A Secure Routing Algorithm for Detecting and

Preventing Sinkhole Attack in MANETS

K. Karthik Sri Sai Nath N.V. Koteswara Rao G. V. Pradeep Kumar
Department of ECE, Department of ECE, Department of ECE,
CBIT CBIT CBIT
Hyderabad, India Hyderabad, India Hyderabad, India
karthiksrisainath@gmail.com hod_ece@cbit.ac.in pradeepgv16@gmail.com
 Abstract— Mobile Ad hoc Networks (MANETs) are self-
configuration infrastructure-less networks having the ability to
change locations and can configure itself as per the conditions
and situations. Routing in MANETs are contemplated as
important element since it plays a vital role in configuring
wireless nodes continuously. To destroy the network and capture
the data intruders have introduced many routing attacks, among
all the routing attacks sinkhole attack is considered as the
destructive attack because it not only destroys the network and
captures the data, but it also has ability to enable other routing
attacks. In this paper, we propose a methodology for detecting
and avoiding sinkhole attack when a sink node is introduced into
the network before and during data transmission. In this work,
Dynamic Source Routing (DSR) algorithm is used for routing,
User Datagram Protocol (UDP) for data transmission and Fair
Queuing (FQ) mechanism for queuing are used. The parameters
such as End-to-End delay, Packet Delivery Ratio, Throughput
and Packet Loss are investigated.
Keywords—MANET; Routing attacks; sinkhole attack; DSR;
TCP; UDP
I. INTRODUCTION
MANETs are continuously self-configuring, infrastructure-
less network of mobile devices. Each device in a MANET is
free to move independently in any direction, and will therefore
change its links to other devices frequently. Each device must
forward traffic unrelated to its own use, and therefore be a
router. The primary challenge in building a MANET is
equipping each device to maintain the information required to
route the traffic, such networks may operate by themselves or
connected to the larger internet. They may contain one or
multiple and different transceivers. This results in a highly
dynamic, autonomous topology.
MANETs are vulnerable to security attacks due to the
broadcast nature of the transmission medium. MANETs are
susceptible for attacks such as stealthy attacks, attacks on
service integrity and routing attacks. Routing attacks have
devastating effects on the network and present a major
challenge when designing robust security mechanisms.
Routing Attacks on MANETs are Sybil Attack, Selective
forwarding/ Black hole Attack, Sinkhole Attack, Wormhole
Attack, Spoofed, Altered, or Replayed Routing Information,
Acknowledgment Spoofing, Hello Flood Attack. Among them
Sinkhole attack is the most destructive routing attack for these
networks causing a serious threat to sensor networks and
increases network overhead, decreases network lifetime by
boosting energy consumption and finally destroys the network.
Sinkhole node tries to attract data towards it by convincing
neighbors through broadcasting fake routing information. It
may cause the adversary to draw all or most of the data flow
captured at the base station. Through this procedure, sinkhole
node attempts to draw all network traffic to itself. Sinkhole
attack can enable many other attacks, for example selective
forwarding, black hole attack. After successful launching a
sinkhole attack, an adversary can mount the selective
forwarding attack, by ensuring that all traffic in the targeted
area flows through a compromised node. Adversary can
selectively suppress or modify message originating from any
node in the area. A sinkhole attack in MANETs can cause
serious problem in the operations and services of the networks.
It may lead to the problem of system failure in terms of
network availability and it makes the node(s) unable to
transmit and receive information.
MANETs suffer from congestion in the network,
considering real-time traffic scenario, queuing mechanisms are
adopted for congestion control. Various queuing scheduling
mechanisms have been developed to improve the Quality of
Service (QoS) of the network. Some of the queuing
mechanisms include Drop Tail, Random Early Detection
(RED), Fair Queuing (FQ). In this work, FQ mechanism is
used as queuing technique. This paper introduces a
methodology for detecting a sinkhole node by identifying
where the packet loss has taken place in the network.
The rest of this paper is as follows. Section II formally
describes about the research work carried out related to
sinkhole attacks in MANETs. Section III speaks about the
proposed methodology for detecting and preventing sinkhole
attack. Section IV concentrates on the simulation results. This
paper is concluded in Section V.
II. RELATED WORK
Vandana B. Salve, et al proposed a security algorithm
based on AODV routing against sinkhole attack, where a
mobile agent is used for detecting the malicious node in
sinkhole attack. The proposed algorithm detects sinkhole node
by finding the difference of nodes sequence numbers using
threshold value [1].
S.Sharmila et al. presents a methodology for detecting the
sinkhole attack only when the digest obtained from the
trustable forward path and the message digest obtained through
the trustable node to the destination are different [2].
Guiyi Wei et al. proposed a novel distribution node self-
monitoring mechanism for MANETS by introducing
monitoring mechanisms to detect and prevent sinkhole attacks.
Here self-monitoring mechanism is introduced and some of
nodes in the network are randomly selected and named as
Monitored Nodes (MN) and these nodes monitor their
neighbouring nodes. The cooperation among MNs guarantees
all other Regular Nodes (RN s) are monitored. Here, a node
produces an alert when it detects any abnormal behaviour of
the node under surveillance [3].
Md. Ibrahim Abdullah et al. have proposed a technique
against sinkhole attack for detecting malicious nodes using hop
count. The nodes continuously collect and send data to the base
station by forwarding packets hop-by-hop. Base station keeps
record of all nodes ID and the record is updated periodically. It
broadcasts authenticated beacons to all the nodes in the
network periodically. The drawback of this technique is if the
malicious node is positioned near to the base station, it cannot
detect sinkhole node [4]. Several types of security issues and
sinkhole attacks in wireless sensor networks are discussed in
[5],[6],[7].
III. METHODOLOGY
In this as a first step, a network is created with the help of
Network Simulator 2 (NS2). Here nodes are designed and
generated in simulator by considering the parameters channel
type, network interface type and MAC type. Nodes are
simulated by taking wireless channel, wireless physical
network interface and 802.11 Medium Access Control (MAC).
Dynamic Source Routing algorithm is used as routing
algorithm, DSR algorithm maintains the routing information
table from source to destination as shown in the Fig. 1. Here,
source node is 1 and the destination node is 8. The major
advantage of DSR algorithm is it finds all the possible routes
for transmitting packets from source to destination because it
keeps a record of the neighbouring node information at each
node. The possible routes from source to destination are
1-4-7-8
1-4-6-7-8 Fig. 2. UDP is applied for transmitting packets from source to destination.
1-2-5-6-7-8
1-3-5-6-7-8 As sinkhole node, does not allow packets to move to
destination, when there is a packet loss in the network
Later for broadcasting / transmitting the data among source immediately the packets should be transmitted / broadcasted to
to destination User Datagram Protocol methodology is alternative route as shown in the Fig. 3.
adopted, as shown in the Fig. 2. The main advantage of UDP is
it utilizes all the possible routes for transmitting of data packets From the Fig. 3, when there is packet loss at node 9,
from source to destination. immediately data transmission is shifted to node 4 to node 6.
A sinkhole node is designed and inserted into the network. The flow chart of the methodology is shown in the Fig. 4.
The sinkhole node spoofs all the other nodes of the network as
it is the nearest route destination and attracts all the data
packets to it. Later sinkhole node does not forward the packets
to destination. Another disadvantage of sinkhole attack is it
can enable other routing attacks also. Sinkhole node is inserted
into the network before data transmission and during the data
transmission.

