Comparative Study of Different Network Attacks Over AODV...
Transcript of Comparative Study of Different Network Attacks Over AODV...
Comparative Study of Different Network Attacks Over AODV in MANET
Shraddha Dubey Student M. Tech. CSE
Kamla Nehru Institute of Engineering &
Technology
Sultanpur (U.P.), India
e-mail: [email protected]
R. K. Singh Associate Professor, CSE department
Kamla Nehru Institute of Engineering &
Technology
Sultanpur (U.P.), India
Abstract:
Due to the non-infrastructural nature of mobile ad-
hoc networks that exhibits insecure environments,
makes them vulnerable to attacks. The inbuilt
features e.g. dynamically varying network
topology, lack of centralized monitoring and
management of the MANET, makes it exposed to a
wide range of attacks. There is not a single way to
determine whether a communication path is free
from malicious nodes (which interrupts the network
communication intentionally) or not. So defending
the mobile ad-hoc network from malicious attacks
is most important and challenging issue. In this
paper we deal with the problem of packet
forwarding misbehavior and study the effect of
different attacks on AODV (Ad-hoc On-demand
Distance Vector) routing since it is a mostly
accepted network routing protocol for Mobile
Adhoc Network (MANET).
Keywords: MANET; blackhole attack; grayhole
attack
1.Introduction:
MANETs (collection of wireless nodes) have a
dynamically varying topology. In MANET, nodes
are usually illustrated by their higher degree of
mobility as well as limited wireless transmission
range for a particular node. Nodes that are in
transmission range of each other are called
neighbors. Neighbors can communicate directly to
each other. However, when a node needs to
communicate to another node, which is not in its
transmission range then the data is routed through a
sequence of multiple hops, with intermediate nodes
acting as routers. Therefore, the transmission range
of each node is extended by multi-hop packet
forwarding mechanism. Thus, the majority of
applications of MANETs are in areas where rapid
deployment and dynamic reconfiguration are
necessary and wired network is not available. Some
application of MANET technology could include
industrial and commercial. It also includes military
wars, emergency/rescue operations, and in PAN
(personal area network) related applications where
various mobile devices e.g. Laptop, cellular
phones, PDA (personal digital assistance) etc.
exchange information dynamically. But, due to
lack of any centralized infrastructure that can
monitor or manage the functions of MANET, it is
more vulnerable to different types of passive and
active attacks than that of any wired or wireless
network.
In this paper we will analyze the effect of the black
hole attack and grayhole attack over MANET using
AODV protocol. We will also compare the
vulnerability of blackhole attack and grayhole
attack. In order to secure Mobile Ad-hoc network
against these attacks, one should first study the
behavior of these attacks in particulars.
2. Ad-hoc On Demand Vector (AODV)
Routing Protocol:
AODV combines some features of both DSR and
DSDV. It uses routing tables for maintaining route
information. It is a reactive protocol and therefore
do not maintain routes to nodes that are not
communicating. Instead it uses route discovery
process to handle with routes on-demand basis.
AODV handles route discovery process with Route
Request (RREQ packet) messages. This request
message (RREQ packet) is broadcasted to neighbor
nodes. The packet is flooded through the entire
network until the ultimate target or a node knowing
collision free route is reached. Sequence numbers
are used to gives surety of freedom from loops.
RREQ (packet) message cause intermediate
node(s) through which RREQ has been flown
successfully, to allot route table entries for down-
route. The target node unicast a Route Reply
(RREP packet) message reverse to the source node.
Node transmitting a RREP (packet) message
creates routing table entries for up-route. For route
maintenance nodes periodically broadcasts HELLO
messages (beacons) to neighboring nodes that helps
in removing the stale routing information and keep
the route up-to-date. If a node fails to receive three
successive HELLO messages from a neighbor, it
concludes that connection to that particular node is
broken. A node that detects a down-link sends a
Route Error (RERR packet) message to any
upstream node. When a node receives a RERR
message it will point toward a new source
Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26
22
ISSN:2249-5789
discovery process [1]. Fig. 1 shows the AODV
routing protocol with RREQ and RREP messages.
Figure 1. AODV with RREQ & RREP messages
The packet formats for the RREQ, RREP and
RERR are illustrated in table 1, 2 and 3
respectively [2].
Table 1. RREQ Packet Format
Type J R G D U Reserved Hop
Count
RREQ Id
Destination IP Address
Destination Sequence Number
Original IP Address
Original Sequence Number
Table 2. RREP Packet Format
Table 3. RERR Packet Format
3. Attacks in MANET:
MANETs are often suffering from security
attacks because of its features like open
medium, unstable topology, absence of central
monitoring and management, and lack of
security mechanism. These attacks are broadly
categorized as Active and Passive attacks.
Fig. 2 below depicts the classification of
different kind of major networking attacks in
MANET.
