RESOLVING BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST

VALUE EVALUATION SCHEME BASED MODIFIED AODV

ROUTING PROTOCOL
Dr. Periasamy 1

A. Menaka Pushpa 2

Prof. and Head of the Department of CSE, Dr.Sivanthi Aditanar College of Engg.,Tamilnadu, India
2
Lecturer in CSE Department, Dr. Sivanthi Aditanar College of Engg.Tamilnadu, India

ABSTRACT

Ad hoc networks are primarily meant for use in

military,emergency and rescue scenarios, where in spite of
onexistinginfrastructure, decentralized, fast deployment, a
network can be established. Nodes assist each other by passing
data and control packets from source todestination, often beyond
the wireless range of the original sender using multi hop
technique. However this cooperation between nodes and rely on
intermediate nodes for passing the packets to desired destination
makes ad hoc network vulnerable to different types of security
attacks like malicious / selfish node attacks. TheBlack Hole
problem is one of the Denial of Serviceattacks that occur in
mobile ad hoc networks (MANET).DoS is the one of the crucial
active attack in ad hocnetworks. The active attack is at stake as
in commercial or military environments. As this paper describe
the activity of Black Hole node in AODV i.e.) mainly used
reactive routing protocol in MANET. This paper alsogives the
overview of existing solution for black holeproblem and proposes
a novel approach to identify black hole node in ad hoc networks.
This solution purely based on Trust Based Secured (TBS)
architecture without any malicious node's activity in MANET. It
also provides an error free, secured route to two different peers.
Index terms: DoS, MANET, AODV, Black Hole Problem,TBS
Architecture

1. INTRODUCTION
A wireless ad hoc network consists of a collection
ofpeer mobile nodes that are capable of communication with
each other without help from a fixed infrastructure. Nodes within
each other's radio range communicate directly via wireless links,
while those that are far apart use other nodes as relays. The
nature of wireless networks makes this network very vulnerable
to an adversary's malicious attacks. At first these types of attacks
ranges from passive eavesdropping to active interfering. Attacks
on a wireless ad hoc network can come from all directions and
target at any node. Damages can leak secret information,
message contamination and node impersonation. All these means
that a wireless ad hoc network will not have a clear line of
defense and every node must be prepared to face the fake
advertised malicious node interaction. Second, mobile nodes are
autonomous units that are capable of roaming independently. So

that the nodes have inadequate physical protection are receptive

to being captured, compromised and hijacked. Third, decision
making in MANET is decentralized, so that connection
establishment and connection management, control and packet
transformation performed in cooperative participation of all
nodes. The lack of centralized authority means that the network
is vulnerability for new types of attacks designed to break the
co-operative algorithm.
Black hole attack is the main puzzle in the security of ad hoc
network. The existing solutions that were proposed by Dong and
Yoo are completely not satisfied to solve this problem. A novel
secured modified AODV routing protocol scheme is proposed to
combat the attack in AODV routing protocol.
This paper describes, modified AODV routing protocol in the
light of trust evaluation concepts. In particularly, we employ
specification based techniques to monitor the AODV routing
protocol, a widely adopted ad hoc source initiated routing
protocol. AODV is a reactive and stateless routing protocol that
establishes routes only as desired by the source node. AODV is
vulnerable to various kinds of wireless attacks. The normal
operation of AODV damaged by the presence of black hole node
in existing settled network. It sends the fake adversary
information packets may be RREQ or RREP to all of its
neighbor nodes. Malicious node easily disrupts the functioning
of the routing protocol and makes at least part of the network to
crash.
This research is mainly concentrates in the advantages of using
the trust values of every node. By computing trust levels from
the inherent knowledge present in the network, the
trustworthiness of the route can be computed. So that we can
easily identified the misbehaving nodes.
The remainder of this paper is organized as follows: this paper is
focused on introducing a trust model suitable for application to
ad hoc networks. In section 2, we discuss the black hole attack in
AODV routing protocol. Section 3 describes some relevant
previous solutions for black hole attacks. In section 4, we
illustrate the trust model in detail. In section 5, we describes our
proposed modified secured AODV routing protocol and rest of
the paper consist of an results in section 6 and conclusion in
section 7.

