A Survey of Cooperative Black and Gray hole Attack in MANET - ijcsmr

International Journal of Computer Science and Management Research Vol 1 Issue 2 September 2012
ISSN 2278-733X
A Survey of Cooperative Black and
Gray hole Attack in MANET
B.Revathi*
D.Geetha**
*Research scholar in Computer Science, Sree Saraswathi Thyagaraja College of Arts and Science
Pollachi-642 107, Tamil Nadu, India
**Assistant Professor in Computer Science, Sree Saraswathi Thyagaraja College of Arts and Science
Pollachi-642 107, Tamil Nadu, India
Abstract— Mobile ad hoc networks (MANETs) are a set of
mobile nodes which are self-configuring and connected by
wireless links automatically as per the defined routing protocol.
Security is an essential requirement in mobile ad hoc network
(MANETs). Compared to wired networks, MANETs are more
vulnerable to security attacks due to the lack of a trusted
centralized authority and limited resources. Attacks on ad-hoc
networks can be classified as passive and active attacks,
depending on whether the normal operation of the network is
disrupted or not. These mobile nodes communicate with each
other without any infrastructure, furthermore, all of the
transmission links are established through wireless medium. In
this paper we address the problem of packet forwarding
misbehavior and propose a mechanism to detect and remove the
black and gray hole attacks.
Keywords— black hole, gray hole, MANET, active attack,
passive attack.
I. INTRODUCTION
This Mobile Ad-hoc Networks (MANETs) differ from
existing networks by the fact that they depend on no fixed
infrastructure. Nodes forming the network perform all
functionality of the network with each node performs the
functionality of both host and router.
Fig.1.1 A typical MANET
A MANET is referred to as an infrastructure less network
because the mobile nodes in the network dynamically set up
paths among themselves to send out packets temporarily. Due
to multi-hop routing and open working environment,
MANETs are vulnerable to attacks by selfish or malicious
nodes, such as packet dropping (black-hole) attacks and
selective forwarding (gray-hole) attacks. Another
characteristic of a MANET is, limited bandwidth, limited
battery power. This characteristic makes routing in a MANET
an even more difficult task. Currently, several efficient routing
protocols have been proposed. These protocols can be
classified into two categories: reactive routing protocols and
proactive routing protocols. In reactive routing protocols, such
as the Ad hoc On Demand Distance Vector (AODV) protocol
[1], nodes find routes only when required. In proactive routing
protocols, such as the Optimized Link State Routing (OLSR)
protocol [2], nodes obtain routes by periodic exchange of
topology information. Gray hole attack [3] may occur due to a
malicious node which is deliberately mischievous, as well as a
damaged node interface we simulated the Gray hole attack
node which is intentionally misbehaving, as well as a
damaged node interface we simulated the Gray hole attack.
We made our simulations using Network Simulator version 2
(NS-2) [4] simulation programs that consists of the collection
of all network protocols to simulate many of the accessible
network topologies.
II. PROTOCOLS COMMONLY USED FOR MANET’S
There are many number of routing protocols that are
proposed in MANET. The most commonly used protocols are:
A. AODV (Ad Hoc On-Demand Distance Vector Routing)
Ad hoc On-Demand Distance Vector (AODV) Routing is a
routing protocol for MANETs and other wireless ad-hoc
networks. It is a reactive routing protocol, meaning that is to
establish a route to a destination only on demand. AODV is
capable of both unicast and multicast routing. Route Requests
(RREQs), Route Replies (RREPs), and Route Errors
(RERRs) are the message types distinct by AODV. These
message types are received through UDP, and normal IP
header processing applies.
B. DSR (Dynamic Source Routing)
The Dynamic Source Routing (DSR) [5] protocol is an on
demand routing protocol that is based on the concept of source
routing. The DSR is a simple and efficient routing protocol
B.Revathi et.al. 205 www.ijcsmr.org

International Journal of Computer Science and Management Research Vol 1 Issue 2 September 2012
ISSN 2278-733X
designed specially for use in multi-hop wireless ad hoc
networks of mobile nodes. DSR allows the network to be
entirely self-organizing and self-configuring, without the need
for any existing network infrastructure or administration.
Dynamic source routing protocol (DSR) is an on-demand
protocol designed to confine the bandwidth consumed by
control packets in ad hoc wireless networks by eliminating the
periodic table-update messages.
