International Journal of Engineering and Technical Research (IJETR)

ISSN: 2321-0869, Volume-2, Issue-5, May 2014

Simulation and Performance Evaluation of AODV

protocol against Blackhole Attacks in MANET
Khushbu Patel, Prayag Patel

Abstract A mobile ad-hoc network (MANET) is an reactive routing protocols, nodes exchange routing
autonomous wireless network which consists of mobile nodes
that communicate with each other over multi-hop wireless
information when it is needed such as AODV and DSR.
links. Due to the absence of any fixed infrastructure, MANETs Some ad-hoc routing protocols are a combination of the
are unprotected to various types of security attacks. Black hole above two categories which we called as hybrid routing
is one of these attacks. Black hole is a type of routing attack
protocols. The primary goal of such an ad hoc network
where a malicious node advertise itself as having the shortest
path to all nodes in the environment by sending fake route routing protocols are correct and efficient route
reply. By doing this, the malicious node can deprive the traffic establishment between a pair of nodes[3].
from the source node. There are lots of detection and defense
mechanisms to eliminate the intruder that carry out the black
hole attack. Here, a mechanism is proposed for the nodes which
Due to the unique characteristics of MANET, There is no
are deployed in MANETs in order to detect and prevent black centralized gateway device to monitor the network traffic.
hole attacks. We simulated the black hole attack in various Since the medium is open, both legitimate and malicious
wireless ad-hoc network scenarios and have tried to find a
nodes can access it. Moreover, there is no clear separation
response system in simulations. The analysis guides us to the
various performance parameters such as throughput, packet between normal and unusual activities in a mobile
delivery ratio, and number of dropped packets evaluated over environment. Since nodes can move arbitrarily, false routing
different scenarios information can come from a compromised node or a
legitimate node that has outdated information[4].
Index Terms MANET (Mobile ad hoc network),
AODV(On-demand distance vector routing
protocol),Blackhole Attack, IDS(Intrusion detection system The network layer in MANETs is susceptible to
variousattacks viz. eavesdropping with a malicious intent,
I. INTRODUCTION spoofing the control and/or data packets transacted,
A Mobile ad hoc network is a collection of wireless nodes malicious modification/alteration of the packet contents and
that can be dynamically set up ANYWHERE and the Denial-of-service (DoS) attacks -Wormhole attacks,
ANYTIME, without using any pre-existing network
Sinkhole attacks, Blackhole attacks[5]. Here, a mechanism
infrastructure. There are no basic network devices, such as
routers or access points to transfer data among nodes. is proposed for the nodes which are deployed in MANETs in
Instead, each node acts as a router to establish a route and order to detect and prevent black hole attacks.
transfer data by means of multiple hops. Due to the mobility
nature of nodes, the network topology changes rapidly and The rest of the paper is organized as follows: In
erratically over time. MANETs have many potential Section 2, we briefly describe the working of the AODV
applications, like Sensor Networks, Medical Service,
routing protocol, In section 3, we discuss survey of the
Personal Area Network, especially in military and rescue
operations such as connecting soldiers in the battlefield or related work in the area, In section 4, we discuss the
creating a temporary network in place of one, which proposed solution, In Section 5, we describe the simulation
collapsed after a disaster like tsunami [2]. Routing in environment, In Section 6, we describe the simulation
ad-networks has been a challenging task ever since the wire- results and analysis. Finally, we conclude in Section 7 with
less networks came into existence. The major reason for this future scope.
is the constant change in network topology because of high
degree of node mobility [1].
II. THEORETICAL BACKGROUND
The available routing protocols are mainly categorized
into proactive routing protocols, reactive routing protocols
and hybrid routing protocol. In proactive routing protocols,
A. Ad-hoc On-Demand Distance Vector (AODV) Routing
the routing information of nodes is exchanged, sporadically, Protocol
such as DSDV. In

Ad-hoc On-Demand Distance Vector (AODV) [6] Routing

Manuscript received May 06, 2014.
Khushbu Patel, Department of Computer Science Engineering
Protocol is used for finding a path to the destination in an
Department, S.P.B.Patel Engineering College,Gujarat, India.
Prayag Patel, Department of Computer Science Engineering Department,
S.P.B.Patel Engineering College,Gujarat, India.

