Академический Документы
Профессиональный Документы
Культура Документы
Abstract
MANET is an infrastructure less, self-organizing network. It is a handle of autonomous mobile nodes. Every node works as a
transmitter as well as the receiver. Nodes communicate with each other using multi-hop based protocol. Due to changing
topology and openness of media, Mobile ad hoc networks (MANETs) suffer from various types of security attacks. Blackhole is
one of the severe and easy to launch an attack. Blackhole compromises availability and integrity properties of the network. It
works in two phases. In the first phase, the Blackhole nodes get themselves involved in the routing path. In the second phase,
these malicious nodes start dropping the packets they receive. Existing systems uses proactive or reactive methods to detect
Blackhole. The proactive system suffers from excessive control packets, whereas in the reactive system assigning threshold
value based on packet delivery ratio is difficult. Mostly MANET is used in the military environment where security is the main
concern and packet dropping is not acceptable. The proposed system uses Bluff Probe Packet to detect and remove both co-
operative and single Blackhole attack. The system exploits the fact that Blackhole node sends route reply to every route request;
without checking the route to the destination. The process of identifying and removing of Blackhole is carried out in route
discovery phase of AODV by originator node. As hybrid detection technique used, it enhances the security of the MANET by
reducing the network overhead.
1. INTRODUCTION
A Mobile Ad hoc Network (MANET) is a collection of dynamic, self-configuring, self-deployable nodes, where each
node acts as a router. MANETs do not require any base station or centralized routers, due to their Ad hoc nature [1].
MANETs are more beneficial concerning portability and mobility but are susceptible to various types of security attacks
[2]. The MANET is an outskirt of the internet based wire-line network [3]. The fundamental difference between wired
networks and MANETs is mobility. There are two types of network existing; they are Infrastructure based networks and
Infrastructure-less networks. The infrastructure based network uses a base station, and a third party network, which
helps to transfer traffic from one location to another. Infrastructure-less networks communicate directly without a base
station. These networks are known as Ad hoc networks [4]. The term Ad hoc network refers to connecting various
mobile devices, without the need for a fixed infrastructure. The MANET is a collection of the autonomous mobile node
where each node operates in isolation [5].
The MANETs applications include military networks, disaster recovery services, sensor networks, enhanced cellular
networks, and delay tolerant networks. Any node can join/leave the network at any time in the MANET. So, the
connection between the nodes may get disconnected at any time.
MANET routing protocols have different routing strategies to deliver packets from the source node to the destination
node. The aim of the routing protocol in MANET is to discover the most recent topology of a continuously changing
network. The routing protocol faces the challenges such as mobility, bandwidth constraints, shared medium and
location dependent contention due to the infrastructure less nature.[6]. Most of the routing protocols are highly
vulnerable to act against various types of threats and attacks. Routing protocols in MANETs are mainly classified as
on-demand routing protocols and table-driven routing protocols. On-demand routing protocols which are also known as
reactive routing protocols, find routes when they want to send the data packet from the source node to the destination
node. In contrast, table-driven routing protocols periodically exchange topology information.
An attack is known as the act of making an attempt to destroy, alter or gain unauthorized access with the intention of
doing harm which makes unauthorized use of an asset. MANET routing protocols suffer from various kinds of attacks.
Fig.1 explains the taxonomy of attacks.
External attacks are not part of the network. They have carried out from outside the network domain. Internal attacks
are part of the network and carried out from compromised hosts. Additionally, attacks can be further known as a
passive attack and active attack.
Passive Attack does not interrupt the normal behavior the network protocol. But it overhears or tries to get valuable
information on the network.
Active Attack interrupts the operation of the network by involving modification, interruption, and fabrication.
3. BLACKHOLE IN AODV
The black hole attack can be differentiated into numerous categories depending upon policy used by the malicious node
to launch the attack. Sometimes, the malicious node can purposefully drop all incoming packet, or it can selectively
drop the packets originated from or destined to particular nodes. Blackhole attack in MANETs is a severe security
problem to be solved [9].
