A Novel Approach for Detection of Single and Collaborative Black Hole Attacks in MANET

A Novel Approach for Detection of Single and Collaborative Black Hole Attacks in MANET

Available online at www.sciencedirect.com ScienceDirect Procedia Technology 25 (2016) 264 – 271 Global Colloquium in Recent Advancement and Effectua...

381KB Sizes 0 Downloads 60 Views

Available online at www.sciencedirect.com

ScienceDirect Procedia Technology 25 (2016) 264 – 271

Global Colloquium in Recent Advancement and Effectual Researches in Engineering, Science and Technology (RAEREST 2016)

A Novel Approach for Detection of Single and Collaborative Black Hole Attacks in MANET Arathy K Sa*, Sminesh C Na a

Government Engineering College Thrissur, Kerala, 680009, India.

Abstract Ad hoc On Demand Distance Vector Routing is an extensively accepted routing protocol for Mobile Ad hoc Network. The inadequacy of security considerations in the design of AODV makes it vulnerable to black hole attack in which, malicious nodes attract data packets and drop them instead of forwarding. Among the existing black hole detection schemes, just a few strategies detect both single and collaborative attacks and that too with much routing, storage and computational overhead. In this paper, we propose a novel strategy to detect single and collaborative black hole attacks, with reduced routing and computational overhead. The proposed D-MBH algorithm detects single and multiple black hole nodes using an additional route request with nonexistent target address, computes a threshold ADSN, creates a black hole list and invokes the proposed D-CBH algorithm. Using ADSN, black hole list and next hop information extracted from RREP, the D-CBH algorithm creates a list of collaborative black hole nodes.

© Published by by Elsevier Ltd.Ltd. This is an open access article under the CC BY-NC-ND license ©2016 2015The TheAuthors. Authors. Published Elsevier (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the organizing committee of RAEREST 2016. Peer-review under responsibility of the organizing committee of RAEREST 2016 Keywords:ADSN; BH list; CBH list; fake RREQ.

1. Introduction Mobile Ad hoc Network (MANET) is defined as the cooperative engagement of a collection of mobile nodes, without the support of any centralized access point or existing infrastructure [1]. In this multi hop routing scenario, each node functions as a host and a router. Thus nodes are collectively responsible for the management

* Corresponding author. E-mail address:[email protected]

2212-0173 © 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer-review under responsibility of the organizing committee of RAEREST 2016 doi:10.1016/j.protcy.2016.08.106

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

of network. MANET has numerous applications in military and rescue zones since it gives an adaptable communication where terrestrial or geographical constraints are present [2].Ad hoc on demand distance vector routing is a reactive routing protocol in MANET that offers low processing and memory overhead, quick adaptation to dynamic link conditions and low network utilization [3]. The paucity of security contemplation in the design of AODV makes it vulnerable to black hole attacks. In single black hole attack, a malicious node claims to have the freshest and shortest route to destination, attracts data packets and drops them instead of forwarding. Sometimes these malicious nodes act in coordination resulting in collaborative black hole attacks. In this paper, we propose two algorithms to detect single and collaborative black hole attacks with reduced computational and routing overhead. This strategy makes use of a fake RREQ with nonexistent target address, destination sequence number and next hop information extracted from RREP to identify the malicious nodes. The paper is organized as follows. Section 2 gives a preface to Black Hole attacks in AODV, section 3 focus on related work in this area; section 4 analyses the proposed algorithm, followed by the conclusion in section 5. Nomenclature D-MBH D-CBH AODV DSN ADSN SN RREQ RREP RREPN NHN IN BH list CBH list

Detection of Multiple Black hole Attack Detection of Collaborative black hole attack Ad hoc On Demand Distance Vector Routing Destination Sequence Number Average Destination Sequence Number Source Node Route Request Route Reply Route Reply Sending Node Next Hop Node Intermediate Node list of black hole nodes list of Collaborative black hole nodes

