See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/270905487

Preventing AODV Routing Protocol from Black Hole Attack

Conference Paper · May 2011

DOI: 10.13140/2.1.2220.3206

CITATIONS READS

23 1,281

3 authors, including:

Lalit Himral
Govt Polytechnic for Women Kandaghat
2 PUBLICATIONS   24 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Mobile Adhoc Network View project

All content following this page was uploaded by Lalit Himral on 17 January 2015.

The user has requested enhancement of the downloaded file.

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

Preventing AODV Routing Protocol from

Black Hole Attack
Lalit Himral#1, Vishal Vig#2 & Nagesh Chand#3
Department of Computer Science & Engineering
Lovely Professional University- Punjab

Abstract- Ad-hoc networks, due to their improvised nature, are frequently established insecure
environments, which makes them susceptible to attacks. These attacks are launched by participating
malicious nodes against different network services. Routing protocols, which act as the binding force in
these networks, are a common target of these nodes. Ad hoc On-demand Distance Vector routing (AODV)
is a widely adopted network routing protocol for Mobile Ad hoc Network (MANET). Black hole attack is
one of the severe security threats in ad-hoc networks which can be easily employed by exploiting
vulnerability of on-demand routing protocols such as AODV. In this paper we proposed a solution for
identifying the malicious node in AODV protocol suffering from black hole attack.

Keywords: Ad-hoc AODV, Black Hole Attack, MANET, Destination sequence Number.

1. Introduction

A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection
of mobile nodes without a centralized management. These mobile nodes communicate with each other directly
if they are in the same radio communication range. Communication between nodes out of the radio range
requires the cooperation of other nodes; this is known as multi-hop communication. Therefore, each node must
act as both a host and a router simultaneously. The network topology frequently changes due to the mobility of
mobile nodes as they enter, move within, or leave the network.
Due to the unique characteristics of MANET, developing an intrusion detection system (IDS) in this network is
challenging. There is no centralized gateway device to monitor the network traffic. Since the medium is open,
both legitimate and malicious nodes can access it. Moreover, there is no clear separation between normal and
unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information can
come from a compromised node or a legitimate node that has outdated information. Black hole or sequence
number attack is one of the most common attacks made against the reactive routing protocol in MANETs. The
black hole attack involves malicious node(s) fabricating the sequence number, hence pretending to have the
shortest and freshest route to the destination. Numerous studies have attempted to devise effective detection
methods for this attack. The aim of this paper is to investigate black hole & detection methods within the scope
of ad hoc on demand distance vector (AODV) routing protocol. The paper is organized as follows. Section 2
provides brief overview about AODV routing protocol. Section 3 provides an overview of the Black Hole
attack. Section 4 describes about the previous work done on black hole attack. Section 5 gives the detail
information about our proposed solution. Section 6 for network simulation. We conclude with plan for future
work in Section 7.

2. AODV Routing Protocol

The Ad-hoc On-Demand Distance Vector (AODV) routing protocol is designed for use in ad-hoc mobile
networks. AODV is a reactive protocol: the routes are created only when they are needed. It uses traditional
routing tables, one entry per destination, and sequence numbers to determine whether routing information is up-
to-date and to prevent routing loops. An important feature of AODV is the maintenance of time-based states in
each node: a routing entry not recently used is expired. In case of a route is broken the neighbors can be notified.
Route discovery is based on query and reply cycles, and route information is stored in all intermediate nodes
along the route in the form of route table entries. The following control packets are used: routing request
message (RREQ) is broadcasted by a node requiring a route to another node, routing reply message (RREP) is
unicast back to the source of RREQ, and route error message (RERR) is sent to notify other nodes of the loss of
the link. HELLO messages are used for detecting and monitoring links to neighbors.

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3927

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

3. Black Hole Attack

In an ad-hoc network that uses the AODV protocol, a black hole node pretends to have a fresh enough routes to
all destinations requested by all the nodes and absorb the network traffic. When a source node broadcasts the
RREQ message for any destination, the black hole node immediately responds with an RREP message that
includes the highest sequence number and this message is perceived as if it is coming from the destination or
from a node which has a fresh enough route to the destination. The source assumes that the destination is behind
the black hole and discards the other RREP packets coming from other nodes. The source then starts to send out
its data packets to the black hole trusting that these packets will reach the destination. A malicious node sends
RREP messages without checking its routing table for a fresh route to a destination.

