Detecting and Overcoming Blackhole Attack in MANET Using Bluff Probe' Packet

IPASJ International Journal of Information Technology (IIJIT)
Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm

A Publisher for Research Motivation ........ Email:editoriijit@ipasj.org
Volume 5, Issue 6, June 2017 ISSN 2321-5976
Detecting and Overcoming Blackhole Attack in

MANET using Bluff Probe Packet
Medini G. Desai1, Prof. S. A. Nagtilak 2
1
M.E Scholar, Information Technology, Smt. Kashibai Navale College of Engineering, Pune
2
Professor, Information Technology, Smt. Kashibai Navale College of Engineering, Pune
Abstract
MANET is an infrastructure less, self-organizing network. It is a handle of autonomous mobile nodes. Every node works as a
transmitter as well as the receiver. Nodes communicate with each other using multi-hop based protocol. Due to changing
topology and openness of media, Mobile ad hoc networks (MANETs) suffer from various types of security attacks. Blackhole is
one of the severe and easy to launch an attack. Blackhole compromises availability and integrity properties of the network. It
works in two phases. In the first phase, the Blackhole nodes get themselves involved in the routing path. In the second phase,
these malicious nodes start dropping the packets they receive. Existing systems uses proactive or reactive methods to detect
Blackhole. The proactive system suffers from excessive control packets, whereas in the reactive system assigning threshold
value based on packet delivery ratio is difficult. Mostly MANET is used in the military environment where security is the main
concern and packet dropping is not acceptable. The proposed system uses Bluff Probe Packet to detect and remove both co-
operative and single Blackhole attack. The system exploits the fact that Blackhole node sends route reply to every route request;
without checking the route to the destination. The process of identifying and removing of Blackhole is carried out in route
discovery phase of AODV by originator node. As hybrid detection technique used, it enhances the security of the MANET by
reducing the network overhead.
Keywords: Blackhole, AODV, MANET, Bluff Probe Packet
1. INTRODUCTION
A Mobile Ad hoc Network (MANET) is a collection of dynamic, self-configuring, self-deployable nodes, where each
node acts as a router. MANETs do not require any base station or centralized routers, due to their Ad hoc nature [1].
MANETs are more beneficial concerning portability and mobility but are susceptible to various types of security attacks
[2]. The MANET is an outskirt of the internet based wire-line network [3]. The fundamental difference between wired
networks and MANETs is mobility. There are two types of network existing; they are Infrastructure based networks and
Infrastructure-less networks. The infrastructure based network uses a base station, and a third party network, which
helps to transfer traffic from one location to another. Infrastructure-less networks communicate directly without a base
station. These networks are known as Ad hoc networks [4]. The term Ad hoc network refers to connecting various
mobile devices, without the need for a fixed infrastructure. The MANET is a collection of the autonomous mobile node
where each node operates in isolation [5].
The MANETs applications include military networks, disaster recovery services, sensor networks, enhanced cellular
networks, and delay tolerant networks. Any node can join/leave the network at any time in the MANET. So, the
connection between the nodes may get disconnected at any time.
MANET routing protocols have different routing strategies to deliver packets from the source node to the destination
node. The aim of the routing protocol in MANET is to discover the most recent topology of a continuously changing
network. The routing protocol faces the challenges such as mobility, bandwidth constraints, shared medium and
location dependent contention due to the infrastructure less nature.[6]. Most of the routing protocols are highly
vulnerable to act against various types of threats and attacks. Routing protocols in MANETs are mainly classified as
on-demand routing protocols and table-driven routing protocols. On-demand routing protocols which are also known as
reactive routing protocols, find routes when they want to send the data packet from the source node to the destination
node. In contrast, table-driven routing protocols periodically exchange topology information.
Volume 5, Issue 6, June 2017 Page 1

