Aodv Robust (aodv R ): an Analytic Approach to Shield Ad-hoc Networks from Black Holes

—Mobile ad-hoc networks are vulnerable to several types of malicious routing attacks, black hole is one of those, where a malicious node advertise to have the shortest path to all other nodes in the network by the means of sending fake routing reply. As a result the destinations are deprived of desired information. In this paper, we propose a method AODV Robust (AODV R) a revision to the AODV routing protocol, in which black hole is perceived as soon as they emerged and other nodes are alerted to prevent the network of such malicious threats thereby isolating the black hole. In AODV R method, the routers formulate the range of acceptable sequence numbers and define a threshold. If a node exceeds the threshold several times then it is black listed thereby increasing the network robustness.


INTRODUCTION
Ad-hoc networks are exemplified by dynamic topology, self-configuration, self-organization, constrained power, transitory network and lack of infrastructure.Characteristics of these networks lead to using them in disaster recovery operation, smart buildings and military battlefields [3].
Mobile Ad-hoc Network (MANET) routing protocols are classified into two basic classes, proactive and reactive [2].In proactive routing protocols, routing information of nodes is exchanged intermittently, such as DSDV [4].However, in ondemand routing protocols nodes exchange routing information as required such as, AODV [1] and DSR [5].The AODV routing protocol [13] is an adaptation of the DSDV protocol for dynamic link conditions.
AODV is used to find a route between source and destination as required and this routing protocol uses three significant type of messages, route request (RREQ), route reply (RREP) and route error (RERR).Ground information of these messages, such as source sequence number, destination sequence number, hop count and etc is explicated in feature in [1].Each of the nodes has a routing table (RT), which contains information about the route to the particular destination.When source node desires to communicate with the destination and if in routing table there is no route between, source node broadcasts RREQ initially.As RREQ is received by intermediate nodes that are in the transmission range of sender, those nodes broadcast RREQ until RREQ is received by destination or an intermediate node that has fresh enough route to the destination.Then it sends RREP unicastly toward the source.As a result, a route between source and destination is established.A fresh enough route is a valid route entry that its destination sequence number is at least as great as destination sequence number in RREQ.The source sequence number is used to determine freshness about route to the source consequently destination sequence number is used to determine freshness of a route to the destination.When intermediate nodes receive RREQ, with consideration of source sequence number and hop count, make or update a reverse route entry in its routing table for that source.Furthermore, when intermediate nodes receive RREP, with consideration of destination sequence number and hop count, make or update a forward route entry in its routing table for that destination.
Though reliable environments have been assumed in the majority of researches on ad-hoc routing protocols, unreliable situations are quite often.Therefore, most ad-hoc routing protocols are susceptible to miscellaneous types of attacks such as Spoofing attack, Denial of Service (DoS) attack, Routing Loop attack, Warm hole attack [6], Black hole attack etc. Common types of threats are possessed against Physical, MAC and Network layer, that are the fundamental layers requires for proper functioning of routing protocol.The threats try to accomplish two purposes: not forwarding the packets or add/alter some parameters (e.g.sequence number or hop count) to routing messages.In Black hole attack, a malicious node uses the routing protocol to advertise itself as having the shortest or freshest path to the node whose packets it wants to intercept.In a flooding based protocol, the attacker eavesdrops to requests for routes.When the attacker receives a request for a route to the target node, it creates a reply consisting of an exceptionally short or fresh route [7], therefore, misleading the source in transferring information to the path that leads to the black hole itself.
Intrusion detection is a challenging task in MANETs.Zhang and Lee [8] propose a circulated and cooperative intrusion detection model based on statistical incongruity detection techniques.Dang et.al. [9] introduces a method that requires each of the intermediate nodes to send back the next hop information inside RREP message.This method uses further request message and further reply message to confirm the authority of the route.In Robust Routing [10]  reply and authentication message, the source verifies the legitimacy of path according to its policy.An approach based on dynamic training method in which the training data is updated at regular time intervals has been proposed Kurosawa et.al. in [11].In [12], Huang et al use both specification-based and statistical-based approaches.They construct an Extended Finite State Automation (EFSA) according to the specification of AODV and model normal state and detect attacks with incongruity detection and specification-based detection.
With the view to secure routing in MANET several intelligible researches has been carried out.Hu, and Johnson proposed SEAD [14], a secure routing protocol based on DSDV that employs Hash chains to authenticate hop counts and sequence numbers.ARAN [15] harnesses cryptographic public-key certificates in order to accomplish the security target.A modified Ad-hoc routing protocol has been proposed by Ariadne [16] that provides security in MANET and depends on efficient symmetric cryptography.Secure AODV (SAODV) [17] is a security extension of AODV protocol, based on public key cryptography.Hash chains are used in this protocol to authenticate the hop count.Adaptive SAODV (A-SAODV) [18] has proposed a mechanism based on SAODV for improving the performance of SAODV.In [19] a bit of modification has been applied to A-SAODV for increasing its performance.

