You are on page 1of 7

4th Int’l Conf.

on Recent Advances in Information Technology | RAIT-2018 |

A Survey on Black Hole Attack in Mobile Ad Hoc


Networks

Sandeep Lalasaheb Dhende Dr. S. D. Shirbahadurkar


Assistant Professor, Department of Electronics and Professor, Department of Electronics and Telecommunication
Telecommunication Engineering, Engineering,
SCTR’s Pune Institute of Computer Technology, Zeal College of Engineering and Research,
Pune, India. Pune, India.
sldhende@pict.edu s_shir00@yahoo.co.in

Dr. S. S. Musale Shridhar K Galande


Professor, Department of Electronics and Assistant Professor, Department of Electronics and
Telecommunication Engineering, Telecommunication Engineering,
MKSSS's Cummins College of Engineering for Women, SCTR’s Pune Institute of Computer Technology,
Pune, India. Pune, India.
sandeepmusale@yahoo.co.in skgalande@pict.edu

Abstract— A MANET consists of a group of wireless mobile every node works as a host as well as a router, forward packets
nodes. These nodes are arbitrarily moving and communicating to the intended node in the network even though it is not in the
one another over wireless links. Due to some unique transmission range of sender.
characteristics such as open medium, changing network topology, Unlike the conventional network, MANET has some
distributed cooperation, limited battery power, and limited fundamental characteristic such as open medium, changing
bandwidth information exchange in the MANET becomes
network topology, distributed cooperation. There are some
challenging job. In infrastructure less network node needs to
cooperate to each other to provide necessary network other characteristics of a MANET such as limited bandwidth
functionality. AODV routing protocol is most preferably used in and limited battery power [1]. These characteristics makes
MANET. An information exchange is an important task in the MANET more vulnerable to several different attacks, for
security of whole network. In this article we study the routing instant black hole attack, wormhole attack, link spoofing
security problems of MANET and examine “Black hole attack” attack [2], to name a few. One of the major attacks possible in
which can easily be employed against the MANET in detail. MANET that can easily be implemented is black hole attack.
In this attack, a suspicious node utilizes the routing protocols
Index Terms — Manets, black hole, security, nodes, to advertise itself as having minimum distance to the node
routing, AODV whose packets it wants to drops. A gray hole attack is kind of
black hole attack, in which the suspicious node silently drops
I. INTRODUCTION some or all the data packets sent to it [3]. The suspicious node
A MANET is a group of autonomous nodes which are forms a group and work together to have more serious attack
capable to communicate one another without use of a fixed which is called as cooperative black hole attack.
infrastructure or base station. The fixed base stations are used In [4], the author survey several detection schemes for
in an infrastructure based network which plays a vital role by ordinary black hole and cooperative black hole attacks to
coordinating communication between the autonomous nodes. protect routing protocol in a MANET. In [1], author surveys
The ad hoc network does not have fixed infrastructure, where the network layer attacks. Some of them are wormhole attack,
nodes are responsible for routing the information between link spoofing attack and colluding misrelay attack.
them. A wireless ad hoc network has a dynamic network In this article, authors discuss single black hole attack as
topology. In which the nodes join and leave the network at any well as cooperative black hole attack in MANET. Moreover,
instant of time and their movement in the entire network is to protect routing protocol in MANET several black hole
random hence the name Mobile Ad hoc NETwork (MANET). attack detection and prevention methods are discussed.
A MANET have many potential applications such as military The rest of article focuses reactive routing, proactive
service for connecting soldiers in the battlefield, maritime routing and hybrid routing protocols in section II. In section
communication, vehicle networks, campus networks, robot III authors describe the single and cooperative black hole
networks, casual meeting and so on [1]. In these networks, attack in AODV protocol in details and to detect and prevent

