A Lightweight Anomaly Detection System for Black Hole Attack
Abstract
:1. Introduction
- Reviewing and categorizing the different approaches and comparing the different techniques used to mitigate the black hole attacks in MANETs.
- Developing a dataset for studying the black hole attacks using OMNET++ in order to thoroughly analyze the traffic in order to effectively study node behavior in the presence of an attack.
- Developing a lightweight detection system for identifying malicious nodes.
2. Background
2.1. MANET Characteristics
- Lack of infrastructure: MANETs are featured as infrastructure-less networks. This makes them efficient in terms of time and cost. They can be formed at very low cost and on the fly [9]. At the same time, it makes them more vulnerable to attacks than standard networks.
- Distributed management: Due to the lack of centralized management and control, these functions are distributed across the nodes. Hence, the node security, network topology, authentication of new nodes, and data security are all affected [10].
- Cooperativeness: Unlike standard networks that use client-server architecture, MANETs are peer-to-peer architecture. In order for MANETs to be effective, all nodes should cooperate by providing the functions that are left unattended due to the lack of infrastructure security and centralized management. This cooperation aims at building confidence among nodes.
- Multi-hop routing: One of the functions that are fulfilled by nodes themselves is routing. In order for a node to send a message to another node, it uses adjacent nodes as hops to reach out to the destination [11]. This is what is called multi-hop routing.
- Decentralized architecture: All the nodes in the network are independent. They are self-configured and do not require any support to join or leave the network. They are autonomous in taking such decisions. They are also free to forward or drop data packets even if they are not supposed to do so [13].
- Limited resources: Nodes in MANETs are characterized by low resources of power and processing as they run on batteries and have less powerful processing units. The key issue of a limited power supply is that it makes MANET nodes more targeted by denial-of-service attacks [14]. The attacker, in this case, sends additional packets to nodes in order to consume their batteries.
2.2. MANET Security Challenges
- Lack of perimeter security: As MANETs are infrastructure-less, there are no defined boundaries for their nodes. Furthermore, any node can join or leave the network freely, which makes the topology dynamic and challenging. When a malicious node reaches the range of the network, it can impersonate a legitimate node and start an attack.
- Limited physical security: MANETs are formed on the fly anywhere and at any time. There is no physical security to protect the core service, such as keeping the network backbone in a secure data center in traditional networks.
- Lack of centralized control: In MANETs, there is no centralized system to provide essential security requirements, such as identification, authentication, and authorization as well as other security services, such as firewalls, network access controls, etc. This makes MANETs more challenging in terms of security than standard networks.
- Dynamic topology: MANET nodes are free to move in and out of a networks; hence, the connectivity between nodes in MANETs can change anytime because nodes can move freely. The same also applies to networks. Some networks can move and merge into other network. This can change the routing information rapidly all the time.
- Scalability: MANETs consist of large number of nodes that can grow and shrink according to different situations. This makes MANETs very efficient yet challenging due to the security requirements of identifying and authenticating new nodes.
- Quality of Service: Different data types have different requirements. For instance, media streaming and live transmission require a higher bandwidth and stability. In such cases, the avoidance of latency and data loss needs to be guaranteed through QOS policies and algorithms.
- ○
- Resource limitations: Nodes in MANETs have limited resources in terms of batteries, processing, and storage. This is a source of two potential issues: first, the nodes can be equipped with sophisticated end protection due to limited processing capability; second, is being targeted by some attacks to drain batteries.
- ○
- Security: Due to the various vulnerabilities stemming from the lack of physical recourse, limited resources, absence of infrastructure, and dynamic topologies, MANETs possess more security challenges than traditional networks.
