Black Hole Attack

This paper discussed the problem of black hole attack in MANET and various detection and prevention techniques which can be used to discover the secure path between source and destination avoiding the interruption by malicious nodes in route. Each one of the techniques discussed have own advantage and disadvantage as shown in table 1 and challenges in which further work can be done.

Mobile Ad Hoc Network (MANET) is autonomous and decentralized wireless systems. MANETs often suffer from security attacks because of their specification such as open medium, dynamic topology, lack of central monitoring and management, cooperative algorithms and unclear defense mechanism. The network-layer security designs for MANETs are concerned with protecting the network functionality to deliver packets between mobile nodes through multihop AdHoc forwarding. Therefore, they seek to ensure that the routing message exchanged between nodes is consistent with the protocol specification, and the packet forwarding behaviour of each node is consistent with its routing states [1]. During the route discovery process of on-demand routing protocols, an attacker can drop received routing messages, instead of relaying them as the protocol requires, in order to reduce the quantity of routing information available to the other nodes. This is called black hole attack [2], and is a “passive” and simple way to perform a Denial of Service (DoS). The attack can be done selectively (drop routing packets for a specified destination, and may have the effect of making the destination node unreachable or downgrade communications in the network. The Black hole attack is an important problem that can occur in ad Hoc Networks especially in popular on demand routing protocols like AODV [3].

Due to distributed and open natured of wireless networks, it is vulnerable and prone for attacked to intercept and hijack network communication. Its deployment in remote areas requires more concern of security issues. Open natured communication be a magnet for attacker to intercept and catch the sensed information. Numerous security threats can adversely affect its functioning & degrade network performance. The problem becomes more critical when it deploy for defense mission. Arbitrary network failure or node failure is the natural phenomena and may vary as per real life deployment, but intentional failure or compromising network may lead to leak the information. A various security threats like Worm-hole attack, Black-hole Attack, Gray-hole attack, Sybil Attack etc. are used for packet dropping, capturing and degrading network performance. Security in mobile networks is a challenging task. Furthermore, low profile

Abstract - Mobile WiMAX has drawn much attention due to its benefits. Nevertheless, security is a challenge and has to be ensured. The attacker may make use of parts of unencrypted management messages and acquire information about the type of traffic, nodes involved, timing and so on. This work discusses about the attacks prevalent in mobile WiMAX and a prediction mechanism to foreknow the prevalence of Black hole attack, an attack in the network layer. This mechanism eliminates the vindictive nodes and provides better results in terms of Packet Delivery Ratio (PDR), Throughput, Control and Total overheads.

Wireless ad-hoc networks are composed of autonomous nodes that are self- managed without any infrastructure [1]. In this way, ad-hoc networks have a dynamic topology such that nodes can easily join or leave the network at any time. They have many potential applications, especially, in military and rescue areas such as connecting soldiers on the battlefield or establishing a new network in place of a network which collapsed after a disaster like an earthquake. Ad-hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. Since the nodes communicate with each other without an infrastructure, they provide the connectivity by forwarding packets over themselves. To support this connectivity, nodes use some routing protocols such as AODV (Ad-hoc On-Demand Distance Vector), DSR (Dynamic Source Routing) and DSDV (Destination-Sequenced Distance-Vector). Besides acting as a host, each node also acts as a router to discover a path and forward packets to the correct node in the network. As wireless ad-hoc networks lack an infrastructure, they are exposed to a lot of attacks [2][3]. One of these attacks is the Black Hole attack. In the Black Hole attack, a malicious node absorbs all data packets in itself, similar to a hole which sucks in everything. In this way, all packets in the network are dropped. A malicious node dropping all the traffic in the network makes use of the vulnerabilities of the route discovery packets of the on demand protocols, such as AODV [4]. In route discovery process of AODV protocol, intermediate nodes are responsible to find a fresh path to the destination, sending discovery packets to the neighbour nodes [5]. Malicious nodes do not use this process and instead, they immediately respond to the source node with false information as though it has fresh enough path to the destination. Therefore source node sends its data packets via the malicious node to the destination assuming it is a true path. Black Hole attack may occur due to a malicious node which is deliberately misbehaving, as well as a damaged node interface. In any case, nodes in the network will constantly try to find a route for the destination, which makes the node consume its battery in addition to losing packets.

N. R. Yerneni and A. K. Sarje [3] found an algorithm that is based on how the malicious node behaves in order to perform the black hole attacks. To attract traffic towards it, malicious node sends false RREP packet as a response RREQ packet. It sends RRE P even if it does not have the path towards the destination as requested by the source of RREQ. It does not broadcast RREQ, instead sends RREP without checking its routing table. So, for the malicious node the ratio of number of RREQs transmitted to the number of RREPs transmitted is very less. Modified algorithm makes use of this fact to detect the black hole attack. Two extra fields are used in the proposed algorithm OAODV (opinion AODV) - request weight and reply weight. Request weight in routing table indicates the quantity of RREQs that area unit forwarded by the corresponding node. Similarly Reply weight indicates the number of RREPs forwarded. Proposed method has two modules-updating request/reply weights and collecting feedback.

