Black hole Effect Mitigation Method in AODV Routing Protocol

Zaid Ahmad
Faculty of Computer and
Mathematical Sciences
Universiti Teknologi MARA
Shah Alam, Selangor, Malaysia
zaidmy@unifi.my
Kamarularifin Abd. Jalil
Faculty of Computer and
Mathematical Sciences
Universiti Teknologi MARA
Shah Alam, Selangor, Malaysia
kamarul@tmsk.uitm.edu.my

Jamalul-lail Ab Manan
Advanced Analysis and Modelling
Cluster, MIMOS Berhad,
Technology Park Malaysia,
Kuala Lumpur, Malaysia

jamalul.lail@mimos.my



AbstractAd hoc On Demand Vector (AODV) is a reactive
routing protocol in Mobile Ad hoc Network (MANET). Although
the protocol has been around for quite some time, but there are
still security issues which make it vulnerable to attacks such as
black hole attack which subsequently affecting its performance
adversely. There have been several previous works done to
mitigate this problem but most of the proposed methods incur
overhead to the existing protocol. Most of MANET devices are
resource constraint and therefore a light solution is highly and
preferably needed. For this reason, in this paper we propose a
method called EAODV (Enhance AODV) based on our previous
work called ERDA. Similar to ERDA it does not introduce any
overhead and moreover, it does not change the existing protocol
scheme. The new proposed method is able to enhance ERDA by
introducing one extra parameter, which checks for control
message from destination node. In simulation, EAODV has
shown outstanding results as compared to ERDA besides
significant improvement to the network performance as
compared to the normal AODV protocol.
Keywords-Black hole; AODV; MANET; EAODV; RREP
message
I. INTRODUCTION
Mobile ad hoc network (MANET) can be formed without
requiring any fix infrastructure to be established such as
wireless access point or radio based-station. It may consist of a
group of mobile devices connected using wireless link.
MANET is a dynamic network where the topology will
change rapidly due to devices or nodes in the network
randomly changing their position, as well as joining and/or
leaving the network. Moreover, it uses ether to propagate the
message which can also be heard by adversaries. Other
challenges in MANET include resource constraint in its node
especially battery lifetime and memory usage. Since MANET
is formed in ad hoc manner, not all nodes are in a same
communication range. Thus cooperation amongst the nodes to
establish the communication link is vital. Through cooperation
in the network, the communication link is established through
a multi-hop network which requires every node to act as a
router as well as a normal host. As router, the node will find
the optimum path and manage the data delivery with the help
of routing protocol scheme. There are various types of routing
protocol for various types of network.
In this paper we focus on Ad hoc On-demand Distance
Vector (AODV) protocol [1] which is one of the reactive ad
hoc routing protocols [2] in MANET. AODV is an attractive
protocol to most researchers because of its ability to adapt
effectively in dynamic network environment like MANET.
Moreover, the overhead in AODV control message is low.
However, AODV has a drawback in security where it was not
designed with enough protection mechanism [4]. Thus, this
protocol is susceptible to various attacks e.g. black hole, worm
hole, jelly fish, etc.
Black hole is one of many attacks that take place in
MANET which is one of the most common attacks made
against the AODV routing protocol. The black hole attack
creates big impact on AODV-based MANET by attacking the
routing protocol control message to disrupt the network
performance. In this attack, malicious nodes create the black
hole by advertising a fake shortest and freshest route to the
destination node through manipulating the AODV control
message [3] to create attention for other nodes to send their
data through its node.
AODV works based on destination sequence number and
hop count attribute to determine the freshness and shortest
route information path. These attributes work effectively
during non-attack. However, during the network is under
attack, these two attributes are not sufficient to prevent or
reduce the effect of the attack. It is due to the existing
mechanism in AODV routing update does not have security
method and thus, gives opportunity for attackers to a
manipulation. The manipulation will affect the routing path
where genuine routing information from benign nodes will be
denied from updating the routing table.
Review of previous works has shown that most previous
methods focused on hiding or verifying processes to curb the
black hole attack. In fact, the process to perform hiding or
verifying process will consume lots of resources. Since
resources in mobile devices are limited, high processing
overhead will give adverse effect to overall network
performance including power usage. The main idea behind our
proposed solution is to introduce a new method called
EAODV (Enhanced AODV) which require less processing
overhead to mitigate the attack. This method is an
enhancement of our previous work called ERDA [19].
EAODV will do mitigation of the black hole effect by giving
151 978-1-4577-2155-7/11/$26.00 c 2011 IEEE
more control to the routing update process. In the next section,
we will present how the routing update mechanism is further
refined to make the performance better. The assumptions are
same as ERDA where the destination node is reachable by
route request and normal black hole has high destination
sequence number in route reply message.
This paper is organized as follows. Section II provides an
overview of the AODV route discovery process and a
description of a black hole attack. Section III discusses past
works. Section IV presents the EAODV method. Section V
discusses simulation results and lastly, conclusion and future
works are presented in Section VI.
II. AD HOC ON-DEMAND DISTANCE VECTOR
The AODV is categorised as a dynamic reactive routing
protocol [5]. In a reactive routing protocol, route will be
established based on demand (upon request by source node).
The process to discover routing path to destination node is
illustrated in Figure 1. In AODV route discovery, there are
two important control messages namely Route Request
(RREQ) and Route Reply (RREP). Both control messages
carry an important attribute called destination sequence
number and has an incremental value to determine freshness
of a particular route.
A. Route Discovery Process
In this illustration, source node S will broadcast control
packets, RREQ message to its neighbours A, B and C in order
to find the best possible path to destination node D. Upon
receiving RREQ message, the received node either:
a) reply to the source node with a RREP message if
received node is the destination node or an intermediate
node with a fresh enough route information to the
destination, or
b) update the routing table entry which will be used in
the reverse path and rebroadcasting of RREQ message until
destination node or intermediate node with fresh enough
route is reached .

