Comparative Study of Different Network Attacks Over AODV ...ijcscn.com/Documents/Volumes/vol5issue1/ijcscn2015050104.pdf · Comparative Study of Different Network Attacks Over AODV

Comparative Study of Different Network Attacks Over AODV in MANET

Shraddha Dubey Student M. Tech. CSE

Kamla Nehru Institute of Engineering &

Technology

Sultanpur (U.P.), India

e-mail: [email protected]

R. K. Singh Associate Professor, CSE department

Kamla Nehru Institute of Engineering &

Technology

Sultanpur (U.P.), India

Abstract:

Due to the non-infrastructural nature of mobile ad-

hoc networks that exhibits insecure environments,

makes them vulnerable to attacks. The inbuilt

features e.g. dynamically varying network

topology, lack of centralized monitoring and

management of the MANET, makes it exposed to a

wide range of attacks. There is not a single way to

determine whether a communication path is free

from malicious nodes (which interrupts the network

communication intentionally) or not. So defending

the mobile ad-hoc network from malicious attacks

is most important and challenging issue. In this

paper we deal with the problem of packet

forwarding misbehavior and study the effect of

different attacks on AODV (Ad-hoc On-demand

Distance Vector) routing since it is a mostly

accepted network routing protocol for Mobile

Adhoc Network (MANET).

Keywords: MANET; blackhole attack; grayhole

attack

1.Introduction:

MANETs (collection of wireless nodes) have a

dynamically varying topology. In MANET, nodes

are usually illustrated by their higher degree of

mobility as well as limited wireless transmission

range for a particular node. Nodes that are in

transmission range of each other are called

neighbors. Neighbors can communicate directly to

each other. However, when a node needs to

communicate to another node, which is not in its

transmission range then the data is routed through a

sequence of multiple hops, with intermediate nodes

acting as routers. Therefore, the transmission range

of each node is extended by multi-hop packet

forwarding mechanism. Thus, the majority of

applications of MANETs are in areas where rapid

deployment and dynamic reconfiguration are

necessary and wired network is not available. Some

application of MANET technology could include

industrial and commercial. It also includes military

wars, emergency/rescue operations, and in PAN

(personal area network) related applications where

various mobile devices e.g. Laptop, cellular

phones, PDA (personal digital assistance) etc.

exchange information dynamically. But, due to

lack of any centralized infrastructure that can

monitor or manage the functions of MANET, it is

more vulnerable to different types of passive and

active attacks than that of any wired or wireless

network.

In this paper we will analyze the effect of the black

hole attack and grayhole attack over MANET using

AODV protocol. We will also compare the

vulnerability of blackhole attack and grayhole

attack. In order to secure Mobile Ad-hoc network

against these attacks, one should first study the

behavior of these attacks in particulars.

2. Ad-hoc On Demand Vector (AODV)

Routing Protocol:

AODV combines some features of both DSR and

DSDV. It uses routing tables for maintaining route

information. It is a reactive protocol and therefore

do not maintain routes to nodes that are not

communicating. Instead it uses route discovery

process to handle with routes on-demand basis.

AODV handles route discovery process with Route

Request (RREQ packet) messages. This request

message (RREQ packet) is broadcasted to neighbor

nodes. The packet is flooded through the entire

network until the ultimate target or a node knowing

collision free route is reached. Sequence numbers

are used to gives surety of freedom from loops.

RREQ (packet) message cause intermediate

node(s) through which RREQ has been flown

successfully, to allot route table entries for down-

route. The target node unicast a Route Reply

(RREP packet) message reverse to the source node.

Node transmitting a RREP (packet) message

creates routing table entries for up-route. For route

maintenance nodes periodically broadcasts HELLO

messages (beacons) to neighboring nodes that helps

in removing the stale routing information and keep

the route up-to-date. If a node fails to receive three

successive HELLO messages from a neighbor, it

concludes that connection to that particular node is

broken. A node that detects a down-link sends a

Route Error (RERR packet) message to any

upstream node. When a node receives a RERR

message it will point toward a new source

Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26

22

ISSN:2249-5789

discovery process [1]. Fig. 1 shows the AODV

routing protocol with RREQ and RREP messages.

Figure 1. AODV with RREQ & RREP messages

The packet formats for the RREQ, RREP and

RERR are illustrated in table 1, 2 and 3

respectively [2].

Table 1. RREQ Packet Format

Type J R G D U Reserved Hop

Count

RREQ Id

Destination IP Address

Destination Sequence Number

Original IP Address

Original Sequence Number

Table 2. RREP Packet Format

Table 3. RERR Packet Format

3. Attacks in MANET:

MANETs are often suffering from security

attacks because of its features like open

medium, unstable topology, absence of central

monitoring and management, and lack of

security mechanism. These attacks are broadly

categorized as Active and Passive attacks.

