Professional Documents
Culture Documents
DOI 10.1007/s11276-015-1032-y
123
1506 Wireless Netw (2016) 22:1505–1511
The rest of this article is organized as follow: the basic become disconnected, this protocol announces the nodes
concepts and preliminaries including AODV routing pro- which make the path about the losing path and inform them
tocol and black hole attack are provided in Sects. 2 and 3, that the nodes can cancel the path by using the losing link.
respectively. Section 4 discusses the related works. The One of the special features of AODV routing protocol is
proposed method is given in Sect. 5. Simulation and results the use of sequence a number to destination for the entry of
are presented in Sect. 6 and finally Sect. 7 concludes the each path. Destination can be sure of the no ring by using
paper. the sequence number and it will be easy to program.
Suppose that there are two paths to request destination. The
path with many sequence numbers will be selected [4, 5]
2 AODV routing protocol (Fig. 1).
123
Wireless Netw (2016) 22:1505–1511 1507
The node which sends the RREQ supposes that it has transmitted from the nodes. In case of exceeding threshold,
found the best path when receiving this RREP. Therefore, a near IDS asks all nodes on the network to cooperatively
this node is considered as a short and fit path to send the isolate the malicious node. The value of the threshold plays
packet. Because of that a black hole is created and each an important role in this study [24].
node- which is known as a black hole- instead of sending the In [25], an efficient approach for detection and removal of
packets to destination gets their data or throws them away. single and cooperative black hole attacks in MANET was
The invader node does not check its routing list, so it presented. The algorithm not only detects the black hole
answers to the RREQ node before the other nodes. If the nodes in case when the node is not idle but it can also detect
invader node introduces itself as a fit path for the total network the black hole nodes in case when a node is idle as well. To
nodes and succeed to gain all network traffic, so it can destroy check if a node is idle, the authors used a threshold for the
all network paths and prepare a DOS attack [8] (Fig. 2). Interval. In case of exceeding the threshold, the malicious
procedure is invoked. For this, a source node looks at its
route cache and then sends RREQ packets and waits for the
4 Related works replies. Based on the replies, the black hole detection pro-
cedure is called. In this method, RREQ packets are sent in
Computer networks are threatened by a lot of security Fibonacci series pattern till the Flow count Threshold
attacks such as modification, denial of service attack, fab- (which is set to 34 ms) is not reached [25].
rication attack, IP spoofing, etc. Therefore, a lot of research Araghi et al. [26] provided a solution to prevent the
has been done in this regard [9–15]. black hole attack. In this study the basic authentication of
Black hole attack is a dangerous active attack on Ad intermediate nodes that send the path response message but
Hoc networks, thus this section only addresses the works get the confirmation from the destination was reviewed. If
done in the field of the black hole attacks in AODV pro- the confirmation is not received from the destination, these
tocol. Various researches have been conducted to design malicious intermediate nodes will be saved for arbitration
methods and intrusion detection systems to identify the at a later time. CL parameter is a counter that shows the
black hole attack [16–19]. miss behaviour of intermediate nodes when they send a
Tamilselvan and Sankaranarayanan [20] suggested a wrong path response. If CL becomes more than 3 for each
method to prevent cooperative black hole attack in node, that node is considred as malicious and the path
MANETs. Their idea was to use a Fidelity Table wherein introduced by this node is avoided.
each participating node was assigned a fidelity level to Madadian et al. [27] proposed a method to detect black hole
measure the reliability of that node. If the level of any node attacks. In this method, when a node sends the path response
dropped to 0, it could be considered as a black hole node. package, a consultation process takes place around that node.
