You are on page 1of 6

Lalit Himral et al.

/ International Journal of Engineering Science and Technology (IJEST)

Preventing AODV Routing Protocol from Black Hole Attack


Lalit Himral#1, Vishal Vig#2 & Nagesh Chand#3
Department of Computer Science & Engineering Lovely Professional University- Punjab Abstract- Ad-hoc networks, due to their improvised nature, are frequently established insecure environments, which makes them susceptible to attacks. These attacks are launched by participating malicious nodes against different network services. Routing protocols, which act as the binding force in these networks, are a common target of these nodes. Ad hoc On-demand Distance Vector routing (AODV) is a widely adopted network routing protocol for Mobile Ad hoc Network (MANET). Black hole attack is one of the severe security threats in ad-hoc networks which can be easily employed by exploiting vulnerability of on-demand routing protocols such as AODV. In this paper we proposed a solution for identifying the malicious node in AODV protocol suffering from black hole attack. Keywords: Ad-hoc AODV, Black Hole Attack, MANET, Destination sequence Number. 1. Introduction A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without a centralized management. These mobile nodes communicate with each other directly if they are in the same radio communication range. Communication between nodes out of the radio range requires the cooperation of other nodes; this is known as multi-hop communication. Therefore, each node must act as both a host and a router simultaneously. The network topology frequently changes due to the mobility of mobile nodes as they enter, move within, or leave the network. Due to the unique characteristics of MANET, developing an intrusion detection system (IDS) in this network is challenging. There is no centralized gateway device to monitor the network traffic. Since the medium is open, both legitimate and malicious nodes can access it. Moreover, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information can come from a compromised node or a legitimate node that has outdated information. Black hole or sequence number attack is one of the most common attacks made against the reactive routing protocol in MANETs. The black hole attack involves malicious node(s) fabricating the sequence number, hence pretending to have the shortest and freshest route to the destination. Numerous studies have attempted to devise effective detection methods for this attack. The aim of this paper is to investigate black hole & detection methods within the scope of ad hoc on demand distance vector (AODV) routing protocol. The paper is organized as follows. Section 2 provides brief overview about AODV routing protocol. Section 3 provides an overview of the Black Hole attack. Section 4 describes about the previous work done on black hole attack. Section 5 gives the detail information about our proposed solution. Section 6 for network simulation. We conclude with plan for future work in Section 7. 2. AODV Routing Protocol The Ad-hoc On-Demand Distance Vector (AODV) routing protocol is designed for use in ad-hoc mobile networks. AODV is a reactive protocol: the routes are created only when they are needed. It uses traditional routing tables, one entry per destination, and sequence numbers to determine whether routing information is upto-date and to prevent routing loops. An important feature of AODV is the maintenance of time-based states in each node: a routing entry not recently used is expired. In case of a route is broken the neighbors can be notified. Route discovery is based on query and reply cycles, and route information is stored in all intermediate nodes along the route in the form of route table entries. The following control packets are used: routing request message (RREQ) is broadcasted by a node requiring a route to another node, routing reply message (RREP) is unicast back to the source of RREQ, and route error message (RERR) is sent to notify other nodes of the loss of the link. HELLO messages are used for detecting and monitoring links to neighbors.

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3927

Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

3.

Black Hole Attack In an ad-hoc network that uses the AODV protocol, a black hole node pretends to have a fresh enough routes to all destinations requested by all the nodes and absorb the network traffic. When a source node broadcasts the RREQ message for any destination, the black hole node immediately responds with an RREP message that includes the highest sequence number and this message is perceived as if it is coming from the destination or from a node which has a fresh enough route to the destination. The source assumes that the destination is behind the black hole and discards the other RREP packets coming from other nodes. The source then starts to send out its data packets to the black hole trusting that these packets will reach the destination. A malicious node sends RREP messages without checking its routing table for a fresh route to a destination.

