Discovery, Volume 15, Number 42, April 10, 2014
Security Attacks and Detection Techniques for MANET
T. Prasanna Venkatesan
PG Scholar
Information Technology
Anna University
Coimbatore, India
prasannait91@gmail.com
Mobile Ad hoc NETworks (MANET) have the incredible
growth in modern years. Mobile ad hoc networks are fast
popularity because of availability of low cost mobile devices
and its ability to provide instant wireless networking
capabilities. MANET is a dynamic network and there is no
permanent structure and also no central administration. For
these kind of networks, protection is the most essential
service to provide protection and prevent malicious attacks
occurring in the mobile nodes. The character and
configuration of MANET makes it gorgeous to various types
of attackers and do some unnecessary activities with the
mobile nodes. In this proposed work we are discussed about
various types of attacks and in particularly with active attacks
which are occurring in the network layer of the Mobile ad
hoc networks.
Key words
Attacks, Detection, MANET, Network layer.
out of the radio range means that the communication and the
transmission of packets are made by the cooperation of the
intermediate mobile nods throughout the entire network.
[14].The network topology of the MANET may change
rapidly, dynamically and unpredictably based on the own
parameters. There are many network actions are performed by
the mobile nodes in MANET they are [13] authentication,
routing, packet discovery, packet transmission, packet
forwarding, network management, discovering topology,
delivery of packets. The MANET having the characteristics of
open distributed medium, wide distribution of nodes in the
network with the changing (dynamic) topology and there is no
requirement of centralized monitoring or administration [16].
These characteristics make the MANET vulnerable to
attackers. The security is one of the most important issues in
the MANET. Many researchers have worked in the field of
attacks in MANET [10], [11]. In the next section the various
types of attacks in the MANET at the network layer is
concentrated.
1. INTRODUCTION
2. MANET ATTACKS
In recent days wireless ad hoc network technology emerges as
one of the most valuable technology because of its flexible
nature [16]. In specific the MANET is a Mobile Ad hoc
NETwork with self organizing network of mobile nodes
which is well suited for many kind of applications such as
military operations and communication, disaster management
(relief), mining activities, multimedia data transmission,
instance conference between pc users, pollution monitoring,
vehicular networks, robust data acquisition and to work in the
dangerous situations [13], [14], [15]. Despite of these
applications, mobile nodes in the MANET have their own
merits such as, small storage requirement, utilization of low
bandwidth, low error rate in packet transmission, limited
battery power usage, easy and quick deployment, no planning
required (created at the time it is needed), no need of
infrastructure, no need of central controlling [13]. MANET
contains the collection of mobile nodes with each of these
nodes having their movement throughout the network. The
communication between these mobile nodes is via the wireless
links by directly or intermediate nodes and there is no fixed
infrastructure because of their mobility. In MANET each node
acts as a host as well as router for other nodes in network for
transmission of data packets. Each of these nodes in the
MANET is equipped with the wireless transmitter and the
receiver for the communication and data transmission between
the nodes [11]. All of these mobile nodes are free to move in
the
whole
network
randomly and
create self
configuring/monitoring network without any centralized
control. The Mobile Ad hoc NETwork is the complex
distributed system with dynamic wireless mobile nodes [16].
The mobile nodes within the radio coverage range can
communicate directly with each other. If the mobile nodes are
In this section it is discussed about various types of passive
attacks and active attacks occurring in the network layer as
shown in Fig. 1. The security issue in MANET is to protect
network layer from the malicious attackers [19]. It is required
to protect routing as well as data forwarding operations. First it
is detailed about the passive attacks.
Udhayakumar K, Prasanna Venkatesan T, Ramkumar R.
Security Attacks and Detection Techniques for MANET,
Discovery, 2014, 15(42), 89-93,
http://www.discovery.org.in/d.htm
2.1 Passive Attacks
A passive attack does not disrupt proper operation of the
mobile nodes in the network. The attacker snoops the data
exchanged in the network without altering it [19]. Fig. 2,
shows the example of passive attack, where node 5
monitors/reads the data flow between the source and
destination.
Fig. 1.
Types of attacks.
This passive attack may be any of attack that is listed in the
Fig. 1, Detection of passive attacks is very difficult since the
www.discovery.org.in
© 2014 Discovery Publication. All Rights Reserved
89
ABSTRACT
R. Ramkumar
PG Scholar
Software Engineering
Anna University
Coimbatore, India
kkrram88@gmail.com
Page
K. Udhayakumar
PG Scholar
Mainframe Technology
Anna University
Coimbatore, India
apceudhay@gmail.com
Discovery, Volume 15, Number 42, April 10, 2014
operation of network itself does not get affected. One
technique of avoiding such problems is to use powerful
encryption mechanisms. Fig 1 demonstrates different types of
attacks in MANET.
files or system information. Wiretapping is a form of
snooping in which a network is monitored [17].
