Project With Description

Recognizing Black hole and Gray hole Attacks in MANET
CHAPTER 1
INTRODUCTION
1
MES's Pillai HOC College of Engineering and Technology, Rasayani
INTRODUCTION
1.1 Background
A Mobile Adhoc Network (MANET) is defined as collection of mobile nodes. In
MANET, nodes transfer data using multi-hop wireless links .It does not have any fixed
infrastructure. It is a self-configuring network, therefore the mobile nodes in the network
dynamically setup paths among themselves to transmit packets from the source to
destination. MANET has many important and potential applications, in commercial
environments, disaster area, and military operations. Since, wireless networks came into
existence, routing in mobile ad hoc networks has been a challenging task.. The security
issues like snooping attacks, wormhole attacks,hole attacks, packet replication, denial of
service (DoS) attacks, distributed DoS (DoS) attacks, et cetera have been studied in recent
years. Among these threats, the malicious node problem is one of the popularized security
threats such as black hole and grayhole attacks. In this paper, we tried to focus on various
black hole and grayhole detection and prevention methods.
1.2 Relevance
Mobile adhoc networks are vulnerable to several security issues due to their
inherent characteristics, like lack of centralized control, finite transmission bandwidth,
open medium, abusive broadcasting messages, dynamic link establishment and restricted
hardware caused processing capabilities.
Black Hole Attack is a type of DoS attack. In route discovery, the node (black hole)
responds to sources request with implying shortest path to the destination. In reality it is
not the case. The source believes and sends the data packet through this black hole node
and in turn, this black hole node drops all data packets. Due to this attack, the
performance of network humiliate completely since the data to be reached at destination
never accomplished.
Gray Hole Attack is another version of the black hole attack is a grayhole attack. In this
attack, the node (gray hole) acts as honest during the route discovery process and once the
source sends data packets it start dropping them all. The behaviour of grayhole attack is
uncertain and unexpected. For some time it is honest and some other time is behaving like
malicious by dropping the data packets. Therefore it is a big challenge to detect grayhole
attack compared to black hole attack. Also the data packets are not received at destination
because of congestion.
2
CHAPTER 2
LITERATURE SURVEY
3
LITERATURE SURVEY
2.1 Existing Systems
2.1.1 System Architecture:
To Process Route Information Crosscheckin

To confirm the
data g the
node of black hole
or not intermediate
node
RREQ accepted
Identify Black Confirm the route

holes is secure
RREP Unicast
Broadcast RREQ
with saved path to
source
Figure 2.1. System Architecture
Security solutions for wireless networks is to provide security services, such as

authentication, confidentiality, integrity, anonymity, and availability, to mobile users.
Black hole attack is one of the severe security threats in ad-hoc networks which can be
easily employed by exploiting vulnerability of ondemand routing protocols such as Ad-
Hoc OnDemand Distance Vector (AODV).
A mobile node wishes to communicate with other node first broadcasts an RREQ (Route
Request) message to find a fresh route to a desired destination node. This process is called
route discovery. Every neighbouring node that receives RREQ broadcast first saves the
4
path the RREQ was transmitted along to its routing table. It subsequently checks its
routing table to see if it has a fresh enough route to the destination node provided in the
RREQ message. The freshness of a route is indicated by a destination sequence number
that is attached to it. If a node finds a fresh enough route, it unicasts an RREP (Route
Reply) message backalong the saved path to the source node or it re-broadcasts the RREQ
message otherwise. The same process continues until an RREP message from the
destination node or an intermediate node that has fresh route to the destination node is
received by the source node.
2.2 Problem Statement:
Gray holes changes own behaviour normal node to malicious and vice versa. So there is
chance of normal node switch to malicious even after path establishment. Detection of
gray holes is done locally instead of globally to reduce track overhead. In this literature,
False Reply count technique used to detect gray holes and TrueLink technique used for
cross check purpose.
5
CHAPTER 3
REQUIREMENT GATHERING
6
REQUIREMENT GATHERING
3.1 Software and Hardware Requirement
Hardware Requirements:
Processor : Pentium III