A methodology for identifying multiple black hole nodes Then, according to the comments by neighbour nodes, a
cooperating as a group with slightly modified AODV protocol decision is made about the maliciousness of the responsive
by introducing Data Routing Information (DRI) Table and node. One method to detect the black hole attack using a timer
Cross Checking was proposed [21]. Simulation of this method was presented [28]. Another method called CDSM (Code
was implemented in [22]. Authors added some changes to the Division Security Method) based on code division to avoid the
algorithm to enhance the accuracy in preventing the black hole black hole attack was proposed [29] as well. Moreover, some
attacks. They suggested checking the current intermediate methods to avoid the black hole attacks were compared in
node for black hole if the next hop was not reliable. [30]. Filling gaps in measuring the severity of this attack,
Intrusion detection in sensor networks was studied and a Mandala [31] proposed new black hole attacks, namely
lightweight distributed scheme was proposed [23]. In the Independent Hybrid Black Hole Attack (IHBHA) and Coop-
proposed method, nodes monitor their neighbourhood and erative Hybrid Black Hole Attack (CHBHA); and then mea-
collaborate with their nearest neighbours to return the sures the severity of both CBA and HBHAs.
network back to its normal operational condition. The Considering the principles and characteristics of the active
authors applied their scheme for the black hole and selec- black hole attacks, an effective approach which can detect and
tive forwarding attacks. defend active black hole attacks was proposed by improving
Su [24] extended several intrusion detection system the AODV routing protocol combining flow analysis [32].
nodes in MANETs in order to detect and prevent selective Another approach was proposed to detect black hole
black hole attacks. A selective black hole is a node which nodes in the MANET. In the proposed method, as soon as
may optionally and alternately do a black hole attack or act detecting a misbehaving node, the detecting node tries to
as a normal node. The IDS nodes are set in sniff mode in avoid the misbehaving node [33].
order to estimate the suspicious values of nodes according In [34], to overcome the black hole attack, authors
to the abnormal difference between the routing messages proposed to ignore the first RREP packet reaching the
123
1508 Wireless Netw (2016) 22:1505–1511
source node. They implemented this solution by imple- currency of the node until neighbours cannot corporate to
menting RREP packet caching mechanism. mentioned node in the operation of black hole attack.
A cluster-based scheme to prevent black hole attacks in The principles of proposed algorithm are as [27, 39, 40]:
MANETs was presented in [35], which elects cluster heads
1. Information about the node’s activities including the
to prevent black hole attacks. Then the authors proposed a
number of missioned data, the number of received data
cluster-based countermeasure to prevent the black hole
and the number of received responses will be saved
attacks by identifying those black hole nodes.
and analysed.
In another clustering black hole attack detection and
2. The request packet has been sent to the neighbour’s
prevention approach, each member of a cluster ping the
ideas about the node which sends RREP.
cluster head to detect the peculiar difference between the
3. Saved information has been received in neighbour’s
numbers of data packets received and forwarded by the
nodes related to sender node RREP.
node. If anomalousness is detected, all the nodes will delete
4. Received information about the destructive node has
the malicious nodes from the network [36].
been considered.
In summary, many different detection techniques pro-
5. A packet of danger alarm for quarantining the
posed different types of detection schemes. Some good
destructive node has been sent and it has been
surveys on the existing solutions were conducted in [37, 38].
developed in all networks.
6. The nodes in quarantine have been deleted from the
Routing process.
5 The proposed algorithm
In the proposed algorithm, we use this rule to identify
In this study, the authors proposed an algorithm on AODV the destructive nodes:
protocol. In this algorithm, we tried to attend more to the 1. The node which sends a RREP to sender node RREQ
behaviour of nodes in Network, identify destructive nodes and may be a destructive node.
delete them from Routing. By increasing the Traffic, the 2. The node which has the least number of hops in RREP
destructive nodes increase. The heavier the traffic, the delay is and the most number of sequences may be a destruc-
increased more too. So, if the number of destructive nodes tive node.
increases, the identification of destructive nodes gets more 3. The node which sends the number of packet may be a
difficult. Thus, we can reduce the rate of delay and increase the destructive node.
rate of delivery by better identification of the destructive nodes. 4. The node which receives a great number of packets
When one node receives the RREP from its neighbour as and sends only one packet may be a destructive node.