Fig. 2 below depicts the classification of

different kind of major networking attacks in

MANET.

Figure 2. Classification of attacks in MANET at network layer

In active attack, the intruder interrupts the routine

of the network, misuse important information and

try to devastate the data during the exchange in the

network. Active attacks can be an internal or an

external attack. Attackers in passive attacks do not

interrupt the typical operations of the network [3].

In passive attack, intruder intercepts data traveling

throughout the network.

4. Details of Black Hole Attack and Gray

Hole Attack:

In Black hole attack, attacker never deals its correct

control messages firstly. Instead, it waits for

neighboring nodes’ RREQ messages. When the

attacking node receives an RREQ message, it

instantly sends a fake RREP message proposing a

route to target node through itself, and allotting a

higher sequence number to resolve the routing table

of the source node, even without checking its

routing table. It does it before other nodes send a

correct RREP, i.e. the malicious node uses its

routing protocol in order to advertise itself for

having the shortest path to the target node or to the

packet it wants to seize. In this way malicious node

will always have the accessibility in replying to the

route request and thus catch the data packet and

keep it. Therefore source node assumes that route

discovery process is completed and ignores other

RREP messages and begins to send data packets

over malicious node. [4][5] A Gray Hole may reveal its malicious performance

in different ways. It could merely drop packets

networking attack

active attack

black-hole attack

gray-hole attack

rushing attack

spoofing

man-in-middle

passive attack

wire-tapping

port-scanner

Type R A Reserved Prefix

Size

Hop

Count

Destination IP Address

Destination Sequence Number

Original IP Address

Lifetime

Type N Reserved Destination Count

Unreachable Destination IP Address

Unreachable Destination Sequence Number

Additional Unreachable Destination IP Address (If

Required)

Additional Unreachable Destination Sequence Number (If

Required)


23

ISSN:2249-5789

coming from or going to particular node(s) in the

network while forwarding all the other packets for

other nodes. In another type of Gray Hole attack, a

node behaves maliciously for some specific time

interval by dropping packets but may alter to

normal actions later. A Gray Hole may also

demonstrate a performance which is a mixture of

the above two, thereby making its recognition even

more complex. [5][6]

5. Simulation Procedure:

In order to achieve the black-hole attack and gray-

hole attack over AODV, we modified the following

functions in aodv.cc and thereby a new AODV is

written that uses original AODV packet and

exhibits the same functions as that of original

AODV except the following functions:

“recv” and “sendReply”.

The major modification is carried out as follows:

[6]

(i) If the received packet is a management packet,

then for black-hole attack, the fake Route

Reply is generated with the highest sequence

no. to the source node and hop count is set to

1.

(ii) If the received packet is a data packet, then

behaving as a black-hole or gray-hole attack it

drops all data packets as long as the packet

does not come to itself.

After that, the new AODV is implemented in the

NS2 package using changes required for attaching

new agent for the new protocol. It is done by

making appropriate changes in ns-lib.tcl file and

lastly makefile is changed to achieve new object

files for new AODV. And at last the execution of

“make” command is used to compile the NS folder

with the new AODV with attack.

All the simulations are made using NS2.

The simulation is carried out under different node

densities (1 to 5 nodes) of malicious nodes

separately for black-hole and gray-hole attack with

total no. of 50 nodes. The Random way-point

mobility model is used and the traffic is generated

through CBR (constant bit rate) with packet size

512 and rate 100kb. The no. of source and

receiving nodes are 5 for each. The network

parameters for the simulation are given as shown in

table 4 below:

Table 4. Simulation Parameters

Topography area 200*200

Mobility model Random way point

Propagation type Two ray ground

Node density 50

MAC type 802.11

Antenna type Omni antenna

Highest antenna 1.0

distCST 106.4

6. Result:

The result includes the comparison of average end-

to-end delay, normalized routing load, packet

delivery ratio (PDR) and average throughput for

both blackhole attack and grayhole attack in

AODV along with AODV without attack.

Average end-to-end delay: It is measured as

the average time taken by packets to reach at

the destination.

Figure 3. Average end to end delay

It is clear from the graph shown in fig. 3 that for

lesser no. of malicious nodes, the end-to-end delay

for blackhole attack is almost quite similar but after

increasing the no. of malicious nodes up to 8%

end-to-end delay for blackhole attack is increased.

But for grayhole attack it does not give any regular

pattern, so it is hard to justify its behavior.

Although in both the attack conditions the average

end-to-end delay are always greater than the

normal AODV condition. It signifies the attack in

AODV.

Normalized Routing Load: It is analyzed by

the ratio of control packets sent to that of

receiving packets.

