Gray and Black Hole Attack Identification Using Control Packets in Manets

Download as pdf or txt
Download as pdf or txt
You are on page 1of 9

Available online at www.sciencedirect.

com

ScienceDirect
Procedia Computer Science 54 (2015) 83 – 91

Eleventh International Multi-Conference on Information Processing-2015 (IMCIP-2015)

Gray and Black Hole Attack Identification using


Control Packets in MANETs
Arvind Dhakaa,∗ , Amita Nandalb and Raghuveer S. Dhakac
a Department of CSE, NIT Hamirpur, H.P.
b Department of ECE, NIT Hamirpur, H.P.
c Department of CSE, Mody University of Science & Technology, Laxmangarh, Sikar, Rajasthan

Abstract
A Mobile Ad hoc Network (MANET) is a group of mobile nodes which cooperate in forwarding packets in a multi-hop fashion
without any centralized administration. One of its key challenges is finding the malicious node in MANETs. In the literature many
techniques have been proposed by researchers. In this paper we have proposed a scheme in which we are sending a control sequence
to the neighbour nodes and we are expecting the nodes response. Based on the node response we can identify the malicious node.
© 2015
2015 The
TheAuthors.
Authors.Published
Published byby Elsevier
Elsevier B.V.B.V.
This is an open access article under the CC BY-NC-ND license
Peer-review under responsibility of organizing committee of the Eleventh International Multi-Conference on Information
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under (IMCIP-2015).
Processing-2015 responsibility of organizing committee of the Eleventh International Multi-Conference on Information
Processing-2015 (IMCIP-2015)
Keywords: Control Sequence; MANET; Malicious node; Black hole; Network protocol; ABM.

1. Introduction

Attacks in MANETs generally purpose and they are first is not to forward the packet or change the parameters of
routing messages and to exhaust the battery of nodes by make them traversing the wrong packet in wrong direction and
they also change the parameters of the packets such as sequence numbers and by using mechanism like authentication
or cryptography as a preventive approach and can be used against attackers. By means of these mechanisms we can
only prevent attacks from outside but not from inside any node inside by using this information can cause hazards
in the network. This may lead to false positive detection of a non-malicious node. Another malicious behavior of the
nodes is selfishness. Selfish nodes refrain from consuming its resources; such as battery, by not participating in network
operations. Therefore failed and selfish nodes also affect the network performance as they do not correctly process
network packets, such as in routing mechanism. We should, therefore ensure that everything is correctly working in
the network to support overall security and know how an insider is able to attack the wireless ad-hoc network.
The unique characteristics of ad hoc networks present a host of research areas related to security, such as secure
routing protocols, instruction detection and trust based models. The most important concern for Mobile Ad-Hoc is the
Security. Different types of attacks are applied in MANETs open medium, changing its topology dynamically and lack
of central monitoring and management, no clear defense mechanism and cooperative algorithms.

∗ Corresponding author. Tel.: 09882530593.


E-mail address: a arvind.neomatrix@gmail.com

1877-0509 © 2015 The Authors. Published by Elsevier B.V. This is an open access article under the CC BY-NC-ND license
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under responsibility of organizing committee of the Eleventh International Multi-Conference on Information Processing-2015 (IMCIP-2015)
doi:10.1016/j.procs.2015.06.010
84 Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91

There are Different types of attacks and they affects the MANETs like Wormhole attack, flooding attack, Black hole
attack, routing table overflow attack, Denial of Service (DoS), Sybil attack, selfish node misbehaving, impersonation
attack are kind of attacks that affect to MANET8–10 . Due to some Characteristics like dynamic, infrastructure less and
scalable MANET is very popular.
In the literature many techniques were introduced by researchers to find the malicious node in the MANETs. In this
paper we have proposed an approach to find the malicious node at the time of channel accessing time that is in MAC
layer operations itself. The rest of paper is organized as follows: Section 2 briefs about motivation; Section 3 describes
literature. Section 4 details about proposed algorithm. Section 5 details about simulation parameters and performance
measures. Finally paper is concluded in section 6.

