Black-hole Attack in MANET

August 17, 2017 Author: virendra
Print Friendly, PDF & Email

Mobile Ad-hoc Network(MANET) Attack

Wireless networks can be basically either infrastructure based networks or infrastructure less networks. The infrastructure based networks uses fixed base stations, which are responsible for coordinating communication between the mobile hosts (nodes). The ad hoc networks falls under the class of infrastructure less networks, where the mobile nodes communicate with each other without any fixed infrastructure between them.

An ad hoc network is a collection of nodes that do not rely on a predefined infrastructure to keep the network connected. So the functioning of Ad-hoc networks is dependent on the trust and co-operation between nodes. Nodes help each other in conveying information about the topology of the network and share the responsibility of managing the network. Hence in addition to acting as hosts, each mobile node does the function of routing and relaying messages for other mobile nodes.

Black-hole Attack

Security in a MANET is an essential component for basic network functions like packet forwarding and routing.  Before we survey the solutions that can help secure the mobile ad hoc network, we think it necessary to find out how we can judge if a mobile ad hoc network is secure or not, or in other words, what should be covered in the security criteria for the mobile ad hoc network when we want to inspect the security state of the mobile ad hoc network.

From the analysis of basic on-demand routing protocol’s operation, it is inherently understandable that the design assumes the participants to forward others packets, which is an unrealistic anticipation in an independent network like MANET. The consequence of not forwarding others packets or dropping others packets prevents any kind of communication to be established in the network. Hence given a choice between the necessity to secure services or to ensure basic functioning of the network, intrinsically the choice falls for the latter. Therefore, the need to address the packet dropping event takes higher priority for the mobile ad hoc networks to emerge and operate successfully.

A packet may be dropped under various reasons, which in turn can be grouped into the following categories:

  • Unsteadiness of the medium,
    • A packet may be dropped due to contention in the medium
    • A packet may be dropped due to congestion and corruption in the medium
    • A packet may be dropped due to broken link
  • Genuineness of the node
    • A packet may be dropped due to overflow of the transmission queue
    • A packet may be dropped due to lack of energy resources
  • Selfishness of the node
    • A packet may be dropped due to the selfishness of a node to save its resources
  • Maliciousness of the node
    • A packet may be dropped due to the malignant act of a malicious node

In MANET, a Black-hole attack is a type of denial of service in which a node in the network will drop the packets instead of forwarding them, which is shown in the figure 1. The packet black-hole attack is very hard to detect and prevent because it occurs when the node becomes compromised due to a number of different causes. The Black-hole attack in MANETs can be classified into several categories in terms of the strategy adopted by the malicious node to launch the attack

  • The malicious node can intentionally drop all the forwarded packets going through it (black hole).
  • It can selectively drop the packets originated from or destined to certain nodes that it dislikes.
  • A special case of black hole attack dubbed gray-hole attack is introduced. In this attack, the malicious node retains a portion of packets, while the rest is normally relayed.

blackhole attack in MANET

Figure 1: Black-hole Attack

In a black-hole attack, a malicious node sends fake routing information, claiming that it has an optimum route and causes other good nodes to route data packets through the malicious one. For example, in AODV, the attacker can send a fake RREP (including a fake destination sequence number that is fabricated to be equal or higher than the one contained in the RREQ) to the source node, claiming that it has a sufficiently fresh route to the destination node. This causes the source node to select the route that passes through the attacker. Therefore, all traffic will be routed through the attacker, and therefore.

Types of Black-hole Attacks

  • Based on Number of Malicious Nodes
    • Single Black-hole: In this type, there is only a single malicious node which is responsible for manipulating the routing table entries of source node and thus fitting itself into the path between two communicating nodes.
    • Co-operated Black-hole: In cooperative attacks there are multiple attacker nodes which cooperate with each other to launch a collaborative attack and increase the range of distorting topologies. Also with co-operative Black-hole attack it is easy to spoof the replies and thus the attacker can bypass most of the security mechanisms
  • Based on Position of Attacker
    • Internal Black-hole: Internal Black-hole Attack occurs when the malicious node/nodes are part of the network itself i.e. they are present in the topology which they are distorting.
    • External Black-hole: In External Black-hole, the malicious node is an external entity physically but it spoofs one of the internal nodes to show itself being the part of the network and forward it to the nearby intermediate node which is part of the active communication and then the source will update its routing table with the freshest route available and the whole data communication will be relayed through the malicious node.
  • Based on Control Packet Manipulated
    • RREQ based Black-hole: In RREQ based Black-hole attack; the attacker pretends to rebroadcast a RREQ towards other nodes. Only hop count is set minimum so that other nodes can generate their route through this malicious node and thus an attacker can forcefully become part of the route and further can manipulate the data packets.
    • RREP based Black-hole: The attacker can generate fake RREP message after receiving the RREQ from source or even by spoofing the on-going active communication. It simply changes the hop count to 1 and destination sequence number to a higher value. Thus it makes source to believe that it has the shortest path to the destination and that to a freshest path. It sends a fake non-existent IP address in RREP.


[1]Hongmei Deng, Wei Li, and Dharma P. Agrawal, University of Cincinnati, “Routing Security in Wireless Ad Hoc Networks”, IEEE Communications Magazine • October 2002

[2]Fan-Hsun Tseng, Li-Der Chou1 and Han-Chieh Chao, “A survey of black hole attacks in wireless mobile ad hoc networks”, Human-centric Computing and Information Sciences 2011, 1:4

[3]Alfy Augustine and Manju James, “Black Hole Detection using Watchdog”,International Journal of Current Engineering and Technology E-ISSN 2277 – 4106, P-ISSN 2347 – 5161

[4]Shahram Behzad Shahram Jamali, “A Survey over Black hole Attack Detection in Mobile Ad hoc Network”, IJCSNS International Journal of Computer Science and Network Security, VOL.15 No.3, March 2015

[5]Latha Tamilselvan, Dr. V Sankaranarayanan, “Prevention of Co-operative Black Hole Attack in MANET “,  JOURNAL OF NETWORKS, VOL. 3, NO. 5, MAY 2008

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Insert math as
Additional settings
Formula color
Text color
Type math using LaTeX
Nothing to preview