2. BLACK HOLE ATTACK AGAINST AODV

The Ad Hoc On Demand Distance Vector (AODV)
algorithm enables dynamic, self starting, multi hop routing
between participating mobile nodes wishing to establish and
maintain an Ad Hoc network. AODV establishes routes only as
desired by source node using route request (RREQ) and route

reply (RREP) messages. When a source node wants to send

packets to a destination node but cannot find a route in its routing
table, it broadcasts RREQ messages to its neighbors. Its
neighbors then rebroadcast the RREQ message to their
neighbors, if they do not have a fresh enough route to the
destination node. This process continues until the RREQ
messages reach the destination node or an intermediate node with
fresh sequence number updates its reverse route to the source
node. When source or intermediate node receives a RREP
message either from the destination or the intermediate node, it
updates its routing table to the destination node. After selecting
and establishing a route, it is aintained by route maintenance
procedure until either the destination becomes inaccessible along
every path from the source or the route is no longer desired.
Normal behavior of AODV routing protocol described in Figure.
(a), 1(b).
A Black Hole has two properties; first the node exploits the ad
hoc routing protocol, such as AODV to advertise itself as having
a valid route to a destination node, even though the route is
spurious, with the intention of intercepting packets. Second, the
nodes consume the intercepted packets. In flooding based
protocol, if the malicious reply reaches the source node before
the reply (RREP) from the actual node, a forged route has been
created. The disrupted AODV routing protocol with Black Hole
node activity explained in Figure. 2. Black Hole attacks in
AODV protocol routing level can be classified into two
categories; RREQ Black Hole attack and RREP Black hole

a
Figure. 1 fb): Normal AODV Route
Establishment

The second solution proposed by Yoo and Park on the year 2004
as two different solutions. They are as follows; ? Redundant
Route Method ? Exploits Packet Sequence No Method Both of
them have its, own advantages and disadvantages. In the first

i i
d
Figure.

Normal AODV Route Establishment

attack. In this way, the malicious node can easily misroute a lot
of traffic itself and could cause an attack to the network with
very little effort on its part.

3. EXISTING METHODS TO SOLVE

BLACK HOLE ATTACK
The first proposed solution introduced by Deng with two
additional control packets excluding RREQ, RREP in AODV
routing protocol. The fake RREP originated by Black hole node
followed by source initiated RREQ identified by further checkup
the route by the source node in different direction. For this route
further checkup, the modified AODV require additional two
control packets, such as urtherReq, FurtherRep between the
source node and the next immediate neighbor node of the Black
hole node. The next immediate node is mentioned by Black hole
ode at the time of passing RREP to the source. (The source node
gets the actual information from this next hop node through the
CheckResult field in urthetRep packet by making different route
to the next hop node.) Source node makes different route to the
nexthop node and gets the actual information through the
CheckResult field that is in FurtherRep. Packet. The
disadvantages of this solution are, this is not working in the case
of multiple, co-ordinate black hole nodes. This is overhead
processing method. It takes more time to establish a route
between two different nodes in the ad hoc networks.

method, redundant route discovery method the source node

needs atleast three different route to the same destination. After
broadcast RREQ by the source, it just wait until receives more
than one RREP from different nodes for the same destination.
Then the sender node checks the Authenticity of every node
those who are responding RREQ. Source extracts the full path to
destination for each RREP, if two or more of these nodes must
have some shared hops, then the source can recognize the safe
route to the destination. If no shared nodes appear in these
redundant routes, the sender will wait for another RREP until a
route with shared nodes identified or route time expired.
Surely, this method takes long time to makes the connection
between source and destination. Because of the time taken for
waiting many RREP by source and also the time delay needed
for processing these received RREP by source. Another one main
point is, if no such shared hops exists, then the packets will
never been sent even in possible cases.
In the second one, Exploits the sequence no scheme, the packet
sequence no plays a vital role to make the safe route from source
to destination. This method requires two more tables for every
node in the networks. First table consists of the sequence no of
last packet sent to every node in the network. Second table

