Network When The Network Topology Changes Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

MANET stands for mobile ad hoc network. They have been configured dynamically with mobile nodes which are independent and connected through wireless medium without any existing networks help. The node which are present in the mobile ad hoc network is freely movable within the network area and experience self organization. So, the topology changes at anytime of period. This network can operate in fixed base station [routers, hubs] for controlling mobile nodes for routing process. Mobile ad hoc network can be said as "multi hop" wireless ad hoc network, because multiple hops are used between mobile nodes for routing. The node can communicate between each and every nodes within the network. If they want to communicate to the node which is not within the network, they use intermediate node to pass messages.

3.Manet Routing:

MANETS got special properties like limited bandwidth, dynamic topology, energy and huge error rates etc., when compared to network based on infrastructure, all mobile nodes are connected dynamically in random manner. Nodes present in MANET acts like a router and can produce the path and also can maintain route between nodes. So, protocol used for routing in wired network cannot be used in wireless network. Therefore various protocols are been developed for MANET to perform wireless networking. They are Table driven routing protocol and on-demand routing protocol.


3.1.1 Table driven routing protocols:

In Table Driven Routing protocols, nodes should keep the routing table up-to-date to maintain routing. When there is any change

In Table Driven Routing Protocols, each node has to keep up-to-date routing tables.

To maintain reliable routing tables, every node propagates the update messages to the

network when the network topology changes. Because every node has information

about network topology, Table Driven Routing Protocols present several problems.

Periodically updating the network topology increases bandwidth overhead,

Periodically updating route tables keeps the nodes awake and quickly exhaust

their batteries,

Many redundant route entries to the specific destination needlessly take place

in the routing tables.

Destination-Sequenced Distance Vector Routing Protocol (DSDV), Wireless Routing

Protocol (WRP), Global State Routing (GSR), Fisheye State Routing (FSR),

Hierarchical State Routing (HSR), Zone-based Hierarchical Link State Routing

Protocol (ZHLS) and Clusterhead Gateway Switch Routing Protocol (CGSR) are

Table Driven Routing Protocols.

DSDV[ Destination-sequenced vector routing]

WRP[Wireless routing protocol]

GSR[Global state routing]

HSR[ Hierarchical state routing]

ZHLS[ Zone-based hierarchical link state routing protocol]

FSR[ Fisheye state routing]

CGSR[Cluster head gateway switch routing protocol]

3.1.2 On -demand routing protocols:

AODV[ Ad-hoc on-Demand vector routing]

CBRP[ cluster based routing protocol]

DSRP[ Dynamic source routing protocol]

TORA[ Temporally ordered routing algorithm]

ABR[ Associativity based routing]

SSR[ Signal stability routing]

Active and passive attack:

Active Attack:

By the name, active attacks are based on the malicious host, which generates an active attack by implementing fake data into the Ad Hoc network. Is brings confusion in the routing procedures and corrupts the network. The working is as follows, first the host attempts to trick the network by changing the data in the routing packets or else by tailoring fake packets and broadcast them in the network. This can also be achieved by giving unfinished data to the network i.e., the node may not forward any packet from that particular node whereas simultaneously it might also forward all the packets from other nodes.

In active attacks, the original data in the network been replicated and changes routing information by altering the network traffic.[ Impersonation, denial of service and discloser attacks]

Passive attacks don't engage in replication of data but involves in communication between nodes and gets information. They get information from control messages about the network topology and where they are located. They collect information before they attack. They can also get information which is been sent through encryption. Passive eavesdropping is a hazard where it can sense radio signals. To stop this many traffic engineering techniques are adopted.

Active attacks:


In this type of attack the nodes will send wrong information without participating in routing. In which the network cannot identify these attacks. Blackhole attack and wormhole attack are of same kind. In blackhole attack which attacks and controls the routing algorithm and gives a false path and intercepts the packets. This is normally done creating a tunnel in the network.

This type of attack occurs due to short of authentication in ad-hoc networks. The host been identify by MAC or IP addresses, these addresses are not sufficient to authenticate the node which is been sent from sender. So spoofing can be done easily.