C. DYMO (Dynamic On-Demand MANET Routing
Protocol)
The Dynamic MANET On-demand (DYMO) routing
protocol enables reactive, multihop, unicast routing between
participating DYMO routers. The basic operations of the
DYMO protocol are route discovery and route maintenance.
III. CLASSIFICATION OF ATTACKS
The attacks can be categorized on the basis of the source of
the attacks i.e. Internal or External, and on the behaviour of
the attack i.e. Passive or Active attack. This classification is
important because the attacker can develop the network either
as internal, external or/ as well as active or passive attack
against the network.
A. External and Internal Attack
External attacks, in which the attacker aims to cause
congestion, spread false routing information or disturb nodes
from providing services.External attacks are attacks launched
by challengers who are not initially official to participate in
the network operations. These attacks usually aim to cause
network congestion, deny access to specific network function
or to interrupt the whole network operations. External
attackers are mainly outside the networks who want to get
access to the network, once they get access to the network
they start sending fake packets, denial of service in order to
interrupt the performance of the whole network. This attack is
same, like the attacks that are made against wired network.
These attacks can be barred by implementing security
measures such as firewall, where the access of unauthorized
person to the network can be mitigated.
In internal attack the attacker wants to have usual access to
the network as well as contribute in the normal activities of
the network. Internal attack is more strict attacks then external
attacks. Internal attacks, in which the challenger wants to gain
the normal access to the network and contribute the network
activities, either by some malicious impersonation to get the
access to the network as a new node, or by directly
compromising a existing node and using it as a basis to
conduct its malicious behaviors.Internal nodes might
misbehave to save their limited resources, such as the battery
powers, the processing capabilities, and the communication
bandwidth. Attacks that are caused by the misbehaving
internal nodes are hard to detect because to distinguish
between normal network failures and misbehaviour activities
in the ad hoc networks is not an easy task.
.Fig. 3.1 External and Internal Attacks in MANETs
B. Active and Passive Attack
In active attack the attacker disrupt the performance of the
network, steal important information and try to destroy the
data during the exchange in the network. Active attacks can be
an internal or an external attack. The active attacks are meant
to destroy the performance of the network in such case the
active attack act as an internal node in the network. Being an
active part of the network it is easy for the node to make use
of and takeover any internal node to use it to introduce false
packets injection or denial of service. This attack brings the 18
attacker in strong position where attacker can modify, make
and replays the massages. Attackers in passive attacks do not
interrupt the normal operations of the network. In Passive
attack, it listens to the network in order to know and
understand how they are located in the network, how the
nodes are communicating with each other. Before the attacker
start an attack against the network, the attacker has enough
information about the network that it can easily capture and
introduce attack in the network.
Fig. 3.2 Active and Passive Attack in MANETs
IV. NETWORK LAYER THREATS
A. Black hole Attack
MANETs face various securities threats i.e. attack that are
passed out against them to interrupt the normal performance
of the networks. Black hole attack is one of the security threat
in which the traffic is redirect to such a node that actually does
not exist in the network. In these attacks, black hole attack is
that kind of attack which occurs in Mobile Ad-Hoc networks
(MANET). In black hole attack, a malicious node uses its
B.Revathi et.al. 206 www.ijcsmr.org

International Journal of Computer Science and Management Research Vol 1 Issue 2 September 2012
ISSN 2278-733X
routing protocol in order to endorse itself for having the involves the cooperation between two attacking nodes [14].
shortest path to the destination node or to the packet it wants One attacker captures routing traffic at one point of the
to interrupt.
network and turns it to another point in the network that
This destructive node advertises its availability of new shares a private high speed communication link between the
routes irrespective of checking its routing table. In this way attackers, and then selectively injects tunnel traffic back into
attacker node will always have the availability in replying to the network. The two colluding attacker can potentially
the route request and thus intercept the data packet and retain deform the topology and establish routes under the control
it [6]. In protocol based on flooding, the malicious node reply over the wormhole link.
will be received by the requesting node before the response of
reply from actual node; hence a malicious and forged route is
created. When this route is establish, now it is up to the node 1
whether to drop all the packets or promote it to the unknown
2
address [7].
