Mitigating Black Hole attack in MANET by Extending Network Knowledge

The Optimized Link State Routing Protocol is developed for Mobile Ad Hoc Network. It operates as a table driven, proactive protocol. The core of the OLSR protocol is the selection of Multipoint Relays (MPRs), used as a flooding mechanism for distributing control traffic messages in the network, and reducing the redundancy in the flooding process. A node in an OLSR network selects its MPR set so that all two hop neighbor are reachable by the minimum number of MPR. However, if an MPR misbehaves during the execution of the protocol, the connectivity of the network is compromised. This paper introduces a new algorithm for the selection of Multipoint Relays (MPR) with additional coverage whose aims is to provide each node to selects alternative paths to reach any destination two hops away. This technique helps avoid the effect of malicious attacks and its easily to implement the corresponding algorithm. Keywords—MANET; OLSR; Security; Routing Protocol; Black Hole attack


INTRODUCTION
Today, mobile Ad-hoc networks (MANETs) are a major element of the business environment, allowing wireless devices such as cell phones, laptops, and PDAs to provide mobility to users and enable them to be in constant contact with others.Technically.Mobile Ad hoc Networks (MANET) are dynamic and self-organized networks that are able to operate without an dependability on fixed or pre-installed infrastructure, using only wireless devices that act both as hosts and routers, and thus cooperatively provide multi-hop communications [1].Because of these characteristics, MANETs are much more vulnerable to several types of security attacks.
The communication in mobile ad hoc networks comprises two phases: the route discovery and the data transmission.In an adverse environment, both phases are vulnerable to a variety of attacks.First, rivals can disrupt the route discovery by impersonating the destination, and responding with stale or corrupted routing information, or by disseminating forged control traffic.This way, attackers can obstruct the propagation of legitimate route control traffic and adversely influence the topological knowledge of benign nodes.
However, adversaries can also disrupt the data transmission phase and, thus, cause significant data loss by fraudulently tampering, redirecting and dropping data or injecting forgets data packets.To provide comprehensive security, both phases of MANET communication must be safeguarded.It is noteworthy that secure routing protocols, which ensure the correctness of the discovered topology information cannot, by themselves, ensure the secure and undisrupted delivery of transmitted data [2].
One way to secure a mobile ad hoc network at the network layer is to secure the routing protocols, in order to prevent possible attacks.In brief the task of the routing protocol is to discover the topology to ensure that each node is able to acquire a recent map of network topology so as to construct routes.
However, these approaches cannot prevent attacks launched by a compromised node who owns a valid key.Therefore, intrusion detection and response system are required to counter the attack as a second line of protection.To design an effective and efficient intrusion detection and reaction system, in-depth understanding of how a compromised node can attack a MANET is indispensable.
The Optimized Link Stat Routing Protocol (OLSR) [5] is a proactive routing protocol for MANET, i.e.All nodes need to maintain a consistent view of the network topology.They are also vulnerable to a number of disruptive attacks in the presence of malicious nodes (identity spoofing, link withholding, link spoofing, miserly attack, wormhole attack and Black hole attack...).As a result, it is also necessary to provide security scheme for the OLSR protocol.
In this paper, we focus on the single black hole attack in which an intermediate node drops packets passing through it.The motivation of the dropper node is the preservation of its resources, such as its limited battery, while at the same time using the resources of others to deliver its data.In our approach, we present an improved MPR selection algorithm that can reduce the number of malicious nodes trying to be selected as Multipoint Relay by maintaining its Willingness fields equal to Will_always.
The rest of the paper is organized as follows.The next section provides a short overview on OLSR, followed by the www.ijacsa.thesai.orgdescription of Single black hole attack.Section IV summarizes the literature.In section V, we present our approach to secure OLSR protocol.In section VI we give an Illustration and an example.Section VII presents the result of simulations.Section VIII concludes the paper.In the end section XI present the futur work.

II. THE OLSR PROTOCOL
Optimized Link State Routing Protocol (OLSR) [5] is a routing protocol developed for mobile ad hoc networks (MANETs), it is a proactive routing protocol that employs an efficient link state packet forwarding a mechanism called Multipoint relaying.OLSR optimizes the pure link state routing protocol.Conceptually OLSR topology discovery involves tow phases: neighbor discovery and topology discovery.In the first phase, neighbor nodes are discovered by using Hello messages.The exchange of Hello messages in OLSR allows the selection of those MPR nodes.MPR nodes are responsible for broadcasting topology control (TC) message which would be flooded through the network in the second phase.

