Conference PaperPDF Available

Black hole attack in mobile Ad Hoc networks

Authors:
Mohammad M. Shurman at Jordan University of Science and Technology
Mohammad M. Shurman
Seong-Moo Yoo at University of Alabama in Huntsville
Seong-Moo Yoo
Seungjin Park at Hanyang University
Seungjin Park
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

The black hole problem is one of the security attacks that occur in mobile ad hoc networks (MANETs). We present two possible solutions. The first is to find more than one route to the destination. The second is to exploit the packet sequence number included in any packet header. Computer simulation shows that compared to the original ad hoc on-demand distance vector (AODV) routing scheme, the second solution can verify 75% to 98% of the route to the destination depending on the pause times at a minimum cost of the delay in the networks.
Figures - uploaded by Seong-Moo Yoo
Author content
All figure content in this area was uploaded by Seong-Moo Yoo
Content may be subject to copyright.
Content uploaded by Seong-Moo Yoo
Author content
All content in this area was uploaded by Seong-Moo Yoo
Content may be subject to copyright.
Black Hole Attack in Mobile Ad Hoc Networks
Mohammad Al-Shurman and Seong-Moo Yoo
Electrical and Computer Engineering Department
The University of Alabama in Huntsville
Huntsville, Alabama 35899
E-mail: {al-shum,yoos}@eng.uah.edu
Seungjin Park
Department of Computer Science
Michigan Technological University
Houghton, Michigan 49930
E-mail: spark@mtu.edu
Abstract
The black hole problem is one of the security attacks that occur
in mobile ad hoc networks (MANETs). We present two possible
solutions. The first is to find more than one route to the
destination. The second is to exploit the packet sequence number
included in any packet header. Computer simulation shows that
compared to the original ad hoc on-demand distance vector
(AODV) routing scheme, the second solution can verify 75% to
98% of the route to the destination depending on the pause times
at a minimum cost of the delay in the networks.
Introduction
In recent years the concern over the security of computer
networks has been widely discussed and popularized. The
discussion has, however, typically involved only static and wired
networking while the mobile or ad-hoc networking issues have
not been handled extensively. The emergence of such new
networking approaches sets new challenges even for the
fundamentals of routing since the mobile ad-hoc networks
(MANET) are significantly different from the wired networks.
Moreover, the traditional routing protocols of the Internet have
been designed for routing the traffic between wired hosts
connected to a static backbone; thus, they cannot be applied to ad
hoc networks because the basic idea of such networks is mobility
with dynamic topology [1].
Black hole problem in MANETS [2] is a serious security
problem to be solved. In this problem, a malicious node uses the
routing protocol to advertise itself as having the shortest path to
the node whose packets it wants to intercept. In flooding based
protocol, if the malicious reply reaches the requesting node
before the reply from the actual node, a forged route has been
created. This malicious node then can choose whether to drop
the packets to perform a denial-of-service attack or to use its
place on the route as the first step in a man-in-the-middle attack.
Proposed Solutions for Black Hole
The first proposed solution here for black hole is to find more
than one route to the destination (redundant routes, at least three
different routes). Then, the source node unicasts a ping packet to
the destination using these three routes (we should assign
different packet IDs and sequence number, so any node who
receive the first packet will not drop the second one if it exists in
both paths). The receiver and the malicious in addition to any
intermediate node might have a route to the destination will reply
to this ping request. The source will check those
acknowledgements, and process them in order to figure out
which one is not safe and might have the malicious node.
The second proposed solution exploits the packet sequence
number included in any packet header. The node in this situation
needs to have two extra tables; the first table consists of the
sequence numbers of the last packet sent to the every node in the
network, and the second table for the sequence number received
from every sender. During the RREP phase, the intermediate or
the destination node must include the sequence number of last
packet received from the source that initiates RREQ. Once the
source receives this RREP, it will extract the last sequence
number and then compare it with the value saved in its table. If it
matches the transmission will take place. If not, this replied node
is a malicious node, so an alarm message will be broadcast to
warn the network about this node.
First Solution
In this solution, the sender node needs to verify the authenticity
of the node that initiates the RREP packet by utilizing the
network redundancy. Since any packet can be arrived to the
destination through many redundant paths, the idea of this
solution is to wait for the RREP packet to arrive from more than
two nodes. During this time the sender node will buffer its
packets until a safe route is identified. Once a safe route has
identified, these buffered packets will be transmitted. When a
RREP arrives to the source, it will extract the full paths to the
destinations and wait for another RREP.