2. SECURITY ISSUES IN MANET

Wireless links in MANETs make them susceptible to various kinds of attacks. For example, an eavesdropper can access
the secret information from the open air communication, which violates network confidentiality. Moreover, hackers can
drop or delete messages. Initially, the protocol designers assumed that the MANET environment is trusted, cooperative
and did not consider about security [7]. As a result, the malicious attackers disrupt the route and violate the protocol
rules and drop the packets. Packet delivery in the MANET protocol is achieved in two operations: routing the packets
and forwarding them. The security solutions for MANETs should provide protection for both the operations. On wired
networks, the protocol designs such as Open System Interconnection (OSI) and Transmission Control Protocol/Internet
Protocol (TCP/IP) are based on a layered networking architecture. The strictly layered architecture is not sufficient to
deal with the dynamics of a wireless network environment. Mainly, the security of MANETs cannot be solved in
isolation in a single layer. Cross-layer design is used to enhance the network performance by exchanging or sharing the
information between the layers. Recently, a lot of new cross-layer design techniques have been proposed to improve the
performance of MANETs [8].
Fig 1 Taxonomy of Attacks
An attack is known as the act of making an attempt to destroy, alter or gain unauthorized access with the intention of
doing harm which makes unauthorized use of an asset. MANET routing protocols suffer from various kinds of attacks.
Fig.1 explains the taxonomy of attacks.
External attacks are not part of the network. They have carried out from outside the network domain. Internal attacks
are part of the network and carried out from compromised hosts. Additionally, attacks can be further known as a
passive attack and active attack.
Passive Attack does not interrupt the normal behavior the network protocol. But it overhears or tries to get valuable
information on the network.
Active Attack interrupts the operation of the network by involving modification, interruption, and fabrication.
3. BLACKHOLE IN AODV
The black hole attack can be differentiated into numerous categories depending upon policy used by the malicious node
to launch the attack. Sometimes, the malicious node can purposefully drop all incoming packet, or it can selectively
drop the packets originated from or destined to particular nodes. Blackhole attack in MANETs is a severe security
problem to be solved [9].
To initiate a black hole attack, the first step for an attacker node is to try to get involved in the active route. In AODV,
destination sequence number is used to determine the freshness of the route. After receiving a number of route replies,
the source node selects RREP having highest sequence number to construct a route. But, if black hole attacker is
present in the network and iff a source node broadcasts the RREQ message for any destination.Attacker node
immediately sends RREP packet with the highest sequence number and minimum hop count. The source assumes that
the destination is one hop away from the black hole node and discards all other RREP packets. When source then starts
to send data packets, the black hole node drops all incoming data packet instead of forwarding those packets to the
destination. Thus, the black hole attack often results in very low packet delivery ratio. Fig. 2 depicts the behavior of a
Blackhole attack. Here node A is source node, node D is destination node and node 1 is a malicious node. When node
A broadcast RREQ for destination D, the only genuine node would check own cache if the route is not available then
flood same RREQ. After getting RREQ malicious node 1 immediately send RREP packet with the highest sequence