A. OLSR Control Traffic.
A node detects its one hop and two hop neighbors through link sensing which is accomplished though broadcasting periodic Hello messages containing neighbor link state (sym, asym, MPR or lost).Fig. 1 shows the basic information of a Hello message..…….

Fig. 2. OLSR TC message Format
These messages are broadcast by all nodes heard only by immediate neighbors; they are never relayed any further.Upon the reception of Hello messages, other nodes can derive information concerning their one hop neighbor and two hop neighbors.They can also calculate a subset of one hop symmetric neighbor nodes as its MPR set.This MPR set is declared in its next Hello message broadcast.Furthermore, through receiving a Hello message, nodes can create or update their MPR selector set.That demonstrates nodes which have currently selected this node as their MPR.
A Topology Control (TC) message is periodically sent to the whole MANET by each MPR in the network to respectively declare its MPR selector set.It is, then, used in the construction of routing tables in every MANET node.Fig. 2 shows the basic format of a TC message [5].
Thus, a TC message contains the list of neighbors that have selected the sender node as an MPR (MPR Selector Set), and an Advertized Neighbor Sequence Number (ANSN) is used by a receiving node to check if the information advertized in the TC messages is more recent.
Only MPR nodes are allowed to generate and forward TC messages.The information embedded in TC messages generated by an MPR includes at least the existing links between itself and its MPR selectors.The non-MPR nodes do receive TC messages from their MPRs and process them.However, non-MPR nodes do not forward the received TC messages.This feature of OLSR reduces the number of messages exchanged in topology discovery Fig 3.

B. Multi-Point Relays Selection.
Multi-Point Relays Selection is done in such a way that all the two-hop-neighbors are reachable from the MPR in terms of radio range.The two-hop-neighbor set found by the exchange of HELLO messages is used to calculate the MPR set and the nodes signal their MPRs selections through the same mechanism.
MPR calculation is based on willingness announced by neighbors using Hello messages.Willingness is one of the fields in a Hello message, which specifies the willingness of a node to carry and forward traffic on behalf of other nodes.According to the standard OLSR, willingness may be set to integer value between 0 and 7.The willingness value of WILL_NEVER (integer value of 0) means that a node does not wish to carry traffic to other nodes and it will not be included in the MPR set.The willingness value of WILL_ALWAYS (integer value of 7) means that a node is willing or has resources to forward traffic to other nodes.Therefore, for a given node.That all the neighbor nodes with willingness equal to WILL_ALWAYS will always be included in the set of MPRs [15].
The aim of Multi-Point Relays is to minimize the flooding of the network with broadcast packets by reducing duplicate retransmission in the same region.Each node of the network selects the smallest set (MPRs) of neighbor nodes that can reach all of its symmetric two hop neighbors which may forward its messages.The MPR selection algorithm proceeds in four steps:

 Start with an MPR set made of all members of M with
M_Willingness equal to Will_always.
 A node M first selects as MPR the neighbors that have the one neighbor in the two hop node from M.
 It then selects as MPR a neighbor that has the largest count of uncovered two-hop nodes.This step is repeated until all two-hop nodes are covered.
 Finally, any MPR node N can be discarded since the MPR set covers all two hop neighbors without the MPR node N. www.ijacsa.thesai.org Each node in the network maintains an MPR selector set, which has selected this node as an MPR.

III. THE MODEL OF SINGLE BLACK HOLE ATTACK
AGAINST OLSR PROTOCOL.In this section, we describe how malicious node can launch a Single black hole attack in MANET.To launch this attack is that the attacker node can force its selection as MPR by constantly maintaining its willingness field to Will_always in its HELLO messages.According to the specification of the OLSR protocol [15], its neighbors will always select it as MPR.Using this mechanism, and due to the lack of security measures in OLSR, the malicious node can launch a single black hole attack by dropping all, or selected, messages that pass through it.This misbehaving node affects the integrity and the construction of routing tables for each node in the network.The node will isolate and will not calculate a complete view of the network topology.