Figure 2. Classification of attacks in MANET at network layer
In active attack, the intruder interrupts the routine
of the network, misuse important information and
try to devastate the data during the exchange in the
network. Active attacks can be an internal or an
external attack. Attackers in passive attacks do not
interrupt the typical operations of the network [3].
In passive attack, intruder intercepts data traveling
throughout the network.
4. Details of Black Hole Attack and Gray
Hole Attack:
In Black hole attack, attacker never deals its correct
control messages firstly. Instead, it waits for
neighboring nodes’ RREQ messages. When the
attacking node receives an RREQ message, it
instantly sends a fake RREP message proposing a
route to target node through itself, and allotting a
higher sequence number to resolve the routing table
of the source node, even without checking its
routing table. It does it before other nodes send a
correct RREP, i.e. the malicious node uses its
routing protocol in order to advertise itself for
having the shortest path to the target node or to the
packet it wants to seize. In this way malicious node
will always have the accessibility in replying to the
route request and thus catch the data packet and
keep it. Therefore source node assumes that route
discovery process is completed and ignores other
RREP messages and begins to send data packets
over malicious node. [4][5] A Gray Hole may reveal its malicious performance
in different ways. It could merely drop packets
networking attack
active attack
black-hole attack
gray-hole attack
rushing attack
spoofing
man-in-middle
passive attack
wire-tapping
port-scanner
Type R A Reserved Prefix
Size
Hop
Count
Destination IP Address
Destination Sequence Number
Original IP Address
Lifetime
Type N Reserved Destination Count
Unreachable Destination IP Address
Unreachable Destination Sequence Number
Additional Unreachable Destination IP Address (If
Required)
Additional Unreachable Destination Sequence Number (If
Required)
Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26
23
ISSN:2249-5789
coming from or going to particular node(s) in the
network while forwarding all the other packets for
other nodes. In another type of Gray Hole attack, a
node behaves maliciously for some specific time
interval by dropping packets but may alter to
normal actions later. A Gray Hole may also
demonstrate a performance which is a mixture of
the above two, thereby making its recognition even
more complex. [5][6]
5. Simulation Procedure:
In order to achieve the black-hole attack and gray-
hole attack over AODV, we modified the following
functions in aodv.cc and thereby a new AODV is
written that uses original AODV packet and
exhibits the same functions as that of original
AODV except the following functions:
“recv” and “sendReply”.
The major modification is carried out as follows:
[6]
(i) If the received packet is a management packet,
then for black-hole attack, the fake Route
Reply is generated with the highest sequence
no. to the source node and hop count is set to
1.
(ii) If the received packet is a data packet, then
behaving as a black-hole or gray-hole attack it
drops all data packets as long as the packet
does not come to itself.
After that, the new AODV is implemented in the
NS2 package using changes required for attaching
new agent for the new protocol. It is done by
making appropriate changes in ns-lib.tcl file and
lastly makefile is changed to achieve new object
files for new AODV. And at last the execution of
“make” command is used to compile the NS folder
with the new AODV with attack.
All the simulations are made using NS2.
The simulation is carried out under different node
densities (1 to 5 nodes) of malicious nodes
separately for black-hole and gray-hole attack with
total no. of 50 nodes. The Random way-point
mobility model is used and the traffic is generated
through CBR (constant bit rate) with packet size
512 and rate 100kb. The no. of source and
receiving nodes are 5 for each. The network
parameters for the simulation are given as shown in
table 4 below:
Table 4. Simulation Parameters
Topography area 200*200
Mobility model Random way point
Propagation type Two ray ground
Node density 50
MAC type 802.11
Antenna type Omni antenna
Highest antenna 1.0
distCST 106.4
6. Result:
The result includes the comparison of average end-
to-end delay, normalized routing load, packet
delivery ratio (PDR) and average throughput for
both blackhole attack and grayhole attack in
AODV along with AODV without attack.
Average end-to-end delay: It is measured as
the average time taken by packets to reach at
the destination.
Figure 3. Average end to end delay
It is clear from the graph shown in fig. 3 that for
lesser no. of malicious nodes, the end-to-end delay
for blackhole attack is almost quite similar but after
increasing the no. of malicious nodes up to 8%
end-to-end delay for blackhole attack is increased.
But for grayhole attack it does not give any regular
pattern, so it is hard to justify its behavior.
Although in both the attack conditions the average
end-to-end delay are always greater than the
normal AODV condition. It signifies the attack in
AODV.
Normalized Routing Load: It is analyzed by
the ratio of control packets sent to that of
receiving packets.