Fig. 3. Sinkhole node is detected and pacets are routed to alternative route.

Fig. 1. Routing table of DSR from source to destination

 End-to-End delay, Packet Delivery Ratio, Throughput and
Packet Loss are the four parameters taken into consideration to
calculate the performance of the network.
Packet Delivery Ratio is calculated using (1), which
illustrates the level of delivered data to the destination.

Packet Delivery Ratio =

�( Number of Packets Received ) (1)
�( Number of Packets Sent )
Throughput is defined as the total number of packets
delivered over total simulation time in seconds and is
calculated using (2).
( Number of Delivered Packets * Packet Size)
Throughput = bits / sec (2)
Total Duration of Simulation

End-to-end Delay is the average time taken by a data packet

to arrive to the destination, as shown in (3). It also includes the
delay caused by route discovery process and the queue in data
packet transmission. Only the data packets that are successfully
delivered to destinations are taken into consideration to
calculate the end-to-end delay.

End to End Delay =

�( Arrived Time - Sent Time) (3)
�( Number of Connections )
Packet Loss is the total number of packets dropped during
the simulation and is calculated as shown in (4).

Packet loss = Total number of packets sent – Total number of packets received ( 4)

IV. SIMULATION RESULTS

A network is created with 25 nodes consisting of nine
source-destination pairs obtaining optimal paths obtained by
DSR routing protocol. Malicious node is introduced into the
network before starting the data transmission and during the
data transmission. In the proposed methodology, the sinkhole
node / malicious node is detected and prevented to avoid
packet loss.

