International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232

© Research India Publications. http://www.ripublication.com

An Efficient Black Hole Attack Detection And Prevention Technique Based

On Trust In Manet

K. P. Manikandan

Associate Professor, IT Department, Dhanalakshmi Srinivasan College of Engineering,

Coimbatore-641105. Tamil Nadu. Manikandanphd2014@gmail. com

Dr. R. Satyaprasad

Associate Professor, Department of Computer Science, Achariya Nagarjuna University,

Nagarjuna Nagar-522 510. Andhra Pradesh. profrsp@gmail. com

Dr. K. Rajasekhararao

Sri Prakash College of Engineering, Rajupeta, Konuru Panchayat, Tuni-533 401, Andhra Pradesh. krr_it@yahoo. co. in

Abstract: network traffic and mobility pattern of mobile networks as

Mobile Ad Hoc Networking (MANET) is an emerging
wireless networking technology. MANETs is self-configuring
network with a collection of nodes of mobile devices
connected without using any wires. In this paper a novel
mechanism called Self-Centered Friendship tree is designed
based on distance and angle of the mobile node. The
malicious node is detected from the SCF-tree, based on trust
value. The members in the cluster, transfer the malicious node
detection to the cluster head which alert the other nodes. At
the end of the process a reconstruction of self-centered
friendship tree is made by removing the malicious node in
MANET. The proposed work is to detect the malicious node
in a network that prevents the attack.
Keywords: Cluster Head, Malicious Node, MD5, Self-
Centered Friendship Tree.
I. Introduction
The wireless local area network (LAN) hot spot emerging
technology, in many times the wired networks is unavailable
or it may destroy. In such a case it is necessary to launch the
communication. This work helps to increase the network
lifetime and reduce the packet loss and increase packet
delivery ratio between sender and destination packet
transmission. The Mobile Ad hoc Networks (MANETs) [1]
solve this problem by considering the available mobile node
as an central communication medium, from this it extends the
ranges of mobile nodes. It allows the travellers to access the
internet in any location.
A new alternative way for mobile communication called
mobile ad hoc networks which are dynamic and populated by
mobile station. The controls of the network are distributed
among the terminals and it does have any background network
for central control. The device in MANET can move
independently in any direction without any restriction.
Mobility with dynamic network topology [2] is the idea
behind the MANETs. Topology is consecutively changed
among the terminals. The objective of MANETs is to analyses
well as the propagation conditions. MANET is used in
personal area network, military purpose, disaster area and so
on [3].
The main advantages are it is easy to install and maintain, low
cost and more flexible, new and efficient routing protocols
can be easily applied for wireless communication. Malicious
node [4], [5]occurred in MANET easily due to the
decentralized features and open medium. The Black Hole
attack [6][7] is one kind of Denial of service attack that occurs
through the malicious node.
This attack eliminates the incoming and outgoing packets
without sending any acknowledgement to the source, whether
the packet is delivered or not. The Black Hole attack is hides
itself so it is difficult to identify, but through the tracing of the
lost packets it can be able to detect.
This paper focus on detecting the Black hole attack based on
trust value [8][9]. The Self-Centered Friendship tree (SCF
tree)[10][11] is constructed initially, the root of the tree is
cluster head[12][13][14][15] which is based distance and
angle for the good data accessibility[16] and also to reduce
communication cost. The cluster head selection is performed
based on High connectivity Clustering algorithm. Then the
packet encryption and decryption is performed by the
Message-Digest algorithm (MD5)[17]. Malicious node
detection is the next process of this work once the malicious
node is identified; an alert message is send to the cluster
head[18]. The member sends this information to the cluster
head which alert the other nodes. The following section
describes some related works for this work.
II. Related Works
Djahel, S et al (2011) proposed a state of art countermeasure to
deal the Black hole attack. The author first identifies the black
hole attack in Ad hoc On Demand Distance Vector (AODV)
and Optimized Link State Routing protocol (OLSR). A
cryptographic primitive is analyzed to handle this attack and
five classifications are made to deal this attack according to the
defense line. Passive feedback based schemes, ACK-based

