Key Node Oriented Black Hole Attack and Detection

2016 Joint International Conference on Artificial Intelligence and Computer Engineering (AICE 2016) and International Conference on Network and Communication Security (NCS 2016)

ISBN: 978-1-60595-362-5

Key Node Oriented Black Hole Attack and Detection

Yuan-Ming DING

_{, Hao WU}

1_{Key Lab of Communication and Network, Dalian University, P.R. China}

2_{College of Information Engineering, Dalian University, P.R. China}

a_{[email protected],} b_{[email protected]}

*Corresponding author

Keywords: Key Node, Black Hole Attack, Black Hole Detection, Ad Hoc Network.

Abstract. The key node oriented black hole attack means once the attack node is distributed near the key nodes in the network, it will do serious damage to the network performance. Thus, in this paper, based on implementing network key node recognition by computing the reputation value, propose the detection method of the key node oriented black hole attack. NS2 simulation results show that the key node oriented black hole attack on network have greater impact on packet loss rate and delay than the key node non-oriented attack, and compared the detection method of the key node non-oriented attack, the proposed detection method can be more efficient detection for the black hole attack to key nodes.

Introduction

Mobile Ad Hoc network is a kind of multi-hop mobile network which is highly autonomous, and each node has a wireless transceiver device. Meanwhile, it is widely used in military command and operation, disaster emergency communications, temporary major events, business meetings and other occasions. However, compared with other networks, the mobile Ad hoc networks are more vulnerable to be attacked. Thus, the security of network is widely concerned [1].

In addition to resolve the problem of the black hole attack and detection in mobile Ad Hoc network, Zapata proposed secure Ad Hoc on demand distance vector (SAODV) routing protocol [2] and Papadimitratos proposed routing protocol security extensions [3], which adds complex encryption and deciphering algorithm in routing protocols in order to solve the black attack and any other problems, but the complex algorithm consumed much computing resource of nodes. Marti proposed Watchdog and Pathrater which require nodes to monitor whether the number of packets whose neighbor nodes didn’t transmitted normally reached the threshold to detect the black hole attack, however, all nodes need to monitor and cache much data, which causes the relatively high network cost [4]. Shen proposed a method to prevent the intermediate nodes from replying RREP, but the time delay of the route discovery will be increased [5]. Ding proposed the black hole attack detection method based on a confirmation message, and each node in the routing cooperates with next two hop node. If the next two hop node receives the packets forwarded by intermediate node, these nodes will reply to the intermediate node on a jump ACK confirmation message, the upstream node row are not yet received an ACK message reach the threshold, the intermediate node can be a black hole [6]. It will increase the unnecessary resource consumption that uses this method to solve the key nodes oriented attacks. All the detection methods mentioned above only see these nodes in the network on an equal footing, rather than pay attention to the key nodes whose location or effects are important, so it is needed to do some research on the method of key node oriented black hole attack and detection.

The Detection Method of the key Node Oriented Black Hole Attack Introduction

Black hole attack is an ordinary means of attack, the black hole nodes make the source nodes only send data to itself by replying false RREP message and data is discarded, then there will be an Only-In-No-Out data black hole in the network [7, 8]. This article mainly analyzes and studies the problem of key node oriented active black hole attack and detection in Ad Hoc network.

Marti proposed Watchdog and Pathrater detection method [9, 10], which detect the black hole attack by monitoring whether the continuous packet loss of neighbor nodes reaches threshold in a certain period of time. However, each node should be involved in monitoring, and the network cost is quite high.

This paper uses the detection method of the key node oriented black hole attack based on neighbor node behaviors. That is recognize the key node at first, then let key node maintain a continuous counter of the number of continual packet loss for each neighbor nodes, and monitoring how its neighbor nodes process those received package. If a node was monitored that it dropped a data packet, the relevant counter of the node will plus one. If a counter relevant one node reached the threshold, the node will be reported as black hole. If a node transmitted a packet as usual before its counter reached threshold, reset the counter. The procedure of the detection of key node oriented black hole attack is as follows.