Malicious nodes uses impersonation by altering source Ip addresses in the control message. They also act like a friendly node and change their routing table. Man-in-the-middle attack is another way of impersonations, in which malicious nodes will merge spoofing and dropping attacks. In this the message sent from the sender which is been attacked in the middle and sends false messages back to the sender as it comes from the destination node. These Malicious nodes are capable of altering the routing table to perform their attacks. By doing this they manage to built a route between source and destination node and their communication.

Denial of service: [DOS]

In this attack the false node which gets routing protocol activities by creating new routes to unavailable node in the network. It uses other nodes battery by giving fake route request and sending fake packets.

Sleep deprivation torture attack:

It is a type of denial of service attack, which affects nodes and devices contain limited assets. In this attacker which transmits control messages to the network, knows that the other nodes need it. Then the nodes will start from sleep mode to operation mode and will work until its battery runs out.

Discloser attack:

These attacks normally used to find the network structure and also about location of mobile nodes. They also called as location discloser attack. By using preventive and detective methods we can avoid these attacks.

Preventive technique- Key Based Cryptography

In this technique key distribution is the main mechanism. Distribution of secret key works using organized secure channel and it is hard to implement this in Mobile ad hoc networks. Distribution of public key works by transferring encrypted public key to a device.

In mobile ad hoc network, the distribution of keys in the network will be done by the nodes. They don't have centralized certificates or authority. Certificates stored in store room are circulated through mobile nodes by themselves. If source and destination node want to communicate they can share their public keys which has authorized certificates.


The shortest and true path between the two nodes are created by control messages, in this the attackers alter the route table according to the location they wanted. If this happen then communication between two nodes will be delayed accordingly. Route information's like hop count, life time and sequence number are used to give a clear path for the nodes. When modifying these fields the malicious node can perform their own attacks. These types of attacks are called Impersonation. Modification performs impersonation attacks to act like other node inside the network. Altering route information is used to misinform the node beside the replay messages.


In MANET, fabrication is done by creating fake routing information or making different paths between nodes. By doing this it makes denial of service attack between nodes and also can delete a node from routing table.

Tunneling attack:

Tunneling attack is also said as wormhole attack. In this two malicious nodes acts says moving in valid route and tunnel the packets in between them. This is done because it uses private network so that the higher layer cannot see the malicious nodes. It seems like a threat to multipath routing protocols.

In tunneling attack or wormhole attack,

In a wormhole attack, an attacker receives packets at one point in the network, tunnels them to another point in

the network, and then replays them into the network from that point. For tunneled distances longer than the normal wireless transmission range of a single hop, it is simple for the attacker to make the tunneled packet arrive sooner than other packets transmitted over a normal multihop route, for example through use of a single long-range directional wireless link or through a direct wired link to a colluding attacker. It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. If the attacker performs this tunneling honestly and reliably, no harm is done; the attacker actually provides a useful service in connecting the network more efficiently. However, the wormhole put the attacker in a very powerful position relative to other nodes in the network, and the attacker could exploit this position in a variety of ways.

For ex.:- In the figure above, source node 'S' sends a RREQ (Route Request) to malicious node 'M1'. M1 then establishes the route through nodes M1 -> A -> B -> C -> M2. Node 'M2' receives this route information and forwards the information finally to the destination node 'D'. Though following this route, it records the route S -> M1 -> M2 -> D. M2 again reply with RREP reply with the same route from nodes M2 to M1. By doing this, they both create a false path between them fooling the source node 'S' for choosing the path through M1 -> M2 (as if this is the shorter path to reach destination). This path between two malicious nodes 'M1' & 'M2' is Tunnelled Path. This route is private to the other nodes and also to the higher layers.

Dropping packets:

Gray hole attack:

Gray hole attack, is used to drop some packets but not other. [Forwarding routing packets rather data packets]. It is from active attack type, which makes to drop messages. Attacking node agrees to send packets and betrayed to do that. At first the attacker node works normal and gives true RREP messages back to the nodes that begin RREQ messages. By doing this it gets sending packets. Later, the nodes begin to drop packets which lead to denial of services attack.

