Conference Paper

Cooperative black and gray hole attacks in mobile ad hoc networks

DOI: 10.1145/1352793.1352859 Conference: Proceedings of the 2nd International Conference on Ubiquitous Information Management and Communication, ICUIMC 2008, Suwon, Korea, January 31 - February 01, 2008
Source: DBLP

ABSTRACT In this paper, we propose a complete protocol to detect a chain of cooperating malicious nodes in an ad hoc network that disrupts transmission of data by feeding wrong routing information. Our technique is based on sending data in equal but small sized blocks instead of sending whole of data in one continuous stream. The flow of traffic is monitored independently at the neighborhoods of both source and destination. The results of monitoring are gathered by a backbone network of trusted nodes. With assumption that a neighborhood of any node in the ad hoc network has more trusted nodes than malicious nodes, our protocol can not only detect but also remove a chain of cooperating malicious nodes (gray/black hole) by ensuring an end-to-end checking between the transmission of two blocks of data. The protocol takes O(mdBN) time for detection and removal of gray/black holes chain which betters an earlier O(n2) time bound [4] for detecting a single black hole in the network. Here, m is the number of malicious nodes in the network, dBN is the diameter of a backbone network formed out of the flat ad hoc network, and n is the total number of nodes in the ad hoc network.

Download full-text


Available from: Ratan K. Ghosh, Jan 30, 2014
235 Reads
    • "A further extension of our work would imply the combination and evaluation of our technique with others which specifically deal with collusion attacks. For instance, our scheme might be complemented by performing some end-to-end checking, like the one proposed in [31]. This would determine if data packets truly reach the destination and, therefore, chains of colluding attackers could be detected. "
    [Show abstract] [Hide abstract]
    ABSTRACT: This work introduces a model of data forwarding in MANETs which is used for recognizing malicious packet dropping behaviors. First, different legitimate packet discard situations are modeled, such as those generated by collisions, channel errors or mobility related droppings. Second, we propose an anomaly-based IDS system based on an enhanced windowing method to carry out the collection and analysis of selected cross-layer features. Third, a real deployment of the IDS is also considered by suggesting a methodology for the collection of the selected features in a distributed manner. We evaluate our proposal in a simulation framework and the experimental results show a considerable enhancement in detection results when compared with other approaches in the literature. For instance, our scheme shows a 22% improvement in terms of true positives rate and a remarkable 83% improvement in terms of false positives rate when compared to previous well-known statistical solutions. Finally, it is notable the simplicity and lightweightness of the proposal.
    Computer Networks 05/2015; 87. DOI:10.1016/j.comnet.2015.05.012 · 1.26 Impact Factor
  • Source
    • "In contrast, our work has a broader scope since we also ensure trustworthy PDR reporting. There are efforts on detecting wormhole [17], blackhole, grayhole [4] and jellyfish attacks [18]. Hu et al. [19] propose the use of temporal and geographical leashes to detect the wormhole links. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Selecting high performance routes in wireless networks requires the exchange of link quality information among nodes. Adversaries can manipulate this functionality by advertising fake qualities for links; by doing so, they can attract routes and subsequently launch pernicious attacks. Our measurements suggest that malicious route attraction can fatally impact throughput. We design a framework that is effective against both independent and colluding attackers. In the latter case, we consider both local and remote colluders. With local collusion, malicious nodes exchange and advertise fake routing information to increase the probability of being selected as relays. Remote collusion refers to nodes residing in distant parts of the network that (i) create sybil identities in a local neighborhood and / or (ii) utilize link quality reports to advertise fake links. Our framework combines packet signing and frequency hopping to accurately detect the adversaries. We implement the framework on our testbed and conduct experiments to assess its efficacy. We observe that our framework provides significant throughput benefits by detecting attackers with 90% accuracy.
    IEEE 8th International Conference on Mobile Adhoc and Sensor Systems, MASS 2011, Valencia, Spain, October 17-22, 2011; 10/2011
  • Source
    • "The behavior of each node in the route is monitored by all the neighbors of that node. We employ the idea of dividing the total traffic volume into a set of small data blocks [7] "
    [Show abstract] [Hide abstract]
    ABSTRACT: Mobile ad hoc networks (MANET) are widely used in placeswhere there is little or no infrastructure. A number of peoplewith mobile devices may connect together to form a large group.Later on they may split into smaller groups. This dynamicallychanging network topology of MANETs makes it vulnerable for awide range of attack. In this paper we propose a completeprotocol for detection & removal of networking Black/GrayHoles.
    International Journal of Computer Applications 02/2010; 1(22). DOI:10.5120/445-679 · 0.82 Impact Factor
Show more