2.3. MANET Routing Protocols
2.4. Black Hole Attack
3. Related Work
3.1. Enhanced Routing-Based Protocol
3.2. Reputation- and Trust-Based System
3.3. Acknowledgment-Based Approach
3.4. Intrusion Detection-Based System
Mitigation Approach | Description | Technique | Ref. | Advantages | Disadvantages | Simulator | Routing Protocol |
---|---|---|---|---|---|---|---|
Acknowledgment-based | An acknowledgement-based approach aims to mitigate black hole attacks using a mechanism of creating acknowledgment packets through source or intermediate nodes. The acknowledgment packets are sent prior to the route determination. The nodes that refrain from replying are either selfish nodes, nodes with insufficient energy, or malicious nodes. | Ack.-based | [32] | Have the ability to differentiate between malicious nodes and selfish nodes and nodes with insufficient energy. | Increases network load due to congesting the network with additional acknowledgment packets. | NS2 | AODV |
Counter acknowledgment-based | [34] | ||||||
Intrusion detection system-based | An intrusion detection system works as an alarm system. When discovering an attack, it issues a warning to the system. The IDS system contains an audit register for keeping all the data for analysis and provides an output based on which decisions are taken. | ReliefF classification algorithm | [23] | The classification algorithm is not only used for black hole attacks but is also effective in detecting grey hole attacks. | Nodes have to be in a promiscuous mode which is not acceptable to the nodes. The system itself can be attacked. | NS2.35 | AODV |
Feature selection for black hole | [24] | Anomaly-based has high accuracy in discovering black hole attacks. | GloMoSim 2.03 | ||||
Machine learning algorithm | [25] | Random forest classifier provided high accuracy and detection rates. | NS2 | ||||
Anomaly-based IDS | [26] | Anomaly-based shows high accuracy in discovering black hole attacks. | NS-2.35 | ||||
Enhanced routing protocol | Enhances current protocols so that they become more capable of recognizing and stopping black hole attacks. | Dynamic threshold | [20] | Detects the blackhole node during route discovery phase rather than data transmission phase. Ability to detect and isolate smart black hole attacks. | Increases overhead due to sending additional packets for the sake of identifying malicious nodes. This also leads to high network traffic. | NS-2.35 | AODV |
Timer-based baited technique | [7] | NS-2.35 | |||||
Classification algorithm | [18] | GloMoSim | |||||
Neighbor credit value | [22] | NS2 | |||||
Reputation- and trust-based | A reputation system is a system that collects, analyzes, and distributes information about nodes behavior based on their previous interactions. Based trust is similar to the reputation system where every node has a register of the other nodes based on their interactions. However, in based trust, while the node is forwarding a packet, it checks the trust values of the adjacent nodes, and based on this, it chooses the higher trust value. | Black hole protected | [27] | NS2 | AODV | ||
Selfishness detect-and-isolate (SDI) | [28] | NS-2.35 | |||||
Lightweight reputation-based | [29] | Java | OLSR | ||||
Trust- and reputation-based | [30] | GloMoSim | AODV | ||||
Collaborative computing trust model | [31] | Java |
4. Methodology
4.1. Proposed Solution
- They increase their transmission power so that they can respond to most of the RREQ.
- They almost never send any RREQ.
- They always unicast and almost never broadcast.
4.2. Data Generation
4.3. Data Collection
4.4. Feature Selection
4.5. Data Processing
- Hops: This column helps the research in two ways. First, it reveals the direction of the transmission as well as the node that is used as a hop, or in other words, the node that performed the routing function.
- Transmission type: This field provides the value of the transmission power. It reveals two important values: whether it is a route request (RReq) or route reply (RRep). This is one of the important fields that is used to identify the nodes that are not sending any RReqs. This is one of the features with other ones that reveal misbehavior.
- Node name: This field contains the node name that transmits the data. It is used to identify each node and recognize the node that misbehaves.
- Transfer type: This field contains the value of the transfer type and whether it is broadcast or unicast. The importance of this is that it is used to show the nodes that are not broadcasting. These nodes are the suspicious ones that are expected with other features to misbehave.
- Transmission power: This field shows the transmission power used to send the data. It is also important to show if there is any manipulation in the power used for communication because usually a black hole attack increases the power of the node.
- The traffic then will be fed into system as shown in Figure 7 where it can be processed and based on the feature selection the malicious nodes can be identified using SVM machine learning algorithm.
4.6. Using Machine Learning (SVM)
4.7. Results
- A change in the transmission power. As previously explained, the malicious node changes its transmission power in order to appear adjacent to the RReq sender.
- A remarkable increase in responding to as many RReqs as possible.
- Always sending unicast, and almost never sending broadcast.
