Prevention Of Black Hole Attack In Manet Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Prevention of Black Hole Attack in MANETs On Demand Routing ProtocolAbstract---- this section will contain abstract of final thesis.


A Mobile Ad Hoc Network (MANET) is a group of wireless mobile nodes communicating with each other in the absence of centralized administration or fixed network infrastructure such as access points. It is an autonomous group of mobile nodes communicating over slower wireless links. Mobile nodes do not rely on a predefined infrastructure to keep the network connected, so the working of MANETs depends on the trust and co-operation between the mobile nodes. Nodes provide help to each other in conveying information about changes in the topology of the network and all nodes share the responsibility of managing the network, so the network provide desired functionality to the optimum level. Each mobile node has two roles one is the host and second is the router, nodes provide routing functionality so the network topology changes can be conveyed to all the nodes in the network, they help each other in finding the optimum route to the destination and inform the source in case of route break down or the intermediate node moves away. The nodes in MANETs communicate directly with each other if they are having same radio communication range of frequencies. The mobile nodes that do not have same radio communication range need the help of other nodes, it is known as multi hop communication, and so every node has to be performing as host and router simultaneously.

Figure 1. Mobile Ad Hoc Network

Mobile Ad Hoc Networks are equipped with wireless receivers and transmitters, the antenna may be highly directional, omni directional or hybrid. The MANET topology changes dynamically so according to the topology, nodes adjust their reception and transmission parameters.

The MANETs have dynamic topologies in which nodes are free to move arbitrarily and topology is multi hop, it changes rapidly and randomly so it is unpredictable. The communication links can be unidirectional and bidirectional.

The wireless links have low capacity than their hardware counterparts, the realized throughput of wireless communication is much less than a radio's maximum transmission rate due to effects of multiple access, noise, fading and interference conditions. Mobile Network is an extension of the fixed network infrastructure; the users of the Ad Hoc network will demand similar services.

All the nodes in a MANET rely on exhaustible batteries for their energy needs; the energy conservation will be the important criteria in designing the system. The medium of communication in MANETs is wireless, so it is easy for the malicious nodes to access it and become part of the network, so it is easy to eavesdrop the information.

The routing protocols for MANETs can be categorized into three types based on the underlying routing update mechanism used; the types are proactive (table driven), reactive (on demand) or hybrid.

Figure 2. MANETs routing protocols

Reactive routing protocols do not exchange routing information periodically among the neighbors. These protocols obtain the desired path when it is required to communicate with some another node in the network, to get path information a connection establishment process is initiated by the source node. Reactive routing protocols perform better than proactive protocols in terms of network overheads, they create low network overheads. AODV, DSR and TORA are famous on demand routing protocols as shown in Fig.2.

Proactive routing protocols also known as table driven routing protocols because they maintain network topology information in the form of routing tables, to do so they periodically exchange routing information among all the participating nodes in the network. These protocols broadcast routing information to all the neighbors when a change in topology is happened due to a link or node failure. In MANETs nodes are moving all the time so the topology is changing frequently, it causes a large number of network overheads created during update exchange information among the nodes. When a node wants to communicate with another node in the network, the source node look up its routing table and choose the appropriate path to the destination, the selected path may be chosen on the basis of number of hops or some other metric.

DSDV, STAR and WRP are well known reactive routing protocols.

Hybrid routing protocols combines the characteristics of both reactive and proactive routing protocols. In hybrid protocols, a node communicates with its neighbor nodes using the reactive and use proactive when communicating with nodes situated farther away from the source. ZRP and SLP are examples of hybrid routing protocols.

The MANETs routing protocols are prone to number of security attacks and vulnerabilities such as black hole, replay, blackmail and routing table poisoning. In this paper we focus on black hole attack against AODV. A solution will be proposed to defend this protocol from black hole attack. This proposed solution will counter the black hole attack created during the route discovery process.


AODV Overview

The Ad hoc On Demand Distance Vector (AODV) is a reactive routing protocol means it does not periodically exchange routing information with neighbors. It is an adaptation of DSDV routing protocol for dynamic link conditions. Every node in an MANET maintains a routing table for routing decisions; the routing table contains routing information about the routes to particular destinations in the network. Whenever a node want to sent packet toward a particular destination, first of all it checks with its routing table entries to determine whether a route to the desired destination is available or not. If the route is available in the routing table, it uses this route for the transmission of data. If a route entry is not available in the routing table or the route entry in inactivated, then the source node initiates a route discovery process to search for a valid route to the destination node. A RREQ (Route Request) packet is broadcasted by the source node to its neighboring nodes; RREQ contains the following entries <destination address, destination sequence number, source address, source sequence number, broadcast id, hop count>. Source sequence number is used to maintain the fresh information about the reverse route and destination sequence number is used to maintain the fresh route to the destination before the route can be accepted by the source. The source address and broadcast id uniquely identifies the RREQ packet, each time broadcast id is incremented when source issues a new RREQ packet. When a node receives a RREQ from neighbor, it checks its broadcast id, if it match with the last received the node drop the RREQ and does not forward it. Otherwise, the RREQ is rebroadcasted to its neighbors. Every node in the range of the source node receive RREQ packet, a node that received RREQ packet checks if it is the destination for that packet and if so, it sends back RREP (Route Reply) packet to the source node.