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |
black hole attack several possible solutions are presented. depends on the mobility of network. It decreases with
Finally, in section IV authors provide conclusion and future increase in mobility of network.
scope.
B. Proactive Routing Protocol
It is table driven routing protocol. In this routing
II. ROUTING PROTOCOLS OF MANET protocol the routing information is periodically
A MANET uses several routing protocols to establish broadcasted to the neighbors. The broadcasted
correct route to the intended node. In this section author information is up to date and to store this information
discuss reactive, proactive and hybrid routing protocols in each node requires one or more tables. The proactive
MANET. The examples for these routing protocols are as routing protocols are Destination Sequence Distance
follows: Reactive routing protocol: AODV, DSR, Proactive Vector (DSDV) and Optimized Link State Routing
routing protocol: DSDV, OLSR and Hybrid routing protocol: (OLSR) protocol [4], [6].
ZRP, TORA) [5], [6].
C. Hybrid Routing Protocol
A. Reactive Routing Protocol The hybrid routing protocol is combination of
The reactive routing protocol is also known as on- reactive and proactive routing protocols. When network is
demand routing protocol which is used to find a route divided into zones it uses hybrid routing protocol. The
between source and destination as needed. The fact they are network requires these protocols for communication
known as reactive protocol is, they do not initiate route within the zone and between the zones. The Zone Routing
discovery process by themselves until they are requested, Protocol (ZRP) and Temporally Ordered Routing
when source node request to find a route. Here author Algorithm (TORA) are popular hybrid routing protocol
describe two on-demand routing protocol which are Ad hoc [4], [6].
On-demand Distance Vector (AODV) routing protocol and
Dynamic Source Routing (DSR) protocol.
In AODV used network a route is generated before III. SINGLE AND COOPERATIVE BLACK HOLE ATTACK
any communication started [7]. Every node in a MANET In a black hole attack, the shortest path to the destination is
has one table, which is called as routing information table advertised by the malicious node. When the packets are sent
and it contains the information about the node which is at through this route it is intercepted or dropped without
the next hop. It is maintained for sustaining the routing path forwarding it to the neighbors.
between sender and receiver. When a source requires route
to the destination, it is first checked with its routing table. If A single black hole attack can easily be happened in a
a route to the destination is not available in its routing table, MANET [4]. The figure 1 is an example of this.
it initiates a route discovery process within the network [8].
In AODV the path between source and destination is
established using the control messages such as Route
REQest (RREQ) and Route REPly (RREP). When source
node has something to send to destination, it first establishes
path with destination by sending RREQ message. This
RREQ message is sent or passed through the nodes which
are situated at the next hope from the source. These nodes
forward this message to their neighbors. This process is Fig.1. Black hole attack
continued until the destination or an intermediate node is RREQ
experienced by sent message. The destination or an RREP
intermediate node may send RREP to the received RREQ Malicious RREP
message sent by source node. The information about the
route is updated in the routing table of source node and the In the above shown figure, the node 1 and 6 are the source
same is used to send packets to destination node [4]. In the and destination. The node 2 represent a malicious node i.e.
meanwhile, the node which identifies or experiences link black hole node. The black hole node sends false route reply to
failure sends Route ERRor (RERR) message to all other the source node. Therefore the source node incorrectly judges
nodes. the route discovery process is completed and starts sending
DSR is source routing protocol. In this routing data packets to node 2 which is malicious node in this case. It
protocol the packets which are sent by the source node is the activity of malicious node not sends the received packets
contains the information about the route to the destination. to the destination node or an intermediate node. These packets
DSR does not initiates any route discovery process to find are silently dropped or intercepted by malicious node. This
route to the destination. It also doesn’t require any alternate misbehaving node can be judged as black hole node in
route for communication. The performance of DSR is MANETs.

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |
To solve this problem or to detect single back hole attack the new route discovery process. To avoid the use of this
various mechanism have been proposed. The malicious nodes intermediate node the alarm message is sent to whole
which works together has serious damage to the network and network.
these nodes are called as cooperative black hole nodes. The simulation result shows that the required routing
In the following, different detection schemes for both the security in AODV protocol is achieved with minimum
type of black hole attacks are presented. The comparison of overhead and maximum throughput on an assumption that
different scheme is shown in table I. the malicious node doesn’t work together.

