A Black Hole Attack Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Recently in the past few years security of computer networks has been of serious concern which has widely been discussed and formulized. Most of the discussions involved only static and networking based on wired systems. However mobile adhoc networking was still in need of further discussions and development in terms of security [21]. With the emergence of ongoing and new approaches for networking, new problems and issues arises for the basics of routing. With the comparison of wired network Mobile adhoc network is different. The routing protocols designed majorly for internet is different from the mobile adhoc networks (MANET). Traditional routing table was basically made for the hosts which are connected wired to a non dynamic backbone [22]. Due to which it is not possible to support adhoc networks mainly due to the movement and dynamic topology of networks.

Due to various factors including lack of infrastructure, absence of already established trust relationship in between the different nodes and dynamic topology, the routing protocols are vulnerable to various attacks [23].

Major vulnerabilities which have been so far researched are mostly these types which include selfishness, dynamic nature, and severe resource restriction and also open network medium. Despite of the above said protocols in MANET, there are attacks which can be categorized in Passive, Active, Internal, External and network-layer attacks, Routing attacks and Packet forwarding attacks.

In these attacks, black hole attack is that kind of attack which occurs in Mobile adhoc networks (MANET).

Black hole Attack

In black hole attack, a malicious node uses its routing protocol in order to advertise itself for having the shortest path to the destination node or to the packet it wants to intercept.

This hostile node advertises its availability of fresh routes irrespective of checking its routing table. In this way attacker node will always have the availability in replying to the route request and thus intercept the data packet and retain it [21]. In protocol based on flooding, the malicious node reply will be received by the requesting node before the reception of reply from actual node; hence a malicious and forged route is created. When this route is establish, now it's up to the node whether to drop all the packets or forward it to the unknown address [22].

The method how malicious node fits in the data routes varies. Figure x shows how black hole problem arises, here node A want to send data packets to node D and initiate the route discovery process. So if node C is a malicious node then it will claim that it has active route to the specified destination as soon as it receives RREQ packets. It will then send the response to node A before any other node. In this way node A will think that this is the active route and thus active route discovery is complete. Node A will ignore all other replies and will start seeding data packets to node C. In this way all the data packet will be lost consumed or lost.







Fig. 5.1. Black hole problem

Black hole attack in OLSR

In OLSR black hole attack, a malicious node forcefully selects itself as MRP by keeping its willingness field to Will always constantly in its HELLO message. So in this case, neighbors of malicious node will always select it as MRP. Hence the malicious node earn a privileged position in the network which it exploits to carry out the deny of service attack.

The effect of this attack is much vulnerable when more than one malicious node is present near the sender and destination nodes.

Black hole attack in AODV

Two types of black hole attack can be described in AODV in order to distinguish the kind of black hole attack.

Internal Black hole attack

This type of black hole attack has an internal malicious node which fits in between the routes of given source and destination. As soon as it gets the chance this malicious node make itself an active data route element. At this stage it is now capable of conducting attack with the start of data transmission. This is an internal attack because node itself belongs to the data route. Internal attack is more vulnerable to defend against because of difficulty in detecting the internal misbehaving node.

External Black hole attack

External attacks physically stay outside of the network and deny access to network traffic or creating congestion in network or by disrupting the entire network. External attack can become a kind of internal attack when it take control of internal malicious node and control it to attack other nodes in MANET. External black hole attack can be summarized in following points

Malicious node detects the active route and notes the destination address.

Malicious node sends a route reply packet (RREP) including the destination address field spoofed to an unknown destination address. Hop count value is set to lowest values and the sequence number is set to the highest value.

Malicious node send RREP to the nearest available node which belongs to the active route. This can also be send directly to the data source node if route is available.

The RREP received by the nearest available node to the malicious node will relayed via the established inverse route to the data of source node.

The new information received in the route reply will allow the source node to update its routing table.

New route selected by source node for selecting data.

The malicious node will drop now all the data to which it belong in the route.

Fig 5.2 Black hole attack specification

In AODV black hole attack the malicious node A first detect the active route in between the sender E and destination node D. The malicious node A then send the RREP which contains the spoofed destination address including small hop count and large sequence number than normal to node C. This node C forwards this RREP to the sender node E. Now this route is used by the sender to send the data and in this way data will arrive at the malicious node. These data will then be dropped. In this way sender and destination node will be in no position any more to communicate in state of black hole attack.

