Detection and Prevention of Blackhole Attack

in AODV of MANET
Asif Uddin Khan , Rajesh Puree , Bhabendu Kumar Mohanta , Sangay Chedup
1 2 3 4

Department of CSE, Sillicon Institute of Technology, Bhubaneswar-751024, India

1

Department of Computer Science, Utkal University-751004, Odisha, India

2

3
Department of CSE, Koneru Lakshmaiah Education Foundation, Vaddeswaram-500502, Andhra Pradesh, India
Department of ECE, Jigme Namgyel Engineering College, Bhutan.
4

Email: asif.khan@silicon.ac.in , rajesh.puri132@gmail.com , bhabendukumar@kluniversity.in ,

1 2 3

sangaychedup@jnec.edu.bt 4

Abstract—One of the most dynamic network is the Mobile scope nodes are routed through intermediate nodes.
Adhoc (MANET) network. It is a list of numerous mobile nodes. However, the MANET system is designed to set up a system
Dynamic topology and lack of centralization are the basic
characteristics of MANET. MANETs are prone to many attacks where necessary [2]. Each mobile node acts in such a
due to these characteristics. One of the attacks carried out on the network not only as a host, but also as the router, transmitting
network layer is the black- hole attack. In a black-hole attack, by packets to other mobile nodes in the network that can not be
sending false routing information, malicious nodes interrupt data directly wireless [3].
transmission. There are two kinds of attacks involving a black-
hole, single and co-operative. There is one malicious node in a
single black-hole attack that can act as the node with the highest
sequence number. The node source would follow the direction of
the malicious node by taking the right direction. There is more
than one malicious node in the collaborative black-hole attack.
One node receives a packet and sends it to another malicious
node in this attack. It is very difficult to detect and avoid black-
hole attacks.Many researchers have invented black-hole attack
detection and prevention systems. In this paper, We find a
problem in the existing solution, in which validity bit is used.This
paper also provides a comparative study of many scholars. The
source node is used to detect and prevent black hole attacks by
using a binary partition clustering based algorithm. We compared
the performance of the proposed solution with existing solution
and shown that our solution outperforms the existing one.
Index Terms—MANET, AODV, Black hole attack, rout- ing
protocols, clustering.

I. INTRODUCTION Fig. 1. Application of MANET in different areas.

MANET is a short term for Mobile Ad-hoc Network. It is
also called wireless adhoc network, an unbroken net- work of
mobile devices connected without using cables and without
any infrastructure setup. Devices can travel in any direction in
a MANET architecture independently and thus often change
their ties with other devices. Wireless communications, from
satellite transmission to home wireless personal area
networks, have increased exponentially in recent years [1].
978-1-6654-4067-7/21/$31.00 ©2021 IEEE
The wireless media communicates between a fixed node
and a mobile node within its range. However, a permanent
fixed infrastructure is required. The MANET system is a
different model, however the broadcasting range of each
node is restricted to the closeness of each other, and out-of-
One of MANET's recent applications is a sensor net- work
consisting of several thousand small, low-powered sensing
nodes [4]. Example of MANET implementations are shown in
Figure 1. Security in these areas clearly is a critical problem.
Secure communication is essential in any wireless network
[5] and [6] to make the system more trustworthy to the end
users.
In MANET several attacks can be performed by the
malicious node that prevents the operation of MANET.
Blackhole attack and Grayhole attack are the most important
attacks that needs to be investigated.In this paper we
investigated the blackhole attack and proposed a solution to
solve the issue.The organization of the paper is as follows.
In section-II literature survey is done. Section-III presents the
motivation. In section-IV, we present the solution
approach.Section-V discusses the performance analysis.
Section-VI presents the simulation results. Fi- nally in section-
VII, we conclude and discuss the future work.

