International Journal of Recent Advancement in Engineering & Research

Volume 2, Issue 1 January; -2016

Black Hole Attack in Wireless Mobile Adhoc Networks

Rajendra S Ahir2, Divyang Pandit1
1,2

M.E Student, Gujarat Technological University

Abstract-The mobile Ad hoc network (MANET) is made up number of mobile nodes deployed without
any specific infrastructure. Security is important in mobile ad hoc networks to provide protected
communication between the nodes. MANETs are vulnerable to various attacks and blackhole attack is
among them. The blackhole attack will disturb the network and it affects the network performance. It is
one of DoS(Denial of Service) attack in which the malicious node claims to have the shortest path to the
destination. It will easily drop them instead of forwarding to the destination when once the data packet is
received by the node. This paper gives the analysis about already present solutions and tries to find an
effective solution in terms of various network parameters to give better network performance.
I.
Introduction
A mobile ad hoc network (MANET) is a continuously self-configuring, infrastructure-less network of
mobile devices connected wirelessly.Each device in a MANET is free to move independently in any
direction, and will therefore change its links to other devices frequently. Each must forward traffic
unrelated to its own use, and therefore be a router. The primary challenge in building a MANET is
equipping each device to continuously maintain the information required to properly route traffic. Such
networks may operate by themselves or may be connected to the larger Internet. They may contain one
or multiple and different transceivers between nodes. This results in a highly dynamic, autonomous
topology.
II.
Security of Mobile Adhoc Networks
As there is increasing threats of attacks on Mobile networks, a secure way for transmission and
communication becomes very necessary in MANETs. In order to provide secure communication and
hence secure transmission we must know the various types of attacks and their effects on the MANETs.
Wormhole attack, Black hole attack, Sybil attack, flooding attack, routing table overflow attack, Denial
of Service (DoS), selfish node misbehaving, impersonation attack are different types of attacks that a
MANET suffers. MANET experiences different security attacks because of its dynamically changing
network topology, lack of central monitoring, cooperative algorithms, Bandwidth constraint, Limited
physical security and Energy constrained operation. [1]
III.

Routing Protocols

1.
DSDV
Destination-Sequenced Distance-Vector Routing (DSDV) is a table-driven routing scheme for ad hoc
mobile networks based on the BellmanFord algorithm. It was developed by C. Perkins and P.Bhagwat
in 1994. The main contribution of the algorithm was to solve the routing loop problem. Each entry in the
routing table contains a sequence number, the sequence numbers are generally even if a link is present;
else, an odd number is used. The number is generated by the destination, and the emitter needs to send
out the next update with this number. Routing information is distributed between nodes by sending full
dumps infrequently and smaller incremental updates more frequently. If a router receives new
information, then it uses the latest sequence number. If the sequence number is the same as the one
already in the table, the route with the better metric is used. Stale entries are those entries that have not
been updated for a while. Such entries as well as the routes using those nodes as next hops are deleted.

International Journal of Recent Advancement in Engineering & Research

Volume 2, Issue 1 January; -2016

2.
AODV
The Ad hoc On-Demand Distance Vector (AODV) routing protocol is intended for use by mobile nodes
in an ad hoc network. It offers quick adaptation to dynamic link conditions, low processing and
memory overhead, low network utilization, and determines unicast routes to destinations within the ad
hoc network. It uses destination sequence numbers to ensure loop freedom at all times (even in the face
of anomalous delivery of routing control messages), avoiding problems (such as "counting to infinity")
associated with classical distance vector protocols.
3.
DSR
Dynamic Source Routing (DSR) is a routing protocol for wireless mesh networks. It is similar to AODV
in that it forms a route on-demand when a transmitting node requests one. However, it uses source
routing instead of relying on the routing table at each intermediate device.
Determining source routes requires accumulating the address of each device between the source and
destination during route discovery. The accumulated path information is cached by nodes processing the
route discovery packets. The learned paths are used to route packets. To accomplish source routing, the
routed packets contain the address of each device the packet will traverse. This may result in high
overhead for long paths or large addresses, like IPv6. To avoid using source routing, DSR optionally
defines a flow id option that allows packets to be forwarded on a hop-by-hop basis.
This protocol is truly based on source routing whereby all the routing information is maintained
(continually updated) at mobile nodes. It has only two major phases, which are Route Discovery and
Route Maintenance. Route Reply would only be generated if the message has reached the intended
destination node (route record which is initially contained in Route Request would be inserted into the
Route Reply).
To return the Route Reply, the destination node must have a route to the source node. If the route is in
the Destination Node's route cache, the route would be used. Otherwise, the node will reverse the route
based on the route record in the Route Request message header (this requires that all links are
symmetric). In the event of fatal transmission, the Route Maintenance Phase is initiated whereby the
Route Error packets are generated at a node. The erroneous hop will be removed from the node's route
cache; all routes containing the hop are truncated at that point. Again, the Route Discovery Phase is
initiated to determine the most viable route.
IV.
Blackhole attack
When the packets reach this malicious node, they merely disappear, as a matter of fact, they are said to
have been disappeared into a blackhole in universe. In fact, the blackhole node impersonates the
destination node by sending a spoofed route reply packet to the source node that have initiated the route
discovery, hence deprive the packets from the source node. A blackhole node has two properties. First,
the node takes advantage of the
ad hoc routing protocol, such as AODV or DSR and advertises itself as having a valid route to the
destination node. Second, the node consumes the intercepted packets. This type of attack is dangerous
and may cause immense harm to the network.In the following figure 4 imagine a blackhole node B1.
When node 1 broadcasts RREQ packets to the nodes 2, 4, B1 receives it. Node B1 being a blackhole
node, does not check with its routing table for the requested route to destination 5. And hence it
immediately sendsback an RREP packet
, claiming a route to the destination node. Node 1 receives the RREP packet from B1 ahead of RREP
from other nodes. Node 1 assumes that the route through node B is the shortest route and sends packets
to the destination nodes through it. When the node 1 sends data to B it drops out all the data and behaves
like a black hole node.[2]