41225
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com

schemes, Reputation-based schemes, Cross-layer cooperation throughput. The proposed work focuses on detecting the black
based schemes. From this the author detects that Black hole hole attack and provides the action to prevent this attack. SCF
attacks mainly present in the routing layer due to the MAC tree construction is the initial step in this work which makes
protocol rules. the good data accessibility [12]. Then process of encryption
X. Li et al (2010) proposed a simple trust model for MANETs and decryption of packets is performed by MD5. Trust based
to reduce the threads from malicious node. Four kind of malicious node detection is the next process of this work once
protocols are proposed they are ad hoc on demanddistance the malicious node is identified; an alert message is issued to
vector (AODV) routing protocol, ad hoc on-demand trusted- the cluster head. From the cluster head information is shared
path distance vector (AOTDV), a trust-based reactive to its entire node. Finally the particular malicious node is
multipath routing protocol, ad hoc on-demand multipath removed from the SCF tree and it is reconstructed. The
distance vector (AOMDV) routing protocol to discover the following diagram shows the overall procedure of the
multiple loop path and the author used hop count and trust proposed work.
value aspects to evaluate that paths. These evaluations use to
choose protocols has the improved packet delivery ratio and
reduce the black hole attack effectively.
Lung-Chung Li and Ru-Sheng Liu proposed an ID based
multiple secrets key management scheme (IMKM) for
ensuring secure communication in ad hoc network. This
method provides an efficient way for key update and key
revocation and eliminates the need for certificate-based
authenticated public key distribution. Misbehavior
notification, Revocation generation and Revocation
verification are the three phases performed to achieve key
revocation similarly key updation is done by key joining, Key
Eviction and Group Key Agreement Protocol. By this a
master key is generated and it is distributed by all the cluster
head.
Jae-Ho Choi et al (2012) proposed a Self-Centered Friendship
(SCF) tree for replica allocation. The author considers the
mobile node as selfish nodes which are all uses the limited
resource only for its benefits. The SCF is constructed based on
the degree of selfishness of the node based on the value of
credit score. The credit score is measured from the credit risk
value which is derived from economics. Breadth first search is
applied for priority setting of the allocated replica. This
method provides good data accessibility; low communication
cost, and reduced the query delay.
Sohail Abbas et al (2013) introduced a novel method to detect
the identities of Sybil attackers. Author proposed a light
weight system for this purpose without any centralized
infrastructure such as a geographical positioning system or FIGURE 1. FLOW DIAGRAM OF PROPOSED WORK
directional antennae. A Received Signal Strength is applied to
find the difference between legitimate and Sybil identities.
Using simulation the entry and exit behavior of these two A. SCF Tree:
identities is measured and by using the real world testbed of The self-centered friendship (SCF) tree is inspired by the
Sun Spot sensor, the detection is performed with the RSS data human friendship nature. Normally the SCF tree is
fluctuation. This work is performed on MAC layer using 802. constructed based on the selfish node [10]. In this paper this
11 protocol without any extra hardware. tree is build based on the distance and angle of the node. The
The remaining section describes the proposed concepts of this initial step in SCF-Tree is cluster head (CH) selection. The
paper. Section 3 explains the SCF tree construction and cluster is selected based on mobility, distance, cost,
MD5algorithm. Section 4. Trust based malicious node connectivity, identifier and power. The proposed work selects
detection method. Section 5 describes the experimental result cluster based on High connectivity Clustering algorithm. A
and section 6 concludes this paper. node which contains the maximum neighbor is considered as
cluster head, Gerla [13]. The node in the cluster becomes the
member of that cluster, and it could not able to participate in
III. Proposed work cluster head position election. The neighbor node is finding by
The proposed work is to detect the malicious node in a mobile measuring the distance of each node. so the distance and angle
ad hoc network that prevents the Black Hole attack. This is calculated to find node transmission range. The location i. e.
attack makes the source node to trust that it has the shortest distance is calculated by the following formula
path then it drops all the packets send across it and reduces the

41226
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com

Where are node coordinates

The angle is measured to find the life time of a path. A path
life time is restrained by each link life time in the path.
Formula is

Where d refers to the distance, u refers to ,

v= , and , and denotes
the velocities TR is transmission range and and
denotes the direction angles.

