the proposed EsECC_SDN compared with the DSR, TDC, and ADT. Simulation results show that the proposed method required a minimum overhead when the node count is from 10 to 50 nodes. Fig. 10 shows the throughput of the proposed EsECC_SDN compared with the DSR, TDC, and ADT. Simulation results show that the proposed method gives a maximum throughput when the node count is from 10 to 50 nodes. The performance of the proposed EsECC_SDN expressed that with an increase in the number of nodes loss and delay is increases. Furthermore, the PDR and throughput of the MANET network are reduced compared with existing techniques.

Figure 9: Comparison of control overhead

Figure 10: Comparison of throughput

The performance of the proposed EsECC_SDN is significant exhibits minimal delay and loss. Moreover, the network PDR and throughput are higher but with the increase in the number of nodes is reduced. In addition, the mobility of nodes does not have a significant impact on the MANET performance. The proposed EsECC_SDN is involved in the classification of attacks in the network. The analysis is based on the consideration of the CICIDS dataset for attack classification and detection is shown in Fig. 11. The model performance is classified based on the SVM classifier. As the proposed EsECC_SDN is involved in the detection of attacks in the MANET network. Based on the training data, attacks are classified in the network for consideration of different attacker’s environments. The comparative analysis of results obtained for MANET with and without attackers’ environment expressed that with attacker’s environment the performance is significantly reduced. The performance of the proposed EsECC_SDN for attack classification is presented in Tab. 5.

Figure 11: Confusion matrix for NSL-KDD dataset

The proposed EsECC_SDN scheme classifier performance for different attacks is computed for analysis. The analysis expressed that the proposed EsECC_SDN scheme exhibits a higher accuracy value of anomaly with 98%. In the case of a black hole attack, the classification accuracy is estimated as 96%. Similarly, in the estimation of precision DoS and Blackn hole attack, it is achieved as 96%. The recall value is estimated higher value of 98% for anomaly detection. The comparative analysis of the propised EsECC_SDN with the model is included in the accuracy with the consideration of the different attack scenario. The accuracy of the classification is computed as 97% for the normal activity, anomaly as 98%, DoS as 95%, Probe atatck as 91%, U2R as 91%, R2L is 94% and black hole attack as 96%. In Tab. 6, the attack classification performance of the proposed EsECC_SDN with conventional classifiers such as AdaBoost, ANN, and ensemble classifier is presented.

The attack classification performance expressed that the proposed EsECC_SDN scheme achieves an accuracy of 98% while AdaBoost, ANN, and ensemble exhibit the accuracy of 97%, 96%, and 97% respectively. This implies that the proposed EsECC_SDN scheme exhibits significant performance in attacks classification. Similarly, in the case of recall proposed EsECC_SDN achieves a higher percentage rather than AdaBoost, ANN, and ensemble classifiers. The recall of the proposed EsECC_SDN is 97%, which is approximately 3% higher than the conventional technique AdaBoost, ANN, and ensemble classifier

5  Conclusion

MANET network subjected to vast range of security issues and challenges due to presence of higher node mobility scenario. This paper is presented a security scheme for the MANET network for attack prevention and classification using SDN architecture. The proposed EsECC_SDN scheme uses the data encryption and decryption using ECC scheme within the SDN network. In next stage, the attacks are prevented and detected using the model with transductive learning with computation of k-centroids with hyper alerts. The performance of the proposed EsECC_SDN evaluated for the attack detection and classification. The classification of the EsECC_SDN model uses the classifier for the classification of attacks. The proposed model achieves the overall accuracy of 98% for the cryptography-based scheme in SDN model. The comparative analysis of the proposed EsECC_SDN with the conventional AdaBoost, ANN, and ensemble classifier exhibits improved performance for attack classification. Through analysis, it can be concluded that the proposed EsECC_SDN scheme is effective for secure data transmission in the MANET network. In the future, this work can be improved in a real-time attack detection scheme in an Intrusion Detection System (IDS).

Acknowledgement: The authors would like to thank the Deanship of Scientific Research at Umm Al-Qura University for supporting this work by Grant Code: (22UQU4281768DSR05).

Funding Statement: Deanship of Scientific Research at Umm Al-Qura University, Grant Code, funds this research: 22UQU4281768DSR05.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.