II. BLACK HOLES: A NETWORK LAYER ATTACK IN MANET
In black hole attack, the malicious node waits for the neighbors to initiate a RREQ.Obtaining the RREQ right away it sends a false RREP with a modified higher sequence number.As a result, the source node assumes that node (malicious) is having the fresh route towards the destination.
The source node ignores the RREP packet received from other nodes and begins to send the data packets over malicious node.In this way, the black hole swallows all objects and data packets [20].As demonstrated in figure 1, source node S requests to send data packets to destination D, Malicious Node M acts as a black hole replying with false reply RREP having higher modified sequence number.Accordingly, data communication initiates from S towards M instead of D. To solve this, we added an extra method to check whether the RREP seq_no is higher than the threshold value (A value that is updated dynamically in time intervals).As the value of RREP seq_no is found to be higher than the threshold value, the node is suspected to be malicious and added to the black list.

IF (RREP seq_no > THRESOLD) THEN
Send ALARM to neighbors ELSE RREP is ACCEPTED The threshold value is dynamically updated using the data collected in the time interval.If the initial training data were used it is implausible for the routers to adapt changes in environment.The threshold value is the average of the difference of dest_seq_no in each time slot between the If max chances of aberration (RREP seq_no>THRESOLD) is detected, it sends a new control packet ALARM to its neighbors.The ALARM packet contains the black list node as a parameter that tells the neighboring nodes to discard RREP from that malicious node.Further if any node receives the RREP, it looks over the list to check if the reply is from the blacklisted node and simply ignores the node throughout communication if identified as black hole.In this way, the malicious node is isolated from the network that results in less routing overhead under threats.Moreover the design not only detects the black hole attack, but also prevents it further by updating threshold which reflects the real environment.

A. Route Analyzer
Route analyzer a module in router assumed to store the past routing history, i.e. the list of destination sequence number, hop count in each time slot.We find the average of increments in destination_sequence_no for the available time slots/ history, i.e. if dest_seq_no is assumed as an array; we find the difference in every pair of successive terms and average that values.This leaves us with value that further is used to as minimum of threshold range.
Another arithmetic mean is considered that is the average between RREP_seq_no and RT_seq_no in each time frame (i) for destination.It is added with the previous min_threshhold value to find the maximum of the range.


∑RREP_seq_no i -RT_seq_no i ) / Total no. of frames  It would not be fair to list a node as black for single aberration in provided destination sequence number or hop count.Such an action may lead the network to bareness because the topology is dynamic in Ad-hoc Networks.Instead we count the number of anomalies detected for any node.In addition, if the total number of deception detected reaches the aberration tolerance value than it is identified as black hole and neighbors are ALARMed.

B. AODV R Process Development
The proposed architecture AODV R demonstrated in the Figure 2 formed of several modules that are Packet Classifier, Extractor, Blacklist Tester, RREP sequence number Tester, Threshold Tester and ALARM broadcaster.As the packet arrives in the system Packet Classifier classifies it to be RREQ, RREPsecure, RERR, ALARM and HELLO packet.AODV R assumes format of RREQ, RERR and HELLO Packets are as same as the AODV.However it modifies the content and format of RREP and includes a new type of packet ALARM.
Extractor extracts required contents of all types of packets other than HELLO.Three diamonds including threshold tester as depicted in the process flow of figure 2 check whether the packets are from a reliable source or not and discards the node or packet accordingly.Every of the nodes are given MAX_ABBERATION_TO-LERANCE number of chances before they are attributed as BLACK_LISTed node; if an aberration is noticed than the node is check over and over before it emulates maximum chances.As a node is identified as black hole, ALARM Broadcaster broadcasts alert to neighboring nodes with the BLACK_LIST node as parameter.Any router receiving the ALARM packet forwards the message to its neighboring nodes thereby discovering the BLACK_LIST to the whole network.

