See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/336232268

Study of detecting and overcoming black hole attacks in MANET: A Review

Conference Paper · November 2017

CITATIONS READS

0 168

2 authors, including:

Danista Khan
University of Lahore
6 PUBLICATIONS 3 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Black Hole attacks in MANETs View project

All content following this page was uploaded by Danista Khan on 03 October 2019.

The user has requested enhancement of the downloaded file.

Study of detecting and overcoming black hole attacks
in MANET: A Review
Danista Khan
Department of Electrical Engineering
The University of Lahore
Lahore, Pakistan
danista.khan@ee.uol.edu.pk
Abstract— Mobile Ad-hoc Networks (MANETs) are networks in
which nodes configure themselves in dynamic topology without
any centralized system. MANET’s nodes communicate with each
other by forming a dynamic wireless link without using previous
infrastructure. In the MANETs any node can enter or leave a
network at any time. Nodes can send or receive the data by using
defined routing protocols and mobility models. Due to the
unavailability of centralized system, MANETs are exposed to
different network layer attacks. Worm Hole, Black Hole, Gray
Hole, Byzantine and Sybil Attacks are some of the examples of
network layer attacks, which destroys network topology resulting
in data loss and network degradation. In the Black Hole Attack,
a node proclaims itself as having closest paths to all the
destinations. This node absorbs all the data packets of network by
exploiting the routing protocol thus degrading network
performance. In this Paper, we have discussed different
techniques that can be used to detect and prevent MANETs from
black hole attacks.
Keywords— MANET, AODV protocol, black hole, security
attacks
I. INTRODUCTION
In a Mobile Ad-hoc Network (MANET) [1], mobile nodes
have no proper infrastructure. They configure autonomously
when nodes move around by following certain mobility
model [2] in a wireless network. In MANET, as nodes are
mobile so they follow dynamic topology i.e. any node can
enter or leave the network at any time [3]. The intermediate
nodes which are part of the network act as routers to send
data packets from the source to destination. MANET can be
cheaply deployed as they are infrastructure less so they can
be used in military battlefields, education, smart buildings
and cellular extensions [4].
Nodes in MANETs communicate with each other by
following certain routing protocols that can be classified
into 3 categories that are Reactive, Proactive and Hybrid.
Reactive routing protocols are basically on demand
protocols that means decide and maintain the route when the
source requires to send the data. Proactive protocols are
table driven routing protocols, they initially establish all
possible paths and maintain them by updating the tables of
the nodes periodically which results in consumption of
power and bandwidth. Hybrid protocols are the combination
of qualities of both proactive and reactive [5] [6].
978-1-5386-1556-0/17/$31.00 ©2017 IEEE
Mah zaib Jamil
Junior Scientist
Punjab Forensic Agency
Lahore, Pakistan
mahzaib@hotmail.com
All these routing protocols are defenseless against the
network layer security attacks in MANETs such as black
hole, wormhole, byzantine, selective forwarding and hello
flood attack. Different techniques have been proposed to
secure MANETs from network-layered attacks. In this paper
we have studied how to detect and prevent MANETs from
the black hole attacks
Rest of the paper is organized as follows. For understanding
the background we discussed some network layer attacks of
MANETs in section II. While black hole attacks and AODV
protocols are discussed in section III. We summarized
different preventive techniques against black holes in
section IV. Conclusion and future challenges are discussed
in last section.
II. NETWORK LAYER SECURITY ATTACKS
MANETs are vulnerable to attacks on different layers due to
absence of central coordination system.
Attacks in MANETs can be divided into two categories:
A. Passive attacks
It is difficult to identify passive attacks, they eavesdrops
routing traffic to get valuable information of data in network
without even disturbing routing protocols.
B. Active attacks
These attacks insert spoof packets in data stream, effecting
overall transition of packets in the network. They can be
further classified into internal and external attacks.
1) Internal attack
This is the type in which, malicious nodes are one of
the nodes that are also the part of the network.
2) External attack
In this type, participating malicious nodes are not
present in the network
Network layer is important for routing data packets in
MANETs. Attacks on this layer can cause the dropping of
packets which degrades the performance of network.
Different types of attacks are described in Table I. [7]
 TABLE I. SECURITY ATTACKS IN MANETs 2) Route Maintenance:
In MANET, as nodes are mobile, so topology of network
Attack Action Effect
Black hole Malicious node Exploits routing
changes [15] which results in breaking of routes between
[8-10] broadcasts itself having protocols like AODV source and destination. In this stage Route Error (RERR)
closest path to and degrades packet is generated if any route is broken.
destination nodes functionality of network
B. Black hole attack
It is a type of denial of service attack in which services of
Byzantine One or more Degrades routing service the network are made unavailable by one or more malicious
compromised nodes of network nodes [8-10]. In this, malicious node advertise itself as
creates routing loops
and drops off the
having shortest and authentic route to destination so that all
packets packets of network are sent in its direction by the
intermediate nodes. Attacker continuously monitors the
Gray hole[11] Node behaves in an Selectively forwards
traffic of the network, replies to any request and creates a
unpredictable way. Acts packets results in fake route by placing itself between nodes of the source and
as malicious node for a disruption of network destination. Malicious node then absorbs all data and drops
certain time, making it it by not forwarding to destination nodes.
very difficult to identify
Black hole attacks can be categorized into two types [16]
which are shown in Fig 2.