Figure 1: Broadcasting RREQ

As shown in Fig. 1 above, source node 0 broadcasts an RREQ message to discover a route for sending packets
to destination node 2. An RREQ broadcast from node 0 is received by neighboring nodes 1, 3 and 4. However,
malicious node 4 sends an RREP message immediately without even having a route to destination node 2. An
RREP message from a malicious node is the first to arrive at a source node. Hence, a source node updates its
routing table for the new route to the particular destination node and discards any RREP message from other
neighboring nodes even from an actual destination node. Once a source node saves a route, it starts sending
buffered data packets to a malicious node hoping they will be forwarded to a destination node. Nevertheless, a
malicious node (performing a black hole attack) drops all data packets rather than forwarding them on.

4. Existing Work on Black Hole Attack

There indeed have been numerous attempts published in the literature that aim at countering the Black attacks.
We survey them in the following. In [3] Intrusion Detection Systems (IDS) are one of the main techniques
utilized to prevent attacks against security threats. Intrusion detection can classified as network based and host
based. Network based (IDS) installed on data concentration points of a network such as switches and routers. In
the mobile ad-hoc networks we have no central device that monitors traffic flow so our proposed technique
intrusion detection using anomaly detection (IDAD) uses host based IDS schema. IDAD assumes every activity
of a user or a system can be monitored and anomaly activities of an intruder can be identified from normal
activities. To find a black hole IDAD needs to be provided with a pre-collected set of anomaly activities, called
audit data. Once audit data collected and given to the IDAD system, the IDAD system is able to compare every
activity with audit data. If any activity of a host out of the activity listed in the audit data, the IDAD system
isolates the particular node from the network. In this algorithm they first broadcast RREQ for route discovery
and then receive RREP and match the RREP with the audit data if they match save route to the route table and
send the data otherwise discard the RREP and then again try.

In paper [8] authors have mentioned the AODV protocol and Black hole attack in MANETs and proposed a
feasible solution for the black hole attacks that can be implemented on the AODV protocol. The Proposed
method can be used to find the secured routes and prevent the black hole nodes in the MANET. As future work,
author intend to develop simulations to analyze the performance of the proposed solution based on the various
security parameters like packet delivery ratio (PDR), mean delay time, packet overhead, memory usage,
mobility, increasing number of malicious node, increasing number of nodes and scope of the black hole nodes.

In [4], the authors discuss that black hole attack is one of the route disturbing attacks and brings great damage

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3928

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

on the network and they purposed a method for detecting black hole in network in this method each node is
responsible or depend on itself for detecting black hole node in the network. In this paper they use the first
algorithm counter threshold based in this algorithm they use the detection threshold and packet counter to
identify the attack. When the packet is forwarded out its digest is added into the Fwdpktbuffer and detecting
node overhears. Once the action that the next hop forwards the packet is overheaded, the digest will be released
the FwdPktBuffer. The detecting node should calculate the overhear rate of its next hope and compare it with its
threshold. If the forwarding rate is lower than the threshold the detecting node will consider the next hope as a
black hole. In this technique not all node have to watch only the next hope node on the route should have to
observe. As a result system performance waste on detection method is lowered.

In [5], according to author solution, information about the next hop to destination should be
included in the RREP packet when any intermediate node replies for RREQ. Then the source node sends a
further request (FREQ) to next hop of replied node and asks about the replied node and route to the destination.
By using this method we can identify trustworthiness of the replied node only if the next hop is trusted.
However, this solution cannot prevent cooperative black hole attacks on MANETs. For example, if the next hop
also cooperates with the replied node, the reply for the FREQ will be simply “yes” for both questions.

Then the source will trust on next hop and send data through the replied node which is a black hole node.

5. Proposed Solution

The Proposed method can be used to find the secured routes and prevent the black hole nodes (malicious node) in the
MANET by checking whether there is large difference between the sequence number of source node or intermediate
node who has sent back RREP or not. Generally the first route reply will be from the malicious node with high
destination sequence number, which is stored as the first entry in the RR-Table. Then compare the first destination
sequence number with the source node sequence number, if there exists much more differences between them, surely
that node is the malicious node, immediately remove that entry from the RR-Table.