Chapter 6

Performance analysis and Experimental Design

This chapter explains the various performance metrics required for evaluation of protocols and the design of our black hole system. To reiterate, we begins with the overview of performance metrics and further explains the simulation tool and simulation design.

Performance Metrics

The performance metrics chosen for the evaluation of black hole attack were packet end to end delay, network throughput and network load.

The packet end-to-end delay is the average time in order to traverse the packet inside the network. This includes the time from generating the packet from sender up till the reception of the packet by receiver or destination and expressed in seconds. This includes the overall delay of networks including buffer queues, transmission time and induced delay due to routing activities. Different application needs different packet delay level. Voice and video transmission require lesser delay and shows little tolerance to the delay level.

The second parameter is throughput; it is the ratio of total amount of data which reaches the receiver from the sender to the time it takes for the receiver to receive the last packet. It is represented in bits per second or packets per seconds. In MANETs throughput is affected by various changes in topology, limited bandwidth and limited power. Unreliable communication is also one of the factors which adversely affect the throughput parameter.

The third parameter is network load, it is the total traffic received by the entire network from higher layer of MAC which is accepted and queued for transmission. It indicates the quantity of traffic in entire network. It represents the total data traffic in bits per seconds received by the entire network from higher layer accepted and queued for transmission. It does not include any higher layer data traffic rejected without queuing due to large data packet size.

Simulation Tool

The tool used for the simulation study is OPNET 14.5 modeler. OPNET is network and application based software used for network management and analysis [24]. OPNET models communication devices, various protocols, architecture of different networks and technologies and provide simulation of their performances in virtual environment. OPNET provides various research and development solution which helps in research of analysis and improvement of wireless technologies like WIMAX, Wi Fi, UMTS, analysis and designing of MANET protocols, improving core network technology, providing power management solutions in wireless sensor networks.

In our case we used OPNET for modeling of network nodes, selecting its statistics and then running its simulation to get the result for analysis.

Modeling of Network

At first network is created with a blank scenario using startup wizard. Initial topology is selected by creating the empty scenario and network scale is chosen by selecting the network scale. In our case we have selected campus as our network scale. Size of the network scale is specified by selecting the X span and Y span in given units. We have selected 1000 * 1000 meters as our network size. Further technologies are specified which are used in the simulation. We have selected MANET model in the technologies. After this manual configuration various topologies can be generated by dragging objects from the palette of the project editor workspace. After the design of network, nodes are properly configured manually.

Collection of Results and Statistics

Two types of statistics are involved in OPNET simulation. Global and object statistics, global statistics is for entire network's collection of data. Whereas object statistics involves individual nodes statistics. After the selection of statistics and running the simulation, results are taken and analyzed. In our case we have used global discrete event statistics (DES). Figure 7 shows the browser of choosing results statistics that pop up after selecting the choose individual DES statistics.

Simulation Setup

Figure 6.1 employs the simulation setup of a single scenerio comprising of 30 mobile nodes moving at a constact speed of 10 meter per seconds.

C:\Documents and Settings\D3V!L\Desktop\main pic new.bmp

Fig.6.1. Simulation Environment for 30 nodes

Total of 12 scenarios have been developed, all of them with mobility of 10 m/s. Number of nodes were varied and simulation time was taken 1000 seconds. The data rates of mobile nodes are 11 Mbps with the default transmitting power of 0.005 watts. Random way point mobility is selected with constant speed of 10 meter/seconds and with pause time of contact 100 seconds. This pause time is taken after data reaches the destination only.

Our goal was to determine the protocol which shows less vulnerability in case of black hole attack. We choose AODV and OLSR routing protocol which are reactive and proactive protocols respectively. In case of OLSR, we have used willingness always option for the black hole node. In this way malicious node will always get the priority for the fresh route. In both case AODV and OLSR, malicious node buffer size is lowered to a level which increase packet drop.