Sybil Attacker generates Affects normal routing 1) Single node black hole
additional nodes with operation, as Sybil In this, only one node acts as a black hole between the
fake identities. nodes appears in various source and the destination
Fabricated identity can locations making it
be new or can belong to difficult to identify
2) Collaborative Black Hole
some legitimate node additional nodes In this, two or more malicious nodes combines
together to form a black hole in route.

Worm hole Two or more nodes Affects confidentiality

[12,13]. create a wired or and changes topology
wireless link in network
and tunnels information
from one point to
S B D
another

III. AODV PROTOCOL AND BLACK HOLE

A. Ad hoc on demand distance vector protocol (AODV) a) Single node black hole
1) Route discovery:
In this stage the source node broadcast Route Request
(RREQ) packet in network. Network nodes check route to B1 B2
destination node in their routing tables [14]. If the node
finds a fresh route, it sends Route Reply Packet (RREP)
to the source. If the source receives multiple path S D
requests, it selects the route having shortest path and starts
sending data in its direction. Information contained in
RREQ and RREP is shown in Fig 1. IN
.
Source Source Destination Destination Lifetime
IP sequence IP Sequence b) Collaborative nodes
No. No. Fig 2. Types of Black hole

In figure 3, node ‘S’ wants to find a route to send data to

a) RREQ
node’ D’. It starts route discovery stage by broadcasting
Source Source Destination Timestamp Lifetime RREQ packet in whole network. Node ‘1’ and ‘B’ receives
IP sequence sequence RREQ packet.
No. No Node ‘B’ is acting as a malicious node in this network so it
doesn’t check its routing table and generates RREP packet
b) RREP instantly. Node ‘S’ gets RREP instantly from Node ’B’ so it
Fig 1. Packet in AODV starts sending data to Node ‘B’ assuming that it is providing
shortest path to Node ’D’. Node ’B’ then drops the data
packets instead of forwarding them to Node ‘D’, thus
dropping throughput of network. This is how black hole
node exploits routing of AODV protocol.
B 4
S D
1 3
RREQ
RREP
DATA
Fig 3. Black hole attack in AODV
IV. LITERATURE SURVEY
Different techniques for detection and prevention of
black hole attack are summarized in TABLE II
A. Mobile Agent [17]
A novel honeypot technique is discussed in this paper in
which honeypot node broadcasts fake RREQ packet in
network to detect malicious nodes. This spoofed packet
contains invalid Destination Sequence Number (DSN),
which is the maximum number among all nodes. The time
to the live value is set to 1 to reduce overhead. Only
malicious node responds to this fake packet, resulting in
detection of attacker. Honeypot node then broadcasts the
address of attacker node to all the other nodes in the
network so that they can blacklist it from routing tables.
B. Energy efficient trust based routing protocol [18]
Authors proposed a trust based system by assigning rank to
every node in network. As rank of the node increases it
becomes more reliable for communication with other nodes.
Rank ‘0’ node is marked as malicious node and it is
blacklisted from network. If an acknowledgement is
received by the source from a destination then ranks of all
the intermediate nodes in that route is increased, otherwise
ranks are decreased. Drawback of this technique is that a
new non-malicious node can be wrongly identified as a
black hole node if it acts as an intermediate node to the path
having black hole node.
C. AODV and Trust Based Secure On Demand Routing
(TSDRP) [19]
Node calculates the neighbor node trust values by proposed
framework to prevent from black hole attacks. Packet buffer
(PB) and node trust table (NTT) are introduced in AODV to
implement TSDRP model. This technique prevents black
hole and maintains PDF even if size of network is increased.
D. Secure Route Discovery protocol [20]
SRD-AODV technique is proposed in this paper by defining
three threshold levels based on size of the network.