Speed : 1.1 GHz
RAM : 256 MB (min)
Hard Disk :20 GB
Software Requirements:
Operating System : Windows 7/8/10, Linux, Ubuntu

Front End : Java
JDK 1.6 or above
XAMPP server for Database
7
CHAPTER 4
PLAN OF THE PROJECT
8
PLAN OF THE PROJECT
4.1. Design of the Project:
Figure 4.1.Proposed Model
In proposed system two techniques are used. False Reply count used for grayhole
detection and TrueLink used for cross checking purpose.
4.1.1.1 False Reply Count for detection of Gray Holes
Every node in the network maintains a black list in local RAM. During the path
establishment i.e. during route request RREQ and route reply RREP procedure, every
node count false replies. If the false reply count of replying node greater than peak value
then replying node get blacklisted. If the reply is from black listed node, packet will
discard. And if replying node is not black listed and false reply count is less than peak
value, packet will proceed.
9
Figure 4.1.1.1.1 Flow chart for detection for gray holes using False Reply count
10
4.1.1.2 Cross checking with TrueLink
After the successfully path establishment cross checking is done, because in gray hole
attack normal node can switch to malicious even after path establishment. Cross checking
is done using TrueLink. TrueLink technique proceeds in between every two adjacent
nodes within the established path.
Crosschecking-True-Link is a timing based mechanism (time-based approach) against

cooperative grayhole attacks. Gray hole enters mostly through network layer. So, we
include MAC layer with the network layer Integration (i.e cross layer) attacker will be
confused that which node having the data and direction of forwarding the data. This
assumption will helpful for detecting multiple gray holes. For eg. If the node nds the
shortest path or next hop for transmission using network layer it will sends the data to the
selected hop. If any grayhole node detected it will inform to mac layer after receiving the
gray hole report from network layer mac layer will stop transmission to that particular
node so we can reduce retransmission delay.
Technique is divided into 4 steps:
Step I: First each and every node maintains the DRI table this DRI table entry is based on
rendezvous phase by sharing nonce key (i.e two random numbers).
Step II: Based on the time constraints the next hop or adjacent node we can enter bit
information in the DRI table which have not received ACK as 0 and ACK as 1.
Step III: After getting entry into the DRI table we need to check the entry is correct or not
and make reliable communication for this we are using link verification method by
sending two nonce and signature. We are using simple nonce and ECC signature as
numbers. In this phase i and j each sign and transmit the message (j, i), mutually
authenticating themselves as the originator of their respective nonce. The timing
constraints of the rendezvous phase makes True-Link immune to capture the cooperative
gray hole attacks, and strictly limits the range of attacks based on bit-by-bit or cut-
through forwarding.
Step IV: Based upon the nonce key transmitted we are verifying the link based on both
proactive and reactive process according to mobility of nodes. Now thepackets will be
11
routed only with the good candidate and delivery will be high inside the network.The
rendezvous phase is implemented as a single RTSCTS-DATA-ACK exchange. We
describe the operation of the protocol for each of these frames. The rendezvous operation
includes following steps:
Request to Send (RTS): Node i called initiator, calls init ( ). Node i send an RTS to node j.
Clear to Send (CTS (j)): After receiving the RTS, node j calls Handle RTS ( ). A locally
generated value ?j is included in the CTS, which is sent after a delay of one Short Inter
Frame Space (SIFS), is the small time interval between the data frame and its
acknowledgment.
DATA (i): Having received the CTS, i generate valuei. After a SIFS delay, the nonce is
sent as the packet payload, together with a header, identifying the packet as rendezvous
packet.
ACK: When node j receives the payload packet containing values? i, the Handle RTS ( )
function sends the ACK frame, after a SIFS delay. The received packet and the locally
generated values j are handed to the upper layer for processing. When node i receives the
ACK, the init () function at i returns the pair ( j , i) to its caller.
Figure 4.3.TrueLink with rendezvous phase and authentication phase
Proposed Algorithm :
Step 1: Start (for each node which receives RREP).