Two or more of these nodes must have some shared hops
(in ad hoc networks, the redundant paths in most of the time
have some shared hops or nodes). From these shared hops the
source node can recognize the safe route to the destination. If no
shared nodes appear to be in these redundant routes, the sender
will wait for another RREP until a route with shared nodes
identified or routing timer expired.
This solution can guarantee to find a safe route to the
destination, but the main drawback is the time delay. Many
RREP packets have to be received and processed by the source.
In addition, if there are no shared nodes or hops between the
routes, the packets will never been sent.
Second Solution
Every packet in MANETs has a unique sequence number. This
number is an increasing value, i.e., the next packet must have
higher value that the current packet sequence number. The node
in regular routing protocols keeps the last packet sequence
number that it has received and uses it to check if the received
packet was received before from the same originating source or
not.
In this solution, every node needs to have two additional
small-sized tables; one to keep last-packet-sequence-numbers for
the last packet sent to every node and the other to keep last-
Permission to make digital or hard copies of all or part of this work
for personal or classroom use is granted without fee provided that
copies are not made or distributed for profit or commercial advantage
and that copies bear this notice and the full citation on the first page.
To copy otherwise, or republish, to post on servers or to redistribute to
lists, requires prior specific permission and/or a fee.
ACMSE’04, April 2-3, 2004, Huntsville, AL, USA.
Copyright 2004 ACM 1-58113-870-9/04/04…$5.00.
96
April 2004
Proceedings of the 42nd annual Southeast regional conference ACM-SE 42
Publisher: ACM Press
Fig 1: Routing packets in plain AODV and with the solutions
Fig 2: Routing delay in plain AODV and with the solutions
packet-sequence-numbers for the last packet received from every
node. These tables are updated when any packet arrived or
transmitted. The sender broadcasts the RREQ packet to its
neighbors. Once this RREQ reach the destination, it will initiate
a RREP to the source, and this RREP will contain the last-
packet-sequence-numbers received from this source. When an
intermediate node has a route to the destination and receives this
RREQ, it will reply to the sender with a RREP contains the last-
packet-sequence-numbers received from the source by this
intermediate node.
This solution provides a fast and reliable way to identify
the suspicious reply. No overhead will be added to the channel
because the sequence number itself is included in every packet in
the base protocol.
Computer Simulation
We used the network simulator (ns-2) [3, 4]. A hypothetical
network was constructed for the simulation purpose and then
monitored for a number of parameters. We simulate our model
for 50 nodes. Pause time is varied from 0 to 900 sec. Each
mobile node in the MANET is assigned an initial position within
the simulation dimensions (1000×1000) meters and joins the
network at a random time. The packets are generated using CBR
with rate of 4 packets per sec. The simulation takes place for 900
seconds every run. Nodes are normally distributed when
initialized, and the initial position for the node is specified in a
movement scenario file created for the simulation using a feature
within ns-2. The nodes move randomly among the simulation
area.
We simulate for both Solution 1 and Solution 2 with
relative to the base protocol AODV. For both solutions, since we
did not inject any attacker node (no security model is
implemented in ns-2), we tried to verify the route to the
destination and drop the request if we could not verify the route.
We can see that Solution 1, in the best case, could verify 80%
only of the routing packets, while Solution 2 could verify up to
99%.
For Solution 1, we tried to find more than one path and
process those paths for shared nodes. If at least one shared node
is found, the path is verified. If no shared node is found, we will
wait a specified amount of time (1 sec) to receive more RREP. If
no other RREP arrived, we conclude that the destination cannot
be verified. In Solution 2, the nodes need to exchange some
packets during setting up the network to fill their last-packet-
sequence-numbers tables. We used the sequence number to
verify the identity of the nodes.
Refer to Figure 1. With zero pause time, Solution 1 could
verify only 60% of the routes, while Solution 2 could verify
75%. For both solutions, this percentage is increased as the pause
time is increased. For 900 sec pause time, Solution 1 could
verify 80% of the routes and Solution 2 could verify 98% of the
requests.
In Figure 2, we will study the delay in the network. The
delay in Solution 1 is very large compared to the base AODV.
Solution 2 shows a very close results to the base AODV, and the
difference is negligible.