2. Motivation

Today in communication world MANET is the very important part. MANET is also called Infrastructure
less network. The information flow between source & destination. Currently wireless devices are achieved via
infra-structure based fix service provider, or private networks. For example laptops are connected to Internet through
access points. Infra-structure based network takes time and cost setup. In geographic area networking connection is
not available. So in this condition connection and services becomes big problem. For all reason we capture all mobile
devices which are connected to each other in the transmission radio wave range using automatic configuration in the
ad hoc network that is both flexible and powerful.
Applications of ad hoc network range from military operations and emergency disaster relief to interaction between
attendees at a meeting and students during a lecture. These types of applications demand a secure and reliable
communication. This type of networks is generally more vulnerable to information and physical security threats than
fixed wired networks. Vulnerability of nodes and absence of infrastructure and dynamically changing topology make
ad hoc networks security a difficult task4 . Broadcast wireless channels allows message eavesdropping. Nodes do not
reside in physically protected places and they can easily fall under the attacker’s control. The absence of infrastructure
makes the classical security solutions based on certification authorities and on-line servers inapplicable. The security
of routing protocols in the MANET dynamic environment is an additional challenge.

3. Literature Review

Most of the previous research on ad hoc networking has been done focusing only upon the efficiency of the
network. A number of routing protocols proposed5 that are excellent in terms of efficiency. However, they were
generally designed for a non-adversarial network setting that assumes a trusted environment hence there is no security
mechanism has been considered. But there are more realistic setting such as a battle field or a police rescue operation
in which an attacker may attempt to disrupt the communication; a secure ad hoc routing protocol is highly desirable.
A mobile ad hoc network (MANET) sometimes called a wireless ad hoc network or a mobile mesh network. In it there
is no need to establish the infrastructure or centralized administration such as a base station or an access point1–4 .
Mobile nodes are communicate directly via wireless links. In ad hoc network each node acts both as a host and router
is used to forward the data to another node. Ad hoc wireless network can be deployed quickly anywhere and anytime.
For security purpose an ad hoc network, satisfies the following Characteristic like confidentiality, non-repudiation,
availability, integrity, authenticity6, 7.
Piyush et al.11 proposed a solution where source and destination nodes carry out end-to-end checking to determine
whether the data packets have reached the destination or not. If the checking fails then the backbone network initiates
a protocol for detecting malicious nodes. But, it works on assumption that any node in the network has more trusted
nodes as neighbors than malicious nodes which may not be likely in many scenarios. If malicious nodes are more in
numbers, this solution becomes vulnerable.
Chen et al.12 presented a solution consisting of two related algorithms: key management algorithm based on gossip
protocol and detection algorithm based on aggregate signatures. According to their solution, each node involved in a
session must create a proof that it has received the message; when source node suspects some misbehavior, Checkup
algorithm checks intermediate nodes and according to the facts returned by the Checkup algorithm, it traces the
Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91 85