An intermediate node is believed to have a fresh enough
routes to destination node if destination sequence number in
its routing table is greater than or equal (with less hop count)
to destination sequence number in RREQ message.













Figure 1. AODV route discovery process.
As mentioned in section II A., for part a) above, upon
receiving RREQ message from node A, destination node D
will reply with RREP message to node S by forwarding the
message to node A. In turn, node A will forward the message
to source node S. Once source node S receives RREP
message, it will process the message by calling AODV
recvReply() function. This function will update the route entry
for destination D if either one of this condition is met.
a) The destination sequence number in routing table is
less than destination sequence in RREP message or
b) The destination sequence number in routing table is
equal with destination sequence number in RREQ message but
with hop count is less than the one in routing table.
In case where node S receives multiple RREP messages,
this function will select the RREP message with the highest
destination sequence number value.
B. Black Hole Attack
A Black hole attack is a denial of service attack [6] where
a malicious node can falsely claims it has fresh enough route
information to the destination. It works by attacking control
message sent during route discovery process whereby a forged
RREP message is sent out to catch the attention of other
nodes. Deceivingly, the malicious node will claim that it has
the fresh enough route information to the destination. If the
other nodes fall into this trap, they will send their data packets
through the malicious node and hence it will give big impact
to the network performance if subsequent packets are dropped
or modified.

III. RELATED WORKS ON BLACK HOLE ATTACK SOLUTION
A lot of attention is given by researchers to find a method
to overcome black hole problems in AODV. One example is by
S. Jain [7] which use a technique based on sending data equally
but in small blocked size and the message is monitored
independently at neighborhood. Another example is the work
done by A. Baadache [8] which proposed a method based on
Merkle tree which requires hashing technique to detect
malicious node. E.A Mary [9] proposed certificate based
authentication to counter the effect of black hole attack. S.
Deswal [10] worked on SAODV by using password security
for each routing node and updates the routing table timeliness.
Another example is work done by Kimaya [11] which
proposed a standalone protocol using cryptographic public-key
certificates in order to achieve security goals called ARAN
(Authenticated Routing for Ad hoc Networks). S. Lee in [12]
used the method which requires the intermediate node to send
Route Confirmation Request (CREQ) to the next hop towards
the destination.
We observed that all the above proposed methods require
additional processing to hide information of the node by using
cryptographic technique. The above techniques inevitably
introduce overhead although the network while still not under
attack which will affect the performance during route discovery
process.