2. Black Hole Attacks in AODV In AODV, SN initiates route discovery process by broadcasting a Route request (RREQ) to its neighbours. On receiving an RREQ, an intermediate node (IN), looks up in its routing table for a fresh enough route to destination. If such a route is unavailable, IN broadcasts the RREQ. Else, it responds with a Route Reply (RREP) to the source node. However when a link failure occurs, a route error (RERR) message is sent to notify others about the same. According to AODV, only an intermediate node with fresher and valid route to destination can respond to a RREQ. On receiving a RREQ, a black hole node exploits this feature by immediately sending back a malicious RREP, having destination sequence number (DSN) set to the maximum possible value and hop count set to the minimum value and hence claims to have the freshest and shortest route to destination [4,5]. Since a malicious node does not even check in its routing table, it is the first node that responds to a RREQ in most cases [6]. On receiving this RREP, the source node starts routing packets via the claimed path and subsequently, the attacker node drops all the packets. If there are multiple adversary nodes, the attack is called multiple black hole attack. Collaborative or cooperative black hole attack is a special case of multiple black hole attack in which two or more black hole nodes are acting in collusion [7,8]. Fig.1 is a pictorial representation of collaborative black hole attack. In Fig. 1[9], node S is the source node and node D is the destination node.Here, node 4 and node 5 are malicious nodes working in

265

266

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

collaboration. Hence, node 4 can either drop the data packets or forward them to node 5. Similarly node 5 can either drop the packets or sent them to the adjacent malefic node in alliance.

Fig. 1 Collaborative black hole attack

3. Related Works Black hole detection has been an active area of research since Hongmei Deng proposed ‘next hop information’ [10] based scheme in 2002. Researchers have proposed various solutions to identify and handle black hole attack. But merely a few among them detect collaborative black holes. A review of such strategies is presented. In [9], L.Tamilselvan et al., proposes the notion of ‘Fidelity Table. Here, every participating node is allotted a particular fidelity level, a measure of reliability. Whenever a source node broadcasts a RREQ and holds up, the incoming RREPs are gathered in its Response Table. If the average of the fidelity level of RREP sending node (RREPN) and its next hop node (NHN) in the route is found to be over a predetermined threshold, the RREPN is considered as trustworthy. Therefore, on the receipt of multiple RREPs, the one with the highest fidelity level is selected. However, if multiple nodes have the same fidelity level, the RREP with the minimal hop count is chosen. Finally, routing is accomplished via the selected path. Upon data receipt, the destination node sends an acknowledgement to the source node within timer. Next, fidelity level of the RREPN is incremented as an accolade for honest routing else that of both RREPN and its NHN is decremented for being collaborative. Anyway, if fidelity level of a node drops to zero, it is considered as a black hole and the presence of attack is intimated to all using alarm packets. Despite the fact that this method handles both single and collaborative black hole attacks, it involves increased storage overhead, routing overhead, computational overhead and delay. This is because each node should maintain a Fidelity Table and a Response Table that must be updated and exchanged among the nodes periodically. Subsequent to routing, the source node has to wait for an acknowledgement from destination to confirm the safety of route. In order to presume that a node is malicious, we need to wait until its fidelity level drops to zero. Hence data packets will be dropped to some degree. J. Sen et al., introduces the concept of data routing information (DRI) table [11]. Here, every node maintains a DRI table which keeps track of past routing information. In the table, the field “From” denotes that the node has routed data packets “from” the node in question whereas the second field “Through” denotes that the node has routed data