malicious node by Diagnosis algorithm. This solution may generate high traffic and computational cost of detection
algorithm may be very high due to the basic limitations of gossip protocol and aggregate signatures.
A mechanism is proposed by Sukla et al.13 in which before sending any block, source sends a prelude message
to destination to make it aware about communication; neighbors monitor flow of traffic; after end of transmission,
destination sends postlude message containing the number of packets received. If the data loss is out of acceptable
range, the process of detecting and removing all malicious nodes is initiated by collecting response from monitoring
nodes and the network. The mechanism has routing overhead increased due to additional routing packets.
For detecting packet forwarding misbehavior, Oscar et al.14 proposed an algorithm that use the principle of flow
conservation and accusation of nodes that are constantly misbehaving. Selecting correct threshold of misbehavior
allows distinguishing well-behaved and misbehaved nodes. However, the average throughput cannot reach that of a
network where there is no misbehaving node present because the algorithm requires definite time to gather the required
data to identify and to accuse misbehaving nodes. Therefore, misbehaving nodes can drop packets before being accused
and isolated from the network during the preliminary phase.
A trust-based approach is proposed by Arshad et al.15 that uses passive acknowledgement as it is simplest; it uses
promiscuous mode to observe the channel that allows a node to identify any transmitted packets irrelevant of the actual
destination that they are intended for. Thus, a node can make sure that packets it has sent to the neighboring node for
forwarding are indeed forwarded. Routing choices are made based on two parameters: trust and hop-count; therefore,
the selected next hop gives the shortest trusted path. Though, monitoring overall traffic would have been a better choice
instead of monitoring one node’s request.
Ming-Yang et al.16 proposed an intrusion detection system called Anti-Blackhole Mechanism (ABM) in which
the suspicious value of a node is estimated according to the amount of abnormal difference between RREQs and
RREPs transmitted from the node; all nodes perform Anti-Blackhole Mechanism (ABM), and intermediate nodes are
prohibited to reply to RREQs, if an intermediate node is not the destination and never broadcasts RREQ for a specific
route, but forward a RREP for the specific route, then its abnormal value will be increased in the nearby node’s
abnormal node table. When the suspicious value of a node goes beyond threshold, a Block message is broadcasted by
the node to all other nodes in the network to isolate the suspicious node cooperatively. Though, the solution assumes
that an authentication mechanism already exists in MANET.
An approach is discussed by Latha et al.17 in which the requesting node waits for a specific time for replies from
neighbors that include the next hop details. After the specific time, Collect Route Reply Table is verified to know
whether there is any repeated next-hop-node or not. Existence of repeated next-hop-node in the reply paths indicates
the truthful paths or limited chance of malicious paths. Though, the process of finding repeated next hop node increases
overhead.
Payal et al.18 suggested a protocol DPRAODV that finds a threshold value and compares that with difference of
sequence number of reply packet and that of route table entry. If it is higher than the threshold value, the node sending
reply is added to a list of blacklisted nodes. Then blacklisted node is sent to its neighbors to inform that reply packets
from the malicious node are discarded. The protocol contains higher routing overhead due to addition of the ALARM
packets.

4. Proposed Approach

In the existing AODV Routing protocol we have been introducing two packets which are Response sequence (Rseq)
packet and Code Sequence Packet (Cseq). These packets are transmitted in the AODV-MAC layer when a node wants
to access the channel. Each intermediate node sends the Cseq to all its neighbours then neighbours intern send their
Rseq to the intermediate node. If the Cseq and Rseq matches from the neighbour then the Intermediate node allow
the connection to the network layer, Otherwise, it discard the node and send the information to all other nodes that
particular node as malicious one.
It checks the fix value of sequence packet in the Code sequence table. If seq packet is match with respective Cseq
packet than the Rseq packet is accepted; otherwise it is discarded. Figure 1 shows the route discovery process in
AODV in the presence of a malicious node D. Source node A broadcasts Code sequence packet (Cseq) within its
communication range, B,C,E,F and G receive the Cseq packet and re-broadcasts Cseq to their neighbors until a node
86 Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91

Fig. 1. Root discovery process with proposed approach.

having a valid route. Each node sends Rseq packet to the source node on the reverse path of Cseq. The malicious
node D sends Rseq to the source but source node check it with the Cseq packet then the result comes different.
The Proposed method is used to prevent the malicious node and find the secured routes in the MANETs by using
the criteria as follows.
If there is large difference between the Cseq of source node and Rseq of neighbor or intermediate node who has
sent back Rseq or not. Generally the first route reply will be from the malicious node with high destination sequence
number. Which are stored in the first entry of Cseq-Table. Then compare the destination Rseq with the Cseq in the
table.