TABLE 1. THE ALGORITHM FOR SCF-TREE

CH: Cluster Head

: Distance between each node
: Life time of a path
: Nodes
R: Range
Begin
Add CH as SCF-Tree root node.
Search child node( )
For each node
If(child node( )< and child node( )> )
Add to SCF tree
If new node comes into the range
Calculate it distance and angle
continue
Else
Check the nodes are with the range
End if
End for

B. Message digest algorithm md5

Once the SCF tree construction is completed, the node uses
the Message Digest Algorithm (MD5) to encrypt the original
message. The source node sends the request packet to the
entire node in the certain range. If the destination node is
within the single hop distance then it send the reply packet to
the source. In between this packet transformation MD5
algorithm is used to check the packet tampering. MD5 is
message digest algorithm mainly used in cryptographic hash
function to producing a fixed length output of 128 bits. The
message padding is performed in md5 so the input message is
split into 512 bit blocks. In the padding process a single bit 1

41227
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com
is added to the end of the message then it is followed by until
the message length is equal to 64 bits fewer than a multiple of
512. The original message is represented by filling the
remaining bits with 64 bits.
Initially the algorithm start to execute on a 128 bit state which
is divided into four 32 bits namely P, Q, R and S. at the
beginning these four bits (32) is initialized with some
constant. Then the 512-bit message is used to modify the
state. The message block consists of four rounds. Based on the
non-linear function each round is composed with 16
operations, modulo addition and the final round is left
rotation.
⊕, ⋁, ⋀, ⌜ denote the XOR, OR, AND and NOT operations
respectively.
IV. Trust based malicious node detection
Malicious node detection is major issue in MANET. In this
work a trust based black hole attack detection mechanism is
proposed. The aim of this paper is to remove the malicious
node from the network which is the major reason for the black
hole attack. The trust value is measured from the data
transmission history of nodes. The malicious node is the reason
for black hole attack and this malicious node isolation is done
based on a data structure called as Trust Table. Accordingly
each node maintains a Trust Table that will keep a trust value
of its neighbors and this table will be used for isolating the
malicious node
A. Trust Value Computation
The detecting of the malicious node in MANETs is
determined by the measurement of trust value. Suppose the
node p sends packets to next node q, it is not sure that node q
definitely forwards the packets to the next node, it may drop
the packet. The trust of node p in next node q is calculated to
assure that the packet send by p is forwarded by node q or not.
The overall trust value of a node is measured by considering
the two important factor namely control packet forwarding
radio (CR) and Data packet forwarding radio (DR) are
consider as weights. The formula for measuring the direct
trust in node p by node q is
Where
Where and is the ratio gained by node p, at
time t for forwarding packets to node q. and 1, 2 refers to
weights assigned to CR and DR. Each and every time node p
checks whether the node q transmitting the packets properly,
then the trust value count be higher if not trust value will
decrease. In this paper the value of a trust node is fixed at
range of 0-1. Threshold is a black list that is when the trust
value less than . Then the node is malicious node. Whenever
there is null transmission is performed between nodes then
initial value of trust is set to 0. 75. At the starting stage all the
nodes in manet have the same trust value. After that It is
updated whenever a node successfully forwards a packet to its
neighbor the following table describes trust value and their
meaning.
41228
TABLE 2. MEASURED TRUST VALUE AND ITS
MEANING
Trust Value Meaning
Malicious node
Suspected node
Less trustworthy node
Trustworthy node
Table 1 describes the obtained trust value and its relevant
meaning. From this it is easy to detect the malicious node. The
value of the Trust Table of node updated incrementally after a
successful data transmission. Whenever the trust value of
nodes lies between 0 to then it is consider as a malicious
node.
B. Reconstruction of SCF tree:
If any node detects that a node might be malicious then it has
to immediately checked and removed from the SCF tree. The
elimination of the malicious node is performed with the help
of the cluster head. Every member in the cluster is linked with
the cluster head, if any node is detected as malicious
node , the member sends this information to the cluster
head. Then it transforms the message to all other entire
member in the cluster. So the member won’t send any packet
to that affected node. this process increase the network
lifetime and reduce the packet loss and increase packet
delivery ratio between sender and destination packet
transmission
V. Experimental result
This proposed work is applied in NS2 platform to validate the
black hole detection and isolation effectively. It is a popular
network node used in various area such as Wireless sensor
network, MANET, etc. The malicious node is detected from
the SCF-tree, based on trust value result and the performance
comparison between the Packet Delivery Radio (PDR),
Throughput, Average delay, Energy, Overhead and Packet
loss is described in this section.
FIGURE 3. SIMULATION NETWORK
50 mobile nodes is used in the proposed work and the
simulation model of this work is shown in figure 3. The
experimental result explains this work i. e.
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com

TRUST_SECURITY with TRUST_WITHOUT SECURITY

and the parameters with their respective values which is used
in the simulation process are listed in table 2. Almost 19 types
of parameters is applied for simulating the proposed concept.