2.1.3 Masquerading or Spoofing
Masquerading or spoofing, is an impersonation of one entity
by another, is a type of together deception and usurpation. It
attracts a sufferer into believing that the entity with which it is
communicating is a different entity [17].
2.1.4
Modification or Alteration
Modification or alteration is an unauthorized change of
information. The goal may be deception, in which some entity
relies on the modified data to determine which action to take,
or in which wrong information is acknowledged as correct
and is released [17].
Fig. 2.
Passive attacks
2.2
2.1.1 Eavesdropping
Eavesdropping is the intercepting and reading of messages
and conversations by unintended receivers [10]. A message
sent by a node can be heard by every device equipped with a
transceiver within the radio range, and if no encryption is used
then the attacker can get useful information [19]. The main
aim of such attacks is to obtain the confidential information
that should be kept secret during the communication [18].
2.1.2 Snooping
Snooping, the unauthorized interception of information is a
form of disclosure. It is suggesting simply that some entity is
listening to (or reading) communications or browsing through
Active Attacks
Active attacks are very severe attacks on the network that
prevent message flow between the nodes. In active attacks,
intruders launch intrusive activities such as modifying,
injecting, forging, fabricating or dropping data of packets,
resulting in various disruptions to the existing network [18],
[19]. It can bring down the entire network or degrade
performance significantly. The Fig. 1, shows the active attacks
in the network layer of MANET [1] - [9], [12]. In line to this
many researchers had concentrated in this network layer
attacks which is shown in Table I. The recent development
and detection mechanism of blackhole, wormhole, and
rushing attacks are briefed in the following subsequent
sections of this paper.
Table 1.Network layer attacks and detection mechanisms
X.Y.
Zhang et
al and
P. Yi et al
C. Wei el
al
Blackhole
attack
type Routing
protocol
(area)
No forwarding of AODV,
packets
DSR, SAR
Grayhole
Attack
Selectively
packet
S.Capkun
et al
Wormhole
attack
Man in the middle
attack
drops
P.Papadim Rushing attack
itratos and
Z.J.Haas
Duplicate
suppression
operation
Aad et al
Delaying the data
packet
transmission
Creates
routing
loop
Bing
et al
Jellyfish attack
Wu Byzantine
attack
J. Sen et al
Packet
dropping
attack
Hoang Lan Neighbor
Nguyen et attack
al[11]
Dropping
packets
Disrupted route
Udhayakumar K, Prasanna Venkatesan T, Ramkumar R.
Security Attacks and Detection Techniques for MANET,
Discovery, 2014, 15(42), 89-93,
http://www.discovery.org.in/d.htm
of
of
Description of attack
Malicious node receives
RREQ & send forged (fake)
RREP with high sequence
no(fresh route)
AODV
Drops packets based on
certain conditions or by
triggering
AODV
Two
geographically
estranged adversaries create
subway it can drop
Route
Quickly
forwarding
discovery
counterfeit route path and
counterfeit discovery of
route
Routing
It receives the packet but
does
not
unexpectedly
transmit the packets
Routing
Routing of packets on non
best possible routes or
forming the loop
DSR, AODV Selfish
nodes
or
compromised nodes drops
all packets that they receive
Route
Showing two nodes are
discovery
neighbors but actually those
are not neighbor; from
different networks
Detection
Mechanism
1.SAR
2.DPRAODV
3.CORE
DCA-update key management
SECTOR mechanism
SMT-secure end to end data
forwarding
SCAN-secure packet delivary
Secure routing algorithm
PDA:
Point
Algorithm
Detection
SAR: secure aware routing
www.discovery.org.in
© 2014 Discovery Publication. All Rights Reserved
90
Name of the Attack
attack
(function)
Page
Author
name
Discovery, Volume 15, Number 42, April 10, 2014
DDOS attack
Authentication
security
Attacker try to prevent CONFIDENT: cooperation of
genuine & authorized user
nodes
Resource
depletion
Replicates
the Routing
actual packets
Sinkhole
attack
Disturbing
communication
It confuses the routing SMT:
secure
message
process by producing the transmission
replica packets
It declare itself as shortest SAR: secure aware routing
path to destination ,change
data
2.2.1 Blackhole Attack:
2.2.2 Wormhole Attack:
MANET uses a reactive routing protocol such as Ad hoc On
demand Distance Vector (AODV), Dynamic Source Routing
(DSR), and Secure Aware routing (SAR) for the routing of the
data packets. When the AODV routing protocol is used to
discover the routes it works based on two types packets [18]
such as Route REQest (RREQ) packet and Route REPly
(RREP) packet. The source node sends the RREQ packets to
all other nodes to find the shortest route between the source
and the destination in the network. The malicious node
receives the RREQ packet and claim that it is having the
shortest route or optimum path to the node it wanted to
actually transmit (destination). The malicious node sends the
response by using the RREP packet that is having the shortest
(fresh) route for the destination from the source [19]. It is the
fake RREP with extremely short route.