consists of the sequence no of received packets from every

sender in the network. During RREP, the intermediate or
destination node must include the sequence no of last received
packet from the same source. Once the source receives this
RREP, it will extract the last sequence no and then compare its
value from the first table of the source. If it matches then the
transmission will be take place. Else this replied node is
malicious and send alarm to entire network. Last packet
sequence number for received and transmitted tables are updated
during each packet transmission and arrival.
This method is the fast and reliable way to identify suspicious
reply and node. But the main drawback of this method is, how
long we should maintain these two table's sequence numbers?.
Extra storage space is needed for maintaining the sequence no
similar to route cache in DSR routing protocol.
At last, sequence no is not only enough to identify malicious
node in ad hoc networks. For example, consider the following
situation, in this case this method is not completely trusted. If
the alicious node already exists in the network then previously it
may be received some packets from the source or its neighbors.
Still the source or its neighbors does not know about its
misbehaving activities. Once again the source wants to make a
connection to some destination, then it will broadcasts RREQ
message to its neighbors. If the malicious node receives RREQ
message, then it can start to send fake advertised RREP message
to source. Already the malicious node has the sequence no of last
received packets from the same source, it can send the fake
RREP with this sequence no to the source. After receiving the
RREP, the source extracts this packet and checks the specified
sequence no from its first routing table. Obviously, that sequence
no is there. Then the malicious node accepts by the source node
as a normal node, then automatically establish connection
through this node. As a result the passing packets through this
route is lost or interpreted. So that the sequence no is only
enough factor to suspect malicious node.

4. TRUST MODEL
Our trust model is an adaptation of the trust model by Marsh
configured for use in ad hoc networks. Marsh's model computes
situational trust in agents based upon the general trust in the
trustor and in the importance and utility of the situation in which
an agent finds itself. General trust is basically the trust that one
entity assigns another entity based upon all situations. Utility is
consider similar to knowledge so that an agent can weigh up the
costs and benefits that a particular situation
holds.Importance caters for the significance of a particular
situation to the trustor based upon time. In order to reduce the
number of variables in our model, we merge the utility and
importance of the situation into a single variable called weight,
which in turn increases or decreases with time.

4.1. Trust Derivation

We compute the trust in our model based upon the information
that one node can gather about the other nodes in passive mode.
I.e. without requiring any special interrogation packets. Vital
information regarding other nodes can be gathered by
analyzing the received, forwarded and overheard packets if
appropriate taps are applied at different protocol layers. Possible
events that can be recorded in passive mode are the measure and
accuracy of:

? Frames received ? Data

packets forwarded ? Control
packets forwarded ? Data
packets received ? Control
packets received ? Streams
established ? Data forwarded ?
Data received
The information from these events is classified into one or more
trust categories. Trust categories signify the specific aspect of
trust that is relevant to a particular relationship and are used to
compute trust in another node in specific situations.

4.2. Trust Computation

Trust computation involves an assignment of weights to the
events that were monitored and quantified. The assignment is
totally dependent on the type of application demanding the trust
level and varies with state and time. All nodes dynamically
assign these weights based upon their own criteria. These
weights have a continuous range from 0 to +1 representing the
significance of a particular event from unimportant to most
important. We define this trust T value, in node y (suspected
node), by node x (NextHop node), as T x(y) value is given by the
following equation:
Tx(y) = _ [ Wx(i) x Tx(i) ]
i=1
where Wx(i) is the weight of the ith trust category
to x
and Tx(i) is the situational trust of x in the ith trust
category. The total number of trust categories n is dependent on
the protocol and scenario to which the trust model is being
applied.

5. PROPOSED SOLUTION TO BLACK

HOLE ATTACK
The Packets sequence number is not only enough to identify the
misbehaving node and makes the safe route between nodes in the
ad hoc networks. In Yoo's method, the middle misbehavior node
can't be clearly determined. Because some malicious nodes
previously have the last packet received sequence number from
the valid source node. The sequence no is not updated in this
case. For this flaw, in most of the situations the malicious node
may be accepts as a normal node by the initiator of the desired
route.
For avoid this problem, we use the trust model techniques with
some condition to identify the black hole node in ad hoc
network. Regarding this node trust value evaluation purpose, we
introduce two new control messages with the implementation of
AODV routing protocol. These messages are, Trust Request
(TrustReq.) and Trust Response (TrustRes.). Finally, we can
establish a safe route between any sources to destination without
any malicious activities. This method is only pplicable when it is
needed i.e.) suspected situations in the network, because of its
high processing time and memory space.