B
4
The black hole attack has two properties. First, the node
exploits the mobile ad-hoc routing protocol, such as AODV,
to promote itself as having a valid route to a target node, even
3
though the route is false, with the aim of intercepting packets.
Second, the attacker consumes the intercepted packets without
A
any forwarding. However, the attacker runs the risk that
neighbouring nodes will check and represent the ongoing
attacks. There is a more delicate form of these attacks when an
Fig.4.2 Warm Hole Attack
attacker selectively forward packets. An attacker suppress or
modifies packets originating from some nodes, while leaving D. Location Disclosure Attack:
the data from the other nodes unchanged, which limits the In this attack, the privacy necessities of an ad hoc network
suspicion of its wrongdoing.
are compromised. Through the use of traffic analysis
techniques or with simpler probing and monitoring
approaches an attacker is able to discover the place of a node,
and the configuration of the network.
Fig.4.1Black hole Attack
B. Impersonation Attack:
The attacker nodes impersonates a right node and joins the
network untraceable, sends false routing information, masked
as some other trusted node.
C. Wormhole Attack:
In the wormhole attacks, a compromised node in the ad hoc
networks colludes with external attacker to create a shortcut in
the network. By creating this shortcut, they could trap the
source node to win in the route discovery process and later
starts the interception attacks. Packets from these two
colluding attackers are usually transmitted using wired
connection to create the best route from source to the
destination node. In addition, if the wormhole nodes
constantly maintain the false routes, they could permanently
reject other routes from being established. As a result, the
intermediate nodes reside along that denied routes are unable
to contribute in the network operations. The wormhole attack
E. Gray hole Attack
In this kind of attack the attacker misleads the network by
approving to forward the packets in the network. As soon as it
receive the packets from the neighbouring node, the attacker
falls the packets. This is a type of active attack. In the
beginning the attacker nodes behaves usually and reply true
RREP messages to the nodes that started RREQ messages.
When it receives the packets it starts falling the packets and
launch Denial of Service (DoS) attack. The malicious
activities of gray hole attack is different in different ways. It
drops packets while forwarding them in the network. In some
other gray hole attacks the attacker node behaves maliciously
for the time until the packets are dropped and then switch to
their normal behavior [8]. Due this behavior it’s very tricky
for the network to figure out such kind of attack. Gray hole
attack is also termed as node misbehaving attack [9].
V. PROPERTIES OF BLACKHOLE, GREYHOLE AND
WORMHOLE ATTACKS
First, the Black hole node exploits the ad hoc routing protocol,
such as AODV, to promote itself as having a valid route to a
destination node, even though the route is fake, with the
intention of intercepting packets. Second, the packets are
consumed by the Black hole node. Third, the Black hole nodes
can conduct synchronized attacks. Grey hole is a node that can
switch from behaving acceptably to behaving like a black hole.
Wormhole attacks depend on a node misrepresenting its
B.Revathi et.al. 207 www.ijcsmr.org

International Journal of Computer Science and Management Research Vol 1 Issue 2 September 2012
ISSN 2278-733X
location. Hence, location based routing protocols have the
potential to prevent wormhole attacks.
VI. COUNTERMEASURES
A. Wormhole Attack Countermeasure
Wormhole attacks depend on a node misrepresenting its
position. Hence, location based routing protocols have the
ability to prevent wormhole attacks. Localization may be done
using globally easy to get to beacons that broadcast known
locations [10]. A solution to wormhole attacks was planned in
which all nodes are equipped with directional antennas. Nodes
use specific ‘sectors’ of their antennas to communicate with
each other. Each couple of nodes examine the track of
received signals from its neighbour. If the directions of both
pairs match the neighbour relation is set [10]. This method
may only be used in networks using Directional antennas
[11].Another solution was proposed in which nodes estimate
the expanse of its neighbours using the Received Signal
Strength. The value is sent to a central controller which
calculates the physical topology based on individual sensor
distance measurement. Wormhole can be trapped as without
wormhole attack the topology is usually flat [12] [11].