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.
 II. LITERATURE SURVEY
In paper [7] Ashish Kimar Jain et al. proposed a method to
detect black hole attack through first route reply mechanism
in AODV protocol of MANET.
In paper [8] J. V. Vadavi et al. try to detect the black hole
attack and avoiding them in participating in the network by
enhancing the AODV protocol by making it delay aware.
Sushama Singh et al. try to enhance the performance of
the AODV protocol by introducing a trusted AODV routing
algorithm (tangent hyperbolic function is used to calculate the
trust value) to detect the collaborative black hole attack. [9]
In paper [10] Heerendra Mahore et al. focused on agent
based AODV protocol which means some sender nodes are
assigned a task of the agent to check the RREP coming from
the destination nodes to check and avoid the black hole
attack.
In paper [11] Vidya Kumari Saurabh et al. proposed a
clustering based AODV routing protocol in which each single
node of the cluster in ping once to the cluster head to detect
the difference between the data packets received and sent by
the exact node to detect the black hole attack.
Sathish M. et al. in [12] proposed a method to detect the
single as well as collaborative black hole attack by sending
fake RREQ and Destination Sequence Number and when
receives RREQs from nodes with higher DSN it will collect
them in a list and inform all the other nodes that these are the
malicious nodes.
detect a black-hole attack and sends data packets to that
route assuming that the destination is reached by this route.
The attacker would then drop data to the destination node
without forwarding it.
The abbreviations used in this paper is described in
TABLE IV.
A. Flowchart of Existing Solution
The above Fig.2 is the flowchart of existing solution from
which we drew the motivation. The proposed work is the
method to overcome the limitations of the above strategy.
IV. SOLUTION APPROACH
In our proposed approach SOURCE node is used for the
detection of black hole attack. After generating a route
request, broadcast it and wait for RREPs. Source receive
RREPs from k1+k2 no. of nodes. After receiving RREPs from
k1+k2 no. of nodes store them in a list [15].
Make two groups of RREPs and store them in the list using
a binary partition clustering algorithm such as k-means [16]
based on destination sequence number. Then the average
destination sequence number(ADS) is calculated for both the
cluster that is (ADS1, ADS2). If ADS1 is greater than ADS2
and the difference is greater

III. MOTIVATION
The method for the MANET black hole detection,
proposed in [1] says that the validity of the message RREP is
attached and stored on each node of the active path in an
itinerary table. Whenever a route request is received for a
node, the route response message is created by setting a
value for a validity bit in RREP, whether that route is the
target or if it has a legit route. This RREP will then return to
the next hop it got RREQ from. The proposed route reply
message varies from the basic AODV route reply message in
terms of validity. The RREP message incorporates the
validity mechanism. AODV RREP will have an additional
header in a validity bit.
This new field is used to validate the route validity.
Whenever a Route reply is received from a node, it is
processed only if the RREP 's validity bit is specified. Only if
the validity bit is set will an entry be made for this path. As an
assailant, this mechanism is not known; it reacts without
looking into its route table. This implies that the validity bit in
the RREP sent by the attacker node would have a null value.
A node with a validity value not identified will simply drop the
RREP without entering the routing table [13].
The above technique is a great way to detect blackhole
attacks [14], and a negligible overhead would be applied to
the overhead network when a single bit is used in this
strategy to detect attacks. However, if the attacker looks at
the attackers' routing table and sets the validity value, and
sends RREP to the source, then the source node does not

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.
 n2k2 nodes respectively we can see it in TABLE II and
TABLE III.
In TABLE II it can be seen that cluster-1 contains the
number of nodes n11 to n1k1 having destination sequence
number ds11 to ds1k1. Similarly in TABLE III cluster-2
contains the number of nodes n21 to n2k2 having destination
sequence number ds22 to ds2k2.
After that average destination sequence number is
calculated for cluster-1 (ads1) and cluster-2 (ads2) by the
equations given below.

After calculating the average destination sequence of

cluster-1 and cluster-2, we check for cluster-1. If the average
destination sequence of cluster-1 (ads1) is greater than the
average destination sequence of cluster- 2 (ads2) and their
difference i.e. (ads1-ads2) is greater than a threshold value
then cluster-1 is suspicious and may contain a set of black-
Ẹ =1 dsiki
i
kl

ads1 (1)
ki
k ds
2 kj
ads2 k2 (2)

Fig. 2. Flowchart of existing solution
hole nodes otherwise source node selects the best node from
cluster-1, check the validity bit, if set, then send data through
the node to the destination.
Similarly, the average destination sequence of cluster-
1 and cluster-2 is calculated and check for cluster-2. If the
average destination sequence of cluster-2 (ads2) is greater
than the average destination sequence of cluster- 1 (ads1)
and their difference i.e. (ads2-ads1) is greater than a
threshold value then cluster-2 is suspicious and may contain
a set of black-hole nodes otherwise source node selects the
best node from cluster-2, then check the validity bit is set or
not, if set, then send data to destination through the node.