67 www.erpublication.org
 Simulation and Performance Evaluation of AODV protocol against Blackhole Attacks in MANET

ad-hoc network. To find the path to the destination all

mobile nodes work in cooperation using the routing control Fresh enough means that the intermediate node has a valid
messages. Thanks to these control messages, AODV route to destination formed a period of time ago, lower than
Routing Protocol offers quick adaptation to dynamic the threshold. While the RREQ packet travels through the
network conditions, low processing and memory overhead, network, every intermediate node increases the hop count by
low network bandwidth utilization with small size control one. If an RREQ message with the same RREQ ID is
messages. The most distinguishing feature of AODV received, the node silently discards the newly received
compared to the other routing protocols is that it uses a RREQs, controlling the ID field of the RREQ message.
destination sequence number for each route entry. The When the destination node or intermediate node that has
destination sequence number is generated fresh enough route to the destination receive the RREQ
by the destination when a connection is requested from it. message they create an RREP message and update their
Using the destination sequence number ensures loop routing tables with accumulated hop count and the sequence
freedom. AODV makes sure the route to the destination does number of the destination node.
not contain a loop and is the shortest path. Afterwards the RREP message is unicasted to the source
Route Requests (RREQs), Route Replay (RREPs), Route node. The difference between the broadcasting an RREQ and
Errors (RERRs) are control messages used for establishing a unicasting RREP can be seen from Figures 1 and 2. While
path to the destination, When the source node wants to make the RREQ and the RREP messages are forwarded by
a connection with the destination node, it broadcasts an intermediate nodes, intermediate nodes update their routing
RREQ message. This RREQ message is propagated from the tables and save this route entry for 3 seconds, which is the
source, received by neighbors (intermediate nodes) of the ACTIVE_ROUTE_TIMEOUT constant value of AODV
source node. The intermediate nodes broadcast the RREQ protocol. Thus the node knows over which neighbor to reach
message to their neighbors. This process goes on until the at the destination. Figure 2 shows how the RREP message is
packet is received by destination node or an intermediate unicasted and how the route entries in the intermediate
node that has a fresh enough route entry for the destination. nodes are updated.
Figure 1 shows how the RREQ message is propagated in an
ad-hoc network.

68 www.erpublication.org
 International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-2, Issue-5, May 2014
Fig.1 Propagation of the RREQ message

Fig.2 Unicasting the RREP message

number of the node reaches the possible highest sequence

B. Sequence Numbers
number, 4294967295, then it will be reset to zero (0). If the
results of subtraction of the currently stored sequence number
Sequence Numbers serve as time stamps and allow nodes to in a node and the sequence number of incoming AODV route
compare how fresh their information on the other node is. control message is less than zero, the stored sequence number
However when a node sends any type of routing control is changed with the sequence number of the incoming control
message, RREQ, RREP, RERR etc., it increases its own message.
sequence number. Higher sequence number is more accurate
information and whichever node sends the highest sequence
number, its information is considered and route is established C. Black Hole Attack
over this node by the other nodes. The sequence number is a Black Hole Attack is briefly explained in the previous
32-bit unsigned integer value (i.e., 4294967295). If the Chapter. In this Chapter we shall explain it in more detail as
sequence we have already explained the AODV protocol.

69 www.erpublication.org
 Simulation and Performance Evaluation of AODV protocol against Blackhole Attacks in MANET

Fig. 3 Illustration of Black Hole Attack

In an ad-hoc network that uses the AODV protocol, a Black table, and discard the RREPs having a very high destination
Hole node absorbs the network traffic and drops all packets. sequence number. Every node in the network maintains a
To explain the Black Hole Attack we added a malicious node table called Mali_node for storing the malicious node details
that exhibits Black Hole behavior in the scenario of the to isolate the malicious node in the network. Moreover, in
figures of the previous section. order to maintain freshness, the Cmg_RREP_Tab is flushed
once an RREP is chosen from it. However, this solution fails
In this scenario shown in Figure 3, we assume that Node 3 is to detect co-operative black hole attack and it has high
the malicious node. When Node 1 broadcasts the RREQ processing delay.
message for Node 4, Node 3 immediately responds to Node 1
with an RREP message that includes the highest sequence In [8] authors proposed have proposed the method
number of Node 4, as if it is coming from Node 4. Node 1 DPRAODV (A dynamic learning system against black hole
assumes that Node 4 is behind Node 3 with 1 hop and attack in AODV based MANET) to prevent security of black
discards the newly received RREP packet come from Node 2. hole by informing other nodes in the network. In normal
Afterwards Node 1 starts to send out its data packet to the AODV, the node that receives the RREP packet first checks
node 3 trusting that these packets will reach Node 4 but Node the value of sequence number in its routing table. If its
3 will drop all data packets. sequence number is higher than the one in routing table, this
RREP packet is accepted. In this solution, it has an addition
check whether the RREP sequence number is higher than
III. RELATED WORK the threshold value. If it is higher than the threshold value,
then the node is considered to be malicious node and it adds
to the black list. As the node detected as anomaly, it sends
In this section, we will review the several solutions to black ALARM packet to its neighbours. The routing table for that
hole attacks. malicious node is not updated, nor is the packet forwarded
In[7] solution the source node stores all the RREPs in the to another node. The threshold value is dynamically updated
table called Cmg_RREP_Tab until receiving first RREP using the data collected in the time interval. The threshold
packet waits for MOS_WAIT_TIME. Meanwhile, the source value is the average of the difference of destination sequence
node analyses all the stored RREPs from Cmg_RREP_Tab number in each time slot between the sequence number in

70 www.erpublication.org
 International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-2, Issue-5, May 2014
the routing table and the RREP packet. The main advantage intermediate nodes or that of the destination nodes. The
of this protocol is that the source node announces the black approach we follow, basically only modifies the working of
hole to its neighbours in order to be ignored and eliminated the source node, using an additional function RREP. Apart
.An overhead of updating threshold value at every time from this, we also added a new table Coming_RREP_Tab, a
interval along with the generation of ALARM packet will timer WAIT_TIME and a variable Mali_node list to the data
considerably increase the routing overhead. This method is structures in the default AODV protocol, as explained
not support cooperative black hole nodes. further. In the original AODV protocol, by default, the source
node accepts the first fresh enough RREP request coming to
In [9] Authors Ming-Yang Su et.al discussed a mechanism, it. As compared, in our approach, we store all the RREPs in
called an ABM (Anti-Black hole Mechanism), which is the newly created table viz. Coming_RREP_Tab until the
mainly used to estimate the suspicious value of a node time, WAIT_TIME.. In our solution, the source node after
according to the amount of abnormal difference between receiving first RREP control message waits for
RREQs and RREPs transmitted from the node. When a WAIT_TIME. For this time, the source node will save all the
suspicious value exceeds a threshold level, the nearby IDS coming RREP control messages in Coming_RREP_Tab
broadcasted a block message with id of IDS, the identified table. Subsequently, the source node analyses all the stored
black hole node and the time of identification will place the RREPs from Cmg_RREP_Tab table, and discard the RREP
malicious nodes on their blacklists to isolate the malicious having presumably very high destination sequence number.
node in the network cooperatively. The advantage of this As before, the node that sent this RREP is suspected to be the
method is that it can be able to detect cooperative black hole malicious node list. Once, such malicious node is identified,
nodes in the MANETs. The main drawback of this our solution selects a reply having highest destination
technique is that mobile nodes have to maintain an extra sequence number from Coming_RREP_Tab table and
database for training data and its updations, in addition to Broadcast identified MN in the network. when node
the maintenance of their routing table. broadcast identified MN in network then this after receiving
In [10], the authors discuss a protocol that requires the BCT message each node check entrey exit in its RT for
intermediate nodes to send RREP message along with the MN. If exist Then delete all entries from RT for MN.if not
next hop information. When the source node get this exist then add MN to malicious_node list. The proposed
information, it sends a RREQ to the next hop to verify that solution maintains the identity of the malicious node as
the target node (i.e. the node that just sent back the RREP Mali_node, so that in future, it can discard any control
packet) indeed has a route to the intermediate node and to the messages coming from that node. Now since malicious node
destination. When the next hop receives a FurtherRequest, it is identified, the routing table for that node is not maintained.
sends a FurtherReply which includes the check result to the In addition, the control messages from the malicious node,
source node. Based on information in FurtherReply, the too, are not forwarded in the network.
source node judges the validity of the route.
The proposed algorithm will work at Source Node as per
IV. PROPOSED SOLUTION following steps:
The solution that we propose here is designed to detect and
prevent any alterations in the default operations of either the

Insrution Detection System

71 www.erpublication.org
 Simulation and Performance Evaluation of AODV protocol against Blackhole Attacks in MANET

V. SIMULATION ENVIRONMENT C.Performance Metrics

Performance Metrics are quantitative measures that can be

A. Simulation Tool used to evaluate any MANET routing protocol. The metrics
that compare the performance of normal AODV and AODV
In this paper the simulation tool used for analysis is NS-2 under blackhole attack are as follows:
which is highly preffered by research communities. NS is a
discrete event simulator targeted at networking research. Ns Throughput represents the amount of data received by the
provides substantial support for simulation of TCP, destination nodes in some period of time.it is the measure of
routing,and multicast protocols over wired and how fast a node can actually sent the data through a
wireless (local and satellite) networks [1]. NS2 is an object network.so throughput is the average rate of Successful
oriented simulator, written in C++, with an OTcl interpreter message delivery over a communication channel.
as a frontend. This means that most of the simulation scripts
are created in Tcl(Tool Command Language). If the
components have to be developed for ns2, then both tcl and
C++ have to be used. Packet delivery ratio (PDR) can be measured as the ratio of
the data packets delivered to the destinations to those
B.Simulation Parameters generated by the CBR sources. The PDR depicts how well a
routing protocol can delivers packets from source to
We have implemented Black hole attack in an ns2 simulator. destination. The higher values give better results. This metric
CBR (Constant Bit Rate) application has been implemented. characterizes both the completeness and correctness of the
The problem is investigated by means of collecting data, routing protocol also reliability of routing protocol by giving
experiments and simulation which gives some results, these its effectiveness .
results are analyzed and decisions are made on their basis.
The simulator which is used for simulation is ns2. To
evaluate the performance of a protocol for an ad hoc network,
it is necessary to analyze it under practical conditions,
especially including the movement of mobile nodes. Table 1
shows the parameters that have been used in performing Dropped Packets refer to the number of packets sent by the
simulation. source node that failed to reach the destination node. The
routers might fail to deliver or drop some data packets after
their arrival when their buffers are already full.
Table 1 :Simulation Parameters
Packet forwarding is the relaying of packets from
one network segment to another by nodes in a computer
network.

VI. SIMULATION RESULTS

Table 2: Performance parameter without Blackhole

Attack

72 www.erpublication.org
 International Journal of Engineering and Technical Research (IJETR)
ISSN: 2321-0869, Volume-2, Issue-5, May 2014
Table 3: Performance parameter with Blackhole Attack Delivery Ratio is almost 4.57%.For IDSAODV Scenario
with one blackhole node the Packet Delivery Ratio is
improved between 30.99%.

Throughput comparison

For without Black Hole Scenario (Normal AODV) the

throughput is 119.11kbps. For IDSAODV Scenario without
blackhole node the throughput is increase to 137.61kbps.For
with one Node Black Hole Scenario the throughput is almost
184.66 kbps.For IDSAODV Scenario with one blackhole
node the throughput is 65.32 kbps.

10000 184.66 kbps

9000

8000
A.Simulation Results 165.32 kbps
7000

Here Aodv0 indicate without Black Hole Scenario 6000 AODV

means Normal AODV whereas IDSaodv0 for without Black Throughput
5000 idsAODV
Hole Scenario with ids Aodv1 indicate one node Black Hole
Node AODV IDSaodv1 node Black Hole Node with ids. 4000

3000
B.simulation graph
2000 137.61
kbps
1000 119.11 kbps
Packet Delivery Ratio comparison
0
AODV0 idsAODV0 AODV1 idsAODV1

Fig 7: Impact of Blackhole Attack on the Throughput

For without Black Hole Scenario (Normal AODV) the

Dropped packets are 564 from sent packets of 9873 . For
IDSAODV Scenario without blackhole node Dropped
packets are increase to 865 because of more security.For
with one node black hole Scenario Dropped packets are
9422.For IDSAODV Scenario with one blackhole node the
Dropped packets are decrease to 6817.