The Simulation of the Key Node Oriented Black Hole Attack and Detection

Before simulating and analyzing on the key node oriented black hole attack, we use key node recognition based on reputation to recognize key nodes in the network [11, 12].

Reputation Based Network Key Nodes Recognition

Key node detection

Key nodes maintain a continuous counter of packet loss for each

neighbor nodes

Key nodes monitor how the neighbor node deal with the

current packet

Whether the neighbor node discards the current packet

the counter of the packet loss neighbor node will plus 1

Whether the counter of neighbor node reaches the threshold

This node is black hole node

Report the detected black hole nodes on the entire network

reset the counter of the neighbor nodes which didn’t

lose package Start

Y

Y

N

N

Key node recognition based on reputation is to assess the reputation value of the node by judging the behavior of nodes during communication in the network, and prioritize reputation value of these nodes, then take several network nodes of which reputation value is the biggest as key node. This paper based on the method given in [8] that based on the reputable key nodes. This method that uses Bayesian estimation, neighbor node monitoring and collection of monitored information to quantitative the reputation value of nodes, eventually compare reputation value node, and then identify the key nodes.

The network topology is shown in Fig. 2, the simulation scene range is 1000m × 300m, the number of nodes is 50, the node maximum speed is 5m/s, the simulation time is 60s, intermediate node ID is 0, initialized reputation is 0.4, and threshold value is 0.75.

11 19 6 18 9 13 12 14 15 16 17 link5 link8 link10 link1 link2 lin k3 lin k4 link7 link9

n Network nodes link Cbr link

link6 0 1 2 3 4 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 47 48 49 8 7 10 5

Figure 2. The Network Topology.

Simulate according to the aforesaid scene, and the reputation values of nodes is shown in Fig. 3 and Fig. 4.

Figure 3. Reputation Value of Few Nodes. Figure 4. Reputation Value of Few Nodes.

Shown in Fig. 3 and Fig. 4, node 8, 20, 34, 44 are key nodes and node 6, 12, 15, 25 are not key nodes (normal nodes).

Analysis of Effect That the Black Hole Attack Has on Network Performance

In the simulation, comparatively analyzing the network delay and packet loss rate when black hole nodes are inserted near the key node 8 and non-key node 6 and no black hole node inserted. The packet loss rate and time delay performances after inserting a black hole node in different locations are shown in Fig. 5 and Fig. 6.

As can be seen in Fig. 5 and Fig. 6, firstly, after inserting a black hole, the packet loss rate of link 7 (from node 8 to 27), link 5 (from node 7 to 10) and link 2 (from node 6 to 3) is 1, and the time delay is 0. This is because the node 8 and 6 are start nodes of link 7 and link 5 respectively, and all packets will flow to the black hole node and be dropped when there is a black hole node near the start node. After inserting a black hole near node 8, the packet loss rate of link 5 which link have to pass by node 8 change to 1, and the time delay change to 0. Secondly, we can see the three lines from Fig. 5 that the packet lose rate of each link after inserting a black hole near key node 8 and normal node 6 has increased either, but the packet lose rate of each link near key node 8 increased many times to normal node 6 after inserting a black hole. Thirdly, we can see from Fig. 7 that the time delay of each link after inserting a black hole near key node 8 and normal node 6 has decreased either, but the time delay of each link after inserting a black hole near key node 8 decreased much more. This is because the black hole nodes made the packet drop rate of network increase to varying degrees while the time delay of each node basically unchanged, and the number of successfully received data packets is reduced, the total delay will inevitably be reduced.

To sum up, the black hole attack will increase the network packet loss rate, and the key node oriented black hole attack increases more network packet loss than non-key oriented black hole attack, and does more damage to network communication performance.

Comparative Analysis Network Performance Before and After the Black Hole Attack Detection In the simulation, the network performance is evaluated by loss rate and the average end-to-end delay parameters. The results are shown in Fig. 7 and Fig. 8.

