You are on page 1of 6

International Journal of Exploring Emerging Trends in Engineering (IJEETE)

Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM

All Rights Reserved 2014 IJEETE Page 1
A Survey on threats in Mobile Ad Hoc Networks

Vishal Dhillon
M Tech Student, ECE, Panchkula Engineering College, Haryana, India
Abstract:- The wireless ad hoc network is the
self configuring network where mobile nodes
can leave or join the network when they want.
These types of networks are much vulnerable to
security attacks. Much type of active and passive
attacks is possible in Ad hoc network. To
develop suitable security solutions for such new
environments, we must first understand how
MANETs can be attacked. This chapter provides
a comprehensive survey of attacks against a
specific type of target, namely the routing
protocols used by MANETs. Then we discuss
various proactive and reactive solutions proposed
for MANETs.

Keywords: MANET, Routing Protocols,
AODV, Attacks, Security Mechanisms

I. Introduction
Recent advancement of wireless technologies
like Bluetooth introduced a new type of wireless
system known as Mobile ad-hoc network
(MANETs) which operate in the absence of
central access point[1]. Each node operates not
only as an end-system, but also as a router to
forward packets. It provides high mobility and
device portability that enable to node connect
network and communicate to each other. This
flexibility makes them attractive for many
applications such as military applications, where
the network topology may change rapidly to
reflect a forces operational movements, and
disaster recovery operations, where the
existing/fixed infrastructure may be non-
operational. The ad hoc self-organisation also
makes them suitable for virtual conferences,
where setting up a traditional network
infrastructure is a time consuming high-cost task
and much difficult.

II. Vulnerabilities of MANETs
Wireless Links: First of all in wireless links
makes the network there are more chances of
attacks such as eavesdropping and active
interference. As in wired networks, attackers do
not need physical access to the network to carry
out these attacks. Furthermore wireless networks
have lower bandwidths than wired networks.
Attackers can exploit this feature, consuming
network bandwidth with ease to prevent normal
communication among nodes [2].
Dynamic Topology: MANET nodes can leave
and join the network freely, and move
independently. As a result of this the network
topology can change frequently. It is hard to
differentiate normal behaviour of the network
For example, a node sending disruptive routing
information can be a malicious node, or else
simply be using outdated information in good
faith. Moreover mobility of nodes means that we
cannot assume nodes, especially critical ones.
Nodes with not adequate physical protection may
often be at risk of being captured and
Cooperativeness: Routing algorithms for
MANETs usually assume that nodes are
cooperative and non-malicious. As a result, a
malicious attacker can easily become an
important agent and disrupt network operations
by not fulfilling the protocol specifications. For
example, a node can pretend as a neighbour to
other nodes and participate in collective
decision-making mechanisms, possibly affecting
networking significantly.
Lack of a Clear Line of Defence: MANETs do
not have a clear line of defence; attacks can
come from any of the directions. The boundary
that separates the inside network from the
outside world is not very clear on MANETs. For
example, there is no well defined place where we
can fix our traffic monitoring, and access control
mechanisms. Whereas all traffic goes through
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 2
switches, routers and gateways in wired
networks, network information in MANETs is
distributed across all the nodes that can only
watch the packets sent and received in their
transmission range.
Limited Resources: Resource constraints are a
further vulnerability. There can be a variety of
devices on MANETs, ranging from laptops to
mobile phones. These have different computing
and storage capacities that can be the focus of
new attacks. For example, mobile nodes
generally run on battery power [9].

III. AODV Routing Protocol
In ad-hoc network, nodes show their presence in
the network by actively listening the broadcasted
messages by the neighboring nodes. Nodes get
the routing message and give the reply that it is
present in the network and destination path can
also be reached through that particular node [7].
If link fails routing error is sent back to the
transmitting node. Here each request for a route
has a sequence number.
Nodes use the sequence number to know that
repeat route request should not be passed again
and again. Another such feature is that the route
requests can be sent only for limited number of
times. Another such feature is that if a route
request fails, another route request may not be
sent. When two nodes are in an ad hoc network
wish to establish a connection between each
other, it will enable them building multihop
routes between the source and destination. It is
loop free protocol which uses Destination
Sequence Numbers (DSN) to avoid counting to
infinity. This is the main feature of this protocol.
Requesting nodes in a network send Destination
Sequence Numbers (DSNs) together with the
routing information from source to the
destination. It selects the best route based on the
sequence number. The advantage of AODV is
that it creates no extra traffic for communication
along existing links [10].
In AODV defines three messages are sent: Route
Requests, Route Replies , And Route Errors and
these messages are used to discover the routes
across the network from source to destination by
use of UDP packets. Whenever we want to send
data new route is made by broadcasting route
request packets and final path is made when the
route reply packets are received from the nodes
at the originator node and if link fails then route
error message is generated.
Each node maintains its sequence number and
broadcast ID. For every RREQ the node initiates
broadcast ID which is incremented and together
with the node's IP address uniquely identifies an
RREQ. At last that route will be the final route
that has the minimum hop count from source to
destination [7].
Analysis is done using NS-2 is an open-source
simulation tool running on Unix-like operating
1. Back End- Programming language is used.
2. NS2 has different types of agents. In- built
protocols are used in it like AODV, DSDV and