Figure 2. AODV Protocol Packet Exchange

Destination Sequence Number [11] is a 32-bit integer associated with every route and is used to decide the
freshness of a particular route. The larger the sequence number, the fresher is the route. Node N3 will now send
it to node. Since node N1 and node N2 do not have a route to node D, they would again broadcast the RREQ
control message. RREQ control message broadcasted by node N3 is also expected to be received by node M
(assumed to be a malicious node). Thus, node M being malicious node, would generate a false RREP control
message and send it to node N3 with a very high destination sequence number, that subsequently would be sent
to the node S. However, in simple AODV, as the destination sequence number is high, the route from node N3
will be considered to be fresher and hence node S would start sending data packets to node N3. But in our
proposed AODV before sending data packets firstly source node will check the difference between sequence
numbers. If it is too large, obviously the node will be a malicious one, and it will be isolated from the network.
Otherwise it simply transfers the data packets to the destination node.

5.1 Algorithm

Algorithm: ReceiveReply(RREP) Method

Parameters: DSN – Destination Sequence Number, NID – Node ID, MN-ID – Malicious Node ID.

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3929

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

Step 1: (Initialization Process)

Start the route discovery phase with the source node S.

Step 2: (Storing Process)

Store all the Route Replies DSN and NID in RR - Table

Step 3: (Identify and Remove Malicious Node)

Retrieve the first entry from RR-Table
If DSN is much greater than SSN then discard entry from RR-Table as
Select Dest_Seq_No from table
if (Dest_Seq_No >>>= Src_Seq_No)
{
Mali_Node=Node_Id
Discard entry from table
}

Step 4: (Node Selection Process)

Sort the contents of RR-Table entries according to the DSN
Select the NID having highest DSN among RR-table entries

Step 6: (Continue default process)

Call ReceiveReply method of default AODV Protocol

This is how malicious node is identified and removed. Now since malicious node is identified, the routing table
for that node is not maintained. In addition, the control messages from the malicious node, too, are not
forwarded in the network. Moreover, in order to maintain freshness, the RR-Table is flushed once a route
request is chosen from it. Thus, the operation of the proposed protocol is the same as that of the original AODV,
once the malicious node has been detected. The main benefits of proposed solution are:
(1)The malicious node is identified at the initial stage itself and immediately removed so that it cannot take part
in further process. (2) With no delay the malicious node are easily identified ie. as we said before all the routes
has unique sequence number. Generally the malicious node has the highest Destination Sequence number and it
is the first RREP to arrive. So the comparison is made only to the first entry in the table without checking other
entries in the table. (3) No modification is made in other default operations of AODV Protocol (4) Better
performance produced in little modification and (5) less memory overhead occurs because only few new things
are added.

6. Network Simulation

The simulation is done with the help of NS-2 (v-2.34) network simulator. NS-2 provides faithful
implementations of the different network protocols. The implementation of the protocol has been done using
C++ language in the backend and tcl language in the frontend on the Ubuntu Linux 10.04 operating system. The
simulations consist of 25 nodes evolving in a region of (950 m) during 100 seconds. Transmission range is set to
250 meters. Random waypoint movement model is used and maximum movement speed is 12m/s. Packets
among the nodes are transmitted with constant bit rate (CBR) of one packet per second, and the size of each
packet is 512 bytes.
In these simulations we used the following evaluation metrics:
A. Packet delivery ratio (PDR): The percentage of data packets delivered to destination with respect to the
number of packets sent. This metric shows the reliability of data packet delivery.
B. Packet Loss: This metric informs us about the amount of control packets fails to reach its destination in a
timely manner.
Performance comparison is made on the basis of above two metrics between existing AODV and proposed
AODV.

A. Packet Delivery Ratio (PDR) : PDR is the ratio of the number of data packets received by the destination to
the number of data packets sent by the source. It is clear from Fig. 3 that PDR of AODV is heavily affected
by the malicious nodes where as the PDR of Proposed AODV is immune to it. This graph confirms that
while proposed AODV is secure against blackholes, AODV is not.

