Mobile ad-hoc networks or MANET is a self configuring network of mobile nodes or routers connected by wireless links, the union

of which forms an arbitrary topology. The participating nodes are free to move randomly and manage themselves arbitrarily. Such a network may operate in a standalone fashion or may be connected to the target internet. [4]. Mobile Ad-hoc network is a collection of independent mobile nodes that can communicate to each other via radio waves. The mobile nodes can directly communicate to these nodes which are in radio range of each other and other nodes take the help of intermediate nodes to route their packets.

Figure 2. Change in topology in MANET[5] As shown in the figure, the topology in MANET can change at any instant of time and hence they are called to possess dynamic topologies and dynamic routing. 1.1 Characterstics of MANET MANETS are furnished with wireless transmitters and receivers using antennas, which may be highly directional(point to point) or Omnidirectional (multipoint). At a given point in time, depending on nodes, their transmitter and receiver patters, communication power levels and cochannel interference level and wireless connectivity exist among the nodes.[4] The characterstics can be summarized as[6]: Wireless communication. Host and Router part are played by the nodes itself. Bandwidth constrained, variable capacity links. Operation is energy constrained. Limited physical security. Dynamic network topology. Frequent routing updates Intermittent nodal connectivity. Mobile nodes are characterized with less memory, power and light weight features.

1.2 Advantages of MANET Following are the advantages of MANET Provide access to information and services regardless of geographic position.

 Network can be set up at any place and time. Inexpensive network formation. 1.3 Applications of MANET Some of the applications of MANETs are as follow: Military or Police exercise. Disaster relief operations. Mine cite operations Urgent business meetings. VANET. Areas Military Scenarios

Rescue Operations

Data Networks

Device Networks

Sensor Network

Possible Scenarios MANET supports tactical network for military communications and automated battle fields. It provides Disaster recovery, means replacement of fixed infrastructure network in case of environmental disaster. MANET provides support to the network for the exchange of data between mobile devices. Device Networks supports the wireless connections between various mobile devices so that they can communicate. It consist of devices that have capability of sensing ,computation and wireless networking . Wireless sensor network combines the power of all three of them, like smoke detectors, electricity, gas and water meters.

Table1 Applications of MANET[7] 1.4 Disadvantages of MANET

Though there are many applications and advantages of MANET but there are some disadvantages as well. The disadvantages of the MANET are listed[8] Limited resources and physical security. Intrinsic mutual trust vulnerable to attacks Lack of authorization facilities.

 Security protocols of wired networks cannot work with Ad-hoc networks. Volatile network topology makes it hard to detect malicious nodes. Routing protocol Routing is the process of moving information from a source to destination through some routers or intermediate node that act as a router in an internetwork. Basically routing is a two step process: 1. Determining optimal routing path. 2. Transferring the packet through an internetwork. The transferring of packets through an internetwork is called a packet switching which is straight forward and the path determination could be very complex. Routing terminology is used in different kinds of networks such as in telephony technology, electronic data networks and in the internet network. Here we are more concern about routing in mobile ad hoc networks. Routing protocols in mobile ad hoc network means that the mobile nodes will search for a route or path to connect to each other and share the data packets. Routing protocol use several metrics as a standard measurement to calculate the best path for routing the packets to its destination that could be numberof hops, which are used by routing algorithm to determine the optimal path for the packet to its destination. The process of path determination is that the routing algorithm finds out and maintain the routing tables, which contain the total route information for the packet. The information of route varies form one routing algorithm to other.The routing tables are filled with entries in the routing table as IP address prefix and the next hop. Destination/next hop association of routing table tell the router that a particular destination can be reached optimally by sending the packet to a router representing the next hop on its way to the final destination and IP address prefix specifies a set of destinations for which the routing entry in valid. 4.1 Routing in mobile ad-hoc networks Mobile ad-hoc networks are self organizing and self configuring multi-hop wireless networks, where the structure of the network changes dynamically. This is mainly due to the mobility of the nodes[10]. Nodes in these networks utilize the same random access wireless channel, cooperating in a manner to engage themselves in multi-hop forwarding [12]. Unlike wireless network, in mobile ad-hoc network there is no infrastructure support and since a destination node might be out of the range of a source node transferring packets so there is need of a routing procedure. This is always ready to find a path so as to forward the packet appropriately between the source and destination. Within a cell, a base station can reach all mobile nodes without routing via broadcast in common wireless networks. In case of ad hoc networks, each node must be able to forward data for other nodes. This creates additional problems along with the problems of dynamic topology which is unpredictable connectivity changes [13]. In mobile ad hoc

networks because of the mobility of nodes and dynamic topologies at a time there may be a route available and after an interval of time the nodes may get out of range and the route disappears. 4.2 Properties of Ad Hoc Routing Protocols[2] i. Distributed Operation