4.1 Malicious node finding algorithm

Algorithm: Cseq and Rseq Method

Parameters: DS-ID – Destination Sequence ID, NID – Node ID, MN-ID – Malicious Node ID, SS-ID Sending
Sequence ID.
Step 1: Initialization Process
Start the route discovery phase at source node A.
Step 2: Storing Process
Store all the Route Replies DS-ID and NID in Cseq Table.
Step 3: Identify and Remove Malicious Node.
Retrieve from Cseq Table
If DS-ID is much greater than SS-ID then discard entry from Cseq Table as Select DS-SID from table.
If (DS-SID >= SS-ID)
{
Malicious Node = Node Id
Discard entry from table
}
Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91 87

Step 4: Node Selection Process


Sort the contents of Cseq Table entries according to the DS-ID. Select the NID having highest DS-SID among
RR-table entries.
Step 5: Continue default process.
Call Rseq method of default AODV Protocol. This is how malicious node is identified and removed from the network
and the routing table for that node is not maintained.
The control messages from the malicious node are not forwarded in the network. So to maintain freshness, the Cseq
Table is flushed once a route request is chosen from it. Then the operation of the proposed protocol is the same as that

Fig. 2. Flow chart for node receiving Rseq.


88 Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91

Fig. 3. Flow chart for node sending Cseq.

Fig. 4. Flow chart for node receiving Cseq.


Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91 89

Fig. 5. Data flow between Node 2 and Node 5 via Node 1 and Fig. 6. Data flow between Node 2 and Node 5 via Node 3 and
Node 6. Node 4.

of the original AODV. No modification is required in the default operations of AODV Protocol. Figures 2–4 shows
respective flow charts as per proposed method.

4.2 Advantages of proposed algorithm

The malicious nodes are identified at the initial stage itself and immediately removed so that it cannot take part in
further process. With no delay the malicious node is easily identified therefore we said before all the routes has unique
sequence id. Normally the malicious node has the highest Destination Sequence id and it is the first Rseq to arrive.
So the comparison is made only to the first entry in the table without checking other entries in the table.

5. Simulation Parameters and Measured Metrics

The proposed scheme has been carried out using the network simulator NS-2. The 802.11 MAC layer implemented
in NS-2 is used for simulation.
In the first scenario where there is not a Black Hole AODV Node, connection between Node 5 and Node 4 is
correctly flawed when we look at the animation of the simulation, using NAM. Figure 5 shows the data flow from
Node 2 to Node 5. When the Node 1 leaves the propagation range of the Node 2 while moving, the new connection is
established via Node 3. The new connection path is shown in Fig. 6. Figure 7 shows how the Black Hole AODV Node
absorbs the traffic. To figure out how the second packet came to source node, we created a simulation scenario with
node positions shown in Fig. 8. In the scenario, Node 0 is the sending node, Node 1 is black hole node and Node 5 is
the receiving node.
To figure out how the second packet came to source node, we created a simulation scenario with node positions
shown in Fig. 8. In the scenario, Node 0 is the sending node, Node 1 is black hole node and Node 5 is the receiving
node.
An improved version of random way point model is used as the model of node mobility. Performances of the three
protocols are evaluated: (i) Standard AODV protocol, (ii) AODV with two malicious nodes cooperating in a blackhole
attack, and (iii) AODV with the proposed algorithm. The scenarios developed to carry out the tests use one parameters
i.e. the mobility of the nodes. In Fig. 9, packet delivery ratio is plotted against the mobility of the nodes. It is observed
that AODV performs better for lower node mobility rates. The delivery rate starts dropping with increasing mobility
of the nodes. In Fig. 10 End to end delay is plotted against the mobility of the nodes. As compared to other solution
90 Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91

Fig. 7. Node 0 (Black Hole Node) absorbs the connection Node 2 to Node 5. Fig. 8. Test simulation to show two RREP message.

Fig. 9. Node mobility vs packet delivery ratio (PDR). Fig. 10. Node mobility vs average end to end delay.

this proposed work produce decreases end to end delay. The performance of the network significantly reduces when
AODV is under the cooperative blackhole attack, and when the mobility of the nodes in the network increases.

6. Conclusion

Security issues have been overlooked while designing routing protocols for ad-hoc networks. Through default
AODV protocol, it is easier to breach the security of a MANET. AODV is susceptible to many attacks including Gray
hole and Black hole attacks. In this work we investigated some of the existing solutions for these attacks and proposed
a novel approach to counter these attacks that efficiently finds short and secure route to the destination. The theoretical
analysis shows that our approach would greatly increase PDR with negligible difference in routing overhead. The
algorithm is equally applicable to other reactive protocols.