Figure 3. Route Discovery process in AODV

If it is not the destination, then it checks with its routing table to determine if it is has got a valid route to the destination node. If not, it forwards the RREQ packet to its neighbors by broadcasting. If its routing table contains a valid route entry to the destination node, then the destination sequence number of RREQ is compared with the destination sequence number of the routing table. This Destination sequence number is the sequence member of the last sent packet from the destination node to the source node. If the destination sequence number present in the routing table is less than or equal to the destination sequence number contained by the RREQ packet, then node broadcast the RREQ further to its neighboring nodes. If the destination sequence number in the routing table is higher than the destination number present in the packet, it denotes that the route in the routing table is a fresh route and communication can be take place from this route. This intermediate node then sends a RREP packet to the node through which it received the RREQ packet, this way the RREP packet get relayed back to the source node through the reverse route. To keep track of the reverse path, each node keeps following information: source address, destination address, broadcast id, source sequence number and expiration time for reverse path route entry. When the source node receives RREP packet, then it updates its routing table and start sending data packets by using this route. During the data transmission operation, if any intermediate node identifies a link failure it sends a RERR (Route Error) packet to all the other nodes that uses this link for their communication to other nodes in the network. AODV has not built in security mechanisms; malicious nodes can initiate many attacks against the AODV just by not following the AODV rules.


In black hole attack a malicious node can attract all packets from the network by falsely claiming itself as the destination or having a shortest and fresh route to the destination and then absorbs all the packets without forwarding them to genuine destination. In the following figure 5, a malicious node M enters into the network. Node A want to communicate with node E, first node A check its routing table for the route entry to the node E. it does not contain the route to node E, so node A broadcast a RREQ packet to its neighboring nodes within the wireless range, node M, D and B receive it. Node M being a malicious node does not look up its routing table for the route to node E, but it immediately reply with forged RREP packet to the node A, claiming that it is the next hop to the destination. Source node A receives RREP from node M ahead from D and B.

Figure 4. Black hole attack in AODV

Malicious node M reply received by the node A before the replies came from original nodes D and B. Node A assume that route send by the malicious node M is the shortest route to the destination node E and start sending data through node M, after receiving data node M does not forward it to the destination and drop all the packets received, this phenomena is called black hole attack because all the packets received are dropped. As a result, source and destination nodes cannot communicate with each other. This condition can lead the network to the chaos and denial of service.

According to the AODV algorithm the RREP message having high destination sequence number is the fresh route to send the data to the destination, the malicious node will send the RREP message as soon as it receives RREQ message from the source or intermediate node, keeps the destination sequence number very high so that source node select its route for sending the data to the destination. This way the malicious node successfully creates the black hole in the network. The magnitude of the sequence number decides the freshness of the route, data type of the destination sequence number is integer 32 bit.


To counter the black hole attack, many attempts have been published in literature. According to the solution provided in [bh] the source node did not send the data to the node that sent RREP message first but the source node waits for the replies with next hop details from other neighboring nodes for a preset time value. After the timeout value, the requesting node checks in the CRRT (Collect Route Reply Table) table, whether there is any repeated next hope node, if repeated next hop node is present in the reply paths, the requesting node assumes that the paths are correct or there is limited chance for the malicious path. The solution adds a delay in sending the data.

In [10], the solution provided by this author demand the intermediate nodes to send RREP along with the next hop node information, when the source node received RREP with next hop node information, the source node sends a RREQ to the next hop node to confirm that the target node (node that send back the RREP message) has a valid route to the intermediate node or the destination node. When the next hope node receives a Further Request, then it sends a Further Reply which includes the check result to the source node. The information gets from the Further Reply; source node judges the validity of the route to the destination. This solution increases the end to end delay and the intermediate node needs to send RREP twice for a single RREQ.

In [bh], a DPRAODV protocol is discussed by the author. In this protocol, the RREP_seq_no is checked whether its number is higher than the threshold value, threshold value is dynamically updated at every time interval. If the value of the

RREP_seq_no is found higher than the threshold value, this indicates that the node is malicious and added to the black list. It sends an ALARM message to its neighbors with information about the malicious nod which is blacklisted. Thus neighboring nodes know that a reply from malicious node is to be discarded. When a node receives a RREP message, it looks over the black list, if the RREP is from the blacklisted node, it simply discard it without doing any further processing. In DPRAODV, generation of ALARM message and updating of threshold value, increase the routing overhead.