Marti proposed Watchdog and Pathrater detection method [9, 10], which detect the black hole attack by monitoring whether the continuous packet loss of neighbor nodes reaches threshold in a certain period of time. However, each node should be involved in monitoring, and the network cost is quite high.

Security is the major issue in VANET. Majority of the attacks were against Physical, MAC and fewmore layers which deals with routing mechanism of Vehicular ad hoc network. Primarily the attacks were classified based on the purpose (i.e) not forwarding the packets through routing mechanism, which affects sequence number and hop count. In the Black Hole attack malicious vehicle waits for the neighbors’ to initiate a RREQ packet. Since the receivable RREQ Packet reaches the vehicle, it will immediately send a false RREP packet with a modified higher sequence number. A malicious vehicle where there is a possibility of Black hole attack which submerge all data packets of all objects and the packet will not be distributed further. The AODV protocol is vulnerable to such kind of attack because of having network centric property, where each vehicle of the network has to shares their routing tables among each other. Black Hole attack involves some modification of the data stream or the creation of a false stream

MANETs face different securities threats i.e. attack that are carried out against them to disrupt the normal performance of the networks. In black hole attack, a malicious node uses its routing protocol in order to advertise itself for having the shortest path to the destination node or to the packet it wants to intercept [4, 8 and 9].This hostile node advertises its availability of fresh routes irrespective of checking its routing table. In this way attacker node will always have the availability in replying to the route request and thus intercept the data packet and retain it [1]. In protocol based on flooding, the malicious node reply will be received by the requesting node before the reception of reply from actual node; hence a malicious and forged route is created. When this route is establish, now it’s up to the node whether to drop all the packets or forward it to the unknown address [5].

Ad-hoc networks have become a new standard of wireless communication in infrastructure less environment. MANET is a Mobile Ad-hoc Network in which the nodes get connected with each other without an access point. Messages are exchanged and relayed between nodes. Routing algorithms are utilized for forwarding packets between indirect nodes i.e not in direct range with aid of intermediate nodes. They are spontaneous in nature and absence of centralized system makes them susceptible to various attacks. Black hole attack is one such attack in which a malicious node advertises itself as the best route to the destination node and hinders the normal services provided by the network .

In black hole attack, a malicious node uses its routing protocol in order to advertise itself for having the shortest path to the destination node or to the packet it wants to intercept. This hostile node advertises its availability of fresh routes irrespective of checking its routing table. In this way attacker node will always have the availability in replying to the route request and thus intercept the data packet and retain it [22]. In protocol based on flooding, the malicious node reply will be received by the requesting node before the reception of reply from actual node; hence a malicious and forged route is created. When this route is establish, now it’s up to the node whether to drop all the packets or forward it to the unknown address [23].

On receiving this RREP, the source node starts routing packets via the claimed path and subsequently, the attacker node drops all the packets. Fig.1 is a pictorial representation of single black hole attack. In Fig.1, node 1 and node 4 represent the source node and the destination nodes respectively. Since node 3 is a black hole node, it hastily responds to RREQ and claims to have the freshest and shortest route to destination. On receiving this malicious RREP, node 1 delivers data packets through the path claimed by the RREP. Subsequently, node 3 drops all the packets. If there are multiple adversary nodes, the attack is called multiple black hole attack. Collaborative or cooperative black hole attack is a special case of multiple black hole attack in which two or more black hole nodes are acting in collusion.

To detect the malicious node the author proposed a method when a packet is broadcast by a source node, a virtual cylinder with radius w is created from the source node to sink node. All the nodes located in this virtual cylinder are allowed to forward the packet through the multipath, if any compromised node in virtual cylinder the packet may be forwarded to the sink through the other way of the virtual cylinder [1]. Multiple base station with an optimized position using a genetic algorithm has proposed for successful packet delivery in the presence of black hole attack [2]. “Improvised hierarchical vitality-efficient intrusion system” protects sensor fields from black hole attacks. It is based on forwarding control packets among the sensor node with base station.

The Black-hole node attack in MANET,(2012): in this paper author discuss about the black hole attack in Mobile ad- hoc network. The attack in MANET contains the two purposes. It does not forward the packet or change the parameters of routing messages and to exhaust the battery of nodes by make them traversing the wrong packet in wrong direction. The black hole problem is one of the security attacks that occur in mobile ad hoc networks. [6] A black hole attack increases network overhead, decreases the network’s lifetime by boosting energy consumption, and finally destroys the network. This makes this type of attack more dangerous as it does not check what kind of data just dropping the packets is meant for other nodes .That data may be critical. So this type of attack must be detected as early as possible and removed from network. Here author present two possible solutions. The first is to find more than one route to the destination. The second is to exploit the packet sequence number included in any packet header.