International Journal of Recent Advancement in Engineering & Research

Volume 2, Issue 1 January; -2016

V.
Existing Solution for Blackhole Attacking
The routing protocol BAAP (Blackhole attack avoidance protocol based on AODV can efficiently avoid
multiple blackhole attacks during path setup between source and destination. BAAP uses Adhoc Ondemand Multipath Distance Vector (AOMDV) to form link disjoint multi-path during path discovery.
When intermediate nodes reply to source node, few nodes in the path may have multiple path to the
destination but it eventually chooses only one path to destination node. In BAAP, every node maintains
the legitimacy of their neighbour nodes to form the correct path to destination node. In the path
discovery of BAAP, an intermediate node will attempt to create a route that does not go through a node
whose legitimacy ratio crosses the lower threshold level. Therefore, malicious nodes will be gradually
avoided by other non-malicious nodes in the network.
In normal AODV, the RREP_seq_no should be higher than the one in routing table for the RREP
packet to be accepted. The threshold is been used in DPRAODV [4] and this value is dynamically
updated in every interval of time. The addition check is done in DPRAODV solution to find whether
the RREP_seq_no is higher than the threshold value. When the RREP_seq_no is higher than the
threshold value for any node, that particular node is suspected to be malicious and it is added to the
black list. When the node detects an anomaly, it sends a new control packet, ALARM to all its
neighbours. The threshold value is the average of the difference of dest_seq_no in each time slot
between the sequence number in the routing table and the RREP packet. The threshold is updated as
soon as a newer node receives a RREP packet. So this solution not only detects the blackhole attack, but
tries to prevent it further, by updating threshold which reflects the real changing environment. Other
nodes are also updated about the malicious act by an ALARM packet, and they react to it by isolating
the malicious node from network. DPRAODV solution increases PDR with minimum increase in
Average-End-to-end Delay and normalized Routing Overhead.
Deng used On-Demand Distance Vector (AODV) [6] and proposed a solution for black holes attacks.
When an intermediate node applies for RREQ, the RREP packet should have the information about the
next hop to destination. The source node then sends a further request (FREQ) to next hop of replied
node to know about replied node and route to the destination. This approach may help to identify the
reliability of the replied node if the next hop is trusted. But the drawback of this solution is related to
cooperative black hole attacks on MANETs. This approach could be used for individual attacks but
cannot avoid cooperative attacks.
Sun Guan and Chen used On-Demand Distance Vector (AODV) as their routing protocol. The detection
scheme utilized neighborhood-based technique to discover the black hole attacks and represent a routing
recovery protocol to create a reliable route to the destination. They designed a method with two parts to
encounter with black hole attack. These parts are included: detection and response. This scheme will be

International Journal of Recent Advancement in Engineering & Research

Volume 2, Issue 1 January; -2016

failed to detect black hole attack when that attacker decides to forge the fake reply packets selectively
and detection of cooperative black hole attack was the next problem of their solution.
Shurman and Park used two techniques to avoid the black hole attack in mobile ad hoc networks. The
first technique will find at least two routes from the source to the destination node. The second technique
is related to number of unique sequence used. These techniques were failed to discover cooperative
black hole attacks.
Satoshi Kurosawa, Hidehisa Nakayama, Nei Kato, Abbas Jamalipour, and Yoshiaki Nemoto proposed a
dynamic learning approach [7] to find black hole attack in MANET. This method was intend to observe
the characteristic change of node within a given time and a node will be recognized as black hole node if
its characteristic change goes over the particular time. The Characteristics will be observed in the
number of sent RREQs and the number of received RREPs and the mean destination sequence numbers
of RREQs and RREPs. This approach is not able to isolate the black hole nodes due to absence of
detection mode such as revising the AODV protocol. Moreover, this comes with bigger processing
overhead and the determination of optimal threshold values remains unresolved
VI.
Conclusion
Both of proactive routing and reactive routing have specialized skills. The proactive detection
method has the better packet delivery ratio and correct detection probability, but suffered from the
higher routing overhead due to the periodically broadcast packets. The reactive detection method
eliminates the routing overhead problem from the event-driven way, but suffered from some packet loss
in the beginning of routing procedure.
Mobile Ad-Hoc Networks has the ability to deploy a network where a traditional network infrastructure
environment cannot possibly be deployed.
REFERENCES
1. Prevention of Black Hole Attack in Wireless Mobile Adhoc Networks, Veda.N, Pamela Vinitha, Kusum
Rajput, IJCTA, V6(4).
2. A Study of Blackhole Attacks, Their Detection and Prevention, Arunima Saini, IJARCSSE, V5I5
3. An Attacker Misbehavior and Security Schemes to Protect MANET: A Survey, Gajendra Singh, Amrita
Gayakwad, IJARCSSE, V4I11.