Destination node checks the sequence number from RREQ
packet and compares it with the threshold value. If it is
greater than the threshold value then the destination node
replaces the sequence value to ‘0’, otherwise uses this value
to generate RREP packet. The source node compares
sequence value of RREP packets with threshold. If the
sequence value is greater than threshold then the source
node identifies it as the fake node.
E. Modified AODV using ‘fm’ and ‘rm’ [21]
A modified AODV is proposed by using secure knowledge
algorithm. This approach uses promiscuous mode which
ensures packet delivery to the destination and finds out
reasons for packet drop before broadcasting any node as
black hole. Every node promiscuously listens to the
neighboring nodes in network and compares information of
neighbors which are stored in its fm and rm tables. Details
about recent packets that were forwarded are stored in fm
table. Neighboring node details are maintained in rm table.
If no rm and threshold value is reached then Black hole
attacks.
F. Packet spoofing by base node [22]
Base node is used to send fake RREQ packets in network
having invalid destination sequence number. Non malicious
nodes in AODV don’t have this sequence number in their
routing tables, so they don’t reply to this request of base
node. Only malicious node replies to this request, after
which base node broadcast in network to black list the
malicious node. Prevention may fail in this technique, in
case of failure of base node
V. CONCLUSIONS
Black Hole attack is a type of Denial of Service (DoS)
attack in MANETs in which the attacker eavesdrops and
drop packets in first phase of AODV routing protocol. The
malicious node replies with fake RREP to the sender node
that initiated route discovery by broadcasting RREQ and
starts receiving all information packets from the node.
Different solutions are proposed by authors for preventing
MANET from black hole attacks. Various methods such as
SRD, modification of AODV protocol, mobile agent that
roams around MANET, route authentication based on rank
of nodes, neighbor node and trust schemes based on tables
are studied. These are methods which can be used to prevent
and overcome black hole attacks.
 TABLE II. PREVENTION TECHNIQUES FOR BLACK HOLE [7] Vaishali B.Mewada,Viral Borisagar,"MODIFIED DSR FOR
ATTACK MITIGATING BLACKHOLE IMPACT IN MANET",International
Journal For Technological Research In Engineering Volume 1, Issue
Detection Method Protocol Tool Performance 9, May- 2014
and and Remarks. [8] Gurnam Singh, Gursewak Singh,"Improvement of Network
Prevention Efficiency by Preventing Black Hole Attack in Manet", International
Techniques Journal of Innovative Technology and Exploring Engineering
[17] NHBADI AODV NS-2 PDF increased, (IJITEE) ISSN: 2278-3075, Volume 4 Issue-2, July 2014
Delay [9] Ashish T. Bhole, Prachee N. Patil, “Study of blackhole attack in
decreased. MANET”, International Journal of Engineering and Innovative
Technology (IJEIT) Volume 2, Issue 4, October 2012
[10] Chander Diwaker, Sunita choudhary, "DETECTION OF
[18] Ranks are Modified Not Energy BLACKHOLE ATTACK IN DSR BASED MANET", International
assigned AODV mentioned efficient. Journal of Software and Web Sciences (IJSWS),www.iasir.net
to nodes New node can [11] Alkatheiri, Mohammed Saeed, Jianwei Liu, and Abdur Rashid Sangi.
be judged as "AODV routing protocol under several routing attacks in MANETs."
black hole In Communication Technology (ICCT), 2011 IEEE 13th International
[19] Neighbor AODV. NS-2.34 Robustly Conference on, pp. 614-618. IEEE, 2011.
trust TSDRP configures in [12] PRADIP M. JAWANDHIYA, MANGESH M. GHONGE “A Survey
values by large network, of Mobile Ad Hoc Network Attacks”. International Journal of
using Overhead Engineering Science and Technology Vol. 2(9), 2010, 4063-4071
‘NTT’ & increased. [13] Chirala, A. P. "Analysis and Diminution of Security Attacks on
‘PB’ Extra Mobile Ad hoc Network." IJCA Special Issue on “Mobile Ad-Hoc