RREQ
RREP
Seqno = Dest. Seq. Number

S = Source Node
D = Destination Node
A,B,C = Intermediate Node
Seqno=8
S
A
8
C
D
Seqno=7
Seqno=7
Seqno=8
Seqno=7
Seqno=7
152 2011 7th International Conference on Information Assurance and Security (IAS)
In a related research, Stamouli [13] proposed the
architecture for Real-Time Intrusion Detection for Ad hoc
Networks (RIDAN). The real time detection process relies on a
state-based misuse detection system to verify the node and
requires extra control messages. As a result, each node would
require extra processing power and sensing capabilities. M.A.
Shurman [14] in his work has proposed for the source node to
verify the authenticity of the node that initiates the RREP
messages by finding more than one route to the destination, so
that it can recognize the safe route to the destination. This
method can potentially cause routing delay, since a node has to
wait for a RREP packet to arrive from more than two nodes.
Dokurer [15] has proposed a solution based on ignoring the
first established route. His assumption is based on the fact that
the first RREP message that arrived at a node normally would
come from a malicious node. Unfortunately, this method does
not cater for cases if the second RREP message received at a
source node may also come from malicious node. This method
also does not address isolation of malicious nodes in the
network.
In a related work proposed by N.R. Payal [16], the method
checks the RREP destination sequence number against a
threshold value which is dynamically updated [17] at every
time interval. If the value is higher than the threshold, the
RREP is suspected to be malicious. This method introduces
ALARM packet to be sent to the neighbouring nodes which
contains the black list (malicious) nodes as a parameter. This
can introduce an overhead because of time needed in updating
threshold value at every time interval along with the generation
of ALARM packet will considerably increase the routing
overhead. N.H. Mistry in [18] has proposed for the source node
to verify the RREP destination sequence number by analyzing
the RREP messages using the heuristic method which is
collected within the predefined waiting period. If the sequence
number is found to be exceptionally high, the sender of the
respective RREP will be marked as malicious node. The major
issue in this method is the latency time during the route
discovery process since the source node has to wait until the
waiting time period expires before the routing table can be
updated. In the event where there is no attack in the network,
the node will suffer from the waiting latency time.
IV. IMPROVEMENT MITIGATION METHOD FOR BLACK HOLE
ATTACK
The EAODV is an improvement to AODV routing
protocol based on our previous work, ERDA [19]. The
elements which have been introduced in ERDA previously are
maintained. In EAODV, we revise the logic and parameter
involved. The rt_upd parameter is maintained but with logic
AND. We introduce a new condition parameter for checking
the RREP packet for better filtering mechanism. The pseudo
code given in Figure 2 lines 12 to 14 show where the
modification is made in recvReply() function.
The EAODV works like previous ERDA method except
that the process of accepting RREP messages for routing
update is controlled by rt_upd. If rt_upd is false, no more
RREP will be accepted as contrast to ERDA method. By
limiting the access, this method prevents other malicious
RREP from entering and updating the route table.
When route request (RREQ) message is sent out by the
source node S as described in Figure 3 to find a new route to
the destination node D, all nodes which have new route
information will respond to the request as shown in Figure
3(a). Node S will capture information of RREP messages
received into rrep_tab table as shown in Figure 3(b) which
consists of node_id and destination sequence number. Since
the malicious node M1 is the first node to respond, node S
routing table is updated with route information from node M
as depicted in Figure 3(c). Since the value of parameter
rt_upd is true, node S does not stop from accepting the next
RREP messages. Upon receiving RREP message from node D
via node A, rt_upd turns to false. Node S updates its routing
table with new route information although the destination
sequence number is lower than the one in the routing table. As
a result, the current route entry in routing table is overwritten
by the later route information coming from node A as shown
in Figure 3(d). When RREP from M2 arrives later at node S,
the message is rejected because rt_upd is already in false
state. Any RREP message that comes after will be ignored
until the process of isolating malicious node is completed.
Thus it suppresses the malicious RREP from entering routing
table. Process to isolate malicious nodes from the network in
EAODV is similar to ERDA method. EAODV method offers
no overhead and effective solution to mitigate the effect of
black hole attack by controlling the routing update process and
suppressing the false route entry.