number and minimum hop count. Once node A select route through the malicious node and start sending the data
packet. Node 1 drops all data packet without forwarding it towards the destination.
Fig. 2 Working of Blackhole Attack
4. RELATED WORK
Hizbullah Khattak, Nizamuddin, Fahad Khurshid, Noor ul Amin [8] proposed a method in which all RREP are
collected at a source node, and the first reply is discarded and selects the second shortest path for data packets
transmission. M. Al-Shurman et al. [7] presented solutions, where source node waits for a reply from two or more
nodes. After receiving a reply, it extracts the full path from response packet and checks for shared hops, based on that it
select the safe path. The drawback with this approach is if a shared hop is not found data packet will never be sent. S.
Banerjee, M. Sardar, and K. Majumder [5] suggested a method reduce the probability of an attack on the network, in
which source node stores all RREP's. Then select RREP having maximum DNS. Originator creates new RREQ packet
with a higher destination sequence number than selected one and multicasts the new RREQ packet towards all paths
from which it receives route replies. The only malicious node will reply with highest destination sequence number. M.
Rajesh Babu, G. Usha [13] proposed Honeypot Based Detection and Isolation Approach (NHBADI) to detect and isolate
Black Hole Attacks in MANET. NHBADI is proactive type intrusion detection technique. NHBADI architecture
consists of three layers: Malicious Node Detection Layer, Route Lookup in Network Layer and Isolation in Network
layer. Malicious node detection layer periodically calls black hole detection process by broadcasting spoofed RREQ
message and wait for RREP packet. Here IDS node acts as Honeypot by attracting the attackers .NHBADI technique
improves the accuracy of detecting the attacks in MANET. But proactive nature of black hole detection increases
network overhead. Seryvuth [14] projected an idea in which different values of threshold has been defined for different
environments. If DSN in RREP is higher than the threshold, RREP will be discarded. In reference [15] author
suggested a scheme called TWO ACK real-time monitoring in which on retrieval of a packet, each node send back a
response packet. The acknowledgment process for every packet transmission increases network traffic and overhead of
control packet. Due to redundant transmission process lifespan of the entire network degrades.
5. PROPOSED WORK
The proposed Black Hole detection technique has been strongly influenced by the spoofing technique. In general,
spoofing is a technique, where a computer or people pretend to be another by false data and exploit the system in order
to get illegitimate access. Wireless networks suffer from various types of spoofing, such as MAC spoofing, Web
Spoofing, DNS (Domain Name System) Spoofing, Email Spoofing, IP Spoofing, and URL Spoofing.

MAC Spoofing is a technique where the hacker changes the MAC address of a network interface.
IP spoofing is used to get unauthorized access to a system or computer, where a malicious attacker forcefully sends a
forged IP address. The forged IP address indicates that the message comes from a trusted host.
URL Spoofing is a technique in which the malicious user creates the fake or forged URL, which is exactly similar to the
original and safe URL. The objective of this research work is to develop a novel technique which secures the network
layer. In this work, no encryption or key exchange algorithm is used. Encryption or key exchange techniques are
difficult to implement in MANET because of its dynamic nature. Instead, spoofed AODV RREQ packets are used to
detect the Black Hole attack in the detection.
3.1 Proposed System

Bluff Probe Packet approach uses a hybrid mechanism to detect the malicious behavior of the node. It combines features
of the proactive and reactive system. Here source node is responsible for detecting and removing Blackhole from the
network. Blackhole detection process is carried out in route discovery phase of AODV protocol. Sender node uses Bluff
Probe RREQ packet for detecting malicious node. Bluff Probe RREQ packet is similar to regular RREQ packet of
AODV; the only difference is that it contain destination IP which does not exist in the network. Architecture divided
into three layers: Blackhole Node Detection Layer, Route Establishment Layer, and Blackhole Isolation layer.
Fig. 3. System Architecture for Bluff Probe-Based Detection
The source node broadcasts Route Request (RREQ) to destination and stores all incoming Route Reply (RREP).
Blackhole node detection layer takes cached RREP packet as input. Then it analyzes the input and initializes
Blackhole detection process by sending Bluff Probe RREQ packets. If any nodes reply for this Bluff Probe RREQ
packet that node id is updated in Blackhole node list. The route establishment layer gets the malicious node ids
information from the previous layer. The route establishment layer establishes a route by verifying malicious node
list. Finally, Blackhole isolation layer remove Blackhole node from the network by sharing updated malicious node
list to its neighbor.