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

packets “through” the node in question. When any node sends or receives data packet through or from one of its neighbours, corresponding entries in its DRI table are updated. However, on the receipt of a RREQ, the RREPN looks up in its DRI table and sends the DRI entry of its Next Hop Node (NHN) to the source node. A node is treated as reliable, if source node has successfully routed data packets through it. If unreliable, current NHN becomes the new intermediate node and the source node has to send a further request (FRq) to the next hop node of this intermediate node. Then NHN sends back a further reply (FRp) that incorporates DRI entries of IN and the next hop of current NHN. Meanwhile, Source node on receiving FRp scrutinizes the DRI entries and if DRI entry of IN says that it has routed packets from NHN and that of NHN says that it has not routed any packet through IN, then all the nodes, in the reverse path from intermediate node to RREPN are considered as black hole since NHN is a reliable node. If IN is an amiable node, routing can be accomplished. Even though this method prevents cooperative black hole attack, each node has to maintain a large table in addition to normal routing table which results in memory space wastage and increase in overhead. Furthermore, a recently entered non malicious node may be wrongly detected as black hole and eliminated as it might not have done any data transfer through or from the neighboring nodes and it also fails in the presence of single or non cooperative multiple black holes since they drop FRq itself. In [12], [13] and [14], advanced DRI tables are used. As indicated by the plan specified in [15], values are arbitrarily assigned for some parameters for each node. By taking the product of these parameters to be specific rank (a measure of reliability), stability factor (conversely corresponding to velocity of node) and remaining battery force, trust estimation of every node is resolved. Later, average trust of each route is assessed by averaging the trust of every single participating node in that route and the route with the highest average trust is selected. Subsequently, the source node has to wait for an acknowledgement from destination. If the packet transmission is successful, the destination node sends back an acknowledgement to the source node. On receipt of affirmation from destination, the source node increases the rank and decrements the remaining battery power of all nodes in that path. On contrary, if no acknowledgement, the source node decrements rank of each node in the route. Even though this method handles both single and collaborative black hole attacks, all RREPs should be buffered and average trust value ought to be determined. Moreover, the parameters associated with each node need to be maintained and updated frequently. In order to make sure that a node is malicious, we need to hold up until its rank drops to zero.

Table 1. Single and collaborative black hole detection schemes Scheme

Detection Type

Defects

Fidelity

Single and collaborative

1) Increased Storage overhead due to fidelity tables and response tables. 2)Increased routing overhead due to exchange of fidelity tables and additional control packets. 3) Waits until Fidelity level drops to zero to detect the presence of a black hole. So increased end to end delay.

DRI

Single and collaborative

1) Increased routing overhead due to FRq, FRp and exchange of DRI tables. 2) Increased Storage overhead due to DRI tables 3) Increased End to end delay

Trust

Single and collaborative

1) Increased storage overhead due to buffers and tables to store trust values. 2) Increased routing overhead due to exchange of trust tables. 3)Computational overhead 4)Waits until Trust level drops to zero to identify black hole. Hence, increased end to end delay.

267

268

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

4. Proposed Algorithms To shield AODV from single and collaborative black hole attacks, it is essential to discover noxious nodes amid the route discovery process, when they send malicious RREPs to attract the source node. We propose two algorithms for mitigating single and collaborative black hole attacks. Three additional elements are used in the proposed algorithms specifically, a fake RREQ with nonexistent target address [16], a list of black hole nodes( BH list) and a list of collaborative black hole nodes(CBH list). The proposed Detection of Multiple Black Hole attack (D-MBH) algorithm detects single and multiple black hole nodes, computes a threshold for DSN (ADSN), creates BH list and invokes the proposed Detection of Collaborative Black Hole attack (D-CBH) algorithm. Using ADSN, BH list and next hop information extracted from RREP, the proposed D-CBH algorithm creates the CBH list. 4.1 Algorithm Details According to D-MBH algorithm, SN broadcasts a fake RREQ with nonexistent target address and waits for RREP. Since a genuine node never reacts to a fake RREQ, it is undeniable that all RREPNs in this scenario are malicious nodes. Therefore these nodes are included in the BH list. The malicious RREPs from black holes have absolutely large DSN because larger DSN implies fresher route. Therefore the proposed D-MBH algorithm computes the average of DSN of all malicious RREPs received so far (ADSN). This can be considered as a threshold since RREPs from black holes posses higher DSN in comparison with normal RREPs; and when a new black hole joins the network, it sends an RREP with a DSN higher than ADSN. Now, passing black hole list (BH list) and ADSN, the proposed D-MBH algorithm invokes the D-CBH algorithm. Actual route discovery process begins in the D-CBH algorithm when SN makes a RREQ and buffers all RREPS. According to the proposed D-CBH algorithm, discard a RREP immediately if the RREPN is an already identified black hole. Otherwise, check whether NHN of RREPN is in BH list. If yes, then the RREPN can be considered as fraudulent node acting in coordination with NHN. Furthermore, if DSN of this RREP is greater than ADSN, the RREPN and NHN can be included in the collaborative black hole list, without being skeptical. Other RREPNs sending RREPs with DSN greater than ADSN are considered as newly entered black hole nodes and these RREPNs are added in the BH list. Thus, using BH list and CBH list we can distinguish non collaborative multiple black holes and collaborative black holes. Abbreviations D-MBH Detection of Multiple Black hole Attack D-CBH Detection of Collaborative black hole attack DSN Destination Sequence Number ADSN Average Destination Sequence Number SN Source Node RREQ Route Request RREP Route Reply RREPN Route Reply Sending Node NHN Next Hop Node BH list list of black hole nodes CBH list list of Collaborative black hole nodes