Figure 1: AODV algorithm

Figure 2: Best path with minimum Hop Count

IV. Attacks on MANET
At the highest level, the security goals of
MANETs are not different from other networks:
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 3
most typically authentication, confidentiality,
integrity, availability, and non-repudiation [3].
Authentication is the verification of the identity
of a source of information.
Confidentiality means that only authorized
people or systems can read or execute protected
data or programs. It should be noted that the
sensitivity of information in MANETs may be
attacked much faster than any other information
Integrity means that the information is not
changed or corrupted by unauthorized users.
Availability refers to the ability of the network to
provide services as required. Denials of Service
(DoS) attacks have become one of the most
worrying problems for network managers. In a
military environment, a successful DoS attack is
extremely dangerous.
Non-repudiation ensures that committed actions
cannot be denied. In MANETs security goals of
a system can change in different modes (e.g.
peace time and war time of a military network).
In routing attacks attackers do not follow the
specifications of routing protocols and aim to
disrupt the network communication in the
following ways:
Route Disruption: modifying existing routes,
creating routing loops, and causing the packets to
be forwarded along a route that is not optimal.
Node Isolation: Isolating a node or some nodes
from communicating with other nodes in the
network, partitioning the network, etc.
Resource Consumption: Decreasing network
performance, consuming network bandwidth or
node resources, etc.
Computational power: This clearly affects the
ability of an attacker to compromise a network.
Eavesdropped traffic can be relayed back to high
performance super-computing networks for
Deployment capability: Adversary distribution
may range from a single node to a pervasive
carpet of smart counter-dust, with a consequent
variation in attack capabilities
Location control: The location of adversary
nodes has may have a clear impact on what the
adversary can do. An adversary may be restricted
to placing attack nodes at the geographical
boundary of an enemy network.
Mobility: Mobility generally brings an increase
in power. On the other hand, mobility may
prevent an attacker from targeting one specific
victim. Moreover they have stated that even if it
reduces the damage caused by the attacker, it
makes detection more difficult since the
symptoms of an attack and those arising due to
the dynamic nature of the network are difficult to
distinguish. In conclusion, the impact of mobility
on detection is a complex matter.

We can classify attacks as passive, active,
internal and external [4].

Active attacks [5]: In the active attacks the
attacker attempts to modify or alter the data
being exchanged in network. The attack may
disrupt the normal functioning of the network.
Active attacks are very dangerous. Example of
active attacks is impersonation and spoofing.

Passive attacks: In a passive attack an
unauthorized node monitors and aims to find out
information about the network. The attackers do
not otherwise need to communicate with the
network. Hence they do not disrupt
communications or cause any direct damage to
the network. However, they can be used to get
information for future harmful attacks. Examples
of passive attacks are eavesdropping and traffic

International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 4
Further types of attacks are:
Black Hole Attack: A black hole is a malicious
node that falsely replies for route requests
without having an active route to the destination
and exploits the routing protocol to advertise
itself as having a shortest route to destination [1].

Wormhole Attack: In this attack an attacker
records packets at one location in the network
and tunnels them to another location. This tunnel
between two colluding attackers is referred as a
wormhole. Routing can be disrupted when
routing control message are tunneled [1].

Byzantine Attack: A compromised intermediate
node works alone, or a set of compromised
intermediate nodes works in collusion and carry
out attacks. Such as selectively forwarding
packets on non-optimal paths and selectively
dropping packets which results in disruption or
degradation of the routing services [4].

Eavesdropping: The main goal of eavesdropping
is to obtain some confidential information that
should be kept secret during the communication.
This confidential information may include the
location, public key, private key or even
passwords of the nodes [4].

Traffic Analysis is not necessarily an entirely
passive activity. It is perfectly feasible to engage
in protocols, or seek to provoke communication
between nodes. Attackers may employ
techniques such as RF direction finding, traffic
rate analysis, and time-correlation monitoring.