3.2 Implementation Details

Blackhole Detection is as illustrated in Fig. 3. Let S originator node wants to communicate with destination node D.
Node S starts route discovery towards Node D by flooding RREQ packet. Node B and Node A rebroadcast the same
RREQ; only malicious node M send route reply RREP packet immediately Node D send RREP packet on retrieval of
RREQ packet. Node S multicast Bluff Probe packet () to Node B and Node D. Packet contains IP address for a node
which does not exist in the network. Only malicious node M sends RREP for this bluff probe route request. Now after
receiving the RREP packet from the suspected node, the originator gets confirm that this is a Black-hole node. So now
the sender adds its id in the malicious node list and carries out the Black-hole node removal procedure. Next, the
originator selects node B for the future communication because it does not reply to the false route request.
This technique is capable of detecting multiple Black-hole nodes and cooperative Blackhole also. As originator does not
flood the complete network with the RREQ packets, it only multicast bluff probe packet towards the paths from which
it receives route replies during the first route discovery phase. It reduces the overhead of transmitting control.
Fig.. 4 Bluff Probe Packet Based Blackhole Detection
6. SIMULATION AND RESULT ANALYSIS
NS2-2.35 is used to validate the detection and isolation of Blackhole attack in AODV protocol. Following Metrics are
used to evaluate the impact of Blackhole attack on the network (i) throughput (ii) Average end to end delay (iii) packet
delivery ratio. These metrics are calculated using AWK scripts for the normal network, network with Blackhole attack
and network bypassing Blackhole.

TABLE 1: Simulation Parameter
Simulator NS-2 (Version 2.35)
Mobility Model Random Waypoint
Simulation Time 200m
Protocol AODV
Number of Nodes 20-60
Transmission Range 250 m
Traffic Type UDP
Network Area 800 m X 800 m
Mobility 20 m/s
Fig. 5 Shows the PDR comparison in all three cases. As it is clearly shown in the graph, the presence of Blackhole node
in network reduces the PDR. With the proposed solution, PDR is improved in the presence of malicious node. PDR is
also affected by the number of nodes and number of connections in the network. Increased number of connections also
reduces PDR.
Fig.5 Impact on packet delivery ratio
Fig. 6 shows the throughput of Network; it is the average rate of the successful message sent over a communication
channel. In the presence of Blackhole node, the throughput of network reduces drastically.

Fig. 6 Impact on throughput
From the Fig. 7 it is observed that there is a slight increase in delay in the normal network as compared to a system
with Blackhole due to immediate reply from Blackhole as they do not check routing table for the route
Fig. 7 Impact on average end to end delay
7. CONCLUSION
Hybrid detection approach is used to detect Blackhole attack. Detection procedure carried out in the early stage
of routing hence in the proposed system there is minimal packet loss. A result has been analyzed with the help
of PDR, throughput and delay metrics. The simulation results obtained shows the effectiveness of the proposed
detection mechanism. In future work, the network can be analyzed with the help of metrics like Jitter, Routing
overhead, energy etc.