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

Algorithm 1. D-MBH Algorithm Begin SN broadcasts fake RREQ.//additional RREQ with nonexistent target address// SN receives RREPs and pushes RREPNs in the BH list.//only the attacker nodes respond to a fake RREQ // ADSN= Average of DSNs of all RREPs. // malicious RREP from black hole contains higher DSN// Call D-CBH algorithm (ADSN, BH list) // invokes D-CBH algorithm passing ADSN and BH list as parameters End

Algorithm 2. D-CBH algorithm(ADSN, BH list) Begin SN broadcasts RREQ and buffers RREPs For each RREP do If RREPN in BH list then//RREPN is an already identified black hole// Discard RREP. Else if NHN of RREPN in BH list and DSN > ADSN then // NHN is an already identified black hole so NHN and RREPN are acting in coordination// Push RREPN in BH list. Push RREPN and NHN in CBH list. Else if DSN > ADSN then// RREPN is a newly joined single black hole node// Push RREPN in BH list. Else route data packet if routing has not yet done End if End for End 4.2 Analysis of Algorithms We analyse the computational, routing and storage overhead of the proposed algorithms with the existing Fidelity, DRI and Trust based schemes. The DRI based scheme uses a data routing information table for each node. Similarly, the Fidelity and Trust based schemes use fidelity tables and trust tables respectively in addition to response table for buffering RREPs. Unlike the existing schemes, in addition to response table, the proposed scheme does not require any table. However, each node maintains two lists namely BH list and CBH list. These lists are updated only when a black hole node is encountered. All the above mentioned existing schemes require frequent updating and periodical exchange of tables which resulted in extraneous routing of control packets. Consider N number of nodes and M number of different RREQ in the network. In the worst case, the proposed algorithm needs to update the lists for each RREQ. Hence, the complexity of routing is O(MN) whereas in the existing schemes, due to additional control packets and periodical exchange of tables, it is O(N2) +O(MN). Hence, in comparison with the existing methods, the proposed algorithms have a relatively downsized routing overhead. Graph 1 depicts the routing overhead versus the number of nodes of existing and proposed scheme, assuming a single RREQ scenario. The proposed algorithms just demand the calculation of a threshold, which is the average of DSN of malicious RREPs from black hole nodes and this is an O(1) computation. The trust based strategies [15, 17] and the fidelity scheme require trust computation or fidelity computation. In the worst case scenario, since there are (n-1) RREPs for

269

270

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271

a single RREQ, this is an O(MN) computation. Graph 2 depicts the computational overhead versus the number of nodes of existing and proposed scheme, assuming a single RREQ scenario. Since the proposed algorithms need to maintain BH list and CBH list, there is no considerable improvement in storage overhead in comparison with the existing DRI, fidelity and trust based schemes. Hence, the proposed algorithms detect single and collaborative black holes with reduced computational and routing overhead even though there is no considerable improvement in storage overhead. Graph1. Comparison of Routing Overhead

5. Conclusion

Graph 2. Comparison of Computational Overhead

and Future Work

We proposed two algorithms for the detection of single and collaborative black hole attacks. The proposed D-MBH algorithm uses a fake RREQ with nonexistent target address and computes a threshold for DSN and creates a list of black hole nodes. Using the threshold, list of black hole nodes and next hop information extracted from RREP, the proposed D-CBH algorithm creates a list of collaborative black hole nodes. We have analyzed the proposed algorithms with the existing DRI, fidelity and trust based schemes and found that the routing overhead and computational overhead has been considerably reduced. However, there is no considerable improvement in storage overhead compared to the existing schemes. Metrics in MANET like end to end delay, packet delivery ratio, routing overhead and computational overhead has to be analyzed as a part of simulation work. As future work, algorithms can be developed to detect the presence of gray holes, which are occasionally acting as black holes, in MANET.