Dropping Attacks: Malicious nodes deliberately
drop all packets that are not destined for them.
While malicious nodes aim to disrupt the
network, selfish nodes aim to preserve their
resources. It might reduce the network
performance by causing data packets to be

Modification Attacks: Insider attackers modify
packets to disrupt the network. It is especially
effective in routing protocols that use advertised
information such as remaining energy and
nearest node to the destination in the route
discovery process.

Fabrication Attacks: Here the attacker forges
network packets. In fabrication attacks are
classified into active forge in which attackers
send fake messages without receiving any related
message and forge reply in which the attacker
sends fake route reply messages in response to
related legitimate route request messages.

Timing Attacks: An attacker attracts other nodes
by causing itself to appear closer to those nodes
than it really is. DoS attacks, rushing attacks, and
hello flood attacks use this technique. Rushing
attacks [8] occur during the Route Discovery
phase. In all existing on-demand protocols, a
node needs a route broadcasts Route Request
messages and each node forwards only the first
arriving Route Request in order to limit the
overhead of message flooding. So, if the Route
Request forwarded by the attacker arrives first at
the destination, routes including the attacker will
be discovered instead of valid routes. Rushing
attacks can be carried out in many ways: by
ignoring delays at MAC or routing layers, by
wormhole attacks, by keeping other nodes
transmission queues full, or by transmitting
packets at a higher wireless transmission power .
The hello flood attack is another attack that
makes the adversary attractive for many routes.
In some routing protocols, nodes broadcast Hello
packets to detect neighbouring nodes. These
messages are received by all one-hop neighbour
nodes, but are not forwarded to further nodes.
The attacker broadcasts many Hello packets with
large enough transmission power that each node
receiving Hello packets assumes the adversary
node to be its neighbour. It can be highly
effective in both proactive and reactive MANET

V. Intrusion Detection
Since prevention techniques are limited in their
effectiveness and new intrusions continually
emerge, an intrusion detection system (IDS) is an
indispensable part of a security system. An IDS
is introduced to detect possible violations of a
security policy by monitoring system activities
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 5
and responding to those that are apparently
intrusive. If we detect an attack once it comes
into the network, a response can be initiated to
prevent or minimize the damage to the system
[8]. An IDS also provides information about
intrusion techniques, enhancing our
understanding of attacks and informing our
decisions regarding prevention and mitigation.
Although there are many intrusion detection
systems for wired networks, they do not find
simple application to MANETs. Different
characteristics of MANETs make conventional
IDSs ineffective and inefficient for this
environment. Consequently, researchers have
been working recently on developing new IDSs
for MANETs, or on modifying current IDSs to
be applicable to MANETs.

Specification-Based Intrusion Detection: One of
the most commonly proposed intrusion detection
techniques for MANETs is specification-based
intrusion detection, where intrusions are detected
as runtime violations of the specifications of
routing protocols. This technique has been
applied to a variety of routing protocols on
MANETs such as AODV, OLSR, DSR. In each
network monitor employs a finite state machine
(FSM) to state the specifications of AODV,
especially for the route discovery process, and
maintains a forwarding table for each monitored
node. Each RREP and RREQ message in the
range of the network monitor is monitored in a
request-reply flow which checks the situations
such as if route request packets are forwarded by
next node or not, if route reply packets are
modified on the path or not, and the like. When a
network monitor needs information about
previous messages or other nodes that are not in
its range, it can ask neighbouring network
monitors [8].

Anomaly-Based Intrusion Detection: This
technique profiles the symptoms of normal
behaviours of the system, such as usage
frequency of commands, CPU usage for
programs, and the like. It detects intrusions as
anomalies, i.e. deviations from the normal
behaviour patterns. Various techniques have
been applied for anomaly detection, e.g.
statistical approaches, and artificial intelligence
techniques like data mining and neural networks.
The biggest challenge is defining normal
behaviour. Normal behaviour can change over
time and IDS systems need to adapt accordingly.
Thats one of the reasons false positives the
normal activities which are detected as
anomalies by IDS can be high in anomaly-
based detection. On the other hand, it is capable
of detecting unknown attacks. This is important
in an environment where new attacks and new
vulnerabilities of systems are announced
constantly [8].
Misuse-Based Intrusion Detection: Misuse-
Based IDSs compare known attack signatures
with current system activities. They are generally
preferred by commercial IDSs since they are
efficient and have a low false positive rate. The
drawback of this approach is that it cannot detect
new attacks. The system is only as strong as its
signature database and this needs frequent
updating for new attacks [8].