An Ad hoc wireless network is totally distributed in nature, since nodes has to gain easy access to the broadcast channel. The use of any centralized control or routing approach in such networks will consume large amount of bandwidth. The protocol should be distributed. It should not be dependent on a centralized controlling node. This is the case even for stationary networks. The dissimilarity is the nodes in an ad-hoc network can enter or leave the network very easily and because of the mobility the network can be portioned [14]. ii. Loop Free

To improve the overall performance, the routing protocol should assure that the routes which are supplied should be loop free. This avoids any misuse of bandwidth or CPU consumption. This prevents the traversing of node twice for any route to establish. To maintain loop-free routes to a destination, it is necessary that the same topological image is perceived between neighboring nodes and thus across the network as a whole, and to make routing and forwarding decision which are consistent with this. [15]. iii. Demand based operation

To minimize the control overhead in the network and thus not misuse the network resources the protocol the protocol should be reactive. This means that the protocol should react only when needed and should not periodically broadcast control information. iv. Unidirectional Link Support

The radio environment can cause the formation of unidirectional link which can be utlised. Utilisation of these links and not only the bi-directional links improves the routing performance. v. Security

The radio environment is vulnerable to attacks and some security measures must be ensured so that any malicious node doesnt contaminate the network. For this we need sme security measures. Authentication and encryption can be an option but the problem lies in the distribution of keys among the nodes as they are mobile and key distribution would surely be a challenging task to perform. vi. Power Conservation

The nodes in MANET can be laptop or wireless sensors or mobile phones etc. These nodes are limited to limited power backup and therefore routing protocol should use the power efficiently and consume less power. Sometime these devices use some standby mode or sleep mode to save the power. The routing protocol should have support for these sleep modes. vii. Multiple Routes

Since the topology In MANET is changing continuously and nodes are free to move the routes that are available at a time may not be available after an interval, hence multiple routes are used. The other route can be used in case of failure of the primary route and also in case of congestion data can be routed through different routes. Multiple routes also saves nodes to initiate new route search of the primary route fails. viii. Quality of Service Support

QoS is usually defined as a set of service requirement that needs to be met by the network while transporting a packet stream from source to destination. The network needs are governed by the service requirement set by the end user application. The network is expected to guarantee a set of measurable pre specified service attributes to the user in terms of end to end performance such as delay, bandwidth, packet loss[16]. Two most specific service attributes to theMANET are : 1. Power consumption 2. Service coverage area. 4.3 Problems in Routing with MANET Because of fundamenta characterstic of manets there are problems with the routing 1 Asymmetric Links Most of the wired networks relay on the symmetric links which are always fixed. But this is not a case with ad.hoc networks as the nodes are mobile and constantly changing their position within the network that also changes the available and shortest links. 2 Routing Overhead In wireless ad hoc networks, nodes often change tgeir location within the network . So some stale routes are generated in the routing table which leads to unnecessary routing overhead. These routing overhead creates unwanted data traffic which reduces the percentage of the net usable data from the traffic. 3 Interference