IV. RELATED WORK
In [16] the authors propose the integration of a trust-based reasoning in every node.Thus, each node is able to identify misbehaving nodes by analyzing received messages using the protocol trust rules, Authors focus on the MPR selection and propose that the MPR selection can be strengthened and violated by exploiting trust properties and relations.
In [17], Cuppens et al investigate the use of AOP in MANETs to provide availability issues in OLSR.Authors formally describe normal and incorrect node behaviors to derive security properties using AOP.The proposed algorithm verifies if those security properties are violated.If they are, then the detector node sends its neighbors the detection information to avoid choosing the intruder as part of valid path to be constructed.A node chooses valid paths based on the reputation of their nodes.
Wang et al [18] present an intrusion detection approach for OLSR.The semantique properties that are Implified by the protocol definition are used by every MANET node for conflict checking regarding the correct OLSR routing behavior.
In [19], the watchdog and pathrater mechanism is proposed to mitigate routing misbehavior.In each node, the watchdog monitors the successor node, after sending to a packet, by overhearing the channel and checking whether it relays or drops the packet.Then the pathrater accuses a monitored node for misbehavior if it drops more than a given number (threshold) of packets.
In [20] the author proposes a method to avoid a virtual link attack by using SNVP protocol based on the Principle of checking the symmetry of the link advertised by the neighbor before confirming it, the problem of the proposed solution is that it might not detect the misbehaving nodes that launch the proper attack.
A SU-OLSR [21] is a solution to detecting malicious attacks that can use either HELLO messages claiming illegitimate neighbours or TC messages claiming falsely that is has been selected as MPR.In this method the authors extend the HELLO messages by listing the selected trusted MPR set and the discovered non trusted suspicious set.
The MPR selection of SU-OLSR has a different goal.Its objective is to reduce the impact of malicious nodes trying to be selected as MPR nodes.Thus, the MPR selection algorithm has to find the non trusted nodes according to the selected criterion and the trusted MPR covering a maximum subset of two-hop neighbours.
In [22] the authors address another problem called Node Isolation Attack.In this attack, an MPR node does not generate its TC message.To defend against this attack the authors propose a countermeasure that consists of two phases: detection phase and avoidance phase.In the first phase the target observes its MPR node to check whether the MPR is generating TC message or not.In the second phase, to avoid the impact of this attack, the authors include a new field named Requested-value in the HELLO message.
[23] Suggest a modular solution structured around fives modules.The first one is the monitor which control packet forwarding.The second module is the detector of monitored nodes misbehavior.The third module is the isolator of detected misbehaving nodes.The fourth module is investigates accusation before testifying if the node has not enough experience with the accused one, and the last module is the witness which responds to testimony request of the isolator [24] Propose an approach to cope with packet droppers.The core of the idea is that all intermediate nodes need to acknowledge the reception of the packet.Using this acknowledgement, the source node constructs a Merkle tree and compares the values of the tree rout with a precalculated value.If both values are equal then the end-to-end path is packet droppers free.www.ijacsa.thesai.org

V. THE PROPOSED SOLUTION
As previously mentioned, each node in the network has to select a set of one-hop neighbors MPR set, which is constructed by the smallest number of nodes that allow the MPR selector to cover every two-hop neighbor through, at least one of its MPRs.
To deal with a Single Black Hole attack, we propose an algorithm to select MPR with additional coverage without giving priority to nodes with higher willingness.The aim of this algorithm is to reduce the impact of malicious nodes trying to be selected as MPR nodes.
Our approach is a modified version of the RFC 3626 [1] MPR coverage parameter which allows increasing the number of nodes through which, the MPR selector can reach every two hop neighbor.For example, if MPR-Coverage is equal to K it means that, if possible every two-hop neighbor can be reached though at least K nodes (K=1, standard OLSR).
Before introducing this algorithm, some notations should be described first:  1HN_set(X): the set of node X's one hop symmetric neighbors.It is created by the way of changing HELLO messages between nodes.
 2HN_set(X): the set of node X's two hop symmetric neighbors excluding any node in 1HN_set(X).It is also created by the way of changing HELLO messages.
 Reachability (X,Y): the number of nodes in 2HN_set(X) which are not yet covered by at least one node in the MPR_set(X), and which are reachable through node Y.
 Poorly_set: A subset of 2NH_set(X) which is covered by less than K nodes in 1NH_set(X).
The proposed heuristic for selecting MPRs is then as follows: 1) Calculate degree of each node in one hop neighbor of X 2) Select as MPRs those nodes in one hop neighbor which cover the poorly covered nodes in two hop neighbor.
3) We remove the poorly covered nodes from two hop neighbor set for the rest of the computation.
While there exist nodes in two hop neighbor which are not covered by at least k nodes in the MPR set.
 Calculate the reachability of each node in 1HN_set(X) not in MPR_set.
 Select as MPR the node which provide reachability to the maximum number of nodes in 2HN_set(X) and maximum degree.
 Eliminate all the nodes in 2HN_set(X) now covered by at least, K node in the MPR_set.