Figure 4. Normalized Routing Load
0
0.5
1
1.5
2
2.5
3
3.5
1 2 3 4 5
normal AODV
AODV with blackhole attack
AODV with gray hole attack
0
1
2
3
4
5
6
1 2 3 4 5
No
rmal
ize
d r
ou
tin
g lo
ad
-->
No. of malicious nodes -->
normal AODV
AODV with blackhole attack
AODV with grayhole attack
Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26
24
ISSN:2249-5789
The fig. 4 shows the comparison of normalized
routing load for AODV protocol under the above
discussed attacks and without attack. It is clear
from the fig. ix that normalized routing load for
normal AODV protocol is always lesser than the
AODV protocol under attacks. In case of blackhole
attack over AODV, routing load seems to be
constant while 2-6% of malicious nodes but it
increase for the high no. of malicious nodes. But, in
case of grayhole attack over AODV, routing load
increases with the increased no. of malicious nodes.
However, the normalized routing load in case of
grayhole attack is higher than that of blackhole
attack for higher no. of malicious nodes.
Packet Delivery Ratio: It is given by the
ratio of incoming data packets to actual
received data packets.
Figure 5. Packet Delivery Ratio
Fig. 5 shows the comparison of packet delivery
ratios in the context of above described attacks in
AODV with that of normal AODV under different
density of malicious nodes. It is clear from above
fig. 5 that packet delivery ratio for normal AODV
is always higher than the AODV under attacks. It is
also visible that packet delivery ratio is much lesser
in case of grayhole attack than that of blackhole
attack. Also, with the increase in no. of malicious
nodes the packet delivery ratio decreases in both
the cases of attacks.
Average throughput: It is the ratio of total no. of
bits transmitted to that of time taken in
transferringthose bits and is calculated in mbps.
Fig. 6 shows the average throughput for normal
AODV protocol with that of AODV under attack
conditions i.e. either blackhole attack or grayhole
attack. It is obvious form the fig. 6 that throughput
in case of any of the attacks is always lesser than
normal AODV. Moreover, it decreases with the
increase in no. of malicious nodes in any of the
attacking cases. It is also clear from the fig. 6 that
throughput for grayhole attack is much lesser than
that of blackhole attack.
Figure 6. Average throughput
Black hole attack can be determined if we store all
the request replies at source and wait for a
particular time till then. After that, by comparing
the sequence no. of all the request replies, we can
determine the malicious node. And therefore the
entry for malicious node can be removed from the
routing table of source [1]. But for grayhole attack,
the detection of malicious node is still quite a
challenging task, since malicious node only drops
the packets which can be assumed to occur due to
congestion.
7. Future Work:
This paper emphasizes the behavior of black-hole
attack and gray-hole attack over AODV routing
protocol. We could also analyze the impact of these
attacks over other routing protocols as well.
Moreover, we can also enhance some more
functionality to AODV or other routing algorithms
to detect and prevent these attacks.
8. Conclusion:
As we have seen that the black hole attack in
AODV is less vulnerable than that of grayhole
attack. Since it does not propagate any false routing
information, it makes it more complex to determine
the attacking phase as source node may assume the
reason for drop is congestion in network. Therefore
proposing detection and prevention schemes for
grayhole attack is more vulnerable whereas for
black hole attack, it is less cumbersome.
9. References:
[1] Tamilarasan Santhamurthy: “A Comparative Study of Multi-
Hop wireless Ad-Hoc Network Routing Protocols in MANET”,
IJCSI Vol. 8, Issue 5, No 3, September 2011, pp. 176-
184.ISSN(online):1694-0814
0
5
10
15
20
25
1 2 3 4 5
Pac
ket
Del
iver
y R
atio
-->
No. of malicious nodes -->
normal AODV
AODV with grayhole attack
AODV with blackhole attack
0
20
40
60
80
100
120
1 2 3 4 5Ave
rage
th
rou
ghp
ut
-->
No. of malicious nodes -->
normal AODV
AODV with grayhole attack
Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26
25
ISSN:2249-5789
[2] C. Perkins; E. Belding-Royer; S. Das: “Ad-hoc On-Demand
Distance Vector (AODV) Routing”, July 2003
https://www.ietf.org/rfc/rfc3561.txt
[3] C.Wei; L.Xiang; B.yuebin; G.Xiaopeng: “A New Solution
for Resisting GrayHole Attack in Mobile Ad-Hoc Networks,”
Second International Conference on Communications and
Networking in china, VOL.9 No.4, April 2009 pp.366-370
[4] Sherril Sophie Maria Vincent; W. Thamba Meshach:
“preventing black hole attack in manets using randomized
multipath routing algorithm” IJSCE ISSN: 2231-2307, Volume-
1, Issue-ETIC2011, and January 2012 pp. 30-33
[5] Dokurer .S; Y. M. Erten; Can Erkin Acar: “Performance
analysis of ad-hoc networks under blackhole attacks”, Turkey
[6] Usha; Bose: “comparing the impact of blackhole and
grayhole attacks in mobile adhoc networks” Journal of
Computer Science 2012, 8 (11), pp. 1788-1802 ISSN 1549-
3636 (http://www.thescipub.com/jcs.toc
Shraddha Dubey et al , International Journal of Computer Science & Communication Networks,Vol 5(1),22-26
26
ISSN:2249-5789