VI . Future Directions for Research
None of the proposed systems are necessarily the
best solution taking into account different
applications which they can have their own
requirements and characteristics. They also
usually consider few specific attacks and target a
specific routing protocol. Furthermore they
emphasize just a few specific MANET features.
For instance the consequences of having limited
resources is generally little explored. Some
solutions might not be suitable for some nodes
which can have limited computational
capabilities and resources. Researchers can
develop solutions considering different
characteristics of these nodes. Cooperation and
communication between nodes is another area
need to be explored. Proposed network
architectures should not introduce new
weakness/overheads to the system. To conclude,
researcher should focus on developing solutions
suitable to MANETs specific features.

VII. Conclusion
Since proposed routing protocols on MANETs
are insecure, we have mainly focused on active
International Journal of Exploring Emerging Trends in Engineering (IJEETE)
Vol. 01, Issue 01, Sept, 2014 WWW.IJEETE.COM
All Rights Reserved 2014 IJEETE Page 6
routing attacks which are classified into
dropping, modification, fabrication, and timing
attacks. Attackers have also been discussed and
examined under insider and outsider attackers.
Insider attacks are examined on our exemplar
routing protocol AODV. Conventional security
techniques are not directly applicable to
MANETs due to their very nature. Researchers
currently focus on developing new prevention,
detection and response mechanism for MANETs.
In this chapter we summarize secure routing
approaches proposed for MANETs. The
difficulty of key management on this distributed
and cooperative environment is also discussed.
Furthermore we have surveyed intrusion
detection systems with different detection
techniques proposed in the literature. Each
approach and technique is presented with attacks
they can and cannot detect. To conclude,
MANET security is a complex and challenging
topic. To propose security solutions well-suited
to this new environment, we recommend
researchers investigate possible security risks to
MANETs most horoughly

VIII. References
[1] Priyanka G.; Vintra.; Rahul.; MANET:
Vulnerabilities, Challenges, Attacks,
Application, International Journal of
Computational Engineering & Management,
[2] Supriya T.; Vinti G.; A Survey of Attacks
on Manet Routing Protocols, International
Journal of Innovative Research in Science,
Engineering and Technology, Vol.2, 2013.
[3] Vinit G.; Manoj S.; Tanupriya C.; Charu
Gupta.; Advance Survey of Mobile Ad-Hoc
Network, International Journal of Computer
Science and Telecommunication, Vol.2, 2011.
[4] Rusha N.; Debdutta R.; Study of Various
Attacks in MANET and Elaborative Discussion
Of Rushing Attack on DSR with clustering
scheme, Int. J. Advanced Networking and
Applications, Vol.03 2011.
[5] Feng L.; Yinying Y.; Jie W.; Attack and
Flee Game-Theory-Based Analysis on
Interactions Among Nodes in MANETs, IEEE
Transactions on Systems, Man, and
CyberneticsPart b: Cybernetics, Vol. No. 3
[6] Aishwarya S.; Anand U.; Meenu C.;
Detection of Packet Dropping Attack Using
Improved Acknowledgement Based Scheme in
MANET, Internation Journal of Computer
Science Issues, , Vol.7, 2010.
[7] Sunil T.; Dr. Ashwani K.; Amandeep M.;
End to End Delay Analysis of Prominent On-
demand Routing Protocols, IJCST Vol. 2, 2011.
[8] Giovanni V.; Sumit G.; Kavitha S.; Elizabeth
M.; An Intrusion Detection Tool for AODV-
based Ad hoc Wireless Networks, 2004
[9] Sevil .; John A.; Juan E.; Security Threats
in Mobile Ad Hoc Networks, 2010.
[10] Bhalaji N.; Reliable Routing against
Selective Packet Drop Attack in DSR based
MANET, Journal of Software, vol. 4, 2009.
[11] Aikaterini M.; Christos D,; Intrusion
Detection of Packet Dropping Attacks in Mobile
Ad Hoc Networks, 2006.

Vishal D.; Deepak K.; Manish K.;
Implementation of a Novel Technique to Detect
and Isolate Selective Packet Drop Attack in
MANET, International Journal of Advanced
Computer Research and Networks Vol 2 ,
Issue2, 2014 ISSN: 2278-0658.

Vishal Dhillon has received his
B.Tech degree in Electronics
and Comm. Engg from Rayat
Bahra Institute of Engg and
Nano Tech in 2012 and M
Tech from Panchkula Engg
College in Electronics and Comm. Engg
affiliated to Kurukshetra University. Presently he
is working as lecturer in Department of
Engineering in MIT Hamirpur HP.