5. Conclusions and Future Work
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Hassan, M.H.; Jubair, M.A.; Mostafa, S.; Mustapha, A. Mobile ad-hoc network routing protocols of time-critical events for search and rescue missions. Bull. Electr. Eng. Inform. 2021, 10, 192–199. [Google Scholar] [CrossRef]
- Rani, P.; Kavita; Verma, S.; Rawat, D.B.; Dash, S. Mitigation of black hole attacks using firefly and artificial neural network. Neural Comput. Appl. 2022, 34, 15101–15111. [Google Scholar] [CrossRef]
- Prasad, S.K.; Sharma, T. Performance comparison of multipath routing protocols for mobile ad hoc network. Int. J. Syst. Control Commun. 2022, 13, 82. [Google Scholar] [CrossRef]
- Shrivastava, P.K.; Vishwamitra, L. Comparative analysis of proactive and reactive routing protocols in VANET environment. Meas. Sens. 2021, 16, 100051. [Google Scholar] [CrossRef]
- Mukti, F.S.; Lorenzo, J.E.; Zuhdianto, R.; Junikhah, A.; Soetedjo, A.; Krismanto, A.U. A Comprehensive Performance Evaluation of Proactive, Reactive and Hybrid Routing in Wireless Sensor Network for Real Time Monitoring System. In Proceedings of the 2021 International Conference on Computer Science and Engineering (IC2SE), Padang, Indonesia, 16 November 2021; Volume 1, pp. 1–6. [Google Scholar] [CrossRef]
- Shantaf, A.M.; Kurnaz, S.; Mohammed, A.H. Performance Evaluation of Three Mobile Ad-hoc Network Routing Protocols in Different Environments. In Proceedings of the 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), Ankara, Turkey, 26–28 June 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Yasin, A.; Abu Zant, M. Detecting and Isolating Black-Hole Attacks in MANET Using Timer Based Baited Technique. Wirel. Commun. Mob. Comput. 2018, 2018, 9812135. [Google Scholar] [CrossRef] [Green Version]
- Ramphull, D.; Mungur, A.; Armoogum, S.; Pudaruth, S. A review of mobile ad hoc NETwork (MANET) Protocols and their Applications. In Proceedings of the 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India, 6–8 May 2021. [Google Scholar]
- Kanellopoulos, D. Congestion control for MANETs: An overview. ICT Express 2019, 5, 77–83. [Google Scholar] [CrossRef]
- Kanellopoulos, D.; Sharma, V.K. Survey on Power-Aware Optimization Solutions for MANETs. Electronics 2020, 9, 1129. [Google Scholar] [CrossRef]
- Anibrika, B.S.K.; Asante, M.; Hayfron-Aquash, B.; Ghann, P. A Survey of Modern Ant Colony Optimization Algorithms for MANET: Routing Challenges, Perpectives and Paradigms. Int. J. Eng. Res. Technol. 2020, 9, 952–959. [Google Scholar]
- Yadav, N.; Chung, U. Secure Routing in MANET: A Review. In Proceedings of the 2019 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing (COMITCon), Faridabad, India, 14–16 January 2019. [Google Scholar]
- Justin, J.; Alwar, R.; Sundarraj, S. Comprehensive Learning on Characteristics, Applications, Issues and Limitations of Manets. Int. J. Innov. Technol. Explor. Eng. 2019, 8, 2278–3075. [Google Scholar]
- Tu, J.; Tian, D.; Wang, Y. An active-routing authentication scheme in MANET. IEEE Access 2021, 9, 34276–34286. [Google Scholar] [CrossRef]
- Sivapriya, N.; Mohandas, R. Analysis on Essential Challenges and Attacks on MANET Security Appraisal. J. Algebraic Stat. 2022, 13, 2578–2589. [Google Scholar]
- Hamdi, M.M.; Audah, L.; Rashid, S.A.; Mohammed, A.H.; Alani, S.; Mustafa, A.S. A Review of Applications, Characteristics and Challenges in Vehicular Ad Hoc Networks (VANETs). In Proceedings of the 2020 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA), Ankara, Turkey, 26–28 June 2020; pp. 1–7. [Google Scholar] [CrossRef]
- Yogarayan, S. Wireless Ad Hoc Network of MANET, VANET, FANET and SANET: A Review. J. Telecommun. Electron. Comput. Eng. 2021, 13, 13–18. [Google Scholar]
- Al-Refai, H. An Enhanced AODV Protocol Against Black Hole Attack Based on Classification Algorithm. Int. J. Open Probl. Compt. 2020, 13. Available online: http://www.ijopcm.org/Vol/2020/2.5.pdf (accessed on 15 February 2023).