Chapter 7

Results and Analysis

This chapter focuses on result and its analysis based on the simulation performed in OPNET modeler. Our simulated results are provided in Figures (7.1-7.12) to analyze and observe the variation in network nodes while under black hole attack. To evaluate the behavior of simulated intrusion based black hole attack we considered the performance metrics of packet end to end delay, throughput and network load. These parameters are already defined in chapter 6. Time average values of the graphs have been taken.

Packet End-to-End Delay

Packet end to end delay in case of black hole attack and without attack depends on the protocol routing procedure and number of nodes involved. In Fig 7.1, delay in case of 16 nodes for AODV and OLSR is high in case when there is no attack on the network nodes. This is because during the black hole attack there is no need of RREQs and RREPs because malicious node already sends its RREQs to the sender node before the destination node reply. So in this case the delay is less. Also comparatively AODV show more delay than OLSR because of its route search and reactive nature.

Fig 7.1 End to end Delay of OLSR and AODV With vs. Without black hole attack for 16 nodes.

In case of 30 nodes the delay is 5 percent more as comparative to 16 nodes. The overall impact of delay on AODV and OLSR is same as it was observed in 16 nodes. The increase in numbers of nodes also increases the difference of delay in AODV in case of black hole attack with comparison to a simple AODV scenario.

Fig 7.2 End to end Delay for OLSR with vs. without black hole attack for 30 nodes.

Figure 7.3 and Fig 7.4 shows the average packet end-to-end delay in presence of a malicious node only.

The figure 7.3 shows that OLSR has slightly high delay as compare to AODV. This is consistent if the numbers of nodes are fewer. However with the increase in number of node an increase in the delay of AODV has been observed. In figure 7.4 for 30 nodes AODV show high delay with comparison to OLSR. In terms of delay the performance of OLSR improves with the increase in number of nodes.

Fig 7.3. Delay-16 sources-AODV vs. OLSR

Fig 7.4 Delay-30 sources- AODV vs. OLSR


From figure 7.5 for 16 nodes, it is obvious that throughput for OLSR high comparatively to that of OLSR. Also in OLSR throughput when there is no attack is higher than the throughput of OLSR under attack. This is because of fewer routing forwarding and less number of nodes reached to the destination. This is found out because the throughput parameter checks the data send by the sender to the receiver in mean time. Here malicious node discards the data rather than forwarding it to the destination, thus effecting throughput. Same is the case with AODV, without attack its throughput is high than under attack which is due to the packer discarding by the malicious node. Similarly in Fig 7.6 for 30 nodes, the throughput is high because of higher number of nodes but the trend of throughput under attack and without attack remains exactly the same as in 16 numbers of nodes.

Fig 7.5. Throughput of OLSR and AODV With vs. without black hole attack for 16 nodes.

Fig 7.6 Throughput of OLSR and AODV With vs. without black hole attack for 30 nodes.

Figures 7.7,7.8 shows that throughput of AODV and OLSR in the presence of a single malicious node .It is obvious from both figures that OLSR by far outperforms AODV in case of 16 and 30 sources. OLSR being proactive routing protocols make sure the availability of routing path before the routing of traffic. We have observed that higher number of sources has less difference in throughput as compare to fewer sources. This is because higher the number of sources means more congestion. Over all, OLSR ensures consistent routing path with in network helping in lowering delay. As throughput is the ratio of total data received from source to the time it takes till the receiver receives the last packet. Hence lesser delay translates higher throughput. The overall low throughput of AODV is because in case of black hole attack AODV rely on route reply. As the malicious node immediately sends its route reply and the data is started to the malicious node which discard all the data. Hence the network throughput is much lower because of not sending and receiving of data to actual destination.

Fig 7.7 Throughput-16 nodes-AODV vs. OLSR

Fig 7.8. Throughput-30 nodes AODV vs. OLSR

Network Load

The network load graph of OLSR and AODV with and without presence of a malicious node has been shown in the Fig 7.9 and 7.10. The network load of OLSR is much high as compare to AODV. In case of attack OLSR has less network load as compare to under attack. In case of 16 nodes the network load of OLSR is 3 times higher when it is not under attack which employs that it is actually routing its packet to the entire destination properly. But under attack it cannot send its packet i.e. packet discarding leading to the reduction of network load.

In case of 30 nodes there is slight variation in between OLSR with and without attack. This is due to the high number of nodes. However AODV show no changes in both cases of 16 and 30 number of nodes.

