Detection and Prevention of Single and Cooperative Black Hole Attacks in Mobile Ad Hoc Networks

A Mobile Ad hoc Network (MANET) is a collection of wireless computers (nodes) communicating over multihop paths, without infrastructures such as base stations and access points. Nodes must cooperate to provide necessary network functionalities. The Dynamic Source Routing (DSR) protocol is a principal routing protocol in MANET, where security can be compromised by a “Black Hole” attack. In this attack, a malicious node claims to have the shortest path to the destination and attracts all traffic and drops all packets sent for forwarding, leading to performance degradation in the network. The situation becomes even more severe when two or more nodes cooperate and perform an attack called the “Cooperative Black Hole” attack. This article proposes a solution based on probing to identify and prevent such attacks. The proposed solution discovers a secure route between the source and destination by identifying and isolating both single and cooperative black holes, making the MANET resistant against such attacks. Simulation results show that the protocol provides better security and performance in terms of detection time, packet delivery ratio and false negative probability in comparison with trust and probe based schemes. DOI: 10.4018/jbdcn.2010010103 International Journal of Business Data Communications and Networking, 6(1), 38-57, January-March 2010 39 Copyright © 2010, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. cooperation amongst the nodes. Nodes help each other in conveying information about the topology of the network and share the responsibility of managing the network. Hence in addition to acting as hosts, each mobile node does the function of routing and relaying messages for other mobile nodes (Deng et al., 2002; Milanovic et al., 2004). All network activities, such as discovering the topology and delivering data packets, have to be executed by the nodes themselves, either individually or collectively. There are two types of MANETs: closed and open (Miranda & Rodrigues, 2002). In a closed MANET, all mobile nodes cooperate with each other towards a common goal, such as emergency search/rescue or military and law enforcement operations. In an open MANET, different mobile nodes with different goals share their resources in order to ensure global connectivity. However, some resources are consumed quickly as the nodes participate in the network functions. For instance, battery power is considered to be most important in a mobile environment. An individual mobile node may attempt to benefit from other nodes, but refuse to share its own resources. Such nodes are called selfish /misbehaving nodes and their behavior is termed selfishness/misbehavior (Miranda & Rodrigues, 2002). One of the major sources of energy consumption in the mobile nodes of MANETs is wireless transmission (Rerney & Nilsson, 2001). A selfish node may refuse to forward data packets for other nodes in order to conserve its own energy. A node may misbehave because it is overloaded, broken, compromised or congested in addition to intentionally being selfish/malicious (Yang et al., 2006; Hubaux et al., 2001). Misbehavior can be divided into two categories (Yang et al., 2006): routing misbehavior (failure to behave in accordance with a routing protocol) and packet forwarding misbehavior (failure to forward the packets). Our approach consists of an algorithm that enables packet forwarding misbehavior detection. A single black hole attack (Papadimitratos & Haas, 2002) is a specific type of attack, where a malicious node injects false route replies to the route requests it receives by advertising itself as having the shortest path to a destination. These fake replies can be fabricated to divert network traffic through the malicious node for eavesdropping, or simply to attack all traffic to it in order to perform a denial of service attack by dropping the received packets. In a cooperative black hole attack two or more nodes cooperate amongst themselves and when a packet is forwarded to any of these nodes they collude with each other and drop it. Since the nodes cooperate with each other they do not reveal the identity of the node that actually drops the packet to the external world and thus the trust information given by these would be a fake one. So the identification of such an attack is even more difficult. Our article proposes a novel approach to detect both the single and cooperating black hole nodes and to remove them from further routing path to improve the network’s performance. The rest of the article is organized as follows: Section 2 gives the state of the art, Section 3 presents the model and the assumptions related to this work, the algorithm is described in section 4, simulation results are given in section 5 and section 6 concludes the article with the future scope.