IV. PERFORMANCE EVOLUTION
We implemented AODV R in OPNET [21] simulator and evaluated the performance based on three parameters that are Packet Delivery Ratio (PDR), Average End-to-End Delay (Avg E-E Delay) and Normalized Routing Overhead (NRO).PDR is the ratio of data delivered to the destination to data sent out by the source and Avg E-E Delay is the delay caused by the transmission.
We have considered various network contexts that were formed by varying Network Size, Traffic Load (total sources), and Mobility for the purpose of proper evolution.

A. Impact of Mobility
We evaluated the performance of AODV normal, AODV under attack and AODV R under attack in the context of variation in mobility that are listed in Table I (PDR) and Table II (Avg E-E Delay) and depicted consequently in Figure 3 and Figure4.As illustrated in figure 3, AODV results in very low PDR under attack while AODV R exhibits almost same capability (3%-5% ranging from AODV) as normal AODV does.Later, Figure 4 testimonies AODV R to be delay efficient.5, Figure 6, and Figure 7.In case of variation in Network size, as demonstrated in figure 5, AODV results in very low PDR under attack however AODV R exhibit s almost same performance as AODV does.Subsequently, Figure 6 manifests AODV R to be delay efficient however trivial falls that are negligible.Later Figure 7 testimonies a small increase in NRO that is insignificant.

C. Impact of Traffic Load
We simulated the performance of AODV, AODV under attack and AODV R under attack in the circumstance of discrepancy in Traffic Load (no. of sources) that are listed in Table VI (PDR), Table VII (Avg E-E Delay), Table VIII (NRO) and depicted accordingly in Figure 8, Figure 9, and Figure 10.

Avg E-E Delay(sec)
No. of Sources

AODV normal
AODVr under attack www.ijacsa.thesai.orgIn case of different Traffic Load, as depicted in figure 8, it is clear that as the traffic load increases the PDR of AODV R increases by 60% than AODV under attack that is very close to PDR of AODV normal.Afterward, Figure 9 shows AODV R to be delay efficient and sometimes better than AODV.Later on Figure 10 demonstrates a small NRO increment that can be ignored without hesitation.

V. CONCLUSION
Proposed AODV R exhibits appreciable performance dealing with networks with black holes; however the procedure of formulating the threshold is a bit overwhelming.Formulations of correct threshold range keep black holes from intrude; while a wrong formulation may restrict an authentic node thereby disgrace it to be a black hole.
Hence, this value has to be calculated and verified suitably.

Figure 1 .
Figure 1.Black hole attack in a mobile ad-hoc network.

Figure 3 .
Figure 3. Graph of PDR (%) vs Mobility (m/s) for data in Table 1 by Lee, Han, Shin, the intermediate node requests its next hop to send a confirmation message to the source.After receiving both route www.ijacsa.thesai.org So, false information about source node is inserted to the routing table of nodes that get sham RREQ.Hence, if these nodes want to send data to the source, at first step they send it to the malicious node.Set the destination IP address of IP header to the IP address of node that RREQ has been received from it.III.AODV R : APPROACH AGAINST BLACK HOLE ATTACKSIn AODV the node that receives the RREP, checks the value of sequence number in routing table and accepts if it has a higher RREP seq_no than the one in routing table.
the routing table and the RREP.If a node receives a RREP for the first time, it updates value of the threshold.
S C D B A M www.ijacsa.thesai.orgsequence number in

TABLE VI
Figure 9. Graph of Average End-to-End Delay Vs Traffic Load

TABLE VIII .
NRO VS TRAFFIC LOAD