From the above results we can see that we can avoid the
black hole problem. Solution 1 has a longer delay and lower
number of verified routes than Solution 2, but Solution 1 appears
to be more secure than Solution 2 in the sense that, in Solution 2,
the attacker node can listen to the channel and update the tables
for the last packet sequence number. We are trying to merge both
solutions to find a better solution for the black hole problem.
Future Work
In this paper we have proposed two solutions for the black hole
problem. Here, we have studied only one node attack to be in the
route (not a group of attackers). The group attack for this
problem should be studied.
References
1. Janne Lundberg, Helsinki University of technology,
"Routing Security in Ad Hoc Networks"
http://citeseer.nj.nec.com/400961.html.
2. H. Deng, W. Li, and Dharma P. Agrawal, "Routing
Security in Ad Hoc Networks,"IEEE Communications
Magazine, Special Topics on Security in
Telecommunication Networks, Vol. 40, No. 10, October
2002, pp. 70-75.
3. University of California and Lawrence Berkeley
Laboratory, AODV source code for network simulator,
1997.
4. Network Simulator Official Site for Package
Distribution, web reference,
http://www.isi.edu/nsnam/ns.
97
... As a result, the source node uses the forged route to send the data that will be deleted by the malicious node. [6]. ...
... The method proposed by [5] uses sequence number-based detection: the source node compares the sequence number received in the RREP with a threshold value [6]. If the sequence number received in the RREP is greater than the threshold, the RREP is suspected of being sent by a malicious party. ...
Intrusion Detection Based On Neural Networks In Iot
Article
  • Jan 2024
Artificial neural networks (ANNs) are biologically inspired computer networks used for a wide variety of problems, based on supervised learning and comprising three layers: input, hidden and output.The Internet of Things or IoT is a set of objects, sensors, and other elements connected to an Internet or other networks, these nodes make it possible to collect and exchange data. The nature of the nodes exposes IoT to many types of attacks. in particular, the Blackhole attack. This attack is one of the active and dangerous attacks in the network layer. Therefore, in this article, a performant approach to detect and suppress the Blackhole attack in IoT in the environment of AODV routing protocol using a neural network. The simulation result on NS2 shows the efficiency of the proposed system and the speed of detection of the malicious node.
View
... However, the proposed approach is used for detecting single blackholes in the AODV protocol, and it is not appropriate for detecting collaborative blackhole attacks. Similarly, Al-Shurman et al. [13] suggested two methods to discover single blackholes in the AODV protocol. The first method takes advantage of the multiple paths to a destination. ...
... Next, each watchdog broadcasts its reputation table to its neighbors (step 9). When an aggregator receives different reputation values about the same node, the aggregator computes the average of these reputations (steps [10][11][12][13]. From all neighbors of a watchdog, only the reputation aggregators of the watchdog are allowed to forward the reputation table of the watchdog (steps [15][16][17][18]. ...
A Reputation-Based AODV Protocol for Blackhole and Malfunction Nodes Detection and Avoidance
Article
Full-text available
Enhancing the security of Wireless Sensor Networks (WSNs) improves the usability of their applications. Therefore, finding solutions to various attacks, such as the blackhole attack, is crucial for the success of WSN applications. This paper proposes an enhanced version of the AODV (Ad Hoc On-Demand Distance Vector) protocol capable of detecting blackholes and malfunctioning benign nodes in WSNs, thereby avoiding them when delivering packets. The proposed version employs a network-based reputation system to select the best and most secure path to a destination. To achieve this goal, the proposed version utilizes the Watchdogs/Pathrater mechanisms in AODV to gather and broadcast reputations to all network nodes to build the network-based reputation system. To minimize the network overhead of the proposed approach, the paper uses reputation aggregator nodes only for forwarding reputation tables. Moreover, to reduce the overhead of updating reputation tables, the paper proposes three mechanisms, which are the prompt broadcast, the regular broadcast, and the light broadcast approaches. The proposed enhanced version has been designed to perform effectively in dynamic environments such as mobile WSNs where nodes, including blackholes, move continuously, which is considered a challenge for other protocols. Using the proposed enhanced protocol, a node evaluates the security of different routes to a destination and can select the most secure routing path. The paper provides an algorithm that explains the proposed protocol in detail and demonstrates a case study that shows the operations of calculating and updating reputation values when nodes move across different zones. Furthermore, the paper discusses the proposed approach’s overhead analysis to prove the proposed enhancement’s correctness and applicability.