Fig. 4. Flow chart of the proposed methodology Fig. 5. Inserting a Sink node/Malicious node into the network before data
transmission
 sinkhole node is entering the network and dropping all the
packets while it is entering the network.

Fig. 8. Data transmission is broadcasted to alternative nodes

Fig. 6. Starting the data broadcasting between all the nodes.

In the Fig. 5, the sinkhole node/malicious node is inserted

in the network before data transmission. i.e., malicious node is
inserted at time 0.0. The node number eight indicates
malicious/sinkhole node.
Data broadcasting has started between all the nodes in the Fig. 9. Performance of network after avoiding sinkhole/malicious node
network as shown in the Fig. 6, twenty-five nods are generated before data transmission
in network simulator and the time interval is taken from 0 to 10
seconds for data broadcasting. Nine sources and nine
destinations are randomly generated and data broadcasting has
started. After the packets broadcasting, has started, the packets
which are passing through malicious node, will not forwarded
to further node because the malicious/sinkhole node is
dropping all the packets which are passing through it.

Fig. 7. Effect of sinkhole node when packets passed through it

The effect of sinkhole/malicious node when it is inserted in

the network before the data transmission is shown in the Fig. 7.
The effect of sinkhole node on the network is calculated in
terms of End-to-End delay, Packet Delivery Ratio, Throughput Fig. 10. Sinkhole node is inserting into the network after starting the data
and Packet Loss. transmission.

When the packet loss has started near malicious/sinkhole

node immediately data broadcasting is shifted to alternative
route to avoid packet loss. When there is packet loss detected
near node eight, immediately the data transmission is
broadcasted to alternative route and packets are delivered
successfully to destination as shown in Fig. 8.
The Fig. 9 displays the performance of network when
sinkhole/malicious node is avoided and prevented in the Fig. 11. Effect of sinkhole node when packets passed through it when it is
inserted during data transmission.
network before the data transmission. The Fig. 10 shows that
 The effect of sinkhole / malicious node when it is Simulation parameters are shown in Table II. The
inserted in the network during the data transmission is shown simulation time is taken as 10 seconds. Number of nodes are
in Fig. 11. The effect of sinkhole node on the network is 25 for better visualization in animation window but it can be
calculated in terms of End-to-End delay, Packet Delivery extended to multiple nodes. The topology is chosen as
Ratio, Throughput and Packet Loss. Here, when the packet loss 1060*565. MAC protocol IEEE 802.11 is used for wireless
has started near malicious/sinkhole node immediately data channel communication. Two Ray ratio propagation model is
broadcasting is shifted to alternative route to avoid packet loss. used for long distance communication
When a packet loss is detected near node 3, immediately the TABLE I.
data transmission is shifted to alternative route and packets are COMPARISON OF PARAMETERS WHEN SINKHOLE NODE IS INSERTED BEFORE
DATA TRANSMISSION AND DURING DATA TRANSMISSION IN THE NETWORK
delivered successfully to destination, as shown in the Fig. 12.
The performance of network when sinkhole/malicious node is End-to-
Packet
avoided and prevented in the network during the data Throughput Packet
Deliver
End
transmission is shown in the Fig. 13. (kbps) Loss Delay
y Ratio
(ms)

Before Data
2705.09 45 23.24 0.05
Transmission
Sinkhole
Insertion
During Data
3077.19 61 20.63 0.047
Transmission

Before Data
2719.28 0 24.87 0.045
Sinkhole Transmission
Detection
During Data
2875.80 0 23.49 0.044
Transmission

TABLE II.
SIMULATION PARAMETERS
S. No. Parameter Value
1 Simulation Time 10 seconds

2 Number of Nodes 25

Fig. 12. Data transmission is broadcasted to alternative nodes when sinkhole 3 Topology 1060*565
is entering the network.
4 MAC Protocol IEEE 802.11