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3930

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

Figure 3. Showing PDR (Packet Delivery Ratio)

This is mainly due to the fact that our protocol detects the attacker and allows the source nodes to avoid it. By
avoiding the attacker, our protocol finds shortest paths, and so, delivers more packets. On the other hand, the
PDR decreases in the case of AODV that is subject to an attack. This is due to the fact that the number of
correctly received packet is very less than the number of transmitted packets. Indeed, with the increase of the
source nodes, the probability of intrusion increases, and the malicious node absorbs all the data packets passing
through it.

B. Packet Loss
Clearly, the percentage of packets dropped increases as both the speed and the number of nodes increases. As
speed increases, the position of a node will clearly change more rapidly. A source node will still use the last
route it has for a destination (if it didn’t expire yet), but due to the fast mobility pattern, this route will frequently
be invalid which causes the packet to be dropped. This will cause more and more packets to time out before
reaching their destinations. This was also noticed in our simulation as shown in the Fig. 4. The graph concludes
that there is very less packet lost percentile in the proposed AODV as compared to the AODV.

Figure 4. Showing Packet Loss

7. Conclusion & Future Work

An efficient and simple approach for defending the AODV protocol against Black Hole attacks is proposed. The
Proposed method can be used to find the secured routes and prevent the black hole nodes in the MANET by
indentifying the node with their sequence number; check is made for whether there is large difference between
the sequence number of source node or intermediate node who has sent back RREP or not? Generally the first
route reply will be from the malicious node with high destination sequence number, which is stored as the first
entry in the RR-Table. Then compare the first destination sequence number with the source node sequence
number, if there exists much more differences between them, surely that node is the malicious node,
immediately remove that entry from the RR-Table. In addition, the proposed solution may be used to maintain
the identity of the malicious node as MN-Id, so that in future, it can discard any control messages coming from

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3931

 Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

that node. Now since malicious node is identified, the routing table and the control messages from the malicious
node, too, are not forwarded in the network.
As future work, research work intend to develop simulations to analyze the performance of the proposed
solution based on the various security parameters like mean delay time, packet overhead, memory usage,
mobility, increasing number of malicious node, increasing number of nodes and scope of the black hole nodes
and also focusing on resolving the problem of multiple attacks against AODV.

References
[1] Jiwen CAI, Ping YI, Jialin CHEN “An Adaptive Approach to Detecting Black and Gray Hole Attacks in Ad Hoc Network”,
2010 24th IEEE International Conference.
[2] Songbai Lu, Longxuan Li, Kwok-Yan, Lingyan Jia “SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack”,
2009 International Conference.
[3] Preventing Black Hole Attack in Mobile Ad-hoc Networks Using Anomaly Detection by Yibeltal Fantahum Alem & Zhao Hheng
Xaun from Tainjin 300222, China 2010, IEEE
[4] An Adaptive Approach to Detecting Black Hole Attacks in Ad Hoc Network 2010 24th IEEE International Conference
[5] Weerasinghe.H. “Preventing Cooperative Black Hole Attacks in Mobile Ad Hoc Networks: Simulation Implementation and
Evaluation”, IEEE Student Member
[6] Dokurer .S, Y. M. Erten , Can Erkin Acar “Performance analysis of ad-hoc networks under black hole attacks”, Turkey
[7] Deng, H., Li, W. “Agrawal, D., "Routing Security in Wireless Ad Hoc Networks” IEEE Communication Magazine, October 2002
[8] Modified AODV Protocol against Blackhole Attacks in MANET by K. Lakshmi1, S.Manju Priya2 A.Jeevarathinam3 K.Rama4, K.
Thilagam5, Lecturer, Dept. of Computer Applications, Karpagam University, Coimbatore. International Journal of Engineering and
Technology Vol.2 (6), 2010.
[9] M. Hollick, J. Schmitt, C. Seipl and R.Steinmetz, “On the effect of node misbehavior in ad hoc networks”, Proc. Of
IEEE Intl Conference on Communications (ICC'04), Paris, June 2004, pp. 3759-3763.
[10] X. Wang, T. Lin and J. Wong, “Feature selection in intrusion detection system over mobile ad-hoc network,” Technical Report,
Computer Science, Iowa State University, 2005.

ISSN : 0975-5462 Vol. 3 No. 5 May 2011 3932

View publication stats