View
... Finding multiple routes to the destination is the first step. The second is to make use of the packet header's packet sequence number [15]. Using the leach protocol, we have suggested a defense method in this research against blackhole attacks on sensor networks [16]. ...
A Novel Survey on Comparison of Blackhole Attack Detection Techniques
Article
Full-text available
  • Sep 2024
Black hole attacks occur when a hacker takes control of a collection of nodes, modifies their programming, and blocks packets from being forwarded to the base station. This results in data being grabbed and traveling to the attacker's (black hole) area. By separating the network, these attacks are easy to develop and have the potential to reduce system efficiency, preventing base stations from receiving crucial information. Blackhole nodes can cause parameters of network performance such as throughput and end-to-end delay to change, with throughput falling and end-to-end delay rising. This paper highlights the efficiency and limitations with a comparative analysis of all existing approaches. This paper illustrated results using the AODV protocol for black hole attack detection using the Cuckoo search algorithm. The network is created for 15 nodes using a network simulator. Keyword: Blackhole, Attack, Security, Network-Simulator, Detection.
View
... Al-Shurman et al. [30] proposed a solution requiring additional computation which results in an increased overhead. The source node stores the sequence numbers of the last packets sent and the last packets received in two separate tables. ...
Analysing the Performance of a Trust-Based AODV in the Presence of a Flooding Attack
Article
Full-text available
  • Mar 2024
Mobile ad hoc networks (MANETs) are wireless multi-hop networks that do not rely on any fixed infrastructure, unlike traditional networks. Nodes in MANETs are formed dynamically and are free to move in any direction at variable speeds. The special characteristics of MANETs make them vulnerable to flooding attacks, which can have a negative impact on their performance. Moreover, due to their nature, employing solutions designed for traditional networks is not feasible. One potential solution to enhance the performance of MANETs in the face of network attacks is to implement trust management. This paper evaluates the performance of Ad hoc On-Demand Distance Vector (AODV) Routing in the presence of a flooding attack. We propose a direct trust management scheme to detect and isolate malicious nodes and implement this scheme on AODV. We name the modified protocol Trusted AODV (TAODV) and, finally, compare the performance of AODV and TAODV when both are under a flooding attack to measure the improvement achieved by our suggested scheme.
View
Review of Black Hole Attack in the AODV Routing Protocol and Providing a Solution for Detection and Mitigation
Conference Paper
Full-text available
  • Feb 2017
Special networks include a set of a collection that can operate independently and establish communication through various sub-networks, allowing for high-speed data transfer without relying on infrastructure. These networks play a significant role in different environments and are essential for practical applications, especially in emergency situations. They can effectively respond to the needs for real-time communication under dynamic conditions. This study highlights the importance of these networks and their unique capabilities, focusing on their use in scenarios requiring rapid and reliable communication. The research will also explore the security challenges associated with these networks, particularly concerning various attack types. One of the critical focus areas of this research is the security mechanisms in place and the effectiveness of the AODV routing protocol against specific challenges. This study aims to assess and compare these mechanisms concerning the challenges identified.
View
View
Enhanced Security and Performance in MANETs with Blockchain and Deep Learning
Thesis
Full-text available
  • Nov 2024
Enhanced Security and Performance in MANETs with Blockchain and Deep Learning
View
Mechanism for Detecting and Preventing Security Attacks in VANET
Conference Paper
  • Jul 2024
Nowadays communication networks have become very popular. Such types of networks are ad-hoc networks that are categorized into mainly two types, MANET and VANET. MANET is a Mobile ad hoc network that deals with mobile node communication. VANET is a vehicular ad hoc network its main aim is to ensure communication among vehicles while moving to improve safety for drivers by maintaining the autonomous system among vehicles. In VANET each vehicle acts as the intelligent sensor node which is governed by a high mobility system with a dynamic network. These networks are decentralized dynamic networks that are in motion every time and need fast and secure communication among the vehicles. VANET is more vulnerable to attacks. Attacks include various DoS, Warm hole, and Blackhole attacks. Many algorithms have been proposed in the past to investigate various attacks and to provide solutions to prevent these attacks. This document investigates various attacks over VANET and gives an analysis of various algorithms proposed in the past. A study of AODV and its applicability to detect various types of attacks has been presented. In this algorithm, the source node prepares the look-up table to store the route reply packets from all the nodes. It stores the route reply in ascending order. The priority of route replies is taken from the recent sequence numbers. The high sequence number route replies are discarded assuming these routes are obsolete now. This newly submitted algorithm to remove the various attacks has been designed and simulated using Network Simulator 2. It is also being compared with the existing algorithms. It proves the improvement in the detection and prevention of Blackhole attacks. NS2 simulator has been used for simulating this work.