Fig 7.9 Network Load of OLSR and AODV With vs. Without black hole attack for 16 nodes.

Fig 7.10 Network Load of OLSR and AODV With vs.Without black hole attack for 16 nodes.

In case of network load figures 7.11 and 7.12 shows that OLSR has high network load in presence of malicious node as compare of AODV. In both 16 nodes and 30 nodes OLSR has high network load because routing protocols are able to adjust its changes in the node restart and node pausing. This is be different at different speed, at high speed the routing protocols take much more time for adjusting and afterward sending of traffic to the new routes. In case of higher number of nodes AODV react more quickly as compare to OLSR which made the difference in network load much wider. As the node began to pause and restarts and then travel after the starting period of stability made network load more pronounced.

Fig 7.11. Network load 16 sources AODV vs. OLSR

Fig 7.12 Network load 30 sources AODV vs. OLSR



Examined protocols


Simulation time

Simulation area (m x m)

1000 seconds

1000 x 1000

Number of Nodes

16 and 30

Traffic Type


Performance Parameter

Throughput,delay,Network Load

Pause time

100 seconds

Mobility (m/s)

Packet Inter-Arrival Time (s)

Packet size (bits)

Transmit Power(W)

Date Rate (Mbps)

Mobility Model

10 meter/second




11 Mbps

Random waypoint

Chapter 8

Countermeasures for black hole attack

Security is one of the most primary concerns in MANET for the protection of communication and security of information. For network operation it is necessary to perform routing and packet forwarding. Hence numbers of security mechanisms has been made to counter measure the malicious attacks. Mechanisms used for the protection of MANET are known as preventive and reactive mechanism.

In preventive mechanism, authentications, access controls, and encryption techniques are involved. While in Reactive mechanism, different schemes like intrusion detection systems (IDS) and cooperation mechanisms are used. In case of MANET intrusion is used for detection of misuse.

The network layer is far more vulnerable for attacks than any layer in MANET. Numerous security threats are imposed on this layer [28]. One way is to use secure routing protocol. Attack which modifies routing messages can be provoked by the use of source authentication. Digital signature, message authentication code (MAC), hashed MAC (HMAC) can be used. Up to certain level of security can be attained at network layer in internet by the use of IPSec. Authenticated Routing for Ad-Hoc Networks (ARAN) is another routing protocol which provides the protection from black hole attack where there is threat to the changes in sequence number, hop count modification, source routing changes and spoofing of destination addresses [27].

The proposed solution by Deng [27] gives the approach of disabling the reply message by the intermediate which will lead to only message delivery by the destination node thus causing less network load and efficient and secure routing.

In [22], the author proposed route confirmation request message (CREQ) and route confirmation reply (CREP) in order to avoid black hole attack. In this proposal when intermediate sends RREPs to the source node its send CREQ to its next hop node in direction of destination node. After receiving CREQ, the next hop look for route in its destination in cache. If its receive CREP during this time it will confirm the validity of path in RREP and in CREP. Upon matching the source node will recognize the route being correct. Its drawback is that it cannot detect multiple black hole attacks.

The protocol implement in [23] propose Secure Ad hoc On-Demand Distance Vector Routing (SAODV) which verify the destination node by exchanging random numbers. SAODV can effectively prevent Black hole attack in Mobile Ad-hoc network and maintain better routing efficiency. It is better than AODV in terms of security and routing efficiency.

In [25], the author showed that malicious node should increase the sequence number of destination to assure the source node of its route. The author proposed a statistics based detection for black hole which is based on the difference between destination sequence numbers of received RREP's. Its drawback is the false positives approach because of the nature of anomaly detection.

The solution proposed in [26] focus on the requirement of a source node to wait unless the arrival of RREP packet from more than two nodes. When it receives multiple RREPs the source node check that there is any share hops or not. The source node will consider the routed safe if it finds the share hops. Its drawback is the introduction of time delay it has to wait for the arrival of multiple RREPs before it judges the authentication of node.


Mobile Ad Hoc Networks has the ability to deploy a network where a traditional network infrastructure environment cannot possibly be deployed. With the importance of MANET comparative to its vast potential it has still many challenges left in order to overcome. Security of MANET is one of the important features for its deployment. In our thesis we have analyzed the behavior and challenges of security threats in mobile ad hoc networks with solution finding technique.