a respondent node to RREQ, it is a middle node, not a 5. The node which receives a few number of packets
target node. It is considered whether the respondent node is and does not send them, is absolutely a destructive
one of the nodes in which it is in quarantine. If the node is a node.
destructive one, the RREP is scraped; otherwise, the pall-
ing process around the respondent node has been done until
it can receive all the node’s activities. Then, the accuracy
of the node in base of the received information and the 6 Environment and the simulation conclusions
rules for the definition of the destructive node in source
node are considered. If the node is a destructive node, the Simulator software NS2
alert message is broadcast in the network until the men- The time of simulation 200S–1000S
tioned node is put into the quarantine. The number of system’s node 20
In the proposed algorithm, we have used protocol The number of destructive node 1
IDSAODV by some changes, which has resulted to earn new The environment of simulation 700 9 700
rules to identify the destructive nodes. By using this method, Navigation of the protocol AODV
the security and efficiency of AODV protocol against the The kind of traffic CBR
black hole attack has improved and so the identification The range of send 10 kb
percentage of the destructive nodes is higher. In contrast to The size of packets 512b
previous methods, the identification of the destructive nodes
by source node has been done in the proposed method.
Probably one of the neighbour’s nodes is a destructive
node and its attitude to represent error information creates In different scenarios, the proposed algorithm has been
the black hole attack. So, the source node is considered the compared to AODV protocol in which it has been attacked.
123
Wireless Netw (2016) 22:1505–1511 1509
7 Conclusion
123
1510 Wireless Netw (2016) 22:1505–1511
along with the lack of central station and also its function 13. Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014).
in areas by important and secretary information, the secu- Security of the Internet of Things: perspectives and challenges.
Wireless Networks, 20, 2481–2501.
rity of data and information has more importance in these 14. Yan, Z., Zhang, P., & Vasilakos, A. V. (2015). A security and
networks. The aim of the proposed algorithm in this article trust framework for virtualized networks and software-defined
is that we can identify the destructive node and delete them networking. Security and Communication Networks, 8(13).
from Routing in accordance to the behaviour of nodes in doi:10.1002/sec.1243.
15. Attar, A., Tang, H., Vasilakos, A. V., Yu, F. R., & Leung, V.
the system. In this algorithm, the authors used a number of (2012). A survey of security challenges in cognitive radio net-
new rules to identify the destructive nodes, which caused a works: Solutions and future research directions. Proceedings of
considerable decrease in the range of lost packets and end- the IEEE, 100, 3172–3186.
to-end delay in the proposed algorithm than AODV pro- 16. Nagrath, P., Aneja, S., Gupta, N., & Madria, S. (2015). Protocols
for mitigating blackhole attacks in delay tolerant networks.
tocol. So the range of delivery packet and throughput of Wireless Networks, 21(2), 1–12. doi:10.1007/s11276-015-0959-3.
this algorithm increased more than the AODV protocol. In 17. Changela, H., & Lathigara, A. (2015). A survey on different
general, we can say that the proposed algorithm has better existing technique for detection of black hole attack in MANETs.
operation against hostile nodes than the AODV protocol. International Journal of Science and Research (IJSR), 4(1),
415–419.
18. Abdelshafy, M. A., & King, P. J. B. (2014). AODV and SAODV
under attack: Performance comparison. In Ad hoc, Mobile, and
Wireless Networks, Springer International Publishing (pp.
References 318–331).