than a threshold value then cluster-1 may contain a set of B. Proposed Algorithm
black-hole nodes otherwise source node selects the best 1. Start.
node from cluster-1, check validity bit, if set, send data [17]. 2. Broadcast RREQ (source).
If ADS2 is greater than ADS1 and the difference is greater 3. Received RREP from k1+k2 nodes.
than a threshold value then cluster-2 may contain a set of 4. Store it in list.
black-hole nodes otherwise source node select the best node 5. Make 2 clusters using partition clustering
from cluster-2 and check validity bit if set, send data through algorithm(based on destination sequence number).
that node. TABLE I
CLUSTER-1 CLUSTER-2 TABLE WITH DESTINATION SEQUENCE
NUMBER
A. Proposed Method
Cluster 1 1 Cluster 2
The source generates RREQ for the establishment of a nu “““ ‘ n^ĩ
path to send data. The explanation of our solution approach ni2 n22
is described as follows.
ni3 n23
The source node generates RREQ and broadcast it
through the network and waiting for the RREPs. Source node ni4 n34
after receiving the RREPs from k1+k2 number of nodes
stores it in a list.
TABLE II
The source node makes two groups using a binary CLUSTER-1 TABLE WITH DESTINATION SEQUENCE NUMBER
partition clustering algorithm such as k-means [16] based on number of nodes destination sequence number
destination sequence number. Here cluster-1 and cluster-2 nii dsi 1
are having n11, n12... , n1k1 nodes and n21, n22, n23...,
ni2 ds 2 1

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.
 ni3 dsi3 and send data. In step 9 If ads2>ads1 and ((ads2- ads1)>ds-
ni4 ds 4
1
threshold) Cluster-2 is suspicious. In step 10 it goes to step 9
niki dsiki and in 12 it ends.
C. FLOWCHART
The below Fig. 3 is a flowchart that shows how a black-
TABLE III
CLUSTER-2 TABLE WITH DESTINATION SEQUENCE NUMBER hole attack occurs with respect to time. It is further described
number of nodes destination sequence number with the timing diagram in Fig. 4.
n2i ds2l
D. TIMING DIAGRAM
n22 ds 2
2

The source node wants to send data to the destination

n23 ds23 node. In T1 time the source node generates RREQ and
n24 ds24 sends the RREQ in the network. Both the attacker and the
destination node received the RREQ.
n2k2 ds2k2 After receiving RREQ both attacker and destination send
RREP to the source node or from where they received
RREQ. In T2 time the source received RREP from an
6. Calculate ads1 and ads2 by putting equations-1 and attacker and in T3 time receives RREP from the destination
equations-2 node. The RREP from the attacker having destination
7. If ads1 > ads2 and ((ads1-ads2)>ds-threshold) Cluster-1 sequence number is higher than the RREP received from the
is suspicious destination node, source node thinks that this is the fresh
8. Else source select best node, check validity bit and send enough route to the destination. So the source discards the
data. RREP from the destination.
9. If ads2>ads1 and ((ads2-ads1)>ds-threshold) Cluster-2 After discarding the RREP from the destination, the source
is suspicious node sends data to the attacker in T4 time then it drops all
10. Else goto 8 the data packet coming from the source without forwarding it
11. End. to the destination.

where
ads1= average destination sequence number of cluster-1
ads2= average destination sequence number of cluster-2 ds-
threshold= threshold difference of average destination
sequence number.

TABLE IV
ACRONYMS AND THERE MEANING USED IN THIS PAPER
Acronyms meaning
AODV Ad hoc On Demand Distance Vector
MANET Mobile Ad hoc Network
RREP Route Reply
RREQ Route Request
ADS Average Destination Sequence Number
ADS1 Average Destination Sequence Number of cluster-1
ADS2 Average Destination Sequence Number of cluster-2

In step 1 start the algorithm, source broadcast route

request, and in step 3 it received route reply from k1+k2
nodes then store it in a list in step 4.
In step 5 make two clusters using partition clustering
algorithm(based on destination sequence number). then
calculate ads1 and ad2 in step 6. In step 7 it checks If ads1 >
ads2 and ((ads1-ads2)>ds-threshold) then Cluster- 1 is
suspicious.
In step-8 else source select best node, check validity bit

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.