Abstract— Mobile Ad Hoc Networks (MANETs) is a collection of wireless mobile nodes connected by wireless links forming a temporary network without the aid of any infrastructure or any centralized administration. The nodes communicate with each other on the basis of mutual trust. These nodes can act as host/router or both at the same time. They can form arbitrary topologies depending on their connectivity with each other in the network. This characteristic makes MANETs more vulnerable to be exploited by an attacker inside the network. Wireless links also makes the MANETs more susceptible to attacks, which make it easier for the attacker to go inside the network and get access to the ongoing communication. Owing to its mobility and broadcast nature MANETs are particularly vulnerable to attacks over traditional wired networks finally makes them susceptible to various active and passive attacks because of its limited physical security, dynamically changing network topology, energy constrained operations and lack of centralized administration. MANETs often suffer from security attacks because of its features like open medium, lack of central monitoring and management, cooperative algorithms and no clear defense mechanism. In particular, black hole attacks can be easily deployed into the MANETs by the adversary. Our objective is to thoroughly capture and analyze the impact of Black Hole attacks on MANET performance using reactive (AODV) routing protocol with varying number of Black Hole nodes in the MANET. We have used Performance Metrics i.e. Throughput, Packet delivery Ratio, Packet Drop ratio to analyze the impact of Black hole attack on AODV Routing Protocol in MANET using the NS-2 simulator.

dynamic topology, routing protocol attacks, limited bandwidth, noise or interference in network and continuous disconnectivity due to mobility. To overcome these constraints, existing systems have work on number of intrusion detection techniques, architectures using different routing protocols. First Intrusion Detection System (IDS) technique Watchdog [6] has detected malicious nodes in the network. There are other techniques which has removes drawbacks of Watchdog [6]. One of technique EAACK [7] is acknowledgment based IDS which increases the Packet Delivery Ratio as compared to existing system. EAACK [7] detects malicious nodes in presence of receiver collision, false misbehavior report, and limited transmission power. There are two types routing protocols in MANET, proactive and reactive and hybrid .Proactive routing protocol maintains routing tables to store route information and table updated periodically e.g DSDV [8]. Reactive routing protocols are on demand routing protocols. e.g AODV [9], DSR [10]. Depending on some criteria there are two types of attacks in MANET, active attack and passive attack [11],[12],[13]. Proposed system based on Dynamic Hierarchical Intrusion Detection architecture [14]. Dynamic Hierarchical Enhanced Adaptive Acknowledgment based IDS (DH-EAACK) to detect and remove the packet dropping attack called as Black hole attack [15]. DH-EAACK has cluster based topology. Black hole attack [15] has been studied by many researchers, but the black hole attack in acknowledgement based system is becoming more popular area of research. Black hole attack detection technique works in two phase Route Discovery Phase and Data Packet Sending phase. Black hole Attack called Dropping attacks is caused by selfish nodes or compromised nodes in the network, by dropping all data packets. It prevents end to end communication between nodes.

Confidentiality and integrity are major factors for all communications in today’s life. There are several attacks to which our communication media is vulnerable to. We have studied one of the most common attacks which occur while transmission of packets i.e. Black hole attack. To avoid such attacks such mechanisms are essential to be implemented to ensure the security of communication.

Wireless networks provide connectivity to people from different geographical position have. Ad-hoc network is a type of wireless network without an infrastructure. Here network connectivity is maintained with the cooperation of all the network nodes. When the nodes change their locations dynamically, then such ad-hoc network is called as mobile ad-hoc network (MANET). Due to its features like dynamic topology, large degree of freedom, MANET is susceptible to various kinds of attacks like Black hole, Gray hole, Wormhole. A Black hole attack is a most brutal attack against routing protocols in MANETs. It is a malicious node which replies for any route requests claiming to have shortest path to the destination. However in reality it does not have any active route to the specified destination and drops the receiving packets.

Wireless Networks are gaining its popularity due to its ease of deployment, more economic and so on. These networks do not have any constraints of wired networks. Wireless network can be categorized into infrastructure wireless network and infrastructure less wireless network [1]. MANET (Mobile Ad-hoc Network) is an infrastructure less network where mobile nodes can move freely and can form network. Wireless networks rely on uninterrupted availability of the wireless medium to interconnect participating nodes. However the open nature of this medium leaves it vulnerable to multiple security threats. That means most of the time does not guarantee about the packets can be easily transfer over the network. It affects network performance degrade. Due to the absence of trusted centralized authority or openness of network topology, wireless networks are susceptible to security threats. Black-Hole attack is one

2011 BAMBi:Black hole Attacks Mitigation with Multiple Base Stations in Wireless Sensor Networks. That effectively mitigate the effect of black hole attack on WSNs. It’s based on deployment of multiple base stations in the network and routing of copies of data packets to that base stations. Their solution is highly effective and require very little computation and message exchanges in the network, so saving the energy of the SNs. 5 Struggling against