If any other node wants to send packets in excess of attacking node it will misplace the connection, then they need sending RREQ messages to get the route back. Attacking node again makes an connection using sending RREQ message to get desired route. This process takes place until malicious nodes get their desired aim. This is called routing misbehavior. Whereas routing protocol cannot have mechanism to find data packets being send except DSR.

Black hole attack:

In this attack it creates a black hole routing, which is used to transfer false routing packets. By sending these fake information's attacker could change the packet to other destination or themselves. Attacker uses those packets if he needed or throw away.

When black hole attack is compared with gray hole attack the differences is that at first malicious node will not send true control messages. To perform black hole attack it waits till it gets response RREQ message from neighbor node. It sends a fake RREP messages which gives an routing information for packets to find their destination. This uses high sequence number to settle routing table. Before other nodes send real information. This makes the nodes to assume that the route process is complete and take no notice on other RREP messages and transfers packets to the destination, which is malicious node.

By using this technique malicious node attacks the routes by attacking RREQ messages. This type is called black hole akin or absorbing information. To perform black hole attack node should be held in the middle of the wireless network.

If malicious node gives false RREP messages and acts like it comes from victim node not from itself. By doing this victim node need to access all incoming messages and is said as sleep deprivation attack.

Gray hole attach used to separate nodes in the network. But black hole attack can affect entire network. When malicious node which uses gray hole attack cannot be done easily because it does not send false messages. Because of this it may seems like gray hole or selfish node due to dropping of packets. Since new messages cannot be fabricated by failed nodes, they would not form black hole attack and drops message afterward.

1 Categorization of attacks:

There are various ways in which attacks can be categorized. Depending on the basis of attacks, for example internal attacks or external attack or by the methods by which the attacker gains control or can be further categorized based on the security service it attains to attack. Here I have categorized the attacks as active and passive at level1 and at level2 I categorize the attacks based on their security service, which is being attacked at the end I have specified the achievement of the attack objective.

4.1 Active Attack:

By the name, active attacks are based on the malicious host, which generates an active attack by implementing fake data into the Ad Hoc network. Is brings confusion in the routing procedures and corrupts the network. The working is as follows, first the host attempts to trick the network by changing the data in the routing packets or else by tailoring fake packets and broadcast them in the network. This can also be achieved by giving unfinished data to the network i.e., the node may not forward any packet from that particular node whereas simultaneously it might also forward all the packets from other nodes.

4.3 Attacks on Availability

The attacks based on availability give out unfinished data to the network or attempt to take in the resources of the nodes in the network. All of these fail in this category - black hole, gray hole, rushing attack, wormhole attack and routing loop. Routing loop attack can be differentiated into an attack on both availability and integrity, as this attacks primary purpose is to consume the resources, but mimicking nodes and sending data on the other nodes behalf achieve it.

4.4 Attacks on Integrity:

Attacks based on this category target to replace the routing information, which is available to all the nodes in the network. The routing information is the hub in which the nodes rely on information to perform activities like sending, receiving or drop packets in the network. The routing table data's take care of all these activities as their functions are based on it. The attacker node has the capability of changing the important data present in routing packets and hence causing the other nodes to wrongly update their route table data's. If there is a mishap in the sequence number change in AODV, HOP counts change in AODV, Gratuitous diversion in DSR, deletion of nodes, impersonation and routing loop are the attacks that lie in this category.

4.5 Attacks on Authentication:

The primary objective for the attacks in this classification is to broadcast fake data in the network by creating fake information. The attacker might pronounce a node dead by sending a Route Error reply in the case of DSR. On receiving the message the source node deletes all the information's that are related to the node that is dead and then starts a new Route Request message, thereby creating unnecessary waste of its resources along with other nodes. False Reply and Reply attack come in this category.

4.6 Attacks on confidentiality:

Unless and until the attacks on confidentiality are coupled with the other attacks they are not much of harm. Basically the attacker node listens to all the information that is switched between the nearby nodes and then decides important information about the network, such as determining source nodes or nodes that are important for the functioning of other nodes. When this information is understood the attacker begins any of the attacks referred above.