Figure 1: Broadcasting RREQ

As shown in Fig. 1 above, source node 0 broadcasts an RREQ message to discover a route for sending packets to destination node 2. An RREQ broadcast from node 0 is received by neighboring nodes 1, 3 and 4. However, malicious node 4 sends an RREP message immediately without even having a route to destination node 2. An RREP message from a malicious node is the first to arrive at a source node. Hence, a source node updates its routing table for the new route to the particular destination node and discards any RREP message from other neighboring nodes even from an actual destination node. Once a source node saves a route, it starts sending buffered data packets to a malicious node hoping they will be forwarded to a destination node. Nevertheless, a malicious node (performing a black hole attack) drops all data packets rather than forwarding them on. 4. Existing Work on Black Hole Attack There indeed have been numerous attempts published in the literature that aim at countering the Black attacks. We survey them in the following. In [3] Intrusion Detection Systems (IDS) are one of the main techniques utilized to prevent attacks against security threats. Intrusion detection can classified as network based and host based. Network based (IDS) installed on data concentration points of a network such as switches and routers. In the mobile ad-hoc networks we have no central device that monitors traffic flow so our proposed technique intrusion detection using anomaly detection (IDAD) uses host based IDS schema. IDAD assumes every activity of a user or a system can be monitored and anomaly activities of an intruder can be identified from normal activities. To find a black hole IDAD needs to be provided with a pre-collected set of anomaly activities, called audit data. Once audit data collected and given to the IDAD system, the IDAD system is able to compare every activity with audit data. If any activity of a host out of the activity listed in the audit data, the IDAD system isolates the particular node from the network. In this algorithm they first broadcast RREQ for route discovery and then receive RREP and match the RREP with the audit data if they match save route to the route table and send the data otherwise discard the RREP and then again try. In paper [8] authors have mentioned the AODV protocol and Black hole attack in MANETs and proposed a feasible solution for the black hole attacks that can be implemented on the AODV protocol. The Proposed method can be used to find the secured routes and prevent the black hole nodes in the MANET. As future work, author intend to develop simulations to analyze the performance of the proposed solution based on the various security parameters like packet delivery ratio (PDR), mean delay time, packet overhead, memory usage, mobility, increasing number of malicious node, increasing number of nodes and scope of the black hole nodes. In [4], the authors discuss that black hole attack is one of the route disturbing attacks and brings great damage

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3928

Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

on the network and they purposed a method for detecting black hole in network in this method each node is responsible or depend on itself for detecting black hole node in the network. In this paper they use the first algorithm counter threshold based in this algorithm they use the detection threshold and packet counter to identify the attack. When the packet is forwarded out its digest is added into the Fwdpktbuffer and detecting node overhears. Once the action that the next hop forwards the packet is overheaded, the digest will be released the FwdPktBuffer. The detecting node should calculate the overhear rate of its next hope and compare it with its threshold. If the forwarding rate is lower than the threshold the detecting node will consider the next hope as a black hole. In this technique not all node have to watch only the next hope node on the route should have to observe. As a result system performance waste on detection method is lowered. In [5], according to author solution, information about the next hop to destination should be included in the RREP packet when any intermediate node replies for RREQ. Then the source node sends a further request (FREQ) to next hop of replied node and asks about the replied node and route to the destination. By using this method we can identify trustworthiness of the replied node only if the next hop is trusted. However, this solution cannot prevent cooperative black hole attacks on MANETs. For example, if the next hop also cooperates with the replied node, the reply for the FREQ will be simply yes for both questions. Then the source will trust on next hop and send data through the replied node which is a black hole node. 5. Proposed Solution

The Proposed method can be used to find the secured routes and prevent the black hole nodes (malicious node) in the MANET by checking whether there is large difference between the sequence number of source node or intermediate node who has sent back RREP or not. Generally the first route reply will be from the malicious node with high destination sequence number, which is stored as the first entry in the RR-Table. Then compare the first destination sequence number with the source node sequence number, if there exists much more differences between them, surely that node is the malicious node, immediately remove that entry from the RR-Table.