We propose a solution to counter the black hole attack in AODV protocol, the designed solution does not alter the routine functionality provided by the destination node and the intermediate nodes. According to our designed protocol only the source node's functionality in extended by using an additional pre_receive_rrep (packet p) function. Apart from it, AODV data structures are extended by adding a new table rrep_table. When the source node wants to send a data to a specific destination, a RREQ message is broadcasted to all the neighboring nodes. After this, in the AODV protocol, the first fresh RREP message coming to it is accepted as a valid route to the destination. But according to our designed approach, source node does not accept the first RREP; instead it calls pre_receive_rrep (packet p) function which stores all the coming RREP messages from the neighboring nodes in the new table rrep_table. Then the source node analyze all the RREP messages stored in the rrep_table table and discards the RREP message having exceptionally very high magnitude for the destination sequence number. The node that sent this RREP message will be suspected malicious node in the network that can be cause of a black hole attack. After the malicious node has been identified then the RREP having the highest destination sequence number will be selected from the rrep_table, once a RREP is chosen from the table then the table is flushed to maintain the freshness.


This section will contain the proposed solution to defend the DSR protocol from black hole attacks. DSR algorithm will be modified.


Proposed solutions for the AODV and DSR will be implemented.


Results obtained while there is black hole attack in the network will be compared with new implementation.

Conclusion and Future Work

This section will contain conclusion of the work done and the future work that will be performed in future.


This will be acknowledgment note for the teacher and friends who help to accomplish the project.


Latha Tamilselvan, V Sankaranarayanan. "Prevention of Blackhole

Attacks in MANET." In: Proceedings of the 2nd International

Conference on Wireless Broadband and Ultra Wideband

Communications (AusWireless 2007), pp. 21-21, Aug. 2007.

H. Deng, W. Li, and D. P. Agrawal. "Routing Security in Adhoc

Networks." In: IEEE Communications Magazine, Vol. 40, No. 10, pp.

70-75, Oct. 2002.

Payal N. Raj, Prashant B. Swadas. "DPRAODV: A Dyanamic

Learning System Against Blackhole Attack In Bodv Based Manet." In:

International Journal of Computer Science Issues, Vol.2, pp 54-59,


[1] D.B. Johnson, D.A. Maltz, and Y-C. Hu, "The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks(DSR)," Internet Engineering Task Force (IETF) Mobile Ad Hoc Networks (MANETs) Working Group Internet Draft, 15 Apr. 2003; internetdrafts/draft-ietf-manet-dsr-09.txt.

[2] C.E. Perkins, S.R. Das, and E. Royer, "Ad-Hoc on Demand Distance Vector (AODV)", March 2000,


[3] Haiyun Luo, Petros Zerfos, Jiejun Kong, Songwu Lu and Lixia Zhang, "Self-securing Ad Hoc Wireless Networks".

[4] V. Karpijoki, "Security in Ad Hoc Networks", Seminar on Net Work Security, HUT TML 2000.

[5] Lidong zhou, Zygmunt J. Haas, "Securing Ad Hoc Networks", IEEE network, special issue, November/December 1999.

[6] S. Radosavac, N. Benammar, and J. S. Baras, .Cross-Layer Attacks in Wireless Ad Hoc Networks,. in Information Sciences and Systems. Princeton University, 2004, pp. 1266.1271.

[7] A. Kuzmanovic and E.W. Knight, "Low-Rate TCP-Targeted Denial of Service Attacks," SIGCOMM'03, August 25-29,2003.

[8] J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang. Providing robust and ubiquitous security support for mobile ad-hoc networks. In Proceedings of ICNP, 2001.

[9] M. Just, E. Kranakis, and T. Wan, "Resisting Malicious Packet Dropping in Wireless Ad Hoc Networks", In Proc. Of ADHOCNOW'03, Montreal, Canada

[10] A.D. wood and J.A. Stankovic, "Denial of Service in Sensor Networks," IEEE October 2002

[11] J. V. E. Molsa, .Increasing the DoS Attack Resiliency in Military Ad Hoc Networks,. in Proc. of IEEE MILCOM '05, 2005, pp. 1 . 7.

[12] Hongmei Deng, Wei Li, and Dharma P. Agarwal, "Routing Security in Wireless Ad Hoc Networks", University of Cincinnati, IEEE Communications magazine, October 2002..

[13]C.Siva Ram Murthy and B.S.Manoj," Ad hoc Wireless Networks-Architectures and Protocols", Pearson Education, 2007.

[14] Yi-Chun Hu, Adrian Perrig, "A Survey of Secure Wireless Ad Hoc Routing", IEEE Security and Privacy May/June 2004.

[15] Bing Wu, Jianmin Chen, Jie Wu, Mihaela Cardei ,"A Survey on Attacks and Countermeasures in Mobile Ad Hoc Networks", WIRELESS/MOBILE NETWORK SECURITY, 2006 Springer.