Intelligent Detection System Enabled Attack Probability Using Markov Chain in Aerial Networks

Department of Electronic Engineering, School of Engineering and Applied Sciences, Isra University, Islamabad, Pakistan Department of Electrical Engineering, University of Kurdistan, Sanandaj, Iran Department of Information Science, College of Computer and Information Systems, Umm AlQura University, Makkah, Saudi Arabia Department of Computer Science, College of Computers and Information Technology, Taif University, Taif 21944, Saudi Arabia Computer Science Department, University College in Al-Jamoum, Umm Al-Qura University, Saudi Arabia Department of Information Systems, Faculty of Computing and Information Technology, King Abdulaziz University, Rabigh, Saudi Arabia Department of Computer Science, Abdul Wali Khan University Mardan, 23200 Mardan, KPK, Pakistan


Introduction
Flying ad hoc networks have changed human life where wireless communication is utilized as a backbone technology. Flying networks have remote nodes that can switch along with all three directions [1]. The term "flying ad hoc network" represents a complex pattern of mobility with constantly changing physical structures [2]. Secure communication channels must be designed to improve connectivity within the network. Dealing with false data injection attacks, an intruder can take data during remote surgery, which can lead to the death of a patient. Also, in defense operations, aerial vehicles are used to trigger false data attacks in the surrounding environment, which causes very serious destruction [3]. However, the probability of Poisson distribution is used for the detection of ping of death attacks that secure data packets [4]. Several security attacks are recorded from 1982 till now in different industries. In 2014, a special type of attack occurred, which was later on called Trojan, where the main target was petroleum pipeline networks [5].
Detecting cybercrimes over the internet can be identified using an intrusion detection system by using different techniques and tools [6]. However, a swarm of drones can protect an entire IoT network [7]. Detection of security attacks is a major problem; this research study formulates the scenario on quadcopter using open-source software [8]. Therefore, a tree-based strategy can easily portray the moves of intruders/attackers; also, for risk evaluation, a gametheory scheme is used [9]. Every technology is just made to facilitate mankind; for this purpose, aerial vehicles can be used to safeguard women [10].
The proposed scheme is focused on reducing queue data packets in flying networks which is a tough task to tackle. The aim of this paper is to explore the IDS model and how it can be improved using a Markov chain approach. Using flying networks, the IDS architecture has been developed to reduce data packets in the queue at different stages. Figure 1 explains the concept of an intruder within an IoT network to demonstrate a practical scenario. The main contributions of this study include some important points, which are given below.
(1) For the identification of security threats, an intrusion detection system is modeled (2) Denial-off-service, distributed denial of service, and ping of death attacks are simulated in flying vehicles (3) Markov chain distribution is used to enhance security countermeasures The rest of the article is organized as follows. In Section 1, brief literature relevant to the problem is studied. The proposed scheme is elaborated in Section 3, followed by simulation results and theoretical analysis in Section 4. The future research directions and paper's conclusion are given in Section 5.

Literature Survey
Every new technology is first used by military, later on, it becomes commercialized. However, in US, due to flying vehicles, some accidents take place, like if a drone comes in the way of airplane while landing. Apart from that, many other issues occur due to the technical fault in quadcopters or small UAV's. As communication plays an important role but major issue in day-to-day life is to secure transmission links [11]. The demand of aerial vehicles is increasing on daily basis. In normal flying systems, there is the concept of pilot but drone is basically unmanned which makes them unsafe or unprotected [12]. The two popular areas like machine learning and software-define-networks can provide a pathway to address the challenges related to security in terms of internet of everything [13,14].
Wireless vision (Wi-Vi) sensors are put in service for self-controlled flying vehicles [15]. The indoor scenario is very much mature using the wireless network; therefore, channel state information can give accurate data about location coordinates [16]. A novel framework is introduced, 2 Wireless Communications and Mobile Computing which has flying vehicle-enabled IoT using a 5G communication network. Human safety is the prime focus of every technology. In this context, if the flying drone having sensitive information is hijacked or attacked, it may result a big threat to the environment. Flying thing-based architecture is initiated which gives a solution mechanism for security and privacy to secure U2U communication [17]. Heuristic computational drone-based projects must be having pragmatic results in civil and military fields [18]. While working on false alarm threat, intrusion detection system can be utilized [4]. Furthermore, the classifications of DoS/D-DoS security threats are shown in Figure 2.

Intelligent Detection System (Proposed Scheme)
The proposed study is having physical topology with thirty drones (N = 30) and one ground station. Two major scenarios are mentioned either "no attack" or "with attack." Assuming that our internetwork is secure and there is no intruder inside the system. For this purpose, aerial vehicles send data packets having an average length which is cited as λ l . Apart from that, aerial network modeling can be concluded for generating information of arrival data net which lined up in the entry to pinpoint land station. Figure 3 shows the physical structure of IDS in land station where malicious data packets can be removed easily.
The evolution of queue length is calculated using the following equation: where QðtÞ > 0, QðtÞ is queue length, λðtÞ is arrival rate, μðtÞ is out rate or departed data rate.
The above metric values can be either constant or random. Furthermore, the randomness can be generated using Poisson distribution. The four probabilistic options are practically demonstrated in Figure 4 as mentioned.