References

[1] C. Siva Ram Murthy and B. S Manoj, Ad Hoc Wireless Networks, Architecture and Protocols, Prentice Hall PTR, (2004).
[2] Stefano Basagni, Macro Conti, Silvia Giordano and Ivan Stojmenovic, Mobile Ad Hoc Networks. IEEE Press: A John Wily & Sons INC.,
(2003).
Arvind Dhaka et al. / Procedia Computer Science 54 (2015) 83 – 91 91

[3] George Aggelou, Mobile Ad Hoc Networks, 2nd Edition: Mc GRAW Hill Professional Engineering, (2004).
[4] ImrichChlamtac, Marco Conti and Jenifer J.-N. Liu, Mobile Ad Hoc Networking: Imperatives and Challenges, Elsevier Network Magazine,
vol. 13, pp. 13–64, (2003).
[5] E. M. Belding-Royer and C. K. Toh, A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks, IEEE Personal
Communications Magazine, pp. 46–55, (1999).
[6] Banerjee, S. Detection/Removal of Cooperative Black and Gray Hole Attack in Mobile Ad-Hoc Networks, In Proceedings of the World
Congress on Engineering and Computer Science, (2008).
[7] S. Jain, M. Jain and H. Kandwal, Advanced Algorithm for Detection and Prevention of Cooperative Black and Gray Hole Attacks in Mobile
Ad Hoc Networks, J. Computer Applications, vol. 1(7), pp. 37–42, (2010).
[8] Agrawal, P., Ghosh, R. K. and Das, S. K.. Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc Networks, In Proceedings of the 2nd
International Conference on Ubiquitous Information Management and Communication, Suwon, Korea, pp. 310–314, (2008).
[9] Baadache and A. Belmehdi, Avoiding Black Hole and Cooperative Black Hole Attacks in Wireless Ad Hoc Networks, J. Comp. Sci. and
Info. Security, vol. 7(1), pp. 10–16, (2010).
[10] H. Weerasinghe and H. Fu, Preventing Cooperative Black Hole Attacks in Mobile Ad Hoc Networks, Int. J. of Soft. Eng. and Its App.,
vol. 2(3), pp. 39–54, (2008).
[11] Piyush Agrawal, R. K. Ghosh and Sajal K. Das, Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc Networks, 2nd International
Conference on Ubiquitous Information Management and Communication, pp. 310–314, (2008).
[12] Chen Wei, Long Xiang, Bai Yuebin and Gao Xiaopeng, A New Solution for Resisting Gray Hole Attack in Mobile Ad-Hoc Networks, Second
International Conference on Communications and Networking in China, pp. 366–370, (2007).
[13] Sukla Banerjee, Detection/Removal of Cooperative Black and Gray Hole Attack in Mobile Ad-Hoc Networks, World Congress on
Engineering and Computer Science, pp. 337–342, (2008).
[14] Oscar F. Gonzalez, Godwin Ansa, Michael Howarth and George Pavlou, Detection and Accusation of Packet Forwarding Misbehavior in
Mobile Ad-Hoc Networks, Journal of Internet Engineering, vol. 2(1), pp. 181–192, (2008).
[15] Arshad Jhumka, Nathan Griffiths, Anthony Dawson and Richard Myers, An Outlook on the Impact of Trust Models on Routing in Mobile,
(2008).
[16] Ming-Yang Su, Prevention of Selective Black hole Attacks on Mobile Ad hoc Networks through Intrusion Detection Systems, Computer
Communications, (2010).
[17] Latha Tamilselvan and V. Sankaranarayanan, Prevention of Blackhole Attack in MANET, The 2nd International Conference on Wireless
Broadband and Ultra Wideband Communications, pp. 21–26, (2007).
[18] Payal N. Raj and Prashant B. Swadas, DPRAODV: A Dynamic Learning System Against Black Hole Attack in AODV based Manet,
International Journal of Computer Science Issues, vol. 2(3), pp. 54–59, (2010).

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy