This document proposes a solution to detect and remove black hole attacks in mobile ad-hoc networks. It begins by describing the black hole attack problem, where a malicious node pretends to have routes to destinations and absorbs network traffic. It then presents a detection technique that involves: (1) making the requesting node wait for multiple route replies instead of immediately sending data, (2) storing the replies in tables to compare sequence numbers and times, and (3) repeating the route discovery with a different destination to obtain multiple reply tables to identify inconsistencies that reveal black hole nodes. This proposed solution aims to identify black holes and find safe routes that avoid them.

1. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 6, August 2012
Detection/Removal of Black Hole Attack in
Mobile Ad-Hoc Networks
Sandeep Lalasaheb Dhende1, Prof. Mrs. D. M. Bhalerao2
Department of E&TC, Sinhgad College of Engg., Pune, India.
technique to identify black attack and a solution to
Abstract- The inherent features (such as-open medium, discover a safe route avoiding black hole attack.
dynamically changing network topology, lack of
centralized monitoring and management point, and lack II. BLACK HOLE ATTACK PROBLEM
of a clear line of defense) of the MANET make it
vulnerable to a wide range of attacks. There is no In an ad hoc network that uses the DSR/AODV
guarantee that a communication path is free from protocol, a black hole node pretends to have a fresh
malicious or compromised nodes which deliberately enough routes to all destinations requested b all the
wish to disrupt the network communication. So nodes and absorb the network traffic.
protecting the mobile ad-hoc network from malicious
attacks is very important and challenging issue. In this When source node broadcasts the RREQ message
paper we address the problem of packet forwarding
misbehavior and propose a mechanism to detect and
for any destination, the black hole node immediately
remove the black attack. responds with the RREP message and with next hope
details. This message is perceived as, if it is coming
Keywords: ad hoc networks, black hole, security, from the destination or from a node which has a fresh
routing, AODV enough route to the destination. The source node
assume that the destination is behind the black hole
I. INTRODUCTION node and next hope node and perceives the other
RREP packets with next hope node coming from
Ad hoc network is a wireless network without other nodes [5].
having any fixed infrastructure. Each mobile node in
an ad hoc network moves arbitrarily and acts as both
a router and a host [1]. A wireless ad-hoc network
consists of a collection of "peer" mobile nodes that
are capable of communicating with each other
without help from a fixed infrastructure. The
interconnections between nodes are capable of
changing on a continual and arbitrary basis. Nodes
within each other's radio range communicate directly
via wireless links, while those that are far apart use
other nodes as relays. Nodes usually share the same
physical media; they transmit and acquire signals at
the same frequency band. However, due to their
inherent characteristics of dynamic topology and lack
of centralized management security, MANET is
vulnerable to various kinds of attacks [2]. Black hole Figure 1. Propagation of RREQ and RREP from A to E
attack is one of many possible attacks in MANET.
Black hole attack can occur when the malicious node The source node then start to send out its data
on the path directly attacks the data traffic and packets to the black hole node and after small time
intentionally drops, delay or alter the data traffic interval to the other node, trusting that these packets
passing through it [3] [4]. There is lots of detection will reach to the destination either by one link [6].
and defense mechanisms to eliminate the intruder that
carry out the black hole attack. We present a In the following illustrated Figure 2, imagine a
malicious node „M‟. When node „A‟ broadcast a
12
All Rights Reserved © 2012 IJARCSEE

2. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 6, August 2012
RREQ packets, nodes „B‟ „D‟ and node „M‟ receives
it. Node „M‟ being a malicious node does not check
up with its routing table for the requested route to
node „E‟.
Hence, it immediately sends back a RREP packet,
claiming a route to the destination. Node „A‟ receives
the RREP from „M‟ ahead of the RREP from „B‟ and
„D‟.
Node „A‟ assumes that the route through „M‟ is the
shortest route and sends any packet to the destination
through it. When the node „A‟ sends data to „M‟, it
absorbs all the data and thus behaves like a „Black
hole‟. However in that solution next hope also
behaves as a malicious node they cannot identify it.
Figure 3. Detection of Black hole
According to this proposed solution the requesting
node without sending the DATA packets to the reply
node at once, it has to wait till other replies. After
receiving the first request it sets timer in the „Timer
Expired Table‟, for collecting the further requests
from different nodes. It will store the „Sequence
Figure 2. Black hole attack in AODV
number, and the time at which the packet arrives, in a
first „Collect Route Reply Table‟ (CRRT).
III. SOLUTION After the timeout value, we considered another
destination node D1 in same network to repeat route
We proposed a solution that is an enhancement of establishment process to collect route replies from
the basic AODV routing protocol, which will be able same nodes in second „Collect Route Reply Table‟
to avoid and detect black holes. To reduce the (CRRT). Here we can obtain two different „Collect
probability it is proposed to wait and check the Route Reply Table‟ (CRRT) because of two route
replies from all the neighboring nodes to find a safe establishment process as shown below.
route.
Table 1. Routing details
Source Reply Destination
s M D
s 1 D
s 2 D
13
All Rights Reserved © 2012 IJARCSEE

3. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 6, August 2012
Table 2. Routing details According to this proposed solution we considered
another destination node D1 in same network, to
Source Reply Destination repeat route establishment process to collect route
replies from same nodes in second „Collect Route
s M D1 Reply Table‟ (CRRT). Which shows, if S wants to
transmit to D1. So it first transmits the route request
to all the neighboring nodes. Here node 1, node M
s 2 D1 and node 2 receive this request. The malicious node
has no intention to transmit the DATA packets to the
s 1 D1 destination node D but it wants to intercept/collect
the DATA from the source node S. So it immediately
replies to the request as M. Instead of transmitting the
DATA packets immediately through M, S has to wait
Now compare first route reply from both the for further reply from the other nodes. After some
„Collect Route Reply Table‟ (CRRT), if we found the time it will receives the reply from node 1 as 1 and
same node replying very firstly in two different route node 2 as 2 as shown in table.
establishment processes then such node can be Table 3. Routing details
malicious node. Then we can choose second route
reply from first routing table for further Source Reply Destination
communication as shown below.
S M D
S 1 D
s 2 D
Table 4. Routing details
Source Reply Destination
Figure 4. Solution to Black hole s M D1
Thus Black hole attacks can greatly be detected and s 2 D1
reduced and DATA packets can be transmitted along
with chosen path.
s 1 D1
IV. WORKING PRINCIPLE of AODV
In the above figure 3, S wants to transmit to D. So
it first transmits the route request to all the Now compare first route reply from both the
neighboring nodes. Here node 1, node M and node 2 „Collect Route Reply Table‟ (CRRT), if we found the
receive this request. The malicious node has no same node replying very firstly in two different route
intention to transmit the DATA packets to the establishment processes then such node can be
destination node D but it wants to intercept/collect malicious node. Then we can select second route
the DATA from the source node S. So it immediately reply from first routing table for further
replies to the request as M. Instead of transmitting the communication as shown below.
DATA packets immediately through M, S has to wait
for further reply from the other nodes. After some
time it will receives the reply from node 1 as 1 and
node 2 as 2.
14
All Rights Reserved © 2012 IJARCSEE

4. ISSN: 2277 – 9043
International Journal of Advanced Research in Computer Science and Electronics Engineering
Volume 1, Issue 6, August 2012
Attacks in AODV Based MANET”, International
Journal of Computer Science Issues, Vol.2 2009.
[9] Kejun Liu, Jing Deng, “An Acknowledgment Based
Approach for the Detection of Routing MIsbahavior in
MANETS, IEEE Transaction in Mobile Computing,
Vol. 6, Vol. 5, May 2007.
[10] Satyajayant Misra, Kabi Bhattarai, Guoliang Xue,
“BAMBi: Blackhole Attacks Mitigation Multiple Base
station in Wireless Sensor Networks”, 2007
IEEE.
Figure 5. Prevention of Black hole
V. CONCLUSION AND FUTURE WORK
According to the proposed solution the required
security in MANET can be achieved with minimum
delay and control overhead and simultaneously we
can detect the Black hole attack and transmit DATA
packets to the destination.
As future work, we intend to develop simulations to
analyze the performance of the proposed solution.
REFERENCES
[1] Latha Tamilselvan, Dr. V Sankaranarayanan,
“Prevention of Black hole Attacks in MANET”, The
2nd international Conference on Wireless Broadband
and Ultra Wideband Communications, 2007 IEEE.
[2] N. Bhalaji, Dr. A Shanmugam, “Assosiation Between
Nodes to Combat Blackhole Attacks in DSR Based
MANET”, 2009 IEEE.
[3] Mehdi Medadian, M. H. Yektaie, A. M. Rahmani,
“Combat with Blackhole Attack in AODV Routing
Porotocol in MANET”, 9th Malaysia International
Conference on Communication, 15-17 December
2009.
[4] Yanzhi Ren, Mooi Choo Chuah, Jiee Yang Yingying
Chen, “Detecting Blackhole Attacks in Disruption-
Tolerant Networks through Packet Exchange
Recording”, 2010 IEEE.
[5] Jaydip Sen, Sripad Koilakoda, Arijit Ukil, “A
Mechanism for Detection of Cooperative Blackhole
Attack in Mobile Adhoc Networks”, 2nd International
Conference on Intelligent Systems Modeling and
Simulation, 2011.
[6] Saurabh Gupta, Subrat kar, S Dharmaraja, “BAAP:
Blackhole Attack Avoidance Protocol for Wireless
NEtworks”, International Conference on Computer
and Communication Technology, 2011.
[7] Lalit Himral, Vishal Vig, Nagesh Chand, “Preventing
AODV Routing Protocol from Blackhole Attack”,
International Journal of Engineering, Science and
Technology, May 2011.
[8] Payal N. Raj, Prashant B. Swadas, “DPRAODV: A
Dynamic Learning System Against blackhole
15
All Rights Reserved © 2012 IJARCSEE