A. Destination Based Reply and Next Hop Information B. Neighbors Opinion Scheme
Scheme Mehdi Medadian et al. [9] propose an approach to
Hengmei Deng et al. [8] propose 2 solutions to mitigate black hole attack in AODV. The honest node
prevent the black hole attack in MANET. The 1st solution participates in data routing process. The honesty of node
state that intermediate nodes are not allowed replying to is based on its activity in the network. In this scheme the
the route request. In other words only destination node judgment on the honesty of replier node is made by using
should send out replies. There are some disadvantages numbers of rule. The node that receives first RREP sends
associated with this solution; (i) Routing delay is it to source node and initiates judgment process. The
increased by a considerable amount, (ii) Malicious node judgment is made on the neighbor’s opinion about the
fabricates a reply message on behalf of destination node. replier. All the neighbors logged their activity and send it
Due to these, first solution is not sufficient to detect black to the node. All the neighbors send their opinion to the
hole node. node and decision about the honesty of the replier node is
In the second solution, one additional path to the made. This decision is made to determine the suspicious
intermediate node is utilized to confirm whether route to node. The numbers of rules are taken into account before
the destination is exits or not. If there is a route to the deciding the honest of the node. Some of the rules used
destination, it is used to send out the data packets. If there deciding the honesty of the node are: Rule (i): If all the
is no route, the route reply from the intermediate node or received packets are to the destination, it is considered
destination node is discarded and the information about that the node is honest. Rule (ii): If the node sends only
the particular node is sent to whole network to inform some of the data packets to the destination, it is assumed
about the malicious node. that current node is malicious node. Rule (iii): If the node
The detail checking process is described below. sends many route replies and the rule (ii) is correct,
When source has something to send to destination, it therefore it is surely assumed that the current node is
sends the RREQ packet. An intermediate node that has malicious node. Rule (iv): When rule (ii) is correct, if the
fresh enough route to the destination sends RREP to current node has not send any RREP packet, therefore the
sender with the next hope information. After receiving this node is inactive node. In the simulation result, it is
route reply from the intermediate node, the data packets observed that the required security is achieved with
are not immediately sent by the source node. Instead the considerable delay and overhead.
source node extracts the next hop information from RREP
packet. The source node then sends further RREQ to next C. Sequence Number Scheme
hop to crosscheck that it has route to the intermediate Lalit Himral et al. [10] propose an approach that can
node that has sent RREP packet. It is also verified that be used to identify the safest route for communication to
next hope has route to the destination node. To reduce the the destination and prevent the black hole attack in
network overload and for avoiding the problem of MANET. The difference between the sequence number of
returning back, only the requested next hop node is source node and the replier node is used to detect black
allowed to send further RREP, that includes the check hole attack in MANET. In general, the first route reply is
result. Once the further RREP from next hope is received sent by the malicious node. This route reply is sent with
by the source node, it extracts the check result from larger destination sequence number. The larger
further RREP. If the check result is correct, the route to destination sequence number is used to show how much
the destination is established and all the data packets are fresh the particular route is.
sent out using the established route. If there exit a route When the RREP with larger sequence number is
between the next hop and the intermediate node, but not received by the source node, it compares this with its own
between the next hope and destination node, the route sequence number. If there exit the larger difference
reply from the intermediate node is discarded and the new between them, the replier node is malicious and it is
route reply is used for further communication. Now to removed from the RREP table, where it was initially
avoid the use of intermediate node in further stored.
communication, the alarm message is sent to the whole The simulation is performed by NS-2 simulator and
network. If there is no route between the next hop and the the simulation result shows that safe route to the
requested intermediate node, and also not between the destination is used to prevent black hole attack in
next hope and the destination node, the source node starts MANET.

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |

TABLE I. Comparison of black hole attack detection schemes

Sr. Scheme Routing Simulator Detector type Publication Results Limitations


No. protocol year
Destination based
The Throughput of Failed to detect
reply
Single black AODV is increased malicious node
1 and next hop AODV NS-2 2002
hole attack and the overhead is which work as a
information
minimized group
scheme
Better security is
Single and
Global achieved with minimal
Neighbors opinion cooperative Few additional
2 AODV Mobile 2009 delay and overhead.
scheme black hole delay
simulator High packet delivery
attack
ratio
Packet drops is
Sequence number Single black directly proportional
3 AODV NS-2 2011 Delivers more packets
scheme hole attack to the speed and the
no. of nodes
Due to longer delay
Shared hop and
Single black Verify 80% to 99% attacker can put last
4 sequence number AODV NS-2 2004
hole attack routes sequence number in
based scheme
table
Packet delivery Detection rate is about More independent
PROPH- Single black
5 information NS-2 2010 100% and it has low method of
ET hole attack
scheme false positive rate examination
PDR is achieved up to Challenging to
Single black
6 2-ACK scheme DSR NS-2 2007 91% even if there are derive triplet
hole attack
40% malicious node information
Failed to detect
Sequence number Cooperative
Reduces false malicious node
7 and neighbors AODV - black hoe 2008
detection rate which work as a
voting scheme attack
group
DRI table and Cooperative Discover secure path
8 cross checking AODV - black hole 2003 from source and -
scheme attack destination
Without black hole
Minimize additional
Single Black node packet loss
9 Ignorance scheme AODV NS-2 2007 overhead and PDR
hole attack increased by 4% in
improved by 19%
the network
Extended data
Cooperative Malicious nodes
routing
10 - - black hole and 2013 - should work
information table
gray hole attack together as a group
(EDRI)scheme

