Analyzing, quantifying, and detecting the blackhole attack in infrastructure-less networks

The blackhole attack is one of the simplest yet effective attacks that target the AODV protocol. Blackhole attackers exploit AODV parameters in order to win route requests, and thus, attract traffic, which they subsequently capture and drop. However, the first part of the attack is often neglected in present literature, while the majority of attempts in detection focus only on the second part of the attack (i.e., packet drop). This paper provides a comprehensive analysis of the blackhole attack, focusing not only on the effects of the attack, but also on the exploitation of the route discovery process. As a result, a new critical attack parameter is identified (i.e., blackhole intensity), which quantifies the relation between AODV's sequence number parameter and the performance of blackhole attacks. In addition, a novel blackhole detection mechanism is also proposed. This mechanism utilizes a dynamic threshold cumulative sum (CUSUM) test in order to detect abrupt changes in the normal behavior of AODV's sequence number parameter. A key advantage of the proposed mechanism is its ability to accurately detect blackhole attacks with a minimal rate of false positives, even if the malicious node selectively drops packets.

[1]  V. Sankaranarayanan,et al.  Prevention of Co-operative Black Hole Attack in MANET , 2008, J. Networks.

[2]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[3]  P. Veeraraghavan,et al.  Trust in mobile Ad Hoc Networks , 2007, 2007 IEEE International Conference on Telecommunications and Malaysia International Conference on Communications.

[4]  Jadwiga Indulska,et al.  Evaluation of multi-radio extensions to AODV for wireless mesh networks , 2006, MobiWac '06.

[5]  Nei Kato,et al.  A survey of routing attacks in mobile ad hoc networks , 2007, IEEE Wireless Communications.

[6]  Patrick P. C. Lee,et al.  On the detection of signaling DoS attacks on 3G/WiMax wireless networks , 2009, Comput. Networks.

[7]  Patrick P. C. Lee,et al.  On the Detection of Signaling DoS Attacks on 3G Wireless Networks , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[8]  Carles Gomez,et al.  Adapting AODV for IEEE 802.15.4 mesh sensor networks: theoretical discussion and performance evaluation in a real environment , 2006, 2006 International Symposium on a World of Wireless, Mobile and Multimedia Networks(WoWMoM'06).

[9]  Elizabeth M. Belding-Royer,et al.  AODV routing protocol implementation design , 2004, 24th International Conference on Distributed Computing Systems Workshops, 2004. Proceedings..

[10]  Mihaela Cardei,et al.  A Survey of Attacks and Countermeasures in Mobile Ad Hoc Networks , 2007 .

[11]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[12]  S. Sharma,et al.  Simulation Study Of Blackhole Attack in the Mobile Ad hoc Networks ” , 2008 .

[13]  Chang-Wu Yu,et al.  A Distributed and Cooperative Black Hole Node Detection and Elimination Mechanism for Ad Hoc Networks , 2007, PAKDD Workshops.

[14]  Bu-Sung Lee,et al.  Cross-Layer Detection of Sinking Behavior in Wireless Ad Hoc Networks Using SVM and FDA , 2011, IEEE Transactions on Dependable and Secure Computing.

[15]  Christos Xenakis,et al.  A comparative evaluation of intrusion detection architectures for mobile ad hoc networks , 2011, Comput. Secur..

[16]  Prinima Gupta,et al.  Design Strategies for AODV Implementation in Linux , 2010 .

[17]  Jagpreet Singh,et al.  Performance Analysis of MANET under Blackhole Attack , 2009, 2009 First International Conference on Networks & Communications.

[18]  Isaac Woungang,et al.  GAODV: A Modified AODV Against Single and Collaborative Black Hole Attacks in MANETs , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[19]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[20]  B. Brodsky,et al.  Nonparametric Methods in Change Point Problems , 1993 .

[21]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[22]  Gurleen Kaur,et al.  Performance Analysis of AODV using HTTP trafficunder Black Hole Attackin MANET , 2012 .

[23]  Jörg Ott,et al.  Integrating DTN and MANET routing , 2006, CHANTS '06.

[24]  Prashant B. Swadas,et al.  Dpraodv: A Dyanamic Learning System Against Blackhole Attack in Aodv Based Manet , 2009, ArXiv.

[25]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, GLOBECOM.

[26]  Ming-Yang Su,et al.  Prevention of selective black hole attacks on mobile ad hoc networks through intrusion detection systems , 2011, Comput. Commun..

[27]  Christos Xenakis,et al.  A specification-based intrusion detection engine for infrastructure-less networks , 2014, Comput. Commun..

[28]  Jörg Ott,et al.  Adaptive routing in mobile opportunistic networks , 2010, MSWIM '10.