B. Black hole and Grey hole Attack Countermeasure
To detect black and gray hole nodes, one proposal is
having the sender occasionally check through all available
routes to establish if the destination received all of its
messages intact. This must be done after some data has been
sent. In order to avoid any black hole nodes that might
interfere with message traffic, the sender broadcasts a "check"
request message (Fig. 3), and the destination's response would
follow the same route as the request (Fig. 4). To pact with the
possibility of a node altering or faking the client’s response,
the sender compares each response with the data that it sent to
the destination. If the responses differ from what the sender
sent, it may indicate a bad link or a malicious node. If any two
client responses vary, that is almost a sure sign of a malicious
node [13].
S
Fig.6.1 black hole interference in sender broadcast
S
N1
BH
N1
BH
Fig.6.2 Destination Response
N2
D
N2
D
CONCLUSION
In this paper, a study on the work that attempt to detect
black or gray hole or cooperative black and gray hole attack
has been done. Each node can locally maintain its own table
of black listed nodes whenever it tries to send data to any
destination node and it can also aware the network about the
black listed nodes which are of great importance in
networking. The survey revised about various type of
protocols commonly used for MANET’s.(eg. AODV, DSR,
DYMO) and briefly summarized about the classification of
attacks, Network layer threats and its properties of black hole,
gray hole attack, worm hole attacks. Finally the paper
explained the countermeasures of Warm hole attacks, gray
hole attack and black hole attack.
REFERENCES
[1] [1] C. Perkins, E. Belding-Royer, and S. Das, “Ad Hoc Ondemand
Distance Vector (AODV) Routing,” IETF RFC
3561, July 2003.
[2] Th. Clausen et al., “Optimized Link State Routing Protocol,”
IETF Internet
[3] P. Misra,. “Routing Protocols for Ad Hoc Mobile Wireless
Networks”,http://www.cse.wustl.edu/~jain/cis78899/adhoc_ro
uting/index.html, 14 May 2006.
[4] H. Goto, Y. Hasegawa, and M . Tanaka, “Efficient Schedu lin g
Focusing on the Duality of MPL Representatives,” Proc.
IEEE Symp. Computational Intelligence in Scheduling (SCIS
07), IEEE Press, Dec. 2007, pp. 57-64,
doi:10.1109/SCIS.2007.357670.
[5] J.Yoon, M. Liu, B.Noble ―Random Waypoint Considered Harmful‖
IEEE INFOCOM, 2003.
[6] K. Biswas and Md. Liaqat Ali, “Security threats in Mobile Ad-
Hoc Network”, Master Thesis, Blekinge Institute of Technology”
Sweden, 22nd March 2007
[7] G. A. Pegueno and J. R. Rivera, “Extension to MAC 802.11 for
performance Improvement in MANET”, Karlstads University, Sweden,
December 2006
[8] S.Marti, T.J.Giuli, K.Lai, M.Baker, “Mitigating Routing Misbehavior in
Mobile Ad-Hoc Networks”.
[9] Zhu, C. Lee, M.J.Saadawi, T., “RTT-Based Optimal Waiting time for
Best Route Selection in Ad-Hoc Routing Protocols,” IEEE Military
Communications Conference, Vol. 2, pp. 1054-1059, Oct, 2003.
[10] L. Hu and D. Evans, Department of Computer Science , University of
Virginia Charlottesville, “ Using Directional Antennas to
Prevent Wormhole Attacks”, VA IJCSNS International Journal of
Computer Science and Network Security, VOL.8 No.7, July 2008.
[11] K. Win, Department of Engineering Physics, Mandalay Technological
University, Pathein Gyi, Mandalay, “Analysis of Detecting
Wormhole Attack in Wireless Networks”, World Academy of Science,
Engineering and Technology 48 2008
[12] W. Wang and B. Bhargava., “Visualization of wormholes in sensor
networks”, Proceedings of the 2004 ACM workshop on Wireless
Security, pp. 51-60, 2004.
[13] E. Mohammed and L. Dargin,Oakland University School of Computer
Science and Engineering CSE 681 Information Security,
“Routing Protocols Security in Ad Hoc Networks”.
[14] Y.C.Hu, A.Perrig, and D.B.Johnson, “Packet Leashes: A Defense
Against Wormhole Attacks in Wireless Ad hoc Networks,”
Proceedings of 22nd Annual Joint Conf. IEEE Computer and
Communications Societies (Infocom’03), San Francisco, CA, vol.3,
pp.1976-1986, April 2003.
B.Revathi et.al. 208 www.ijcsmr.org