This is the major problem with mobile ad-hoc networks as links come and go depending on the transmission characterstics, one transmission might interfare with another one and node might over hear transmission of other nodes and can corrupt the total transmission. 4 DynamicTtopology Since the topology is not constant so the mobile node might move or medium characterstics might change. In ad-hoc networks, routing tables must somehow reflect these changes in topology and routing algorithm have to be adapted. For example in a fixed network routing table updating takes place for every 30 sec. This updateing frequency might be very low for ad-hoc networks. 4.4 Classification of Routing Protocol Classification of routing protocol in mobile ad hoc network can be doen is many ways, but most of these are depending in the routing strategy and network structure[10][15][17]. The routing protocol can be categorized as Flat Routing Protocol, Hierarchical Routing Protocol and Geographic position assisted Routing while depending on the network structure. According to the routing strategy routing protocols can be classified as table driven and source initiated. The classification of routing protocols is shown in the figure Pro Active Routing Protocol Pro active routing protocol in MANET are also called as table driven protocol and will actively determine the layout of the network. Pro active routing protocols build and maintain routing information to all the nodes. Through a regular exchange of network topology packets between the node of the network at every single node presents an absolute picture of the network. The advantage in the Pro active routing is the minimul delay in finalizing or determining the route which is to be taken. This is important and advantageous for the time criticial traffic. When the routes are changing quickely, there are many short lived routes that are being determind and not used before they turn invalid. This becomes a drawback of these protocols. Because of the increased mobility the amount of traffic aovegead generated is increased while evaluating these unnecessary routes. For large size network this creates a way much traffic overhead which decrease theactual darta content in the total control traffic. It is slow to restructure when there is a failure in a particular link. Lastly, if the nodes transmit infrequently, most of the routing information is considered redundant. The nodes, however, continue to expend energy by continually updating these unused entries in their routing tables as mentioned, energy conservation is very important in a MANET system design. Therefore, this excessive expenditure of energy is not desired. Thus, proactive MANET protocols work best in networks that have low node mobility or where the nodes transmit data frequently. Example:

 Optimized Link State Routing (OLSR) Fish-eye State Routing (FSR) Destination-Sequenced Distance Vector (DSDV) Cluster-head Gateway Switch Routing Protocol (CGSR) 4.4.1.2 Reactive Routing Protocols Portable nodes- Notebooks, palmtops or even mobile phones usually compose wireless adhoc networks. This portability also brings a significant issue of mobility. This is a key issue in ad-hoc networks. The mobility of the nodes causes the topology of the network to change constantly. Keeping track of this topology is not an easy task, and too many resources may be consumed in signaling. Reactive routing protocols were intended for these types of environments. These are based on the design that there is no point on trying to have an image of the entire network topology, since it will be constantly changing. Instead, whenever a node needs a route to a given target, it initiates a route discovery process on the fly, for discovering out a pathway[13]. Reactive routing protocols are bandwidth efficient. Routes are built as and when they are needed. This is achieved by sending route requests across the network. Reactive protocols start to set up routes on-demand. The routing protocol will try to establish such a route, whenever any node wants to initiate communication with another node to which it has no route. This kind of protocols is usually based on flooding the network with Route Request (RREQ) and Route reply (RERP) messages .By the help of Route request message the route is discovered from source to target node; and as the target node gets a RREQ message it send RERP message for the confirmation that the route has been established. This kind of protocol is usually very effective on single-rate networks. It usually minimizes the number of hops of the selected path. However, on multi-rate networks, the number of hops is not as important as the throughput that can be obtained on a given path [18]. The different types of On Demand driven protocols are the following[19]: Ad hoc On Demand Distance Vector (AODV) Dynamic Source routing protocol (DSR) Temporally ordered routing algorithm (TORA) Associativity Based routing (ABR) Signal Stability-Based Adaptive Routing (SSA) Location-Aided Routing Protocol (LAR) 4.4.1.3 Hybrid Routing Protocols Since proactive and reactive protocols each work best in oppositely different scenarios, hybrid method uses both. It is used to find a balance between both protocols. Proactive operations are restricted to small domain, whereas, reactive protocols are used for locating nodes outside those domains [13]. Examples of hybrid protocols are: Zone Routing Protocol, (ZRP) Wireless Ad hoc Routing Protocol, (WARP) Comparision of Proactive and Reactive routing protocol

The general comparision for proactive and reactive routing protocols is shown below Proactive Protocols Attempt to maintain consistent, up-to-date routing information from each node to every other node in the network. Reactive protocols A route is built only when required.

First packet latency is less when compared First-packet latency is more when with on-demand protocols. compared with table-drivenprotocols because a route need to be built. A route to every other node in ad-hoc Not Available network is always available. Constant propagation of information periodically even topology change does not occur. routing No periodic updates. Control information is when not propagated unless there is a change in the topology