Figure 2. AODV Protocol Packet Exchange

Destination Sequence Number [11] is a 32-bit integer associated with every route and is used to decide the freshness of a particular route. The larger the sequence number, the fresher is the route. Node N3 will now send it to node. Since node N1 and node N2 do not have a route to node D, they would again broadcast the RREQ control message. RREQ control message broadcasted by node N3 is also expected to be received by node M (assumed to be a malicious node). Thus, node M being malicious node, would generate a false RREP control message and send it to node N3 with a very high destination sequence number, that subsequently would be sent to the node S. However, in simple AODV, as the destination sequence number is high, the route from node N3 will be considered to be fresher and hence node S would start sending data packets to node N3. But in our proposed AODV before sending data packets firstly source node will check the difference between sequence numbers. If it is too large, obviously the node will be a malicious one, and it will be isolated from the network. Otherwise it simply transfers the data packets to the destination node. 5.1 Algorithm Algorithm: ReceiveReply(RREP) Method Parameters: DSN Destination Sequence Number, NID Node ID, MN-ID Malicious Node ID.

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3929

Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

Step 1: (Initialization Process) Start the route discovery phase with the source node S. Step 2: (Storing Process) Store all the Route Replies DSN and NID in RR - Table Step 3: (Identify and Remove Malicious Node) Retrieve the first entry from RR-Table If DSN is much greater than SSN then discard entry from RR-Table as Select Dest_Seq_No from table if (Dest_Seq_No >>>= Src_Seq_No) { Mali_Node=Node_Id Discard entry from table } Step 4: (Node Selection Process) Sort the contents of RR-Table entries according to the DSN Select the NID having highest DSN among RR-table entries Step 6: (Continue default process) Call ReceiveReply method of default AODV Protocol This is how malicious node is identified and removed. Now since malicious node is identified, the routing table for that node is not maintained. In addition, the control messages from the malicious node, too, are not forwarded in the network. Moreover, in order to maintain freshness, the RR-Table is flushed once a route request is chosen from it. Thus, the operation of the proposed protocol is the same as that of the original AODV, once the malicious node has been detected. The main benefits of proposed solution are: (1)The malicious node is identified at the initial stage itself and immediately removed so that it cannot take part in further process. (2) With no delay the malicious node are easily identified ie. as we said before all the routes has unique sequence number. Generally the malicious node has the highest Destination Sequence number and it is the first RREP to arrive. So the comparison is made only to the first entry in the table without checking other entries in the table. (3) No modification is made in other default operations of AODV Protocol (4) Better performance produced in little modification and (5) less memory overhead occurs because only few new things are added. 6. Network Simulation The simulation is done with the help of NS-2 (v-2.34) network simulator. NS-2 provides faithful implementations of the different network protocols. The implementation of the protocol has been done using C++ language in the backend and tcl language in the frontend on the Ubuntu Linux 10.04 operating system. The simulations consist of 25 nodes evolving in a region of (950 m) during 100 seconds. Transmission range is set to 250 meters. Random waypoint movement model is used and maximum movement speed is 12m/s. Packets among the nodes are transmitted with constant bit rate (CBR) of one packet per second, and the size of each packet is 512 bytes. In these simulations we used the following evaluation metrics: A. Packet delivery ratio (PDR): The percentage of data packets delivered to destination with respect to the number of packets sent. This metric shows the reliability of data packet delivery. B. Packet Loss: This metric informs us about the amount of control packets fails to reach its destination in a timely manner. Performance comparison is made on the basis of above two metrics between existing AODV and proposed AODV. A. Packet Delivery Ratio (PDR) : PDR is the ratio of the number of data packets received by the destination to the number of data packets sent by the source. It is clear from Fig. 3 that PDR of AODV is heavily affected by the malicious nodes where as the PDR of Proposed AODV is immune to it. This graph confirms that while proposed AODV is secure against blackholes, AODV is not.