Although many solutions has been proposed but still these solutions are not perfect in terms of effectiveness and efficiency. If any solution works well in the presence of single malicious node, it cannot be applicable in case of multiple malicious nodes. After studying all the approaches our conclusion is that the approach offered by Deng [27] suit well in our scenario. The intermediate reply messages if disabled leads to the delivery of message from destination node will not only improve the performance of network rather it will secure the network from black hole attack.

In our study we analyzed that black hole attack with four different scenarios with respect to the performance parameters of end to end delay, throughput and network load. In a network it is important for a protocol to be redundant and efficient in term of security. We have analyzed the vulnerability of two protocols OLSR and AODV have more severe effect when there is higher number of nodes and more route requests. The percentage of severances in delay under attack is 2 to 5 percent and in case of OLSR, where as it is 5 to 10 percent for AODV. The throughput of AODV is effected by twice as compare of OLSR. In case of network load however, there is effect on AODV by the malicious node is less as compare to OLSR.

Based on our research and analysis of simulation result we draw the conclusion that AODV is more vulnerable to black hole attack than OLSR.

Appendix A: Acronyms

ACK: Acknowledgement

AODV: Ad hoc on demand routing Vector

ARAN: Authenticated Routing for Ad-Hoc Networks

BER: Bit Error Rate

BPSK: Binary Phase Shift Keying

Bps: Bits per second

BW: Bandwidth

CRC: Cyclic Redundancy Check

CREQ- Confirmation Request Message

CREP-Confirmation Reply

CSMA/CA: Carrier Sense Multiple Access with Collision Avoidance

CSMA/CD: Carrier Sense multiple Access with Collision Detection

DES: Data Encryption Standard

DIDS: Distributed Intrusion Detection System

DOS: Denial of Service

DSR: Distance Source Routing

IDS: Intrusion Detection System

MTTF: Mean time to failure

OPNET: Optimized Network.

PDR: Packet Delivery Ratio

QoS: Quality of Service

RF: Radio Frequency

RTS: Required to Send

RTP: Radio Transceiver Pipeline

RSP: Received Signal Power

RREQ: Route Request

RREP: Route Reply Packets

SAODV: Secure Ad-hoc On-Demand Distance Vector Routing

SYN: Synchronization

SNR Signal to Noise Ratio

TC: Topology Control

WiMAX: Worldwide Interoperability for Microwave Access (IEEE 802.16 standard)

Wi-Fi: Wireless Fidelity

WPAN: Wireless Personal Area Network

3G: 3RD Generation


K. Biswas and Md. Liaqat Ali, "Security threats in Mobile Ad Hoc Network", Master Thesis, Blekinge Institute of Technology" Sweden, 22nd March 2007

2G. A. Pegueno and J. R. Rivera, "Extension to MAC 802.11 for performance Improvement in MANET", Karlstads University, Sweden, December 2006

S. Lu, L. Li, K.Y. Lam, L. Jia, "SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack., International Conference on Computational Intelligence and Security, 2009

Opnet Technologies, Inc. "Opnet Simulator," Internet: www.opnet.com, date last viewed: 2010-05-05

S. Kurosawa et al., "Detecting Blackhole Attack on

AODV-Based Mobile Ad Hoc Networks by Dynamic

M. Al-Shurman, S-M. Yoo, and S. Park, "Black Hole

Attack in Mobile Ad Hoc Networks," ACM Southeast

Regional Conf. 2004.

H. Deng, W. Li, Agrawal, D.P., "Routing security in wireless ad hoc networks," Cincinnati Univ., OH, USA; IEEE Communications Magazine, Oct. 2002, Volume: 40, page(s): 70- 75, ISSN: 0163-6804

K. Sanzgiri, B. Dahill, B.N. Levine, C. Shields, E.M. Belding-Royer, "Secure routing protocol for ad hoc networks," In Proc. of 10th IEEE International Conference on Network Protocols, Dept. of Comput. Sci., California Univ., Santa Barbara, CA, USA. 12-15 Nov. 2002, Page(s): 78- 87, ISSN: 1092-1648