To initiate a black hole attack, the first step for an attacker node is to try to get involved in the active route. In AODV,
destination sequence number is used to determine the freshness of the route. After receiving a number of route replies,
the source node selects RREP having highest sequence number to construct a route. But, if black hole attacker is
present in the network and iff a source node broadcasts the RREQ message for any destination.Attacker node
immediately sends RREP packet with the highest sequence number and minimum hop count. The source assumes that
the destination is one hop away from the black hole node and discards all other RREP packets. When source then starts
to send data packets, the black hole node drops all incoming data packet instead of forwarding those packets to the
destination. Thus, the black hole attack often results in very low packet delivery ratio. Fig. 2 depicts the behavior of a
Blackhole attack. Here node A is source node, node D is destination node and node 1 is a malicious node. When node
A broadcast RREQ for destination D, the only genuine node would check own cache if the route is not available then
flood same RREQ. After getting RREQ malicious node 1 immediately send RREP packet with the highest sequence
number and minimum hop count. Once node A select route through the malicious node and start sending the data
packet. Node 1 drops all data packet without forwarding it towards the destination.
4. RELATED WORK
Hizbullah Khattak, Nizamuddin, Fahad Khurshid, Noor ul Amin [8] proposed a method in which all RREP are
collected at a source node, and the first reply is discarded and selects the second shortest path for data packets
transmission. M. Al-Shurman et al. [7] presented solutions, where source node waits for a reply from two or more
nodes. After receiving a reply, it extracts the full path from response packet and checks for shared hops, based on that it
select the safe path. The drawback with this approach is if a shared hop is not found data packet will never be sent. S.
Banerjee, M. Sardar, and K. Majumder [5] suggested a method reduce the probability of an attack on the network, in
which source node stores all RREP's. Then select RREP having maximum DNS. Originator creates new RREQ packet
with a higher destination sequence number than selected one and multicasts the new RREQ packet towards all paths
from which it receives route replies. The only malicious node will reply with highest destination sequence number. M.
Rajesh Babu, G. Usha [13] proposed Honeypot Based Detection and Isolation Approach (NHBADI) to detect and isolate
Black Hole Attacks in MANET. NHBADI is proactive type intrusion detection technique. NHBADI architecture
consists of three layers: Malicious Node Detection Layer, Route Lookup in Network Layer and Isolation in Network
layer. Malicious node detection layer periodically calls black hole detection process by broadcasting spoofed RREQ
message and wait for RREP packet. Here IDS node acts as Honeypot by attracting the attackers .NHBADI technique
improves the accuracy of detecting the attacks in MANET. But proactive nature of black hole detection increases
network overhead. Seryvuth [14] projected an idea in which different values of threshold has been defined for different
environments. If DSN in RREP is higher than the threshold, RREP will be discarded. In reference [15] author
suggested a scheme called TWO ACK real-time monitoring in which on retrieval of a packet, each node send back a
response packet. The acknowledgment process for every packet transmission increases network traffic and overhead of
control packet. Due to redundant transmission process lifespan of the entire network degrades.
5. PROPOSED WORK
The proposed Black Hole detection technique has been strongly influenced by the spoofing technique. In general,
spoofing is a technique, where a computer or people pretend to be another by false data and exploit the system in order
to get illegitimate access. Wireless networks suffer from various types of spoofing, such as MAC spoofing, Web
Spoofing, DNS (Domain Name System) Spoofing, Email Spoofing, IP Spoofing, and URL Spoofing.
MAC Spoofing is a technique where the hacker changes the MAC address of a network interface.
IP spoofing is used to get unauthorized access to a system or computer, where a malicious attacker forcefully sends a
forged IP address. The forged IP address indicates that the message comes from a trusted host.
URL Spoofing is a technique in which the malicious user creates the fake or forged URL, which is exactly similar to the
original and safe URL. The objective of this research work is to develop a novel technique which secures the network
layer. In this work, no encryption or key exchange algorithm is used. Encryption or key exchange techniques are
difficult to implement in MANET because of its dynamic nature. Instead, spoofed AODV RREQ packets are used to
detect the Black Hole attack in the detection.
The source node broadcasts Route Request (RREQ) to destination and stores all incoming Route Reply (RREP).
Blackhole node detection layer takes cached RREP packet as input. Then it analyzes the input and initializes
Blackhole detection process by sending Bluff Probe RREQ packets. If any nodes reply for this Bluff Probe RREQ
packet that node id is updated in Blackhole node list. The route establishment layer gets the malicious node ids
information from the previous layer. The route establishment layer establishes a route by verifying malicious node
list. Finally, Blackhole isolation layer remove Blackhole node from the network by sharing updated malicious node
list to its neighbor.
NS2-2.35 is used to validate the detection and isolation of Blackhole attack in AODV protocol. Following Metrics are
used to evaluate the impact of Blackhole attack on the network (i) throughput (ii) Average end to end delay (iii) packet
delivery ratio. These metrics are calculated using AWK scripts for the normal network, network with Blackhole attack
and network bypassing Blackhole.