D. Shared Hop and Sequence Number Based Scheme number of the last sent and received packet. This record is
Mohammad Al-Sherman et al. [11] propose 2 maintained in a table, which is updated when any packet
solutions to prevent the black hole attack in MANET. The sent or received. The source node sends RREQ packet to
1st solution is to find more number of routes to the its neighbor. After receiving these packets, the destination
destination (at least three). Here an author considered at node sends RREP to the source node. This RREP packet
least three redundant routes to the destination. Then, contains the sequence number of the last sent and
source node broadcast RREQ packet called as ping packet received. The intermediate node that has fresh enough
to its neighbors. After receiving it neighbor’s sends the routes to the destination may also send the RREP to the
RREP packet. The motive behind the use of this solution source node with sequence number of last sent and
is to wait for (at least three RREPs) more numbers of received packet. Based on the received sequence numbers
RREPs from the neighbors or the intermediate nodes. in RREP packets, the source node identifies the presence
During this period of time, the source node buffers all the of malicious node in MANET.
packets. Once the safe route is identified, the source node The simulation result shows that these two solutions
will sends all the packets. The safe route is identified have less routing overhead. The second solution is better
based on the shared hops. If there is no shared node, the than the first solution, because it provides fast and reliable
source node waits for more number of RREPs with shared way to find the malicious node. The time delay is more in
hops. first solution, because the source node waits for more
In the 2nd solution, the sequence number is taken in to number of replies. Both the solutions are used to identify
account to detect and mitigate the effect of black hole the single black hole attack and not the cooperative attack
attack. Each node keeps the record of the sequence in MANET.