Figure 4. Normalized Routing Load

0

0.5

1

1.5

2

2.5

3

3.5

1 2 3 4 5

normal AODV

AODV with blackhole attack

AODV with gray hole attack

0

1

2

3

4

5

6

1 2 3 4 5

No

rmal

ize

d r

ou

tin

g lo

ad

-->

No. of malicious nodes -->

normal AODV


AODV with grayhole attack


24

ISSN:2249-5789

The fig. 4 shows the comparison of normalized

routing load for AODV protocol under the above

discussed attacks and without attack. It is clear

from the fig. ix that normalized routing load for

normal AODV protocol is always lesser than the

AODV protocol under attacks. In case of blackhole

attack over AODV, routing load seems to be

constant while 2-6% of malicious nodes but it

increase for the high no. of malicious nodes. But, in

case of grayhole attack over AODV, routing load

increases with the increased no. of malicious nodes.

However, the normalized routing load in case of

grayhole attack is higher than that of blackhole

attack for higher no. of malicious nodes.

Packet Delivery Ratio: It is given by the

ratio of incoming data packets to actual

received data packets.

Figure 5. Packet Delivery Ratio

Fig. 5 shows the comparison of packet delivery

ratios in the context of above described attacks in

AODV with that of normal AODV under different

density of malicious nodes. It is clear from above

fig. 5 that packet delivery ratio for normal AODV

is always higher than the AODV under attacks. It is

also visible that packet delivery ratio is much lesser

in case of grayhole attack than that of blackhole

attack. Also, with the increase in no. of malicious

nodes the packet delivery ratio decreases in both

the cases of attacks.

Average throughput: It is the ratio of total no. of

bits transmitted to that of time taken in

transferringthose bits and is calculated in mbps.

Fig. 6 shows the average throughput for normal

AODV protocol with that of AODV under attack

conditions i.e. either blackhole attack or grayhole

attack. It is obvious form the fig. 6 that throughput

in case of any of the attacks is always lesser than

normal AODV. Moreover, it decreases with the

increase in no. of malicious nodes in any of the

attacking cases. It is also clear from the fig. 6 that

throughput for grayhole attack is much lesser than

that of blackhole attack.

Figure 6. Average throughput

Black hole attack can be determined if we store all

the request replies at source and wait for a

particular time till then. After that, by comparing

the sequence no. of all the request replies, we can

determine the malicious node. And therefore the

entry for malicious node can be removed from the

routing table of source [1]. But for grayhole attack,

the detection of malicious node is still quite a

challenging task, since malicious node only drops

the packets which can be assumed to occur due to

congestion.

7. Future Work:

This paper emphasizes the behavior of black-hole

attack and gray-hole attack over AODV routing

protocol. We could also analyze the impact of these

attacks over other routing protocols as well.

Moreover, we can also enhance some more

functionality to AODV or other routing algorithms

to detect and prevent these attacks.

8. Conclusion:

As we have seen that the black hole attack in

AODV is less vulnerable than that of grayhole

attack. Since it does not propagate any false routing

information, it makes it more complex to determine

the attacking phase as source node may assume the

reason for drop is congestion in network. Therefore

proposing detection and prevention schemes for

grayhole attack is more vulnerable whereas for

black hole attack, it is less cumbersome.

9. References:

[1] Tamilarasan Santhamurthy: “A Comparative Study of Multi-

Hop wireless Ad-Hoc Network Routing Protocols in MANET”,

IJCSI Vol. 8, Issue 5, No 3, September 2011, pp. 176-

184.ISSN(online):1694-0814

0

5

10

15

20

25

1 2 3 4 5

Pac

ket

Del

iver

y R

atio

-->


normal AODV



0

20

40

60

80

100

120

1 2 3 4 5Ave

rage

th

rou

ghp

ut

-->


normal AODV



25

ISSN:2249-5789

[2] C. Perkins; E. Belding-Royer; S. Das: “Ad-hoc On-Demand

Distance Vector (AODV) Routing”, July 2003

https://www.ietf.org/rfc/rfc3561.txt

[3] C.Wei; L.Xiang; B.yuebin; G.Xiaopeng: “A New Solution

for Resisting GrayHole Attack in Mobile Ad-Hoc Networks,”

Second International Conference on Communications and

Networking in china, VOL.9 No.4, April 2009 pp.366-370

[4] Sherril Sophie Maria Vincent; W. Thamba Meshach:

“preventing black hole attack in manets using randomized

multipath routing algorithm” IJSCE ISSN: 2231-2307, Volume-

1, Issue-ETIC2011, and January 2012 pp. 30-33

[5] Dokurer .S; Y. M. Erten; Can Erkin Acar: “Performance

analysis of ad-hoc networks under blackhole attacks”, Turkey

[6] Usha; Bose: “comparing the impact of blackhole and

grayhole attacks in mobile adhoc networks” Journal of

Computer Science 2012, 8 (11), pp. 1788-1802 ISSN 1549-

3636 (http://www.thescipub.com/jcs.toc


26

ISSN:2249-5789

https://www.ietf.org/rfc/rfc3561.txt