VI. ILLUSTRATIVE EXAMPLE
To understand the mechanism of our solution, we present a Schema which shows an example of MANET (Fig. 4).Table 1 represents the nodes in one hop neighbors of A and their Willingness.www.ijacsa.thesai.orgSuppose now that B, D, G, I are the misbehaving nodes , our approach will select MPR_set such as every node in two hop neighbor will be covered by K = 2 MPRs nodes.
Thus the redundant link State information is included in the TC messages; more nodes will emit TC-messages, Which are flooded through a redundant set of link in the network.In

VII. SIMULATION AND RESULTS
To test the effectiveness of our solution, simulations were implemented using network simulator NS2 with modified version of the UM-OLSR implementation.We embedded our scheme in implemented OLSR protocol for the detection of the Single black hole attack.All the default values for the OLSR protocol from [1] were used (Table 2).The simulations were performed for 50-100 nodes with a transmission range of 200 meters, in an area of size 1000*1000 meters during 300 seconds.Random waypoint model is used as the mobility model of each node.Nodes speed is 5 m/s.The number of malicious node is varied from 0 to 4.
In our experiments, we assume that all the nodes haves the same characteristics, every node has just one interface and all the links between the nodes have that same Willingness to carry and forward traffic on behalf of other nodes, except for those that have been selected as misbehaving nodes.shows how our strategy offers additional protection to mitigate the effect of misbehaving nodes trying to be selected as MPR nodes by maintaining constantly its Willingess field to Will_always in its Hello messages.We point out that it is not always possible to find K-MPR nodes for all the nodes in the network.Thus, if the number of attacker nodes increase the level of protection decreases.www.ijacsa.thesai.orgWe also define the packet delivery ratio (PDR) as a value of the number of received data packets to that of packets being sent by the source node.with K_coverage = 2.We observe that in the presence of the attack, the PDR in K_coverage =1 is very low, the only packets received by the node are the ones received before launching the attack, and we see that the PDR increases when the speed of the node increases.The reason is that, when the destination node moves rapidly, it has more chances to select node as MPR other than the victim node.
On the other hand when the New-OLSR is under attack we see that the PDR is better than a standard OLSR under attack.The reason is that; in K_coverage = 2 the source node has (if possible) two alternatives to reach its two hop Neighbors.If one of them is a misbehaving node the Dijkstra algorithm can select the route connecting a given source and destination nodes which not content this misbehaving node.Fig 8 shows how our strategy offers additional protection to mitigate the effect of misbehaving nodes.The percentage of routing table complete is between 100 % and 92 %.Thus our approach is beneficial in spite of the cost paid in overhead communication.

VIII. CONCLUSION
The black hole attack exploits the routing protocol's vulnerabilities by forcing its selection as a Multipoint relay by constantly maintaining its willingness field to will_always in its HELLO message.
In order to deal with this sophisticated attack, we have proposed a novel approach to select MPR nodes by additional Coverage.This gives priority to a node that covers maximum nodes in two hop neighbors which do not show strong characteristics to influence the MPR selection to be selected as MPR.Simulation results demonstrate that the proposed method is effective in mitigating black hole attack.It shows high Topology Control delivery ratio and increases topology knowledge which provides significant benefits for communication protocols.This additional knowledge may support the construction of more robust routing paths, or event multipath, in order to provide security.

IX. FUTURE WORK
As most of our contributions have evaluated through simulation using NS2 network simulator, we intended to implement them into real tested and assess their performance in such real network environment.

Fig 3
Fig 3 is  an example of single back whole attack, i.e., when receiving HELLO message (With Willingness fields positioned to Will_always) from the attacker node E, the node S selects E as MPR and updates its routing table accordingly.To reach the destination node D, Topology Control messages and Data packets must pass through E. The latter will not relay all packets.Thus H will never learn that the last hop to reach S is node E.

2 Fig. 5 .
Fig. 5. Number of TC messages VS Number of attacker nodes Fig 5shows how our strategy offers additional protection to mitigate the effect of misbehaving nodes trying to be selected as MPR nodes by maintaining constantly its Willingess field to Will_always in its Hello messages.We point out that it is not always possible to find K-MPR nodes for all the nodes in the network.Thus, if the number of attacker nodes increase the level of protection decreases.

2 Fig. 6 .
Fig. 6.TC Delivery Rate VS Number of attacker nodes Fig 6 shows the delivery Rate of TC-message under variable number of attackers.We observe that the Delivery Ratio decreases when we increase the number of attacking nodes.

Fig 7
Fig 7 compares  standard OLSR to Our approach OLSR with K_coverage = 2.We observe that in the presence of the attack, the PDR in K_coverage =1 is very low, the only packets received by the node are the ones received before launching the attack, and we see that the PDR increases when the speed of the node increases.The reason is that, when the destination node moves rapidly, it has more chances to select node as MPR other than the victim node.

TABLE I .
WILLINGNESSES OF NODES IN 1HN_SET (A)

TABLE II .
OLSR PARAMETER