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |
E. Packet Delivery Information Scheme ambiguity exit even if there is no malicious node. This
Yanzhi Ren et al. [12] propose a solution that can ambiguity is overcome by using 2-ACK scheme. When
used to detect the black hole attack and mitigate the node n4 receives data packets from node n3 it sends 2-
negative impact caused by the black hole attack on the ACK acknowledgment to the node n2, to notify that it has
data delivery process in DTNs. This scheme generates received data packets. The 2-ACK scheme is used to
secure packet delivery record for nodes which encounter reduce the routing overhead by sending the fraction of
each other. This record is signed by their private keys and received data packets in reverse direction of routing path.
these records are stored in two tables at each. These tables Such a 2-ACK transmission takes place for every three
are receiving record table and self-record table. consecutive nodes. Only the first node from the source
The receiving record table is used to keeps packet node cannot sends 2-ACK acknowledgment and the node
exchange records generated by its encountering nodes and just before the destination node and destination node
the self-record table is used to keeps packet exchange cannot receives 2-ACK acknowledgment.
record for each node encounter. When two nodes The simulation results are studied and it shows that
encounter each other, the first node sends request for the 90% of PDR is achieved in the presence of 40% of
second node’s RRT. After receiving second node’s RRT, malicious nodes in MANET. The proposed solution
the first node checks the packet exchange information detects the misbehaving link and when such misbehavior
between them and other nodes. The first node then is detected the node associated with it may be detected as
calculates the packet forwarding percentage. The packet a malicious node.
forwarding percentage is the ratio between the total
packets forwarded by the second node and the total G. Sequence Number and Neighbors Voting Scheme
packets received by the second node. By calculating the Moumita Deb [14] proposes two step solutions to
packet forwarding percentage, the encountered node can detect black hole attack in MANET. In the first step
be detected as the malicious node or not. solution, the destination sequence number is considered to
detect the black hole node in MANET. In normal state,
Packet forwarding percentage = (Total packets the sequence number of each node is depends on the
forwarded / Total packets received) traffic condition. The sequence number increases as the
number of connections increases. This sequence number
The simulation result shows that the proposed is increased in larger amount when there is attack. In this
method detects the black hole attack effectively with solution each node maintains two small sized tables to
100% detection rate and low false positive rate. track their neighbors. The first table is sequence table
(SnT) which maintain the sequence number of neighbor
F. 2-ACK Scheme with their ID’s and the second table is status table (ST)
Kejun liu et al. [13] proposes a 2-ACK scheme to which maintain the status of node. It is either safe (S),
detect and isolate the misbehaving link in MANET. In black hole (B) or malicious (M).
this method the two hop acknowledgment is sent in When the source node has data packets to send, it
opposite direction of routing path and it works in triplet. broadcast RREQ packet to its neighbors. The neighbors
The routing overhead is reduced by sending the fraction send RREP to RREQ with the list of neighbors. Then, the
of received data packets in reverse direction of routing source node compares the sequence number of replier
path. with the sequence number in sequence table (SnT). If
DSR route discovery process generates route from there exit large difference between them and if this
source to destination.. Along this route three consecutive difference is greater than threshold, the replier is assumed
nodes are used in 2-ACK scheme. as the malicious node. Once the malicious node is
detected in first solution, the second solution is executed
for further detection.
In the second step solution voter table is used to
detect cooperative attack. For further detection, the
malicious nodes next hope node is affected by the further
detection message sent by source node. The entire
malicious nodes next hop node sends RREQ to the source
Fig. 2. 2-ACK scheme
node. This RREQ is sent by setting the next hope node
address as a source address. If next hope node receives
RREP from the malicious node, to check its reliability
In fig. 2, suppose that the n1 is source, n5 is the
next hope node sends a test packet (TP) through malicious
destination and n2, n3 and n4 are the three consecutive
node. Now to confirm the reliability and unreliability of
nodes along the path from source to the destination. When
malicious node next hope node sends an acknowledgment
node n2 sends data packets to node n3, the node n3
packet (AP) through some other route to the source node.
forward it to the node n4. It is unclear to the node n2
Then, some waiting time is introduced, so that source
whether sent packets are by the node n4 or not. Such a

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |
node receives the sent packets. If the source node receives I. Ignorance Scheme
the test packets (TP), it updates the voter table by the vote Semih Dokurer et al. [16] propose a solution which
‘Y’ and if it receives the acknowledgment packet (AP), it ignores the first established route to prevent the black hole
updates voter table by the vote ‘N’ i.e. No. If all the attack in MANET. Generally the first route reply is from
entries for particular node are detected as ‘N’, the status the malicious node. Author modified the existing AODV
of the node in the status table (ST) is updated as ‘B’ i.e. protocol and used second RREP to send data packets.
black hole node. The simulation result shows that the more number of
Once the black hole node is confirmed, the packets are lost in presence of black hole. In the presence
information about it is sent to the whole network. The of black hole node the network experiences 89.95%
proposed two step solution can be used to reduce the false packet loss. It is also observed that the proposed method
detection rate. reduces the packet loss to 71.09%.