Incurs substantial traffic and power Does not incur substantial traffic and consumption, which is generally scarce in power consumption compared to Table mobile computers Driven routing protocols Table2: Comparison of Proactive and reactive routing protocol[23]. OLSR (Optimized Link State Routing) It is a proactive routing protocol and is also called as table driven protocol because it permanently stores and updates its routing table. OLSR keeps track of routing table in order to provide a route if needed. OLSR can be implemented in any ad hoc network. Due to its nature OLSR is called as proactive routing protocol. Multipoint relay (MPR) nodes are shown in the given figure 3-5. All the nodes in the network do not broadcast the route packets. Just Multipoint Relay (MPR) nodes broadcast route packets. These MPR nodes can be selected in the neighbor of source node. Each node in the network keeps a list of MPR nodes. This MPR selector is obtained from HELLO packets sending between in neighbor nodes. These routes are built before any source node intends to send a message to a specified destination. Each and every node in the network keeps a routing table. This is the reason the routing overhead for OLSR is minimum than other reactive routing protocols and it provide a shortest route to the destination in the network. There is no need to build the new routes, as the existing in use route does not increase enough routing overhead. It reduces the route discovery delay.

A node chooses minimal number of MPR nodes, when symmetric connections are made. It broadcast topology control (TC) messages with information about link status at predetermined TC interval [20]. TC messages also calculate the routing tables. In TC messages MPR node information are also included.. MPRs are a Set of selected neighbor nodes They minimize the flooding of broadcast packets Each node selects its MPRs among its on hop neighbors The set covers all the nodes that are two hops away MPR Selector is a node which has selected node as MPR The information required to calculate the MPRs: The set of one-hop neighbors and the two-hop neighbors Set of MPRs is able to transmit to all two-hop neighbors Link between node and its MPR is bidirectional. To obtain the information about one-hop neighbors : Use HELLO message (received by all one-hop neighbors) To obtain the information about two-hop neighbors : Each node attaches the list of its own neighbors Once a node has its one and two-hop neighbor sets : Can select MPRs which covers all its two-hop neighbors DSDV ROUTING PROTOCOLS DSDV is a hop-by-hop distance vector routing protocol. It is proactive; each network node maintains a routing table that contains the next-hop for, and number of hops to, all reachable destinations. To maintain the consistency of routing tables in a dynamically varying topology, each station periodically transmits updates, and transmits updates immediately when significant new information is available. Routing information is distributed between nodes by sending full

dumps infrequently and smaller incremental updates more frequently [26]. To guarantee loopfreedom DSDV uses a concept of sequence numbers to indicate the freshness of a route. A route R is considered more favorable than R' if R has a greater sequence number or, if the routes have the same sequence number, R has lower hop-count. The sequence number for a route is set by the destination node and increased by one for every new originating route advertisement. When a node along a path detects a broken route to a destination D, it advertises its route to D with an infinite hop-count and a sequence number increased by one. Route loops can occur when incorrect routing information is present in the network after a change in the network topology ,e.g., a broken link. In this context the use of sequence numbers adapts DSDV to a dynamic network topology such as in an ad hoc network [23, 26]. 10.1.2 Advantages of DSDV 22].

every destination. With this, the amount of space in routing table is reduced. 10.1.3. Limitations of DSDV - Wastage of bandwidth due to unnecessary advertising of routing information even if there is no change in the network topology. - DSDV doesnt support Multi path Routing. - It is difficult to determine a time delay for the advertisement of routes [23]. - It is difficult to maintain the routing tables advertisement for larger network. Each and every host in the network should maintain a routing table for advertising. But for larger network this would lead to overhead, which consumes more bandwidth CLASSIFICATION OF ATTACKS The attacks on the MANET are classified on the basis of source i.e. external attacks and internal attacks and on the behavior of attack i.e. passive attacks and active attacks [1]. In this survey we are taking the reference of attacks as active and passive attacks only. 1. PASSIVE ATTACKS Passive attacks include only the network and information monitoring. It involves tracking down the packets and extracting the information presented in them [2]. These attacks are mainly to steal the confidential data travelling on the network and monitor the traffic pattern over the network. Because they do not perform the actions on the network, they are tough to identify. The two common passive attacks are eavesdropping and traffic monitoring. 1.1. Eeavesdropping It includes the tracking and taping the information traversing on the network. Eavesdropper can actively study the data flowing over the network and steal the confidential information.