Step 2: Check if a replying node has generated False reply Count False Reply Threshold
12
If yes go to step 3
If no go to step 4
Step 3: Black list the node, dont accept any RREP packet (discard) from this node
further.
Step 4: Check if routing table sequence number is less than reply packet sequence number.
If yes goto step 6 no goto step 5
Step 5: Skip detection engine and goto step10.
Step 6:Calculate difference between routing table sequence number and route reply
sequence(D).
R- Reply Forward Ratio
Peak = ([(D R) + No. of replies received by replying node + Current
Simulation Time])/3
Step 7: Check if peak < route reply sequence number
If yes go to 8
If no go to 10
Step 8: Add/Increment the false reply count to corresponding replying node.
Step 9: Free the packet (RREP)
Step 10: Follow the remaining aodvreceivereply() function
Step 11: Establish Path
[Apply TrueLink for cross check between every adjacent nodes in establishedpath]
Step 12: Send RTS to successor.
Step 13: Receive CTS with nonce j
Step 14: end i
Step 15: Receive ACK
Step 16: Send nonce pair to successor.
Step 17: Receive nonce pair of successor.
Step 18: Compare both pair for authentication.
Step 19: If both pairs are same then grayhole detection is negative.
Step 20: Else grayhole detection positive. Stop the communication and black listed node.
4.2Gantt Chart
13
Figure 4.4 GanttChart
14
CHAPTER 5
PROJECT ANALYSIS
15
PROJECT ANALYSIS
5.1 Use Case Diagram
Ause case diagramatitssimplestisa representationof a user'sinteraction
withthesystemanddepicting thespecifications ofausecase.Ausecasediagram canportray
thedifferenttypesofusersofasystemandthevariouswaysthatthey
interactwiththesystem.Thistypeofdiagramistypicallyusedinconjunction with the textual
use case and will often be accompanied by other types of diagrams as well.
Figure 5.1. Use Case Diagram
5.2Use Case Analysis

5.2.1 Sequence Diagram:
A sequence diagram in a Unified Modeling Language (UML) is a kind of interaction

diagram that shows how processes operate with one another and in what order. It is a
construct of a Message Sequence Chart. A sequence diagram shows object interactions
arranged in time sequence. It depicts the objects and classes involved in the scenario and
16
the sequence of messages exchanged between the objects needed to carry out the
functionality of the scenario. Sequence diagrams typically (but not always), are associated
with use case realizations in the Logical View of the system under development.Sequence
diagrams are sometimes called event diagrams, event scenarios, and timing diagrams.
Figure 5.2 Sequence Diagram
17
CHAPTER 6
PROJECT DESIGN
18
PROJECT DESIGN
6.1 Design Model.
6.1.1 Class Diagram:
Class Diagram is a typeofstatic structurediagram that describes the structureofasystem
byshowingthe system's classes, their attributes, andthe relationships between
theclasses.
Figure 6.1 Class Diagram
6.1.2 Data Flow Diagram:
A Data Flow Diagram (DFD), is a graphical representation of a flow of data through an

information system, modelling its process aspects. A overview of the system which can
later be elaborated. A DFD shows what kind of information will be input to and output
from the system, where the data will come from and go to, and where the data will be
stored. It does not show information about the timing of process or information about
whether processes will operate in sequence or in parallel.
19
Data flow diagrams are also known as bubble charts. DFD is a designing tool
used in the top-down approach to Systems Design. This context-level DFD is next
"exploded", to produce a Level 1 DFD that shows some of the detail of the system being
modelled. The Level 1 DFD shows how the system is divided into sub-systems
(processes), each of which deals with one or more of the data flows to or from an external
agent, and which together provide all of the functionality of the system as a whole. It also
identifies internal data stores that must be present in order for the system to do its job, and
shows the flow of data between the various parts of the system.
Fig 6.2. Level 0 DFD
Fig 6.3. Level 1 DFD
20
CHAPTER 7
IMPLEMENTATION
21
IMPLEMENTATION
The overall snapshot of this project are given below:
Figure 7.1 User Login Page
A existing user will directly login into the page and new user will register into the
Database.
22
Figure 7.2 Registration for New User