Fig. 3. Flowchart of proposed solution
V. DISCUSSION A ND PERFORMANCE ANALYSI S
In MANET, protection is a major problem. The entire
network can be devastated by attacks. One of them is the
Black-Hole attack [18]. Due to complex network topology, the
location of the malicious node is very difficult to locate.
In this paper, we have proposed a method for detecting
the black hole attacker using the proposed algorithm based
on binary partition algorithm. In [1], the RREP message
incorporates the validity bit mechanism.This new field is used
to validate the route validity. Whenever a Route reply is
received from a node, it is processed only if the RREPs
validity bit is specified. Only if the validity bit is set will an
entry be made for this path. As an assailant, this mechanism
is not known; it reacts without looking into its route table. This
implies that the validity bit in the RREP sent by the attacker
node
SOURCe ATTACKER ŨESMTIŨN
Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.
Fig. 4. timing diagram of black-hole attack
would have a null value. If a node receives a validity value not
specified, the RREP can be simply dropped without entering
the routing table.
We found that the above-proposed method is a good
method that detects a black-hole attack. However, there is a
problem, if the attacker will look to its routing table and set the
validity value and send RREP to the source, then the source
node will fail to detect the black-hole attack and send data
packet in that route thinking that this is the destination path.
Then attacker will drop data without forwarding it to the
destination node. According to our proposed method,the
source after generating a route request broadcast it and wait
for RREPs. Source receive RREPs from k1+k2 no. of nodes.
After receiving RREPs from k1+k2 no. of nodes store them in
a list.
Make two groups of RREPs store in the list using binary
partition clustering algorithm based on destina- tion sequence
number. Then we calculate the average destination sequence
number (ADS) of both the clusters i.e ADS1 and ADS2. If
ADS1 is greater than ADS2 and the difference is greater than
a threshold value then cluster-1 may contain set of black hole
nodes otherwise source node select the best node from
cluster-1, check validity bit, if set, send data.
If ADS2 is greater than ADS1 and the difference is greater
than a threshold value then cluster-2 may contain a set of
black-hole nodes otherwise source node select the best node
from cluster-2 and check validity bit if set, send data through
that node.
An example is taken to discuss the proposed solution. The
example is discussed in the following lines.
We take 11 RREPs nodes. Source receiving these 11
RREPs store it in a list. Then source makes two clusters
 namely cluster-1 and cluster-2. The cluster table is given in
TABLE V and TABLE VI.
TABLE V
CLUSTER-1 TABLE WITH DESTINATION SEQUENCE NUMBER
Number of nodes 1 Destination sequence number
-----------ĩ---------------------------- 10---------------------
5 40
2 45
48
8
3 46
VI. SIMULATION RESULTS
The Proposed solution is simulated using ns-2.35 and
compared with Validity bit based approach [1].The simulation
parameters are listed in table-VII. In figure- 5, we plotted the
graph of packet delivery ratio and in figure-6, we plotted the
graph of routing overhead with the increasing no of attacker
nodes from 1 to 5. From the figure-5, It is observed that
packet delivery ratio is close to 1 and then decreases with the
increasing no of attacker nodes but at all the points it is better
than the validity based approach. Similarly in figure-6, it is
observed that the proposed solution gives better result in
terms of routing overhead with increasing no of attackers.

TABLE VI
CLUSTER-2 TABLE WITH DESTINATION SEQUENCE NUMBER
Number of nodes 1 Destination sequence number
-----------4---------------------------- “Ĩ0--------------------

6 15
7 14
9 ĩĩ
ĩo 12
ĩĩ 13

The method is used to calculate the following ads1 = 50 +

40 + 45 + 48 + 46/5 = 45.8 ads2 = 10 + 15 + 14 + 11 + 12 + 13/6
= 12.5 ads1 - ads2 = 45.8 - 12.5 = 33.3

let ds - threshold value is 10.

From the proposed method, it is found that cluster-1 Fig. 5. Packet Delivery ratio Vs No of Attacker Nodes
having the highest ads1 values as well as the difference
between ads1 and ads2 is greater than the ds-threshold.
From this, we can know that cluster-1 may contain a set of
black-hole attacker nodes.
So source select the highest sequence number node from
cluster-2 that is node-6 which have destination se- quence
number 15. The source node checks the validity bit, if it is set
then send data through that node. In [1]

TABLE VII
SIMULATION PARAMETERS
Parameters Values 1
Simulator ns-2.35 1
Simulation Time 200 secondsl
No of Nodes ĩoo 1
No of attacker ĩ, 2, 3“ 4, 5|
Maximum Speed 30 m/s ị
Protocol AODV 1
Packet Size Ĩ024 Bytes 1 Fig. 6. Routing Overhead Vs No of Attacker Nodes
Traffic Model TCP 1

VII. CONCLUSION FUTURE DIRECTION

the attacker can easily perform a black-hole attack by
modifying the validity bit. But the proposed method solves the
problem by segregating the attacker nodes from the normal
nodes by using our proposed algorithm. Hence the sender
can detect the attacker nodes easily and prevent the black-
hole attack.
In this paper, we shown that, how the blackhole attack can
be performed in the validity based approach [1] and proposed
a solution for solving the issues. We compared our proposed
method with the validity based approach and shown a better
result using simulation result and analysis using example. In
future we aim to extend this work for VANET in different
scenario and more simulation and analysis results