Information may include passwords, secret keys etc. The confidentiality of the data is destroyed by this attack. 3.1.Traffic monitoring These are the attacks in which attacker do not try to read the information but rather try to monitor the traffic, traffic flow characteristics of the network channel or try to identify source destination pair. 2. ACTIVE ATTACKS Active attacks can be easily identified. Unlike passive attacks, here the attacker is disturbing the network and by some or the other way. The aims of the attacker are to restrict the network services, steal the information, blocking information exchange. Active attacks are here classified according to their existence over different layers with reference to the OSI model [3]. 4.1.Attacks on MAC Layer 4.1.1. Jamming Attack In this attack, the attacker tries to interfere with the communication flow and either prevents the sender from sending the information or prevent receiver to receive the information. This is a class of DoS or denial of service attack. 4.2.Attacks on Network Layer 4.2.1. Black hole Attack In this, the attacker sends false route replies to the route requests stating that it have the shortest route to the destination node whose traffic it wants to compromise. If the route is established then the data would be passed through the attacking node and it will be in a position to misuse or reject the traffic passing through it.[7] The black hole attacks works in 2 phases. First is to faking the presence of valid route for the desired node to exploit the routing protocol like AODV and second is to accept or reject the network packet coming to it. [5]

Figure 1: Blackhole atack

Figure 2: Wormhole attack

4.2.2. Wormhole attack This type of attack uses tunneling mechanism. In this a data packet is located at one location in the network and is brought to the different location by the tunnel. It creates a disruption in the

route maintenance when the routing messages are tunneled. This is one biggest threat to different routing protocols in MANET. If this wormhole is constantly present, it can prevent the route formation for a long time. 4.2.3. Byzantine attack An attacker intermediate node works alone, or a set of compromised intermediate nodes works together and carry out attacks like creating routing loops, forwarding packets through nonoptimal paths, or selectively dropping packets, which disrupts the routing services [4][13]. The detection of such attack is tough because network will see the nod working normally but in real, the node or nodes are showing the characteristics of this attack. 4.2.4. Attacks on the routing protocols These are the attacks over the routing protocol that affects the network functionality and hampers the communication and data interchange [5]. - Routing Table poisoning In this type of attacks, the attacker node sends fictitious traffic to create false entries in the table of participating nodes. They may also send an RREQ packet with high sequence number that deletes all other RREQ packets with low sequence numbers. This results in creating of fake and non optimal routes and data inter exchange is compromised or hampered. - Routing table overflow This attack aims to create routes to fake nodes which are not present in real. The attacker creates countless routes which will hinder the creation of the new routes and affects the protocol implementation in the network. The pro-active protocols are much sensitive to this attack as they constantly search for new routes to all possible nodes and they collect routing data in advance. The attacker can simple fake a route to the routers and nodes present in the network. - Rushing Attacks In this type of attack, 2 or more attacking node forms a tunnel like structure like wormhole attack and exploits the data traversing through them. It acts as effective Dos against the routing protocols and data travels through the tunnel much faster. The duplicate suppression property of the routing protocol is compromised in rushing attack, attacking node quickly forwards the route discovery packet and gain access to the forwarding group [10]. - Packet Replication In this attack the attacker consume the additional bandwidth and battery power available to the user node and cause unnecessary confusion in the routing process by replicate stale packets. 4.2.5. Sleep Deprivation attack This attack is also known as the Resource consumption attack. In this an attacker tries to consume battery life by requesting excessive route discovery packets to the victim node. In a routing protocol, sleep deprivation attacks can be launched by flooding the victim node with unnecessary routing packets by sending a large number of route requests (RREQ), route replies (RREP) or route errors (RERR) packets. As a result, the node will not be able to participate in the routing mechanisms and will be seen unreachable by the other nodes in the networks.

4.2.6. State Pollution attack This is a condition in which the attacking node gives incorrect parameters reply. For example, in best effort allocation, a malicious allocator can always give the new node an occupied address, which leads to repeated broadcast of Duplication Address Detection messages throughout the MANET and any new node will be rejected. 4.2.7. Modification In a message modification attack, the attacker makes some changes to the routing messages, and thus attacks the integrity of the network packets. These malicious nodes can exploit the sporadic relationships in the network to participate in the packet forwarding process, and later launch the message modification attacks. This is dangerous attack as it hides the original information transmitted and forwards some vague information. 4.2.8. Sybil attack In Sybil attack, the attacking node takes the identity of a non existing node and broadcasts multiple non existing identities. A single attacking node behaves as multiple nodes and can take the identity of legitimate node as well. The multiple node identities created by the attacking node are known as Sybil nodes and it can disturb the large part of the network [11]. 4.2.9. Fabrication The attacking nodes fabricate their own packets to create chaos in the network operations. They may inject large amount of packets in the network like the sleep deprivation attack and launch the attack. This type of attack can also be performed by an internal misbehaving node. The term fabrication is used while referring to attacks that generate false routing messages. These attacks usually come with the valid routing construct and hence these are hard to detect. [11] 4.3. Attacks on Transport layer 4.3.1. SYN Flooding In this attack the attacking node floods the network with large amount of syn packets for the victim node and creates the half open TCP connection with the targeted node. The targeted node would be waiting for the acknowledgement from the attacking node and store them in the routing table. This limits the reception of routes from other nodes and the targeted node would not be able to take part in the communication until it refreshes its table and clear all these half open connections[12][14]. 4.3.2. Session Hijacking attack Session hijacking takes advantage of the fact that the communications are usually protected at session setup, but not after that. In this the attacker firstly spoofs the IP address of target node and determines the correct sequence number to perform a DoS attack on the victim node. Thus the attacker impersonates the victim node and continues the session with the target [24]. 4.4.Application Layer Attacks 4.4.1. Repudiation Attack