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3930

Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

Figure 3. Showing PDR (Packet Delivery Ratio)

This is mainly due to the fact that our protocol detects the attacker and allows the source nodes to avoid it. By avoiding the attacker, our protocol finds shortest paths, and so, delivers more packets. On the other hand, the PDR decreases in the case of AODV that is subject to an attack. This is due to the fact that the number of correctly received packet is very less than the number of transmitted packets. Indeed, with the increase of the source nodes, the probability of intrusion increases, and the malicious node absorbs all the data packets passing through it. B. Packet Loss Clearly, the percentage of packets dropped increases as both the speed and the number of nodes increases. As speed increases, the position of a node will clearly change more rapidly. A source node will still use the last route it has for a destination (if it didnt expire yet), but due to the fast mobility pattern, this route will frequently be invalid which causes the packet to be dropped. This will cause more and more packets to time out before reaching their destinations. This was also noticed in our simulation as shown in the Fig. 4. The graph concludes that there is very less packet lost percentile in the proposed AODV as compared to the AODV.

Figure 4. Showing Packet Loss

7.

Conclusion & Future Work An efficient and simple approach for defending the AODV protocol against Black Hole attacks is proposed. The Proposed method can be used to find the secured routes and prevent the black hole nodes in the MANET by indentifying the node with their sequence number; check is made for whether there is large difference between the sequence number of source node or intermediate node who has sent back RREP or not? Generally the first route reply will be from the malicious node with high destination sequence number, which is stored as the first entry in the RR-Table. Then compare the first destination sequence number with the source node sequence number, if there exists much more differences between them, surely that node is the malicious node, immediately remove that entry from the RR-Table. In addition, the proposed solution may be used to maintain the identity of the malicious node as MN-Id, so that in future, it can discard any control messages coming from

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3931

Lalit Himral et al. / International Journal of Engineering Science and Technology (IJEST)

that node. Now since malicious node is identified, the routing table and the control messages from the malicious node, too, are not forwarded in the network. As future work, research work intend to develop simulations to analyze the performance of the proposed solution based on the various security parameters like mean delay time, packet overhead, memory usage, mobility, increasing number of malicious node, increasing number of nodes and scope of the black hole nodes and also focusing on resolving the problem of multiple attacks against AODV. References
Jiwen CAI, Ping YI, Jialin CHEN An Adaptive Approach to Detecting Black and Gray Hole Attacks in Ad Hoc Network, 2010 24th IEEE International Conference. [2] Songbai Lu, Longxuan Li, Kwok-Yan, Lingyan Jia SAODV: A MANET Routing Protocol that can Withstand Black Hole Attack, 2009 International Conference. [3] Preventing Black Hole Attack in Mobile Ad-hoc Networks Using Anomaly Detection by Yibeltal Fantahum Alem & Zhao Hheng Xaun from Tainjin 300222, China 2010, IEEE [4] An Adaptive Approach to Detecting Black Hole Attacks in Ad Hoc Network 2010 24th IEEE International Conference [5] Weerasinghe.H. Preventing Cooperative Black Hole Attacks in Mobile Ad Hoc Networks: Simulation Implementation and Evaluation, IEEE Student Member [6] Dokurer .S, Y. M. Erten , Can Erkin Acar Performance analysis of ad-hoc networks under black hole attacks, Turkey [7] Deng, H., Li, W. Agrawal, D., "Routing Security in Wireless Ad Hoc Networks IEEE Communication Magazine, October 2002 [8] Modified AODV Protocol against Blackhole Attacks in MANET by K. Lakshmi1, S.Manju Priya2 A.Jeevarathinam3 K.Rama4, K. Thilagam5, Lecturer, Dept. of Computer Applications, Karpagam University, Coimbatore. International Journal of Engineering and Technology Vol.2 (6), 2010. [9] M. Hollick, J. Schmitt, C. Seipl and R.Steinmetz, On the effect of node misbehavior in ad hoc networks, Proc. Of IEEE Intl Conference on Communications (ICC'04), Paris, June 2004, pp. 3759-3763. [10] X. Wang, T. Lin and J. Wong, Feature selection in intrusion detection system over mobile ad-hoc network, Technical Report, Computer Science, Iowa State University, 2005. [1]

ISSN : 0975-5462

Vol. 3 No. 5 May 2011

3932

You might also like