H. DRI Table and Cross Checking Scheme J. Extended Data Routing Information (EDRI) Table
Sanjay Ramaswamy et al. [15] propose an approach Scheme
to detect the cooperative attack in MANETs. An extra Gundeep Singh Bindra et al. [3] exploit extended data
table is maintained at each node that is called as data routing information (EDRI) table scheme to detect the
routing information table (DRI). In this table, 1 and 0 cooperative black hole and gray hole attack in MANETs.
represents true and false respectively. There are two bit Each node needs to maintain one extra table which is
entries, the first bit entry stands for ‘from’ and second bit called EDRI table. In the EDRI table, 1and 0 are used to
entry stands for ‘through’. The ‘from’ entry is used for represent the true and false values respectively. The entry
information routing from the node and the ‘through’ entry is composed of 5 bits from, through, counter, BH and
is used for information routing through the node. timer. The ‘From’ entry is used to imply that the
In the table II, the entries 11 for node 4 and 00 for information is routed from the node and the ‘Through’
node 6 imply that node 2 has and has not sent data packets entry is used to imply that the information is routed
from and through the node 4 and 6 respectively. through the node.
In the table III, the ‘from and through’ entry of 01
TABLE II. DRI table example of node 2 implies that node 2 does not send any data packets to node
Node Data Routing Information
4 but it has received data packets from node 4. The 11
ID implies that the node 4 has sent and received data packets
from and through the node 3 and 00 implies that the node
From Through 4 neither sent nor received data packets from and through
the node 7. In EDRI table the next three entries are
4 1 1 counter, BH and timer. The counter entry is used to
6 0 0
represent how many times the node is detected as
malicious. The BH entry is used to represent the ID of
node that has been identified as malicious in the latest
The detail description of the proposed solution is interaction and the timer entry is used to represent the
given below. When source node has something to send to time for which the node behaves maliciously.
destination it sends RREQ. Intermediate nodes (IN) that
are affected by RREQ sends RREP to source node. This TABLE III. EDRI table example of node 4
route reply contains information of next hop node (NHN) Node
and DRI entry for the NHN. The source node decides the From Through Counter BH Timer
ID
honesty of the intermediate node (IN) and to decide it
source node compares its own DRI table with received 2 0 1 1 0 0
DRI table. Once the honesty of the node is decided, the
3 1 1 0 0 0
source node sends further request to intermediate nodes
NHN. Then, the intermediate nodes NHN sends further 7 1 0 1 0 0
reply with current NHN and DRI entry for the
intermediate node. Now, the source node compares the 9 0 0 6 1 26
entries for the intermediate node (IN) in its own DRI table
with the entries in newly received DRI table. Then the
source node decides the honesty of the IN node. By The detail description of proposed solution is given
checking the DRI table entries source node judges the below. The source node initiates route discovery process
malicious node in the routing path. by sending RREQ packets to its neighbor. The nodes that
The propose method can be used to detect the single are affected by this RREQ send RREP with EDRI table to
as well as cooperative black hole attack. source node. The source node then sends data packet
along one route and checks whether sent data packets are