When a node denies of being a part of the communication either as sender or receiver but in actual it took part, this type of condition is called as repudiation [15]. In the network layer there is an option to install firewalls to check which packet is to be sent and received and in the transport layer end to end connection can be encrypted. But this does not solve the authentication or non-repudiation problems in general. Other Attacks 4.4.2. Packet dropping attacks Packet dropping attacks involves the direct interruption to the routing messages. In this an attacker node becomes a part of the route discovery process and if it is selected as one of the intermediate node then it can launch this attack by dropping the packets randomly [16]. The rate of drop can vary, it could be periodically dropping the packets or randomly or selectively dropping the packets. 4.4.3. Gray hole attack This attack is also known as the node misbehaving attack. The gray hole attack works in 2 steps. Firstly a malicious node or an attacking node advertise itself to possess a valid route to the destination node and intended to intercept the packet. Secondly it drops the intercepted packets. This malicious activity is different n different ways. It may drop packets while forwarding them in the network for a time and then switch to its normal behavior. [17][9]. 4.4.4. Location Disclosure attack In this an attacker reveals information regarding the location of nodes or the structure of the network. It gathers the node location information, such as a route map, and then plans further attack scenarios [11]. Attackers try to figure out the network traffic pattern, changes in the traffic pattern and identities of the communication parties. The information leaked here can be misused in the security sensitive scenarios. 4.4.5. Link spoofing attack In this type of attack the routing operations can be disrupted by advertising the fake links with neighbors. The malicious node can advertise the fake link information that disturbs the routing operations. For example, in the OLSR protocol, an attacker can advertise a fake link with a targets two-hop neighbors [11]. This causes the target node to select the malicious node to be its MPR. As an MPR node, a malicious node can then manipulate data or routing traffic, for example, modifying or dropping the routing traffic or performing other types of DoS attacks. 4.4.6. Colluding miserly attack In this multiple attackers work together in collusion to drop or modify the routing packets and disrupt routing operation. 4.4.7. Impersonation or Spoofing attack In spoofing attack, the attacker assumes the identity of another node in the network hence it

receives the messages that are meant for that node [19] [20]. The main result of the spoofing attack is the misrepresentation of the network topology that may cause network loops or partitioning. 4.4.8. Neighbor attack The goal of neighbor attackers is to disrupt multicast routes by making two nodes that are in fact out of each others communication range believe that they can communicate directly with each other. If these two nodes are part of the routing mesh, the data packets that they exchange will be lost because there is no actual connection between them. A neighbor attacker violates the routing protocol and does not need to involve itself later in the packet dropping process, since the packets will be lost eventually due to the fake links [11]. 4.4.9. Jellyfish attack In this an attacker first intrudes into the forwarding group of nodes and then it delays data packet for some time before forwarding them. This results in high end to end delay and high jitter and degrades the performance of applications. A malicious node launching Jellyfish attacks may keep active in both route discovering and packet forwarding to prevent its detection and diagnosis , but the malicious node can attack the traffic [21][22]. The Jellyfish attack is especially harmful to TCP traffic in that cooperative nodes can hardly differentiate these attacks from the network congestion

Figure 3: Jellyfish attack 4.4.10. Denial of service (DoS): In this type of attack, an attacker attempts to prevent legitimate and authorized users from the services offered by the network. [23]. Several DOS attacks are as follows: Sleep Deprivation torture Jamming Attacks SYN flooding Link Spoofing Attack