The colluding nodes creates an illusion [8] that two
geographically separated (remote) nodes are directly
connected and appears that the nodes as neighbors. But
actually they are distinct from each other. The aim of the
wormhole attack is to create the man in the middle attack and
dropping the packets.
Fig. 4.
Fig. 3.
Blackhole Attack
Upon sending the fake RREP packet to the source node, the
malicious node can able to place itself in the communicating
network. It means that the transmitting packets are should be
passed only by this malicious node only [4]. After sending the
RREP packet, the malicious node receives the data packets
from the source and does not forwards to the neighbor nodes
or simply drops the packets that they received without sending
to the destination node as shown in the Fig. 3.The Fig. 3,
shows that the source node S sends the RREQ packet to all
other nodes [0, 1, 2, 3, 4, 5, 6, 7] in network to find the
shortest route to the destination for the data packet
transmission. Then the malicious node 2 sends the fake RREP
with the shortest route [S, 5, 2, D]. And the other actual routes
for reaching the destination are [S, 5, 1, D], [S, 3, 4, D] and
[S, 1, 0, 6]. Whenever the source node receives the RREP by
node 2 it concludes that this is the shortest valid route sends
the packet to this route. Then the node 2 does not forward to
the nodes or simply drops the packets that they receive.
Udhayakumar K, Prasanna Venkatesan T, Ramkumar R.
Security Attacks and Detection Techniques for MANET,
Discovery, 2014, 15(42), 89-93,
http://www.discovery.org.in/d.htm
Wormhole Attack.
The malicious node receives data packets at one node and
tunnels them to another malicious node as shown in the Fig. 4,
this tunnel is called as wormhole. It makes the node as
attractive and so that more packets are routed through these
nodes. This type of attack prevents the discovery of any actual
routes. In the Fig. 4, the malicious node(x, y) connects two
distinct points in the space via the shortcut (A, B) route. It will
disrupt the routing by short circuiting the network. This
wormhole link becomes the lowest cost of path to the
destination. Therefore these nodes are included for the
transmission to the destination.
2.2.3 Rushing Attack
In AODV routing protocol, when source nodes flood the
network with route discovery packets (RREQ, RREP) in order
to find routes to the destinations, every in-between node
process only the first non replica packet and throw-outs any
replica packets that arrive at a later time. A rushing attacker
utilize this replica repression mechanism by quickly
forwarding route discovery packets with a malicious RREP on
behalf of some other node skipping any proper processing in
order to gain access to the forwarding group [11]. In rushing
attack, an intruder will “rush” (transmit early) the RREQ
packet to suppress any later legitimate RREQs as shown in the
Fig. 5. The source node S broadcasts a RREQ for node 3 and
node 2. Now, on hearing the RREQ, the malicious node 3
www.discovery.org.in
© 2014 Discovery Publication. All Rights Reserved
91
Routing
Page
S.
Buchegger
[12] [7]
P.
Papadimitr
atos et
D. Sheela
et al
Discovery, Volume 15, Number 42, April 10, 2014
rushes the RREQ to suppress the later legitimate RREQ. The
rushing may in the following ways [19]. Malicious node 3
ignores the request forwarding delay (this is a randomized
delay used by the routing protocol to avoid collision of
broadcast packets).
by altering the security metric to a higher or lower level
cannot cause serious damage because the legitimate
intermediate or destination node is supposed to drop the
packet, and the invader is not capable to decrypt the packet.