Firstly, the Registration has to be done for new user and the existing user can login
directly if he has already register. After that database is created for that user and he can
use further project.
23
Figure 7.3 Creation of Nodes

After login user will get these interface. Here node details have to be filled, user will enter
number of nodes and according to that, nodes will be created. Suppose for example, if
user enter five number of nodes and click on Create button, it will ask to specify name
for each node. The nodes will be created only after specifying the name.
Figure 7.4 Naming of Nodes

Here specify name for each node and click on ok button.For example, we have entered
5 number of nodes. Then now specify the name say, Node 1,Node 2,Node 3,Node 4
and Node 5 are named as a,b,c,d,e.
24
Figure 7.5Nodes in Network
Nodes a,b,c,d, e are created and further step is link the nodes.By entering Source Node
and Destination Node names, path is created between two nodes. Packet will be send
through this path only.
Figure 7.6Selection of Source and Destination
25
Path construction is done accordingly. Paths are created and further packets will be
transferred. When a is labelled as source node and b is labelled as destination node then
while transferring packets from node b (destination) to node a (source) is not possible.
Why because we already decided that which is source node and destination node. So if we
want to transfer packets from node b to node a we should have to make node b as a
source node and node a as destination node. Then only we able to transfer the packets.
Figure 7.7 Packet Transmission from Source to Destination
Now open message tab to transfer packets from any source to any destination. Here we can
see that screen is divided into three sections namely Message Details, Message and
Network.Message details will show all the details of packet transferring like Source,
Destination, Path for transmission, Malicious node (if any malicious node occurred during
transmission), Time in MS(milliseconds).Second section is Message section where we
select required source and destination to transfer packets. Here in above screen initially
source and destination is a. But we cannot transfer packet from a to a, as we
mentioned a as source. Self-transmission is not possible here. And third section is Network
section which will show a created network graph.
26
Figure 7.8Prompting Malicious Node

While transferring the packet it will find optimum path from source node to destination
node. Optimum path is nothing but shortest path from source to destination. If any
malicious node detected during the transmission of packet, it will show error message
asMalicious Node Found Take Alternate Path. Successful transmission of packet shown
by green color with message prompt. If malicious node detected then take alternate path to
transfer the data. This malicious node denoted by Red color.
27
Figure 7.9Highlighting Malicious Node by Red Color
Detected malicious node is denoted by Red color. The node can either be Black Hole or
Grey Hole which will show false shortest path to user and it will drop the packets. Hence
Message transmission get canceled.
28
Figure 7.10 Normal Packet Transmission
The normal packet transmission is done where no attacks are detected and packet is
transferred through shortest path.Hence messageis delivered successfully
CHAPTER 8
29
CONCLUSION AND FUTURE SCOPE
CONCLUSION AND FUTURE SCOPE
8.1 CONCLUSION
The performance of network is totally depends on security constraints and behaviour of