VII. CONCLUSION AND FUTURE WORK

Here, We have proposed & implemented a black hole

detection mechanism to detect and prevent black hole
attacks. In proposed method not only blackhole nodes are
Fig. 5 :Impact of Blackhole Attack on the Packet
prevented but also they are detected. Also the information of
Delivery Ratio
detected nodes are broadcasted to all other nodes to delete the
entries of detected blackhole nodes from their routing table.
The nodes who receives a broadcast message of detected
For without Black Hole Scenario (Normal AODV) the
blackhole nodes, are adding these blackhole nodes in the
Packet Delivery Ratio is 94.25%. For IDSAODV Scenario
detected blackhole list so that all future communications can
without blackhole node the Packet Delivery Ratio is
be avoided. For this we implemented an AODV protocol that
91.25%.For with one Node Black Hole Scenario the Packet
behaves as Black Hole in NS2.

73 www.erpublication.org
 Simulation and Performance Evaluation of AODV protocol against Blackhole Attacks in MANET

Dropped Packets comparison more than one black hole nodes, for various CBR traffic
models, As part of our future endeavor, we aim to study the
impact of varying pause time on the protocol.

REFERENCES
[1] Kapang Lego Comparative Study of Adhoc Routing Protocol AODV,
DSR and DSDV in Mobile Adhoc NETwork, Indian Journal of
Computer Science and Engineering Vol. 1 No. 4 364-371.

[2] Sheikh R. Singh Chande, M.; Kumar Mishra, D.;, "Security issues in
MANET: A review," Wireless And Optical Communications Networks
(WOCN), 2010 Seventh International Conference On , vol., no., pp.1-4,
6-8 Sept. 2010.

[3] Madhusudhananagakumar KS , G. Aghila, A Survey on Black Hole

Attacks on AODV Protocol in MANET, International Journal of
Computer Applications (0975 8887) Volume 34 No.7, November
2011
[4] Dr.S.Tamilarasan, Securing and Preventing AODV Routing Protocol
from Black Hole Attack using Counter Algorithm, International Journal of
Engineering Research & Technology (IJERT) Vol. 1 Issue 5, July 2012.

[5]
Rajesh J. Nagar, Kajal S. Patel Securing AODV Protocol against
BlackholeAttacks nternational Journal of Engineering Research and
Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue
1,Jan-Feb 2012, pp.1116-1120

[6]
Fig 7:Impact of Blackhole Attack on the Dropped C.Perkins, (RFC) Request for Comments 3561, Category:
Experimental,Network, Working Group, July 2003.
Packets
[7] Nital Mistry, Devesh C Jinwala, Mukesh Zaveri, Improving AODV
Protocol against Blackhole Attacks, proceedings of the International
Multi Conference of Engineers and Computer Scientists 2010 Vol II,
Having simulated the black hole attack , we saw that the
IMECS 2010.
packet loss is increased in ad-hoc network. Therefore to [8] Payal N. Raj, Prashant B. Swadas. DPRAODV: A Dyanamic Learning
minimize the black hole effect, we implemented IDSAODV System Against Blackhole Attack In Bodv Based Manet. In: International
protocol .The IDSAODV protocol will improve the packet Journal of Computer Science Issues, Vol.2, pp 54-59, 2009.
delivery ratio and minimize the data loss. The advantage of [9] Ming-Yang Su Prevention of selective black hole attacks on mobile ad
hoc networks through intrusion detection systems, Department of
this approach is the implemented protocol does not make any Computer Science and Information Engineering, Ming Chuan University
modification in packet format hence can work together with Computer Communications 34 (2011) 107117.
AODV protocol. Another advantage is that the proposed [10] H. Deng, W. Li, and D. P. Agrawal. Routing Security in Adhoc
IDSAODV does not require any additional overhead and Networks. In: IEEE Communications Magazine, Vol. 40, No. 10,
pp.70-75, Oct. 2002.
require minimum modification in AODV protocol . For
Future Work the proposed strategy is tested be carried for

74 www.erpublication.org