SAR offers a collection of cryptographic system, that includes
the mechanisms similar to digital signature and encryption,
which can be integrated on a need-to-use basis to prevent
modification. Another mechanism for the black hole detection
scheme [4] based on sequence number checking of the RREP
packets. Here it is considered a scenario where an
intermediate node is an attacker and suggested that, whenever
a node propels a RREP backside to a source node, the midway
node should also produce a request for a sequence number to
the destination node. The intention node reacts by sending a
packet enclosed with its sequence number to the source node.
The source node then checks the originality of the route by
comparing the sequence number of the RREP received from
the intermediary node with the sequence number reply packet
from the destination node.
3.2 Mechanisms for grayhole Attacks
Fig. 5.
Rushing Attack.
Malicious node 3 rushes the RREQ with a higher source
sequence number. This rushed RREQ from Malicious node 3
arrives first at node 6, and therefore node 6 will discard the
legitimate RREQ from node 1 when it arrives later via 1, as
shown in Fig. 5. Due to duplicate suppression, the actual valid
RREP message from valid node will be discarded and
consequently the attacking node becomes part of the route. In
rushing attack, attacker node, send packets to proper node
after its own filtering is done, so from outside the network, the
nodes behaves normally and nothing was happened. But it
might increase the delay in packet delivering to destination
node [20].In this section it is briefly detailed about the active
attacks on the network layer with the examples. These
researches on attack are concluded that the attacks degrade the
performance of the network as fit as data packet transmission.
In the next section it is discussed about development of the
detection mechanism by various researchers to defend against
the attacks.
For the greyhole detection scheme the DSR routing protocol
is used. This requires each node to produce evidence on
forwarding packets using an aggregated autograph algorithm.
Then a checkup mechanism detects whether packets have
been fallen or not. Finally, a source node uses a analytical
algorithm to trace the malicious node. The slight modification
of this scheme [2] is Distributed Certificate Authority (DCA)
to update key organization information, smooth the progress
of the detection process that uses the aggregate signature
algorithm. Another mechanism for greyhole detection in
AODV is requires all nodes to maintain their neighbor’s data
advancing information. After a convinced time, each node
checks any neighbor with whom it has not converse recently,
and commence the detection practice for that node. The
originator act upon a confined detection by checking the
number of Request To Send (RTS) and Clear To Send (CTS)
messages. If this node is found to be suspicious then it asks
other neighbors of the suspected node to check and finally it
makes a decision about the suspected node.
3.1 Mechanisms for blackhole Attacks
The security-aware ad hoc routing protocol (SAR) can be
used to defend against blackhole attack. The most of the
secure routing protocols are based on on-demand protocols,
such as AODV or DSR [4]. In SAR, a security metric is added
into the RREQ packet, and a diverse route detection method is
used. In-between nodes of the transmission receive an RREQ
packet with a particular security metric or belief level. At
intermediary nodes, if the security metric or belief level is
pleased, the node will route the RREQ packet, and it will
spread to its neighbors using controlled flooding. Otherwise,
the RREQ is dropped. To implement SAR [5], it is necessary
to bind the identity of a user with an associated trust level. To
prevent distinctiveness thievery, stronger access control
method such as authentication and authorization are required.
In SAR, a malicious node that interrupts the flow of packets
Udhayakumar K, Prasanna Venkatesan T, Ramkumar R.
Security Attacks and Detection Techniques for MANET,
Discovery, 2014, 15(42), 89-93,
http://www.discovery.org.in/d.htm
The major requirement in MANET is the security. So, it is
essential to design a security mechanism by which it can
minimize or completely remove many of those attacks. It is
evident that different security mechanisms are introduced in
order to prevent such network. Hence this paper addressed the
different network layer attacks and detection mechanism to
those attacks in MANET. In line to this, in order to provide
secure communication and transmission, many researchers
worked specifically on the security issues in MANETs.
However, history shows that attackers often find new ways to
attack and cause damage to computer systems and networks.
Therefore, it is considered that enabling a protection
mechanism to learn from experience and to use the existing
knowledge of attacks to infer and to detect new intrusive
activities in MANET is important criteria in network security.
An exclusive research has to be concentrated on development
and deployment of network security policies and to invent
security techniques, which will be established along with
direction-finding protocols in the networks with a dynamic
environment such as in MANETs. Therefore the protection
mechanisms need to be robust enough to protect themselves
and not introduce new vulnerabilities into the system.
www.discovery.org.in
© 2014 Discovery Publication. All Rights Reserved
Page
Many researchers had developed the detection mechanism for
different type of attacks in MANET specifically occurring in
the network layer. In line to this development, in this section
detection mechanism for blackhole and grayhole attacks are
briefly discussed.