View
Four Optimization Meta-heuristic Approaches in Evaluating Groundwater Quality (Case study: Shiraz Plain)
Article
  • Jun 2024
Estimating and predicting groundwater quality characteristics so that managers may make management decisions is one of the critical goals of water resource planners and managers. The complexity of groundwater networks makes it difficult to predict either the time or the location of groundwater. Many models have been created in this area, offering better management to preserve water quality. Most of these models call for input parameters that are either seldom accessible or expensively and laboriously measured. A better option among them is the Artificial Neural Network (ANN) Model, which draws inspiration from the human brain. This study uses Na + , Mg2 + , Ca2 + , Na%, K + , SO42 − , Cl − , pH, and HCO3 − quality parameters to estimate the Sodium Adsorption Ratio (SAR). The Shiraz Plain's groundwater quality was simulated using four optimization meta-heuristic methods, including biography-based optimization (BBO), black hole attack (BHA), sequential forward selection (SFS), and multi-verse optimization (MVO). These methods excel in adaptability, convergence speed, feature selection, diversity of solutions, and robustness to complex and noisy datasets, ultimately leading to more accurate and efficient predictive models than earlier methods. A statistical period of 16 years (2002–2018) was used to collect the groundwater quality data for the Shiraz plain to accomplish this purpose. The findings showed that the SFS-MLP approach was more accurate than the other methods with training and testing dataset values of R2 = 0.9996 and 0.99923, RMSE = 0.04929 and 0.072, and MAE = 0.039357 and 0.048968, respectively. Additionally, the findings demonstrated that the SFS-MLP approach has a high capacity and accuracy for predicting and modeling groundwater quality. This study's findings also show that intelligence models and optimization algorithms may be used to mimic groundwater quality parameters effectively.
View
A Survey on Blockchain Scalability: From Hardware to Layer-Two Protocols
Article
  • Jan 2024
Despite the great success of blockchain systems in recent years, blockchains still struggle to provide the same level of latency and throughput as centralized financial systems. The core of this problem lies in the inefficiency of consensus protocols. In this paper, we provide a survey on recent efforts to improve the scalability of blockchains. We focus on layer-two protocols, such as payment channel networks and transaction rollups, which process computations off-chain and only use consensus for dispute resolution. Layer-two protocols are expected to process microtransactions with sub-second latency and reduced fees, allowing blockchains to scale. Much of this work addresses the open challenges of payment channel networks, such as payment routing, channel rebalancing, network design strategies, security and privacy, payment scheduling, congestion control, simulators, and support for light nodes. We also dedicate a section to the existing implementations of smart-contract-based transaction rollups. Our work systematizes the state-of-the-art layer-two protocols, paving the way for future advances.
View
Routing security in wireless ad hoc networks
Article
Full-text available
  • Nov 2002
A mobile ad hoc network consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Routing plays an important role in the security of the entire network. In general, routing security in wireless MANETs appears to be a problem that is not trivial to solve. In this article we study the routing security issues of MANETs, and analyze in detail one type of attack-the "black hole" problem-that can easily be employed against the MANETs. We also propose a solution for the black hole problem for ad hoc on-demand distance vector routing protocol.
View
Routing Security in Ad Hoc Networks
Article
  • Feb 2001
The existing ad hoc routing protocols do not accommodate any security and are highly vulnerable to attacks. We discuss threats and attacks against ad hoc routing under several areas of application. We also look at some suggested solutions that could be used when secure protocols are designed. The current protocols should not be used in hostile environments unless the applications are especially designed to operate under insecure routing or until protocols with enhanced security are introduced. 1 Introduction An ad hoc network is an infrastructureless network where the nodes themselves are responsible for routing the packets. In the traditional Internet, routers within the central parts of the network are owned by a few well known operators and are therefore assumed to be somewhat trustworthy. This assumption no longer holds in an ad hoc network since all nodes entering the network are expected to take part in routing. Also, because the links are usually wireless, any security th...
View