TABLE 3. SIMULATION PARAMETERS

Parameters Values
Channel type Wireless Channel
radio-Propagation TwoRay Ground
model
network interface WirelessPhy
type
MAC type 802_11
interface queue type DropTail/PriQueue
time of simulation 200
end
link layer type LL
antenna model OmniAntenna
max packet 50 (Minimum:512bytes, Maximum:
10, 000bytes)
number of mobile 50
nodes
FIGURE 4. PACKET DELIVERY RADIO REPORT
Simulation time 200 s(Minimum:200s,
Maximum:10000s)
routing protocol AODV
X dimension of 1000 B. Throughput
Radio of packets delivered successfully over a communication
topography
channel is known as throughput. It is measured in bit per
Y dimension of 1000
second (bts) and its formula is
topography
traffic tclfiles/cbr
mobility /tclfiles/speed5
number of attackers 5 (Minimum:5, Maximum: 25) In this approach the average throughput is 28. 5Kbps and it is
shown in Figure 5.
Energy Energy Model
Initial Energy 100

A. Packet delivery radio (PDR):

PDR is the ratio of actual number of packets delivered in
destination. The PDR is measured using following formula.

In this approach the packet delivery radio is 94%. The

comparison result is shown in Figure 4. In this research work
the mobile checkpoint monitors the data transfer and the
packet loss.

FIGURE 2. THROUGHPUT

41229
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com

C. Average delay
Average delay specifies how long a bit takes to reach another
node or endpoint and it is measured by fraction of seconds.
Formula for calculating Average delay is

This approach obtains less delay that is 18. 4sec. The average
delay report is shown in Figure 6.

FIGURE 4. NODE ENERGY

FIGURE 3. AVERAGE DELAY REPORT

D. Node energy
Node energy is a level of energy that each node has at the
beginning stage which is known as initial energy in
simulation. The node then loss an amount of energy after
transmitted. Node energy is also a important aspect to obtain
an efficient result. In the proposed approach the nodes energy
is reduced a little bit which is shown in Figure 6.

FIGURE 5. CONTROL OVERHEAD

E. Control overhead and packet loss

Control overhead defines as the number of control packets
propagates throughout the networks by each node. It is
measured by the following formula

This overhead includes RTS, ACK, CTS which is used to

maintain the efficiency of network routing scheme. The result
of the proposed work control overhead is shown in Figure 7.