References
[1] Lima, M, Dos Santos, AL & Pujolle, G, A survey of Survivability in MANETs, IEEE Communications and
Surveys, vol.11, no.1, pp.66-77,2009.
[2] Hu, Y, Perrig, A & Johnson , A Survey of Secure Wireless Ad hoc Routing, IEEE journals of Security & Privacy,
vol. 2, no.3, pp.28-39,2004.
[3] Broch, J, Maltz, D, Johnson, D, Hu, YC & Jetcheva, J, A Performance Comparison of Multi-Hop Wireless Ad hoc
Network Routing Protocols, Proceedings of the IEEE/ACM conference on Mobile computing and networking,
New York, USA, pp.85-97,1998.
[4] Adnan Nadeem & Michael Howarth ,Protection of MANETs from a range of attacks using an intrusion detection
and prevention system, Proceedings of Springer Telecommunication Systems, vol.52, no.4, pp.2047-2058,2013.
[5] Samir, R, Das, Robert Casta Neda, Jiangtao Yan & Rimli Sengupta, Comparative Performance Evaluation of
Routing Protocols for MANETs, Proceedings of Seventh International Conference on Computer Communications
and Networks, pp.153-161,1998.
[6] Cardenas, Alvaro, A, Benammar, Nassir, Papageorgiou, George, Baras & John, Cross layered Security Analysis of
Wireless Ad hoc Networks, Proceedings of Army Science Conference, pp.1-3,2004.
[7] Yi, S & Kravets, Composite Key Management for Ad hoc Networks, Proceedings of the First Annual
International Conference on Mobile and Ubiquitous Systems: Networking and Services, pp.52-61, 2004.
[8] QiWang, MA & Abu-Rgheff , Cross layer Signalling for Next Generation Wireless Systems, Proceedings of
Wireless Communications and Networking, pp.1084-1089,2003.
[9] Yang, S & Baras, JS , Modeling Vulnerabilities of Ad hoc Routing Protocols, Proceedings of the first ACM
workshop on Security of Ad hoc and sensor networks, pp.12-20,2003.
[10] Hizbullah Khattak, Nizamuddin, Fahad Khurshid, Noor ul Amin , Preventing Black and Gray Hole Attacks in
AODV using Optimal Path Routing and Hash, IEEE, 2013
[11] M. Al-Shurman, S. M. Yoo, S. Park , Blackhole Attack in Mobile Ad Hoc Networks, Proc.42nd Annual ACM
Southeast Regional Conference, ACM-SE42, Alabama, 2004
[12] S. Banerjee, M. Sardar, and K. Majumder, AODV based Blackhole Attack Mitigation in MANET, FICTA,
Advances in Intelligent Systems and Computing , PP. 345-352,2013
[13] M. Rajesh Babu and G. Usha, A Novel Honeypot based Detection and Isolation Approach (NHBADI) to Detect
and Isolate Black Hole Attacks in MANET, Wireless Personal Communications, Volume 90, Issue 2, PP. 831
845, 2016
[14] Seryvuth tan & keecheon Kim, Secure Route Discovery for preventing Blackhole Attacks on AODV based
MANET, IEEE 2013
[15] K. Liu, J. Deng, P. K. Varshney, K. Balakrishnan, An Acknowledgment-Based Approach for the Detection of
Routing Misbehavior in MANETs, IEEE Transaction Mobile Computation, vol. 6, no. 5, PP. 536550, 2007

Detecting and Overcoming Blackhole Attack in MANET Using Bluff Probe' Packet

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Detecting and Overcoming Blackhole Attack in MANET Using Bluff Probe' Packet

Загружено:

Авторское право:

Доступные форматы

IPASJ International Journal of Information Technology (IIJIT)

Web Site: http://www.ipasj.org/IIJIT/IIJIT.htm

Detecting and Overcoming Blackhole Attack in

Keywords: Blackhole, AODV, MANET, Bluff Probe Packet

Volume 5, Issue 6, June 2017 Page 1

2. SECURITY ISSUES IN MANET

Fig 1 Taxonomy of Attacks

Volume 5, Issue 6, June 2017 Page 2

Fig. 2 Working of Blackhole Attack

Volume 5, Issue 6, June 2017 Page 3

3.1 Proposed System

Fig. 3. System Architecture for Bluff Probe-Based Detection

Volume 5, Issue 6, June 2017 Page 4

3.2 Implementation Details

Fig.. 4 Bluff Probe Packet Based Blackhole Detection

6. SIMULATION AND RESULT ANALYSIS

Volume 5, Issue 6, June 2017 Page 5

TABLE 1: Simulation Parameter

Simulator NS-2 (Version 2.35)

Mobility Model Random Waypoint

Simulation Time 200m

Number of Nodes 20-60

Transmission Range 250 m

Traffic Type UDP

Network Area 800 m X 800 m

Fig.5 Impact on packet delivery ratio

Volume 5, Issue 6, June 2017 Page 6

Fig. 6 Impact on throughput

Fig. 7 Impact on average end to end delay

Volume 5, Issue 6, June 2017 Page 7

Volume 5, Issue 6, June 2017 Page 8

Вам также может понравиться