Wireless Communications and Mobile Computing
For t = 100 sec, the Poisson random variable with queued length is followed in Figure 5.
Inside the flying networks, once in a while, there might be no unwanted nodes to attack on the dynamic networks. But in the proposed network simulation, the input rate and flying nodes (N) are shown in Figure 6, which shows a high rise while flipping λ l . By achieving the optimal results in between input and output queue rates which is presented in Figure 7. In the simulated work, by utilizing throughput, metric value can be effective in terms of outcome.
3.1. Markov Chain Distribution. Markov chain is a fundamental part of stochastic processes that use memory distribution in discrete-time steps that recall discrete-time Markov chain (DTMC). Suppose X = fX t : t = 0, 1, 2, ⋯, Tg be the state of Markov chain stochastic process at time t with finite state spaces S = f1, 2g, where "1" represents "no attack level" which means normal, and "2" stands for the attack level.

Wireless Communications and Mobile Computing
Equation (3) shows the formulation of Markov chain where for distribution X t just having dependency on X t−1 . Finding the probability of being in state "1" or "2" at time t. In DoS, the attacker injects illegal packets to the network security systems by spoofing one node and attempts to increase the numbers of packets by utilizing the ratio 1 + γ p a (γ is a positive constant). Apart from that modeling probability is p a being changed in the first scenario where Markov chain with following transition matrix where α and β, respectively, is p a 0 , and 1 is proposed in the matrix.  Figure 8: Attack probability at each time slot for desired Markov chain.

Wireless Communications and Mobile Computing
Attack probability of being in state "2" at time "t" is proofed mathematically as Whereas, However, the attack probability p a at each time slot will change in sequence using random variables according to

Markov Binomial Distribution.
Binomial distribution is memory less scheme with having probability p a , where attack at each time slot is stationary which can be symbolized as p a 0 . By simulating Markov binomial distribution, α = β = p a 0 are shown in below matrix from Figure 8 elaborates attack probability changes with the passage of time, and the results are discussed using Figure 9 in which two states are discussed. Where state "1" is used for no attack, and state "2" represents attack.

Without IDS.
In simulation results, the attacker is attempting to use various flooding attacks such as DoS, DDoS, and PoD. Due to the aforementioned attacks, the ground BS is heavily buffered in a queue. The length of the queue for various attacks in order to impact the effect of attack probability on queue length for Markov chain and Markov binomial distribution, respectively, is shown in Figures 10 and 11. Markov chain distribution p a attack is changing with the stream of time; due to that, queue length will escalate. Where using binomial distribution p a attack probability must be constant; because of this reason, queue length will become very less in comparison with Markov chain distribution.

With IDS.
Optimization of connection links will reshape the entire planet; therefore, safety of this society needs countermeasures to make the information-age secure. For the security of modeled smart IoT network having drones to stabilize path-flying things, detection system is launched to detect some cyber threats. Due to high network performance, the detection system attempts to trade-off between false positive and false negative probability. This concept  7 Wireless Communications and Mobile Computing assists researchers to have interconnectivity having maximum missed detection probability along with minimum false alarm prospects. The proposed IDS based on certain level m Th try to prevent gateway queue lengths from rapidly increasing and maintaining them at the predictable level. Figure 12 shows the optimized certain level value per time for Markov chain and Markov binomial distributions.
The PoD with Markov chain using queue length is shown in Figure 13; while for Markov binomial distribution using security, attacks are discussed using Figure 14. Respectively, in Figures 15 and 16

Conclusion
Aerial ad hoc networks use to perform variety of tasks which include monitoring and collection of data from IoT networks. In flying networks, our main focus is to protect ground station from security attacks. While communication comprises drone-2-drone and land-station-2-aerial-vehicles which use IEEE 802.11 wireless technology to improve transmission routes. Intrusion detection system is the optimal way to deal with cyber threats. The proposed intrusion detection monitors incoming packets and filters them using Markov distribution. Markov chain stochastic process assists to find the gateway approach for flying vehicles. Intelligent intrusion detection controls flying networks to filter queue length data packets. The possibility of missed detection and false alarm is easily minimized. While buffer queue length will be maintained to normal level as demonstrated in the simulations. However, in future, machine learning techniques can be used to improve the aerial network security.

Data Availability
All the data is available in the paper.

Conflicts of Interest
The authors declare that they have no conflicts of interest.  Wireless Communications and Mobile Computing