calculations for Networks”, MANETs (2010): 105-110.
nodes. [14] Tamilselvan, Latha, and V. Sankaranarayanan. "Prevention of
[20] SRD AODV, NS-2 PDF and blackhole attack in MANET." In Wireless Broadband and Ultra
using SRD- overhead are Wideband Communications, 2007. AusWireless 2007. The 2nd
threshold AODV increased International Conference on, pp. 21-21. IEEE, 2007.
levels [15] Mandala, Satria, Abdul Hanan Abdullah, Abdul Samad Ismail,
[21] Neighbor Modified NS-2.35 PDF and Habibollah Haron, Md Asri Ngadi, and Yahaya Coulibaly. "A review
trust AODV overhead are of blackhole attack in mobile adhoc network." In Instrumentation,
values increased. Communications, Information Technology, and Biomedical
using ‘fm’ Nodes have to Engineering (ICICI-BME), 2013 3rd International Conference on, pp.
and’ rm’ do extra 339-344. IEEE, 2013.
calculations. [16] Su, Ming-Yang, Kun-Lin Chiang, and Wei-Cheng Liao. "Mitigation
[22] Fake AODV NS-2.34 PDF , of black-hole nodes in mobile ad hoc networks." In Parallel and
RREQ Throughput Distributed Processing with Applications (ISPA), 2010 International
packet by and delay are Symposium on, pp. 162-167. IEEE, 2010.
BN increased. If [17] Rajesh Babu, M., and G. Usha. "A Novel Honeypot Based Detection
the BN dies, no and Isolation Approach (NHBADI) To Detect and Isolate Black Hole
protection Attacks in MANET." Wireless Personal Communications: An
against Black International Journal 90.2 (2016): 831-845.
hole Nodes. [18] Biswas, Suparna, Tanumoy Nag, and Sarmistha Neogy. "Trust based
energy efficient detection and avoidance of black hole attack to
ensure secure routing in MANET." In Applications and Innovations
in Mobile Computing (AIMoC), 2014, pp. 157-164. IEEE, 2014.
VI. REFERENCES [19] Chaubey, Nirbhay, Akshai Aggarwal, Savita Gandhi, and Keyurbhai
A. Jani. "Performance analysis of TSDRP and AODV routing
[1] S. Corson and J. Macker, “Mobile ad hoc networking (MANET): protocol under black hole attacks in manets by varying network size."
Routing protocol performance issues and evaluation considerations,” In Advanced Computing & Communication Technologies (ACCT),
IETF RFC 2501, Jan. 1999. 2015 Fifth International Conference on, pp. 320-324. IEEE, 2015.
[2] Kumar, MK Jeya, and R. S. Rajesh. "Performance analysis of [20] Tan, Seryvuth, and Keecheon Kim. "Secure Route Discovery for
MANET routing protocols in different mobility models." IJCSNS preventing black hole attacks on AODV-based MANETs." In ICT
International Journal of Computer Science and Network Security 9, Convergence (ICTC), 2013 International Conference on, pp. 1027-
no. 2 (2009): 22-29. 1032. IEEE, 2013.
[3] Changela, Heta, and Amit Lathigara. "Algorithm to Detect and [21] Siddiqua, Ayesha, Kotari Sridevi, and Arshad Ahmad Khan
Overcome the Black Hole Attack in MANETs." International Journal Mohammed. "Preventing black hole attacks in MANETs using secure
of Computer Applications 124, no. 8 (2015). knowledge algorithm." In Signal Processing And Communication
[4] Ranjan, Rakesh, Nirnemesh Kumar Singh, and Ajay Singh. "Security Engineering Systems (SPACES), 2015 International Conference on,
issues of black hole attacks in MANET." In Computing, pp. 421-425. IEEE, 2015.
Communication & Automation (ICCCA), 2015 International [22] Jain, Sakshi, and Ajay Khuteta. "Detecting and overcoming
Conference on, pp. 452-457. IEEE, 2015. blackhole attack in mobile Adhoc Network." In Green Computing
[5] Shendurkar, Ms Ankita M., and Nitin R. Chopde. "A review of black and Internet of Things (ICGCIoT), 2015 International Conference on,
hole and worm hole attack on AODV routing protocol in pp. 225-229. IEEE, 2015.
MANET." International Journal of Engineering Trends and
Technology (IJETT)–Volume 9 (2014): 394-399.
[6] Changela, Arora, Sandeep Kumar, Mubashir Yaqoob Mantoo,
Mahnaz Chishti, and Neha Chaudhary. "Performance measurement in
MANET." In Confluence The Next Generation Information
Technology Summit (Confluence), 2014 5th International
Conference-, pp. 406-410. IEEE, 2014.

View publication stats