41230
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com
FIGURE 6. PACKET LOSS REPORT.
Packet loss is occur when the data delivery is failed. Lot of
reason is there for packet loss; even if the radio signal is weak
due to the distance it may corrupt the packet during its
transmission. This packet loss affects the throughput so
reducing the packet loss will improve the throughput. The
result for packet loss is shown in Figure 8 which explains that
the proposed work packet loss is very low.
VI. Conclusion
In this paper the black hole attack is detected and removed
efficiently. The group of node in a certain range is grouped in a
single SCF tree by selecting the cluster head as root node. This
head cluster is chosen by considering the distance of each node
and the life time of the each path. The detection of the message
tampering is performed by the MD5 algorithm. The trust value
is measured from the node data transmission history. The
malicious node is the reason for black hole attack and this
malicious node isolation is done based on a data structure
called as Trust Table. Accordingly each node maintains a Trust
Table that will keep a trust value of its neighbors and this table
will be used for isolating the malicious node. If any node
detects that a node might be malicious then it has to
immediately send a message to the head cluster. Then a
warning is received by each node in the cluster from the cluster
head about the malicious node detection. This malicious node
is removed from the tree and it is reconstructed. By this way,
the proposed work provide a black hole attack free network in
MANET. This work is further improved to detect the group of
attack in Manet.
41231
References
[1]. Gerla Mario, Chiasserini, Carla-Fabiana, Mase
Kenichi, Modiano, Eytan, “Mobile ad hoc wireless
networks”, IEEE Journal on Communications and
NetworksVol:6, No: 4, Pp: 291-294, 2004.
[2]. Hongmei Deng, Cincinnati Univ, Li W, Agrawal,
DP, “Routing security in wireless ad hoc networks”,
Communications Magazine, IEEE Vol:40, No: 10,
Pp:70-75, 2009.
[3]. Burbank JL, Chimento PF, Haberman BK, Kasch
WT, ” Key Challenges of Military Tactical
Networking and the Elusive Promise of MANET
Technology”, IEEE Communication Magazine vol:
44, No: 11, Pp: 39-45, 2009.
[4]. Sheikh R, Singh Chande M, Mishra D K, “Security
issues in MANET: A review”, IEEE Seventh
International Conference on Wireless and Optical
Communications Networks (WOCN), Pp: 1-4,
2010.
[5]. Nadeem A, Howarth M P, “A Survey of MANET
Intrusion Detection & Prevention Approaches for
Network Layer Attacks” Communications Surveys
& Tutorials, IEEE Vol:15, No: 4, PP: 2027-2045,
2013.
[6]. Djahel S, Nait-abdesselam F, Zonghua Zhang,
“Mitigating Packet Dropping Problem in Mobile Ad
Hoc Networks: Proposals and Challenges”,
Communications Surveys & Tutorials, IEEE Vol:
13, No: 4, Pp: 658-672, 2011.
[7]. Fan-Hsun Tseng1, Li-Der Chou1 and Han-Chieh
Chao, ” A survey of black hole attacks in wireless
mobile ad hoc networks” Human-centric Computing
and Information Sciences 2011. [8]. Bar, R. K.,
Mandal, J. K. and Singh, M., (2013) “QoS of
MANet Through Trust Based AODV Routing
Protocol by Exclusion of Black Hole Attack”,
International Conference on Computational
Intelligence: Modeling Techniques and
Applications, India, pp. 530-537.
[9]. Li X, Jia Z, Zhang P, Zhang R, Wang H, “Trust-
based on-demand multipath routing in mobile ad
hoc networks”, Information Security, IET Vol: 4,
No: 4, Pp: 212-232, 2010.
[10]. Jae-Ho Choi, Kyu-Sun Shim, SangKeun Lee, Kun-
Lung Wu, “Handling Selfishness in Replica
Allocation over a Mobile Ad Hoc Network”,
Mobile Computing, IEEE Transactions on, Vol: 11,
No: 2, Pp: 278-291, 2012.
[11]. Byung-Gul Ryu, Woo-Jong Ryu, Yong-Ku Lee,
Sangkeun Lee, “Selfish replica allocation in a
mobile ad hoc network with data update”, IEEE
International Conference on Big Data and Smart
Computing (BigComp), Pp: 142-149, 2015.
[12]. Katal, A. ; Wazid, M. ; Sachan, R. S. ; Singh, D. P. ;
Goudar, R. H, “Effective Clustering Technique for
Selecting Cluster Heads and Super Cluster Head in
MANET”, IEEE International Conference on
Machine Intelligence and Research Advancement
(ICMIRA), Pp: 1-6, 2013.
 International Journal of Applied Engineering Research ISSN 0973-4562 Volume 10, Number 20 (2015) pp 41225-41232
© Research India Publications. http://www.ripublication.com

[13]. M. Gerla and J. T. Tsai, “Multiuser, Mobile,

Multimedia Radio Network, ” Wireless Networks,
vol. 1, pp. 255-65, Oct. 1995
[14]. Yao, Y., Guo, L., Wang, X., and Liu C., “Routing
security scheme based on reputation evaluation in
hierarchical ad hoc networks”, IEEE Journal on
Computer Network, Vol. 5, No. 4, pp. 1460-1469,
2010.
[15]. Lung-Chung Li and Ru-Sheng Liu, “Securing
Cluster-Based Ad Hoc Networks with Distributed
Authorities“, IEEE Transactions on wireless
communications, vol. 9, no. 10, October 2010.
[16] T. Hara, “Effective Replica Allocation in Ad Hoc
Networks for Improving Data Accessibility, ” Proc.
IEEE INFOCOM, pp. 1568-1576, 2001.
[17]. Ming Hu, Yan Wang, ”MD5-Based Error
Detection” Pacific-Asia Conference on Circuits,
Communications and Systems. PACCS '09. Pp:
187-190, 2009.
[18]. Rashmi, Ameeta Seehra, “A Novel Approach for
Preventing Black-Hole Attack in MANETs”,
International Journal of Ambient Systems and
Applications (IJASA) Vol. 2, No. 3, 2014.

41232