19. Abdelshafy, M. A., & King, P. J. (2014). Resisting flooding
1. Nguyen, H. L., & Nguyen, U. T. (2008). A study of different attacks on AODV. SECURWARE, 2014, 25.
types of attacks on multicast in mobile ad hoc networks. Ad Hoc 20. Tamilselvan, L., & Sankaranarayanan, V. (2008). Prevention of
Networks, 6, 32–46. co-operative black hole attack in MANET. Journal of Networks,
2. Lima, M. N., dos Santos, A. L., & Pujolle, G. (2009). A survey of 3, 13–20.
survivability in mobile ad hoc networks. Communications Sur- 21. Ramaswamy, S., Fu, H., & Sreekantaradhya, M., Dixon, J., &
veys & Tutorials, IEEE, 11(1), 66–77. Nygard, K. E. (2003). Prevention of cooperative black hole attack
3. Ebinger, P., & Parsons, M. (2009). Measuring the impact of in wireless ad hoc networks. In International conference on
attacks on the performance of mobile ad hoc networks. In Pro- wireless networks.
ceedings of the 6th ACM symposium on performance evaluation 22. Hesiri Weerasinghe, H. W., & Huirong Fu, H. F. (2008). Preventing
of wireless ad hoc, sensor, and ubiquitous networks, Tenerife, cooperative black hole attacks in mobile ad hoc networks: Simula-
Canary Islands, Spain (pp. 163–164). tion implementation and evaluation. In International journal of
4. Liu, X. J. H., Wan, P., & Liu, X. (2007). A distributed and software engineering and its applications (IJSEIA) (Vol. 2,
efficient flooding scheme using 1-hop information in mobile pp. 39–54).
adhoc networks. IET Journals & Magazines, 18, 658–671. 23. Ioannis, K., Dimitriou, T., & Freiling, F. C. (2007). Towards
5. Maurya, P. K., Sharma, G., Sahu, V., Roberts, A., Srivastava, M., intrusion detection in wireless sensor networks. In Proceedings of
Scholar, M., et al. (2012). An overview of AODV routing pro- the 13th European wireless conference.
tocol. International Journal of Modern Engineering Research 24. Su, M. Y. (2011). Prevention of selective black hole attacks on
(IJMER), 2, 728–732. mobile ad hoc networks through intrusion detection systems.
6. Chhabra, M., Gupta, B., & Almomani, A. (2013). A novel solu- Computer Communications, 34, 107–117.
tion to handle DDOS attack in MANET. Journal of Information 25. Khemariya, N., & Khuntetha, A. (2013). An efficient algorithm
Security, 4(3), 165–179. for detection of blackhole attack in AODV based MANETs. In-
7. Kurosawa, S., Nakayama, H., Kato, N., Jamalipour, A., & ternational Journal of Computer Applications, 66(18), 18–24.
Nemoto, Y. (2007). Detecting blackhole attack on AODV-based 26. Araghi, T. K., Zamani, M., Manaf, A. B. A., Abdullah, S. M.,
mobile ad hoc networks by dynamic learning method. IJ Network Bojnord, H. S., & Araghi, S. K. (2013). A secure model for
Security, 5, 338–346. prevention of black hole attack in wireless mobile ad hoc net-
8. Jamali, S. B. S. (2015). A survey over black hole attack detection works. In 12th WSEAS international conference on applied
in mobile ad hoc network. International Journal of Computer computer and applied computational science, Malaysia.
Science and Network Security (IJCSNS), 15, 44. 27. Medadian, M., Mebadi, A., & Shahri, E. (2009). Combat with
9. Fadlullah, Z. M., Taleb, T., Vasilakos, A. V., Guizani, M., & black hole attack in AODV routing protocol. In Communications
Kato, N. (2010). DTRAB: Combating against attacks on (MICC), 2009 IEEE 9th Malaysia international conference on,
encrypted protocols through traffic-feature analysis. IEEE/ACM IEEE (pp. 530–535).
Transactions on Networking (TON), 18, 1234–1247. 28. Choudhary, N., & Tharani, L. (2015). Preventing black hole
10. Yao, G., Bi, J., & Vasilakos, A. V. (2015). Passive IP traceback: attack in AODV using timer-based detection mechanism. In
disclosing the locations of IP spoofers from path backscatter. Signal processing and communication engineering systems
Information Forensics and Security, IEEE Transactions on, 10, (SPACES), 2015 international conference on (pp. 1–4).