Figure 2. Pseudo code for EAODV recvReply() function


Enhance AODV
1 RecvReply(Packet P) {
2 save P.srcIP and P.dst_seqno to rrep_tab
3 if (rt_upd is false) {
4 detect malicious node and save in mali_list
5 flush rrep_tab
6 set rt_upd to true
7 }
8 if (P.srcIP in mali_list) {drop packet P; return}
9 if (P.dstIP not in RT routing table entry) {
10 add P.dstIP to RT entry
11 }
12 select dst_seqno from RT
13 if (rt_upd and ((P is from destination node) or
14 (P.dst_seqno > RT.dst_seqno) or
15 (P.dst_seqno=RT.dst_seqno and P.hops < RT.hops)) {
16 if (P is from destination node)
17 set rt_upd to false
18 update RT entry with P
19 send out data packets in buffer
20 } else if (routing is UP for P {
21 forward packet P
22 else discards P


2011 7th International Conference on Information Assurance and Security (IAS) 153
Figure 3. Route Discovery in the EAO

V. EVALUATION METHO
A. Simulation Environment
A simulation model was developed using N
where the evaluation was done by analyzing
results of three conditions below,
1) using normal AODV protocol
2) using AODV protocol with ERDA met
3) using AODV protocol with EAODV m

We simulated the black hole attack scenario
network topologies. The simulation mod
observe the effect of network performance i
of CBR connections with different numbe
results of performance using Normal AOD
ERDA method and AODV with EAOD
analysed. Packet Delivery Ratio (PDR)
evaluation metric to measure the perfo
simulation parameters were summarized in
to ensure consistency and uniformity in th
same connection pattern was used throughou

TABLE I. SIMULATION PARAM
Parameter Val
Simulator NS-2 version 2
Simulation Time 100s
Number of nodes 10 to 80
Routing Protocol AODV
Traffic Model CBR
Pause time 5 s
Mobility Up to 3 m/s
Terrain 800 x 800m
Transmission Range 250m
Malicious nodes 1 - 3

VI. SIMULATION RESULTS AND A
The preliminary results in column 1 F
4(c) and 4(d) show the PDR performance









(b) (c)
M1
S B
A
C
E
Seq
Seq 429210001
Seq 429210000
Seq 7
Seq 7
Seq 8
Seq 8
Seq 7
Seq 7
RREQ
RREP
DATA
Node S rrep tab Table entry
Node S Routing

ODV
D
S-2 (version 2.34)
g the performance
thod
method
o in five different
del was setup to
in various number
er of attacks. The
DV, AODV with
DV method were
was used as an
ormance. Overall
Table 1. In order
he simulation, the
ut all experiments.
METERS
lue
2.34
ANALYSIS
Figures 4(a), 4(b),
when there is no
attack in the network. The p
AODV, with ERDA and wit
various numbers of CBR co
These results imply that, AOD
not affect normal AODV prot
time. In contrast, when the n
performance under normal A
compared to AODV with ERD
that ERDA and EAODV are
improvement to AODV protoco
hole attack in MANET.
In comparing, ERDA and EA
that EAODV is considerabl
method. By varying the CBR
malicious nodes in the experim
consistently shows better resu
depicted in Figure 4(a), (b), (c)

Figure 4(a). PDR performa
Figure 4(b). PDR performa

D
k

M
C8k C

D
k

M
C8k C

(d)
D

M2
q 429210001
Seq 7
Seq 7
g Table entry
performance results on normal
th EAODV are comparable in
onnection and malicious node.
V with ERDA or EAODV does
tocol scheme during non-attack
network was under attack, the
AODV dropped drastically as
DA or EAODV. This indicates
e able to provide a significant
ol to mitigate the effect of black
ODV method, the results show
ly better results than ERDA
R connections and number of
ments, the EOADV performance
ults as compared to ERDA as
) and (d).

ance using 1 CBR connection


ance using 2 CBR connections

E Ks
KsKs
KsZ

E Ks
KsKs
KsZ
154 2011 7th International Conference on Information Assurance and Security (IAS)

Figure 4(c). PDR performance using 3 CBR connections


Figure 4(d). PDR performance using 4 CBR connections

VII. CONCLUSIONS AND FUTURE WORK
In our previous work ERDA has provided a significant
improvement to AODV routing protocol to mitigate the black
hole attack. In this paper, we proposed another method which
enhances the ERDA method and give better performance
called EAODV.
We have shown that the new proposed method is able to
enhance AODV protocol by controlling the routing update
with extra parameter to check and accept reply control
message RREP from destination node. Results from
simulation show that AODV with EAODV method gave
comparatively better performances as compared to AODV
with ERDA method. As future work, we intend to perform
more simulation tests on the EAODV method.

ACKNOWLEDGEMENT
The authors would like to thank Universiti Teknologi
MARA for funding this research under the Excellence Fund
Grant.