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.
 REFERENCES
[1] S. R. Deshmukh, P. Chatur, and N. B. Bhople, “Aodv-based secure
routing against blackhole attack in manet,” in 2016 IEEE International
Conference on Recent Trends in Electronics, Infor- mation & Communication
Technology (RTEICT). IEEE, 2016, pp. 1960-1964.
[2] A. Baadache and A. Belmehdi, “Avoiding black hole and coop- erative
black hole attacks in wireless ad hoc networks,” arXiv preprint arXiv:1002.1681,
2010.
[3] R. Lakhwani, V. Jain, and A. Motwani, ““detection and preven- tion of
black hole attack in mobile ad-hoc networks,” Interna- tional Journal of
Computer Applications, pp. 0975-8887.
[4] P. N. Raj and P. B. Swadas, “Dpraodv: A dyanamic learning system
against blackhole attack in aodv based manet,” arXiv preprint arXiv:0909.2371,
2009.
[5] U. Satapathy, B. K. Mohanta, S. S. Panda, S. Sobhanayak, and D. Jena,
“A secure framework for communication in internet of things application
using hyperledger based blockchain,” in 2019 10th international conference on
computing, communication and networking technologies (ICCCNT) . IEEE, 2019, pp.
1-7.
[6] S. S. Panda, D. Jena, and B. K. Mohanta, “A remote de- vice
authentication scheme for secure communication in cloud based iot,” in 2019
2nd International Conference on Innovations in Electronics, Signal Processing and
Communication (IESC). IEEE, 2019, pp. 165-171.
[7] A. K. Jain and V. Tokekar, “Mitigating the effects of black hole attacks
on aodv routing protocol in mobile ad hoc networks,” in 2015 International
Conference on Pervasive Computing (ICPC), 2015, pp. 1-6.

[8] J. V. Vadavi and A. G. Sugavi, “Detection of black hole attack in

enhanced aodv protocol,” in 2017 International Conference on Computing and
Communication Technologies for Smart Nation (IC3TSN) , 2017, pp. 118-123.
[9] S. Singh, A. Mishra, and U. Singh, “Detecting and avoiding of
collaborative black hole attack on manet using trusted aodv rout- ing
algorithm,” in 2016 Symposium on Colossal Data Analysis and Networking (CDAN) ,
2016, pp. 1-6.
[10] H. Mahore, R. Agrawal, and R. Gupta, “Agent based black hole
detection technique in aodv routing protocol,” in 2018 Interna- tional Conference
on Advanced Computation and Telecommuni- cation (ICACAT), 2018, pp. 1-6.
[11] V. K. Saurabh, R. Sharma, R. Itare, and U. Singh, “Cluster- based
technique for detection and prevention of black-hole attack in manets,” in
2017 International conference of Electronics, Communication and Aerospace
Technology (ICECA), vol. 2, 2017, pp. 489-494.
[12] Sathish M, Arumugam K, S. N. Pari, and Harikrishnan V S, “De-
tection of single and collaborative black hole attack in manet,” in 2016
International Conference on Wireless Communications, Signal Processing and
Networking (WiSPNET), 2016, pp. 2040- 2044.
[13] M. R. Dey, U. Satapathy, P. Bhanse, B. K. Mohanta, and D. Jena,
“Magtrack: detecting road surface condition using smartphone sensors and
machine learning,” in TENCON 2019-2019 IEEE Region 10 Conference (TENCON) .
IEEE, 2019, pp. 2485-2489.
[14] M. Al-Shurman, S.-M. Yoo, and S. Park, “Black hole attack in mobile
ad hoc networks,” in Proceedings of the 42nd annual Southeast regional
conference, 2004, pp. 96-97.
[15] M.-Y. Su, K.-L. Chiang, and W.-C. Liao, “Mitigation of black- hole
nodes in mobile ad hoc networks,” in International sym- posium on parallel and
distributed processing with applications . IEEE, 2010, pp. 162-167.
[16] K. Krishna and M. N. Murty, “Genetic k-means algorithm,” IEEE
Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) , vol. 29, no. 3,
pp. 433-439, 1999.
[17] R. H. Jhaveri, S. J. Patel, and D. C. Jinwala, “A novel approach for
grayhole and blackhole attacks in mobile ad hoc networks,” in 2012 Second
International Conference on Advanced Computing & Communication Technologies .
IEEE, 2012, pp. 556-560.
[18] F.-H. Tseng, L.-D. Chou, and H.-C. Chao, “A survey of black hole
attacks in wireless mobile ad hoc networks,” Human-centric Computing and
Information Sciences , vol. 1, no. 1, pp. 1-16, 2011.

Authorized licensed use limited to: California State University Fresno. Downloaded on June 24,2021 at 00:55:25 UTC from IEEE Xplore. Restrictions apply.