References [1] Perkins, Charles E., Elizabeth M. Belding-Royer, and R. Samir. Das, Mobile Ad Hoc Networking Working Group. Internet Draft, February, 2003. [2] Goyal, Priyanka, Vinti Parmar, and Rahul Rishi. "Manet: vulnerabilities, challenges, attacks, application." IJCEM International Journal of Computational Engineering & Management 11 (2011): 32-37.

K.S. Arathy and C.N. Sminesh / Procedia Technology 25 (2016) 264 – 271 [3] Perkins, Charles, Elizabeth Belding-Royer, and Samir Das. Ad hoc on-demand distance vector (AODV) routing. No. RFC 3561. 2003. [4] Gurung, Shashi, and Krishan Kumar Saluja. "Mitigating Impact of Blackhole Attack in MANET." Int. Conf. on Recent Trends in Information, Telecommunication and Computing, ITC. 2014. [5] Al-Shurman, Mohammad, Seong-Moo Yoo, and Seungjin Park. "Black hole attack in mobile ad hoc networks." Proceedings of the 42nd annual Southeast regional conference. ACM, 2004. [6] Tseng, Fan-Hsun, Li-Der Chou, and Han-Chieh Chao. "A survey of black hole attacks in wireless mobile ad hoc networks." Humancentric Computing and Information Sciences 1.1 (2011): 1-16. [7] Vu, Cong Hoan, and Adeyinka Soneye. An Analysis of Collaborative Attacks on Mobile Ad hoc Networks. Diss. Master Thesis at School of Computing, Blekinge Institute of Technology, 2009. [8]Dhurandher, Sanjay Kumar, et al. "GAODV: A Modified AODV against single and collaborative Black Hole attack inMANETs. " Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on. IEEE, 2013.. [9] Tamilselvan, Latha, and V. Sankaranarayanan. "Prevention of co-operative black hole attack in MANET." Journal of networks 3.5 (2008): 13-20. [10] Deng, Hongmei, Wei Li, and Dharma P. Agrawal. "Routing security in wireless ad hoc networks." Communications Magazine, IEEE 40.10 (2002): 70-75. [11] J.Sen, S. Koilakonda, A. Ukil, "A Mechanism for Detection of Cooperative Black Hole Attack in Mobile Adhoc Networks" IEEE Second International Conference on Intelligent Systems, Modeling and Simulation, 2011. [12] Bindra, Gundeep Singh, et al. "Detection and removal of co-operative blackhole and grayhole attacks in MANETs." System Engineering and Technology (ICSET), 2012 International Conference on. IEEE, 2012. [13] Hiremani, Vani, and Manisha Madhukar Jadhao. "Eliminating co-operative blackhole and grayhole attacks using modified EDRI table in MANET."Green Computing, Communication and Conservation of Energy (ICGCE), 2013 International Conference on. IEEE, 2013. [14]Wahane, Gayatri, and Savita Lonare. "Technique for detection of cooperative black hole attack in MANET." Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on. IEEE, 2013. [15] Biswas, Santosh, Tanumoy Nag, and Sarmistha Neogy. "Trust based energy efficient detection and avoidance of black hole attack to ensure secure routing in MANET." Applications and Innovations in Mobile Computing (AIMoC), 2014. IEEE, 2014. [16] Nishu kalia, Kundan Munjal, “Multiple Black Hole Node Attack Detection Scheme in MANET by Modifying AODV Protocol” International Journal of Engineering and Advanced Technology (IJEAT), Vol. 2, Issue-3, February 2013. [17] Thachil, Fidel, and K. C. Shet. "A trust based approach for AODV protocol to mitigate black hole attack in MANET." Computing Sciences (ICCS), 2012 International Conference on. IEEE, 2012.

271