92
4. CONCLUSION
3. DETECTION MECHANISMS
Discovery, Volume 15, Number 42, April 10, 2014
Udhayakumar K, Prasanna Venkatesan T, Ramkumar R.
Security Attacks and Detection Techniques for MANET,
Discovery, 2014, 15(42), 89-93,
http://www.discovery.org.in/d.htm
93
[1] P. Papadimitratos and Z.J. Haas, “Secure Message
Transmission in MANET”, Elsevier Journal of Ad Hoc
Networks, 2003.
[2] C. Wei, L. Xiang, B. Yuebin and G.Xiopeng, “A New
Solution for Resisting Grey Hole Attack in Mobile Ad
Hoc Networks”, Proc. IEEE Conf. on Communication
and Networking, 2007.
[3] J. Sen, M. Chandra, P. Balamurlidhar, S.G. Harihara
and H.Reddy, “A Distributed Protocol for Detection of
Packet Dropping Attack in Mobile Ad hoc Networks”,
Proc. IEEE Conference on Telecommunication, 2007.
[4] X. Y. Zhang, Y. Sekiya and Y. Wakahara, “Proposal of
a Method to Detect Black Hole Attack in MANETs”,
Proc. IEEE International Symposium on Autonomous
Decentralized System ISADS, 2009.
[5] S. Yi, P. Naldurg, and R. Kravets, “Security-Aware Adhoc Routing for Wireless Networks”, UIUC, 2002.
[6] S. Capkun, L. Buttyan, and J. Hubaux, “Sector: Secure
Tracking of Node Encounters in Multi-hop Wireless
Networks”, Proc. of the ACM Workshop on Security of
Ad Hoc and Sensor Networks, 2003.
[7] I. Aad, J.P. Hubaux and E.W. Knightly, “Denial of
service resilience in ad hoc networks”, Proceedings of
ACM MobiCom, Philadelphia, PA, USA 2004.
[8] E. A. Panaousis, L. Nazaryan and C. Politis, “Securing
AODV Against Wormhole Attacks in Emergency
MANET Multimedia Communications”, Sep. 7-9, 2009,
London, UK.
[9] O. F. Gonzalez, G. Ansa, M. Howarth and G. Pavlou,
“Detection and Accusation of Packet Forwarding
Misbehavior in Mobile Ad-Hoc networks”, Journal of
Int. Engg, 2:1, 2008.
[10] B. Wu, J. Chen and M. Cardei, “A survey on attacks,
countermeasures in MANET”, Springer, 2006.
[11] H. L. Nguyen and U. T. Nguyen, “A study of different
types of attacks on multicast in MANET”, Elsevier, Ad
Hoc Networks, 2008.
[12] S. Buchegger and J. L. Boudec, “Performance Analysis
of the CONFI-DANT Protocol”, Proc. of ACM Int.
Sym. on MANET and Computing, 2002.
[13] Y. Yoo And D. P. Agrawal, “Why Does It Pay To Be
Selfish In A Manet”, IEEE Wireless Communications,
Dec. 2006.
[14] V. V. Ramana, A. R. M. Reddy, and K. C. Sekaran,
“Bio Inspired Approach to Secure Routing in
MANETs”, Int. Journal of Artificial Intelligence &
Applications, Jul. 2012.
[15] Q. Guan, F. R. Yu, S. Jiang, and H. Mehrvar, “Topology
Control
In
MANET
With
Cooperative
Communications”, IEEE Wireless Commn., 2012.
[16] E. M. Shakshuki, N. Kang, and T. R. Sheltami,
“EAACK - A Secure IDS for MANETs”, IEEE Trans.
on Industrial Electronics, 2013.
[17] M. Bishop, “Computer Security: Art and Science”,
Addison Wesley, Nov. 2002.
[18] Gagandeep, Aashima and P. Kumar, “Analysis of
Different Security Attacks in MANETs on Protocol
Stack A-Review”, International Journal of Engineering
and Advanced Technology, 2012.
[19] A. Nadeem and M.P. Howarth, “A Survey of MANET
Intrusion Detection & Prevention Approaches for
Network Layer Attacks”,IEEE Communications
Surveys & Tutorials, 2013.
[20] Bhattacharyya, A. Banerjee and D. Bose, “Different
types of attacks in Mobile ADHOC Network:
Prevention and mitigation techniques”, Institute of
Engineering & Management, Saltlake.
Page
5. REFERENCES
www.discovery.org.in
© 2014 Discovery Publication. All Rights Reserved