978-1-5386-3039-6/18/$31.00©2018 IEEE
4th Int’l Conf. on Recent Advances in Information Technology | RAIT-2018 |
received at destination node or not by observing the Conference on Computer, Information and Telecommunication Systems
(CITS), 14-16 May 2012, pp 1- 5.
positive or negative acknowledgment over different route.
If the negative acknowledgment is received, the source [3] Bindra, G.S., Kapoor A., Narang A., Agrawal A.: Detection and
Removal of Co-operative Blackhole and Grayhole Attacks in MANETs,
node sends refresh packet along first route over which the IEEE Conference on System Engineering and Technology (ICSET),
data packets has been transferred. After receiving a 11-12 Sept. 2012, pp 1 - 5.
refresh packet the node needs to (i) sends its DRI entries, [4] F. H. Tseng, L. Chou, H.C. Chao: A survey of black hole attacks in
(ii) discard the route from the route table or (iii) forward wireless mobile ad hoc networks, International journal on Human-
the packets. The malicious node ignores this packet and centric Computing and Information Sciences, 22 Nov 2011, pp 1-16.
does not forward it to the next node. Now, the source [5] Krishna Gorantala: Routing Protocols in Mobile Ad-hoc Networks,
Thesis in Computing Science Umea University June 15, 2006.
node begins the black hole detection procedure, for that it
sends BHID packet. The nodes that are affected by this [6] Dr. Luiz; A. Dasilva, Tao Lin, Tao Lin, Dr. Scott, F. Midkiff: Mobile
Ad-hoc Network Routing Protocols: Methodologies and Applications,
packet mark node as a malicious node and the counter ECE Department, Virginia Polytechnic Institute and State University
value is increased by one. The time for which the node 2014.
behaves malicious is calculated using timer field. When [7] Bala Anu, Bansal M., Singh J.: Performance Analysis of MANET under
the timer is expired the corresponding BH entry in table is Blackhole Attack, IEEE Conference on Networks and Communications
set back to the zero. It gives another chance for the node. NETCOM 27-29 Dec. 2009, pp 141-145.
The cooperative attacks are easy detected using proposed [8] Hongmei Deng, Li W., Agrawal D. P.: Routing Security in Wireless Ad
Hoc Networks, IEEE Communications Magazine,Volume: 40, Issue:10,
method. 2002 , pp 70-75.
[9] Medadian, M., Yektaie M. H., Rahmani A. M.: Combat with Black hole
attack in AODV routing protocol in MANET, International Conference
IV. CONCLUSION AND FUTURE WORK on First Asian Himalayas Internet, AH-ICI 3-5 Nov. 2009, pp 1 – 5.
[10] Lalit Himral, Vishal Vig, Nagesh Chand: Preventing AODV Routing
A MANET has several practical applications. Protocol from Black Hole Attack, International Journal of Engineering
However, due to unique characteristics it is more Science and Technology (IJEST), Vol. 3 No. 5 May 2011.
vulnerable to security attacks. The security of an entire [11] Mohammad Al-Shurman, Seong-Moo Yoo, Seungjin Park: Black Hole
Attack in Mobile Ad Hoc Networks, ACMSE’04, April 2-3, 2004, pp
network depends on routing. It is not possible to find 96-97.
general solution that can be used to detect black hole [12] Yanzhi Ren, Mooi Choo Chuah, Jie Yang, Yingying Chen: Detecting
attack in MANETs. Blackhole Attacks in Disruption-Tolerant Networks through Packet
In this paper author summarize the positives and Exchange Recording, IEEE International Symposium on a World of
negatives with popular routing protocols in MANETs Wireless Mobile and Multimedia Networks (WoWMoM), 14-17 June
2010, pp 1 – 6.
followed by the state of the art routing methods of
[13] Kejun Liu, Jing Deng, Pramod K. Varshney, Kashyap Balakrishnan: An
existing solutions and are categorized. Proposals for the
Acknowledgment - Based Approach for the Detection of Routing
same are presented in a tabular form. Misbehavior in MANETs, IEEE Transactions On Mobile Computing,
Author concludes that proactive as well as reactive Vol. 6, NO. 5, MAY 2007, pp 488-502.
routing protocols have distinct skills. The proactive [14] Moumita Deb: A Cooperative Blackhole Node Detection Mechanism for
detection method is better with respect to packet delivery ADHOC Networks, Proceedings of the World Congress on Engineering
ratio (PDR) and correct detection probability, but it and Computer Science WCECS San Francisco, USA October 22 - 24,
2008.
periodically broadcasts packets and hence suffers from the
[15] Sanjay Ramaswamy, Huirong Fu, Manohar Sreekantaradhya, John
higher routing. The reactive detection method is used to Dixon, Kendall Nygard: Prevention of cooperative black hole attack in
eliminate the routing overhead problem but it suffers from wireless ad hoc networks: IEEE Proc. of Int’l Conf. on Wireless
some packet loss in the logging of routing procedure. Networks 2003.
Our study shows that although many solutions have [16] Dokurer S., Erten Y.M., Acar C.E.: Performance analysis of ad-hoc
been proposed they still are not applicable for non- networks under black hole attacks, IEEE Proceedings SoutheastCon ,
22-25 March 2007, pp 148 - 153.
consecutive cooperative black hole attack. Therefore, in
[17] Jian-Ming Chang, Po-Chun Tsou, Isaac Woungang, Han-Chieh Chao,
future work we intended to propose and simulate a perfect Chin-Feng Lai: Defending Against Collaborative Attacks by Malicious
solution to detect non-consecutive cooperative black hole Nodes in MANETs, A Cooperative Bait Detection Approach, IEEE
attack in MANET. Systems Journal, 09 January 2014, pp 1 – 11.
[18] Shekhar Tandan, Praneet Saurabh: A PDRR based detection technique
for blackhole attack in MANET, International Journal of Computer
REFERENCES Science and Information Technologies, Vol. 2 (4), 2011, pp 1513-1516.
[19] Bo Sun, Yong Guan, Jian Chen, Udo W. Pooch: Detecting Black-hole
[1] B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato: A survey of routing
Attack in Mobile Ad Hoc Networks, IEEE conference on Personal
attacks in Mobile ad hoc networks, IEEE Wireless Communications,
Mobile Communications, 22-25 April 2003, pp 490 – 495.
October 2007, pp 85-91.
[20] Latha Tamilselvan, Dr. V Sankaranarayanan: Prevention of Co-operative
[2] I. Woungang, S. K. Dhurandher, R. D. Peddi, M. S. Obaidat: Detecting
Black Hole Attack in MANET, Journal Of Networks, VOL. 3, NO. 5,
Blackhole Attacks on DSR-based Mobile Ad Hoc Networks, IEEE
MAY 2008.

978-1-5386-3039-6/18/$31.00©2018 IEEE