Figure 7. Packet Loss Rate Changes with Figure 8. Time Delay Changes with the Number of Black Hole. the Number of Black Hole.

It is difficult to evaluate which detection method is better only from the angle of the average delay, but when observing the packet loss rate, it will be found easily that using key node oriented detection when under key node oriented black hole attack can not only decrease the drop rate but also decrease the average time delay, which fully shows that the key node oriented detection is better.

From Fig. 7, the simulation results can be observed that with the increase of the number of black holes:

 Without any detection (random Attack_noCheck and keyAttack_noCheck), packet loss rate had a leap at the first, then continues rose slowly, finally leveled off. And the lose rate of key node oriented black hole attack (keyAttack_noCheck) is higher than random black hole attack (randomAttack_noCheck).

 Under the situation that (randomAttack_allCheck and keyAttack_allCheck) all nodes were involved in the detection, packet loss rate became stationary.

 When under random black hole attack, adopting the method mentioned in this paper (randomAttack_keyCheck) packet loss rate was lower than without detection (randomAttack_noCheck), but it still kept at a high level, and unstable.

The simulation results can be observed from Fig. 8 that:

 Without any detection the average time delay decrease gradually, and the delay of keyAttack_noCheck is less than the delay of random Attack_noCheck.

 When using the ordinary detection methods, the average time delay rises slightly, then become stable finally.

 When under random black hole attack, the average time delay using key node oriented detection is lower than that uses ordinary detection method. It is because the random black hole may not be detected.

 When using key node oriented detection to detect the key node oriented black hole attack, the delay is less than normal detection.

Summary

This paper researches the problem of the active black hole attack and detection of the Ad Hoc network key nodes and normal nodes. Both the common nodes of network attack and key nodes of network attack will cause certain effect on the network data link packet loss rate and the delay, what’s more, the key nodes of network attack effect the performance of the network is more serious. In this paper, the method of the key node oriented detection can effectively detect the key node oriented black hole attack. On this base, the next question is how to make full use of the key node oriented black hole attack detection to research random black hole attack detection. Research results of this paper can provide the reference of the key nodes black hole attack detection technology research.

Acknowledgment

This work was supported by the Liaoning Natural Science Foundation (No. 2014020131) and Program for Liaoning Innovative Research Team in University (No. LT2014025).

References

[1]G. Eason, B. Noble, and I.N. Sneddon, On certain integrals of Lipschitz-Hankel type involving products of Bessel functions, Phil. Trans. Roy. Soc. London, A247(1955), 529-551.

[2]M.G. Zapata, Secure Ad Hoc on demand distance vector (SAODV) routing, ACM SIGMOBILE Mobile Computing and Communications Review, 6, 3, 106-107.

[3]P. Papadimitratos, and Z.J. Haas, Secure routing for mobile Ad Hoc networks, Proc. of Communication Networks and Distributed Systems Modeling and Simulation Conference, 2002, pp. 27-31.

[4]S. Marti, T. Cruli, K. Lai, et al., Mitigating routing misbehavior in mobile Ad hoc networks, Proc. of International Conference on Mobile Computing and Networking, 2000, pp. 255-265.

[5]M. Shen, and J. Liu, The study of black holes in mobile Ad Hoc network issue, Journal of Hefei University of Technology, 1(2011),87-90.

[6]Y. Ding, H. Qu, C. Pan, and G. Li, Black hole attack model and simulation for mobile Ad Hoc network, IJICIC, 11, 1(2015), 203-211.

[7]M. Roopak, and B. Reddy, Black hole attack implementation in AODV routing protocol, International Journal of Scientific & Engineering Research, 4, 5(2013), 02-406 .

[8]G. Sharma, and M. Gupta, Black hole detection in MANET using AODV routing protocol, International Journal of Soft Computing and Engineering, 1, 6(2012), 297-303 .

[10]R. Yemeni, and A.K. Sarje, Secure AODV protocol to mitigate black hole attack in mobile Ad Hoc networks, Proc. of ICCCN, (2012) 1-5.