REFERENCES
[1] Perkin C.E., Royer, E.M., Ad-hoc on demand distance vector routing
in Proceedings of 2nd IEEE Workshop on Mobile Computer Systems
and Applications, New Orleans, 1999.
[2] M. Abolhasan, T. Wysocki, E. Dutkiewicz,A review of routing
protocols for mobile ad hoc networks, Elsevier 2004.
[3] R.A Mahmood, A.I Khan, A Survey on Detecting Black Hole Attack in
AODV-based Mobile Ad Hoc Networks, International Symposium on
High Capacity Optical Networks and Enabling Technologies, 2007.
[4] Charles E. Perkin, Ad hoc On Demand Distance Vector (AODV)
Routing. Internet draft, draft-ietf-manetaodv-02.txt, November 1988.
[5] V. Kumar,Simulation and Comparison of AODV and DSR Routing
Protocols in MANETs, Master Thesis, 2009.
[6] F. Xing, W. Wang, Understanding Dynamic Denial of Service Attacks
in Mobile Ad hoc Networks, IEEE Military Communication conference
(MILCOM) 2006.
[7] Shalini Jain, Mohit Jain, Himanshu Kandwal, Algorithm for Detection
and Prevention of Cooperative Black and Gray Hole Attacks in Mobile
Ad Hoc Networks, International Journal of Computer Applications
Volume 1 (2010)
[8] Abderrahmane Baadache, Ali Belmehdi, Avoiding Black hole and
Cooperative Black hole Attacks in Wireless Ad hoc Networks (IJCSIS)
International Journal of Computer Science and Information Security,
Vol. 7, No. 1, 2010
[9] E. A .Mary Anita, V. Vasudevan, Black Hole Attack Prevention in
Multicast Routing Protocols for Mobile Ad hoc networks using
Certificate Chaining, International Journal of Computer Applications
(0975 8887) Volume 1 No. 12 (2010)
[10] Suman Deswal and Sukhbir Singh, Implementation of Routing Security
Aspects in AODV, International Journal of Computer Theory and
Engineering, Vol. 2, No. 1 February, 2010
[11] Kimaya Sanzgiti, Bridget Dahill, Brian Neil Levine, Clay shields,
Elizabeth M, Belding-Royer, A secure Routing Protocol for Ad hoc
networks In Proceedings of the 10th EEE International Conference on
Network Protocols (ICNP 02), 2002
[12] S. Lee, B. Han, and M. Shin, Robust routing in wireless ad hoc
networks, in ICPP Workshops, pp. 73, 2002.
[13] Ioanna Stamouli, Real-time Intrusion Detection for Ad hoc Networks
Masters thesis, University of Dublin, Septermber 2003.
[14] M. A. Shurman, S. M. Yoo, and S. Park, Black hole attack in wireless
ad hoc networks, in ACM 42nd Southeast Conference (ACMSE04),
pp. 96-97, Apr. 2004.
[15] Dokurer, Semih.Simulation of Black hole attack in wireless Ad-hoc
networks. Master's thesis, AtlmUniversity, September 2006.
[16] Payal N. Raj, Prashant B. Swadas. DPRAODV: A Dynamic Learning
System Against Blackhole Attack In Aodv Based Manet, International
Journal of Computer Science Issues, Vol. 2,pp 54-59,2009.
[17] Satoshi Kurosawa, Hidehisa Nakayama, Nei Kat, Abbas Jamalipour,
and Yoshiaki Nemoto, Detecting Blackhole Attack on AODV-based
Mobile Ad Hoc Networks by Dynamic Learning Method, International
Journal of Network Security, Vol.5, No.3, P.P 338-346, Nov. 2007.
[18] N. H. Mistry, D. C. Jinwala and M. A. Zaveri, MOSAODV: Solution to
Secure AODV against Blackhole Attack , (IJCNS) International
Journal of Computer and Network Security, Vol. 1, No. 3, December
2009.
[19] Kamarularifin Abd. Jalil, Zaid Ahmad2, and Jamalul-Lail Ab Manan,
An Enhanced Route Discovery Mechanism for AODV Routing
Protocol , ICSECS 2011, Part III, CCIS 181, pp. 408418, Springer-
Verlag Berlin Heidelberg 2011.

D
k

M
C8k C
E Ks
KsKs
KsZ

D
k

M
C8k C
E Ks
KsKs
KsZ
2011 7th International Conference on Information Assurance and Security (IAS) 155