5 Radio Propagation Model Two Ray Ground

6 Channel Type Wireless

7 Interface Queue Type Fair Queue

8 Routing Protocol Dynamic Source Routing

Fig. 13. Performance of network after avoiding sinkhole/malicious node when
it is inserted during data transmission.
9 Queue Length 50
The performance of network is analyzed by comparing
10 Connection Layer LL
End-to-End delay, Packet Delivery Ratio, Throughput and
Packet Loss when sinkhole node is inserted before data
11 Antenna Layer Omni directional
transmission and when it is inserted during data transmission in
the network is shown in the Table I. Also, parameters are
compared after detecting and preventing sinkhole node in the
network when it is inserted before data transmission and during Wireless channel is used as channel type in MANETs.
data transmission. Packet loss is high when sinkhole node is Interface Queue type used is Fair Queue type. In FQ, when the
inserted during data transmission compared to when sinkhole queue is filled the router starts to discard all extra packets.
node is inserted before data transmission. After detecting and Number of packets in Queue can be defined as Queue length.
sinkhole node in the network packets were successfully Here the queue length is taken as 50. Connection between the
delivered without any loss. MAC layer and the network layer is established by link layer.
 V. CONCLUSIONS
Sinkhole node misguides the network as if it is the
destination and drops all the packets into it. The proposed
simulation environment for detecting and preventing sinkhole
attack and the performance of the network is analyzed using
performance metrics such as End-to-End delay, Packet
Delivery Ratio, Throughput and Packet Loss.
When there is packet loss at a node immediately data
transmission is broadcasted to alternative route and packets
were delivered to destination and packet loss is minimized
before and during the data transmission is also achieved.
When the sinkhole is inserted into the network before data
transmission the throughput obtained is 2705.09 kbps with
packet loss of 45, packet delivery ratio of 23.24 and end to end
delay of 0.05 ms. After applying the proposed algorithm, the
throughput has increased to 2719.28 kbps with zero packet
loss, improved packet delivery ratio of 24.87 and decreased
end to end delay of 0.045 ms.
When the sinkhole is inserted during data transmission the
throughput obtained is 3077.09 kbps with packet loss of 61,
packet delivery ratio of 20.63 and end to end delay of 0.047
ms. After applying the proposed algorithm, the throughput
obtained is 2785.80 kbps with zero packet loss, improved
packet delivery ratio of 24.87 and decreased end to end delay
of 0.044 ms.
Results show that the number of packet drops remained
zero after successfully detecting the sinkhole node in the
network. Although, throughput has decreased after avoiding
sink node during data transmission, the proposed methodology
can be used because of trade-off between packet loss and
throughput.
REFERENCES
[1] V. B. Salve, L. Ragha and N. Marathe, "AODV based secure routing
algorithm against Sinkhole attack in wirelesses Sensor Networks", IEEE
International Conference on Electrical, Computer and Communication
Technologies (ICECCT), Coimbatore, 2015, pp. 1-7.
[2] S. Sharmila and G. Umamaheswari, "Detection of Sinkhole Attack in
Wireless Sensor Networks Using Message Digest Algorithms",
International Conference on Process Automation, Control and
Computing, Coimbatore, 2011, pp. 1-6.
[3] Guiyi Wei, Zhiqiang Zhu, Yunxin Mao and Naixue Xiong, "A distributed
node self-monitoring mechanism in wireless sensor networks", The 2nd
International Conference on Information Science and Engineering,
Hangzhou, China, 2010, pp. 1684-1687.
[4] Md. Ibrahim Abdullah, Mohammed Muntasir Rahman and Mukul
Chandra Roy, "Detecting Sinkhole Attacks in Wireless Sensor Network
using Hop Count", International Journal of Computer Network and
Information Security, pp. 50-56, 2015.
[5] Y. Wang, G. Attebury and B. Ramamurthy, "A survey of security issues
in wireless sensor networks", in IEEE Communications Surveys &
Tutorials, vol. 8, no. 2, pp. 2-23, Second Quarter 2006.
[6] D. Dallas, C. Leckie and K. Ramamohanarao, "Hop-Count Monitoring:
Detecting Sinkhole Attacks in Wireless Sensor Networks", 15th IEEE
International Conference on Networks, Adelaide, SA, 2007, pp. 176-
181.
[7] E. C. H. Ngai, J. Liu and M. R. Lyu, "On the Intruder Detection for
Sinkhole Attack in Wireless Sensor Networks", IEEE International
Conference on Communications, Istanbul, 2006, pp. 3383-3389.
[8] E. Shi and A. Perrig, "Designing secure sensor networks", in IEEE
Wireless Communications, vol. 11, no. 6, pp. 38-43, Dec. 2004.
[9] A. Perrig, J. Stankovic and D. Wagner, "Security in wireless sensor
networks", Communications of the ACM - Wireless sensor networks,
Volume 47 Issue 6, pp. 53-57, June 2004.