- Tseng, F.-H.; Chiang, H.-P.; Chao, H.-C. Black hole along with other attacks in MANETs: A survey. J. Inf. Proc. Syst. 2018, 14, 56–78. [Google Scholar]
- Gurung, S.; Chauhan, S. A dynamic threshold based approach for mitigating black-hole attack in MANET. Wirel. Netw. 2017, 24, 2957–2971. [Google Scholar] [CrossRef]
- Sarao, P. Performance Analysis of MANET under Security Attacks. J. Commun. 2022, 17, 2374–4367. [Google Scholar] [CrossRef]
- Abirami, K.R.; Sumithra, M.G. Preventing the impact of selfish behavior under MANET using Neighbor Credit Value based AODV routing algorithm. Sadhana 2018, 43, 60. [Google Scholar] [CrossRef] [Green Version]
- El-Semary, A.M.; Diab, H. BP-AODV: Blackhole protected AODV routing protocol for MANETs based on chaotic map. IEEE Access 2019, 7, 95197–95211. [Google Scholar] [CrossRef]
- Ponnusamy, M.; Senthilkumar, A.; Manikandan, R. Detection of selfish nodes through reputation model in mobile adhoc network-MANET. Turk. J. Comput. Math. Educ. 2021, 12, 2404–2410. [Google Scholar]
- Hammamouche, A.; Omar, M.; Djebari, N.; Tari, A. Lightweight reputation-based approach against simple and cooperative black-hole attacks for MANET. J. Inf. Secur. Appl. 2018, 43, 12–20. [Google Scholar] [CrossRef]
- Raghavendar, R.L.; Reddy, C.R.K. Node activity based trust and reputation estimation approach for secure and QoS routing in MANET. Int. J. Electr. Comput. Eng. 2019, 6, 5340. [Google Scholar]
- Dave, D.; Dave, P. An effective Black hole attack detection mechanism using Permutation Based Acknowledgement in MANET. In Proceedings of the 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Delhi, India, 24–27 September 2014; pp. 1690–1696. [Google Scholar] [CrossRef] [Green Version]
- Hussain, M.; Duraisamy, B. Preventing Malicious Packet Drops in MANETs by Counter Based Authenticated Acknowledgement. ISI 2020, 25, 173–181. [Google Scholar] [CrossRef]
- Preet, M.P.; Mishra, R.; Agrawal, S. Research Technology Intrusion Detection System For Manet. Int. J. Eng. Sci. Res. Technol. 2020, 6, 402–406. [Google Scholar] [CrossRef]
- Albalas, F.; Yaseen, M.B.; Nassar, A. Detecting black hole attacks in MANET using relieff classification algorithm. Int. Res. J. Eng. Technol. 2019, 22, 1–6. [Google Scholar] [CrossRef]
- Yassein, M.B.; Khamayseh, Y.; AbuJazoh, M. Feature Selection for Black Hole Attacks. J. Univers. Comput. Sci. 2016, 22, 521–536. [Google Scholar]
- Katakam, M.Y.; Adilakshmi, M. Black hole Attack Detection Using Machine Learning Algorithms in MA-NET-Performance Comparision. Int. Res. J. Eng. Technol. 2020, 7, 6047–6051. [Google Scholar]
- Zhang, R.; Meng, X.; Shou, D.; Liang, W. An algorithm for determining data forwarding strategy based on rec-ommended trust value in MANET. Int. J. Embed. Syst. 2002, 12, 544–553. [Google Scholar] [CrossRef]
- Nausheen, A.I.; Upadhyay, A. A Survey on MANETs: Entrusted Security Challenges. Int. J. Future Gener. Commun. Netw. 2020, 13, 48–58. [Google Scholar]
- Ibrahim, I.; Abdulazeez, A. The Role of Machine Learning Algorithms for Diagnosing Diseases. J. Appl. Sci. Technol. Trends 2021, 2, 10–19. [Google Scholar] [CrossRef]
- Kowsigan, M.; Rajeshkumar, J.; Baranidharan, B.; Prasath, N.; Nalini, S.; Venkatachalam, K. A novel intrusion detection system to alleviate the black hole attacks to improve the security and performance of the MANET. Wirel. Pers. Commun. 2022, 127, 3. [Google Scholar] [CrossRef]
- Malik, A.; Khan, M.Z.; Faisal, M.; Khan, F.; Seo, J.T. An efficient dynamic solution for the detection and prevention of black hole attack in vanets. Sensors 2022, 22, 1897. [Google Scholar] [CrossRef] [PubMed]
Simulation Environment Parameters | |
---|---|
Simulation used | OMNeT++ 5.7 |
Number of nodes | 7 nodes |
Routing protocol | AODV |
Total space | 400 m |
Transmission power (All nodes) | 1 mW |
Transmission power (Node 6) | 5 mW |
Transmission speed | 24 Mbps |
Mobility speed | 25 mps |
Transport protocol | UDP |
Dataset Generated from OMNET++ | |
---|---|
Total number of records | 8225 |
Malicious traffic | 2954 |
Normal traffic | 5271 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Abdelhamid, A.; Elsayed, M.S.; Jurcut, A.D.; Azer, M.A. A Lightweight Anomaly Detection System for Black Hole Attack. Electronics 2023, 12, 1294. https://doi.org/10.3390/electronics12061294
Abdelhamid A, Elsayed MS, Jurcut AD, Azer MA. A Lightweight Anomaly Detection System for Black Hole Attack. Electronics. 2023; 12(6):1294. https://doi.org/10.3390/electronics12061294
Chicago/Turabian StyleAbdelhamid, Ashraf, Mahmoud Said Elsayed, Anca D. Jurcut, and Marianne A. Azer. 2023. "A Lightweight Anomaly Detection System for Black Hole Attack" Electronics 12, no. 6: 1294. https://doi.org/10.3390/electronics12061294
APA StyleAbdelhamid, A., Elsayed, M. S., Jurcut, A. D., & Azer, M. A. (2023). A Lightweight Anomaly Detection System for Black Hole Attack. Electronics, 12(6), 1294. https://doi.org/10.3390/electronics12061294