Protocol AODV
Mobility 20 m/s
Fig. 5 Shows the PDR comparison in all three cases. As it is clearly shown in the graph, the presence of Blackhole node
in network reduces the PDR. With the proposed solution, PDR is improved in the presence of malicious node. PDR is
also affected by the number of nodes and number of connections in the network. Increased number of connections also
reduces PDR.
Fig. 6 shows the throughput of Network; it is the average rate of the successful message sent over a communication
channel. In the presence of Blackhole node, the throughput of network reduces drastically.
From the Fig. 7 it is observed that there is a slight increase in delay in the normal network as compared to a system
with Blackhole due to immediate reply from Blackhole as they do not check routing table for the route
7. CONCLUSION
Hybrid detection approach is used to detect Blackhole attack. Detection procedure carried out in the early stage
of routing hence in the proposed system there is minimal packet loss. A result has been analyzed with the help
of PDR, throughput and delay metrics. The simulation results obtained shows the effectiveness of the proposed
detection mechanism. In future work, the network can be analyzed with the help of metrics like Jitter, Routing
overhead, energy etc.
References
[1] Lima, M, Dos Santos, AL & Pujolle, G, A survey of Survivability in MANETs, IEEE Communications and
Surveys, vol.11, no.1, pp.66-77,2009.
[2] Hu, Y, Perrig, A & Johnson , A Survey of Secure Wireless Ad hoc Routing, IEEE journals of Security & Privacy,
vol. 2, no.3, pp.28-39,2004.
[3] Broch, J, Maltz, D, Johnson, D, Hu, YC & Jetcheva, J, A Performance Comparison of Multi-Hop Wireless Ad hoc
Network Routing Protocols, Proceedings of the IEEE/ACM conference on Mobile computing and networking,
New York, USA, pp.85-97,1998.
[4] Adnan Nadeem & Michael Howarth ,Protection of MANETs from a range of attacks using an intrusion detection
and prevention system, Proceedings of Springer Telecommunication Systems, vol.52, no.4, pp.2047-2058,2013.
[5] Samir, R, Das, Robert Casta Neda, Jiangtao Yan & Rimli Sengupta, Comparative Performance Evaluation of
Routing Protocols for MANETs, Proceedings of Seventh International Conference on Computer Communications
and Networks, pp.153-161,1998.
[6] Cardenas, Alvaro, A, Benammar, Nassir, Papageorgiou, George, Baras & John, Cross layered Security Analysis of
Wireless Ad hoc Networks, Proceedings of Army Science Conference, pp.1-3,2004.
[7] Yi, S & Kravets, Composite Key Management for Ad hoc Networks, Proceedings of the First Annual
International Conference on Mobile and Ubiquitous Systems: Networking and Services, pp.52-61, 2004.
[8] QiWang, MA & Abu-Rgheff , Cross layer Signalling for Next Generation Wireless Systems, Proceedings of
Wireless Communications and Networking, pp.1084-1089,2003.
[9] Yang, S & Baras, JS , Modeling Vulnerabilities of Ad hoc Routing Protocols, Proceedings of the first ACM
workshop on Security of Ad hoc and sensor networks, pp.12-20,2003.
[10] Hizbullah Khattak, Nizamuddin, Fahad Khurshid, Noor ul Amin , Preventing Black and Gray Hole Attacks in
AODV using Optimal Path Routing and Hash, IEEE, 2013
[11] M. Al-Shurman, S. M. Yoo, S. Park , Blackhole Attack in Mobile Ad Hoc Networks, Proc.42nd Annual ACM
Southeast Regional Conference, ACM-SE42, Alabama, 2004
[12] S. Banerjee, M. Sardar, and K. Majumder, AODV based Blackhole Attack Mitigation in MANET, FICTA,
Advances in Intelligent Systems and Computing , PP. 345-352,2013
[13] M. Rajesh Babu and G. Usha, A Novel Honeypot based Detection and Isolation Approach (NHBADI) to Detect
and Isolate Black Hole Attacks in MANET, Wireless Personal Communications, Volume 90, Issue 2, PP. 831
845, 2016
[14] Seryvuth tan & keecheon Kim, Secure Route Discovery for preventing Blackhole Attacks on AODV based
MANET, IEEE 2013
[15] K. Liu, J. Deng, P. K. Varshney, K. Balakrishnan, An Acknowledgment-Based Approach for the Detection of
Routing Misbehavior in MANETs, IEEE Transaction Mobile Computation, vol. 6, no. 5, PP. 536550, 2007