5.1. Steps involved in Modified AODV routing

protocol:

1) Source broadcast RREQ message to its neighbors for

establish the connection to desired
destination.
2) The node, which has the shortest path to
destination or fresh (latest) sequence no than
RREQ message, sends RREP with its NextHop
node detail to source.
3) Source sent TrustReq message to NextHop node
through different route.
4) NextHop node returns TrustRes packet
to source.

5)

Source checks the Trust value information about the

suspected node and also checks the time when this
information is last updated.
6) Source always takes latest updated TrustRes packet's
information.
7) If trust value Tx(y) is in acceptable level, then source
immediately establish a connection to that intermediate
node or suspected node.
8) Otherwise, we concluded the intermediate node or
suspected node is malicious node for the past few seconds
or hours. (Latest information).
9) And also the system also sends warning alarm to entire
ad hoc networks like this suspected or
intermediate node is a black hole node.

mi-mi

bhd

Figure. 2(a): Broadcast of RRFJQ & RREP

IM

Sill IM >

7. CONCLUSION
A TmsiRep
" TnistRi
^H-HH

BH

Figure. 2(b): Broadcast of TrustReq & TruslRep

The diagrammatic representation of this modified AODV routing

protocol is in Figure. 2(a), Figure. 2(b).. The advantage of this
method is the latest information always used for further checkup
purpose. The trust value information is always valuable than
sequence number. So this method is so accuracy than the
previous techniques. It can easily identify the middle
misbehavior node.

6. SIMULATION RESULT
Simulation of this modified protocol performed using the
famous simulator NS-2. This bellow graph gives the comparison
results between normal AODV protocol with and without black
hole attack and modified protocol with black hole attack. We
evaluate normal AODV working performance with the presence
of single Black Hole node. This modified AODV protocol gives
the accepted performance and also it sends alarm message to
every node in the network if the malicious node was identified.

We have presented here, a novel approach against the Black hole

attack on the AODV routing protocol. This modified AODV
routing protocol establishes a safe route between any pair of
nodes in the ad hoc networks and also we are effectively
determined Black hole node in the networks. Instead of
cryptographic system, our proposed method based on trust value
system to make the trustworthiness connection. This security
agent or malicious node detection system uses at right time to
isolate the Black hole node from the normal behavior node. The
trust value information passed by additional newly identified
messages TrustReq, TrustRep from one node to another. This
trust value level information is evaluated by source node and
then starts to make the connection to the desired destination.
This trust information gives the complete behavior of the
suspected node during the past times. This method is higher level
of accuracy than the other proposed solution. Black hole attacks
for AODV routing protocol are used to test and analyze the
efficiency of our security scheme. Simulation results show that
Black hole attacks have great impact on network performance.
Our security scheme can efficiently detect and block the attacks
to make network performance recover to normal level quickly.
The research about the attack and security scheme for AODV
routing protocol is meaningful to ad hoc network security and
application in future.

REFERENCES
[1] Asad amir and Chris McDonald, "Establishing Trust in
Pure Ad Hoc Networks", Australian Computer Society,
2004.

[2] Mohit Virendra, Chandrasekaran and Padhayaya,

"Quantifying Trust in Mobile Ad Hoc Networks".

[3] J.Hass, Papadimitratos, "Secure Routing for Mobile

Distance Vector (SAODV) Routing". IETF Internet
Draft,
draft-guerrero- manet-saodv-00.txt, August
Ad Hoc Networks", Proceeding of the SCS
Communication Networks & Distributed System
Modeling conference, 2002.
[4] Zhang, Lee, "Intrusion Detection in wireless Ad hoc
Networks" , Mobicon 2000.
[5] Mohd Al Shurman and Yoo, Park, "Black Hole Attack in
Mobile Ad hoc Networks", ACMSE 2004.
[6] Sanjay Ramaswamy and Fu, Dixson, "Prevention of
Cooperative Black Hole Attack in Wireless Ad Hoc
Networks".
[7] M.Royer and Perkin, "An implementation study of the
AODV Routing Protocol".
[8] M.Royer and Perkin, "Ad hoc On Demand Distance Vector
Routing", Internet Draft, Nov 2002.
[9] Zhou, J.Haas, "Securing Ad Hoc Networks", IEEE Network
Magazine , vol.13, Nov/Dec. 1999.
[10] Manel Guerrero Zapata. "Secure Ad hoc On- Demand

2001