nodes in the network. For protecting the network, it is important that every node of
network must be honest. In MANET, intermediate nodes acts as routers, so it is important
that each node must forward all the incoming packets to next node in the path. When
malicious node present the path, proper transmission of packets is impossible. When node
drops packets partially, the communication between source and destination becomes
compromised and inappropriate. Because of partially dropping of packets, it is critical to
detect gray hole in the network. Hence, it is important to detect gray and remove from the
network.
30
8.2 FUTURE SCOPE
In this proposed system we detect gray holes using false reply count. If false reply is
more than one then only we consider sender node as malicious node. So in future instead
of static value we can use dynamic value.
REFERENCES
[1] A. Kanthe, D. Simunic, R. Prasad , A Mechanism for Gray Hole Attack Detection in
Mobile Adhoc Networks International Journal of Computer Application (0975-8887)
Volume 53-No.16, September 2012.
[2] J. Eriksson, S. V. Krishnamurthy, M. Faloutsos, TrueLink: A practical countermeasure to
the wormhole attack in wireless networks, The Communications and Networks
Consortium sponsored by the U. S. Army Research Laboratory under the Collaborative
Technology Alliance Program, 2011.
[3] D. Lokare, A. Kanthe, D. Simunic, Cooperative Gray Hole Attack Discovery and
Elimination using Credit based Technique in MANET, International Journal of Computer
Applications (0975 8887) Volume 88 No.15, February 2014.
[4] J. Sen, S. Koilakonda and A. Ukil, A mechanism for detection of cooperative black hole
attack in mobile ad hoc networks. Second international conference on intelligent system,
31
modelling and simulation, Kolkata, 2011, 25-27.

[5] SenJ.,ChandraM.,HarishaS.G.,Reddy H.,Balmuralidhar P., A Mechanism for Detection of
Gray Hole Attack in Mobile Ad Hoc Networks,Information, Communications and Signal
Processing ,2007,6th International IEEE Conference.
[6] Parineet D. Shukla, Ashok M. Kanthe, Dina Simunic, An Analytical Approach for
Detection of Gray Hole in Mobile Ad-hoc Network., IEEE 2014.
[7] G. Wahane, A. Kanthe, D. Simunic,Detection of Cooperative Black Hole Attack using
Crosschecking with TrueLink in MANET.IEEE International Conference on
Computational Intelligence and Computing Research, 2014.
32

Project With Description

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Project With Description

Uploaded by

Copyright:

Available Formats

Recognizing Black hole and Gray hole Attacks in MANET

2.1 Existing Systems

2.1.1 System Architecture:

To Process Route Information Crosscheckin

Identify Black Confirm the route

Figure 2.1. System Architecture

Security solutions for wireless networks is to provide security services, such as

2.2 Problem Statement:

3.1 Software and Hardware Requirement

Processor : Pentium III

Operating System : Windows 7/8/10, Linux, Ubuntu

PLAN OF THE PROJECT

4.1. Design of the Project:

Figure 4.1.Proposed Model

4.1.1.1 False Reply Count for detection of Gray Holes

4.1.1.2 Cross checking with TrueLink

Crosschecking-True-Link is a timing based mechanism (time-based approach) against

Technique is divided into 4 steps:

Figure 4.3.TrueLink with rendezvous phase and authentication phase

Step 1: Start (for each node which receives RREP).

Figure 4.4 GanttChart

Figure 5.1. Use Case Diagram

5.2Use Case Analysis

A sequence diagram in a Unified Modeling Language (UML) is a kind of interaction

Figure 5.2 Sequence Diagram

Figure 6.1 Class Diagram

6.1.2 Data Flow Diagram:

A Data Flow Diagram (DFD), is a graphical representation of a flow of data through an

Fig 6.2. Level 0 DFD

Fig 6.3. Level 1 DFD

Figure 7.1 User Login Page

Figure 7.2 Registration for New User

Figure 7.3 Creation of Nodes

Figure 7.4 Naming of Nodes

Figure 7.5Nodes in Network

Figure 7.6Selection of Source and Destination

Figure 7.7 Packet Transmission from Source to Destination

Figure 7.8Prompting Malicious Node

Figure 7.9Highlighting Malicious Node by Red Color

Figure 7.10 Normal Packet Transmission

CONCLUSION AND FUTURE SCOPE

CONCLUSION AND FUTURE SCOPE

The performance of network is totally depends on security constraints and behaviour of

8.2 FUTURE SCOPE

modelling and simulation, Kolkata, 2011, 25-27.

You might also like