471–484. 29. Ahmad, S. J., Reddy, V., Damodaram, A., & Krishna, P. R.
11. Yang, H., Zhang, Y., Zhou, Y., Fu, X., Liu, H., & Vasilakos, A. (2015). Detection of black hole attack using code division secu-
V. (2014). Provably secure three-party authenticated key agree- rity method. In Emerging ICT for bridging the future-proceedings
ment protocol using smart cards. Computer Networks, 58, 29–38. of the 49th annual convention of the computer society of india
12. Liu, B., Bi, J., & Vasilakos, A. V. (2014). Toward incentivizing CSI volume 2 (pp. 307–314).
anti-spoofing deployment. Information Forensics and Security, 30. Nandini, N., & Aggarwal, R. (2015). Prevention of black hole
IEEE Transactions on, 9, 436–450. attack by different methods in MANET. Network, 4, 297–300.
123
Wireless Netw (2016) 22:1505–1511 1511
31. Mandala, S., Jenni, K., Ngadi, M. A., Kamat, M., & Coulibaly, Y. Mahdieh Ghazvini received
(2014). Quantifying the severity of blackhole attack in wireless her B.Sc. from Shahid Bahonar
mobile adhoc networks. In Security in computing and commu- University of Kerman, Iran in
nications, Springer (pp. 57–67). 2000, and her M.Sc. and Ph.D.
32. Gao, H., Wu, R., Cao, M., & Zhang, C. (2014). Detection and from the University of Isfahan,
defense technology of blackhole attacks in wireless sensor net- Isfahan, Iran in 2004 and 2013,
work. In Algorithms and architectures for parallel processing, in Computer Architecture Engi-
Springer (pp. 601–610). neering, respectively. Currently
33. Jaisankar, N., Saravanan, R., & Swamy, K. D. (2010). A novel she is assistant professor of
security approach for detecting black hole attack in MANET. In Computer Engineering Depart-
Information processing and management, Springer (pp. ment at Shahid Bahonar
217–223). University of Kerman. She is
34. Jain, A. K., & Tokekar, V. (2015). Mitigating the effects of black the author of several technical
hole attacks on AODV routing protocol in mobile ad hoc net- papers in signal processing and
works. In Pervasive computing (ICPC), 2015 international con- telecommunications journals
ference on (pp. 1–6). and conferences. Her research interests are wireless networks, game
35. Shi, F., Liu, W., Jin, D., & Song, J. (2014). A cluster-based theory, signal processing and neural networks.
countermeasure against blackhole attacks in MANETs.
Telecommunication Systems, 57, 119–136. Mehdi Bakhtiarian received
36. Rashmi, A. S. (2014). Detection and prevention of black-hole his B.Sc. from Sharif University
attack in MANETS. International Journal of Computer Science of Tehran, Iran in 1999, and his
Trends and Technology (IJCST)-Volume, 2, 204–209. M.Sc. from the Tehran Univer-
37. Tseng, F.-H., Chou, L.-D., & Chao, H.-C. (2011). A survey of sity of Science and Technology,
black hole attacks in wireless mobile ad hoc networks. Human- Iran in 2011, in Al Engineering.
Centric Computing and Information Sciences, 1, 1–16. Currently he is Ph.D. Student of
38. Jain, S., & Khunteta, A. (2015). Detection techniques of black- Al and Robotic at Tehran
hole attack in mobile adhoc network: A survey. In Proceedings of University of Science and
the 2015 international conference on advanced research in Technology.
computer science engineering & technology (ICARCSET 2015)
(p. 47).
39. Medadian, M., Fardad, K., & Barazandeh, I. (2011). Discovered
and removed a mass black hole attacks on mobile networks ad
hoc. In 1st national conference on soft computing and informa-
tion technology, Iran.
40. Rezaei, R., Medadian, M., & Darvishi, M. (2014). Provide a way
to deal with attacks on black holes in wireless networks case: The
behavior of nodes. In National conference on computer engi-
neering and information technology management, Iran.
123