Enhanced Detection and Elimination Mechanism from Cooperative Black Hole Threats in MANETs

Malicious node invasion as black hole attack is a burning issue in MANETs. Black hole attacks with a single malicious node is easy to detect and prevent. The collaborative attacks with multiple cooperative malicious node is a challenging issue in security of MANETs as it is difficult to figure out due to its complex and sophisticated mechanism. This study proposed a novel signature-based technique to detect and handle the cooperative black hole attack in MANETs. For this purpose, diverse type of simulation scenarios are used with increasing number of nodes. The parameters such as average throughput, average packet drop, average end to end delay, average processing time and malicious node detection rate are used to measure the impact of signature-based malicious node detection scheme. AODV is used as routing protocol in this study. This study revealed that the performance of MANETs degrades with an increase in a number of malicious nodes. The average throughput of MANETs decreases with increase in average end to end delay and average packet drop. Signature-based malicious nodes detection mechanism is used to counter the cooperative black hole attack. The signature-based technique has enhanced the detection and elimination of cooperative black hole attack in MANETs. This helps in comparatively an increase in average throughput and decrease in packet delay and packet drop. Keywords—Mobile Ad-hoc Networks (MANETs); black hole attack; AODV; malicious node; cooperative attack


I. INTRODUCTION
In the recent years, wireless network gained much attention from the researchers due to its diverse application in various fields.Mobile Ad-hoc Networks (MANETs) are specific types of wireless network that have autonomous and decentralised structure [1].MANETs are easy to be deployed and are dynamic.These features of MANETs enable its usage in a situation which has strict geographical constraints, such as in battlefields and disaster management.In MANET, nodes are free to move and connect with all other nodes in an ad-hoc way.A node in MANETs can act as a source or destination as well as forwarder (router) node to relay the packets to another destination node as shown in Fig. 1.Routing in MANETs is performed in three different ways that are: Proactive, Reactive and Hybrid [2].
MANETs are susceptible to security threats due to a number of reasons like; open communication environment, dynamic topology requirements, lack of central monitoring and management, cooperative algorithms and no clear defense mechanism [1].These security threats in MANETs have also changed the battlefield situation.The challengeable task is to ensure the security of routing protocols in MANETs against the misbehaviour of malicious nodes.A MANETs is more prone Fig. 1.Routing in MANETs [24].
to security attacks due to communication based on mutual trust between the nodes.Some routing protocols such as Ad hoc On-Demand Distance Vector (AODV) [3], Dynamic Source Routing (DSR) Protocol [4], [27] and Destination-Sequenced Distance-Vector Routing (DSDV) [5] are developed to cope with routing in MANETs.AODV protocol is most widely used routing protocol for MANETs.Routing path selection in AODV routing protocol makes use of a sequence number to select most recent path to the destination [2].In most of the discussed protocols, the routing decision relies on the cooperation and coordination between the nodes due to the lack of a centralised administration.Also, all of the nodes need to believe that each of them is trustworthy and well-behaved.Malicious nodes exploit these attributes of MANETs to launch attacks on the network.The wormhole attack, black hole attack, sybil attack, flooding attack, routing table overflow attack, Denial of Service (DoS), selfish node misbehaving and impersonation are possible active attacks on the routing protocols of MANETs [6]- [11].
In Black hole attack, the intermediate malicious nodes pretend to be the best forwarding nodes to the destination and ultimately drop the packets upon reception.Black hole attack can be categorised into two different attacks, based on the number of malicious nodes.The first one is termed as single Black hole attack where an individual node is acting as malicious nodes to perform the attack.Secondly, the multiple attackers synchronise their efforts to harm the network.This causes intense damage to the network and is called cooperative black hole attack [12], [13].
Black hole attacks that involve a single node are easy to figure out [14].However, collaborative attacks are very complex, powerful and sophisticated in the mechanism.Thus, dealing with these types of attacks is comparatively more challenging.Some researchers have worked on techniques and protocols for detection and mitigation of the effects caused due to black hole attack [15], [16].Most of them catered the problems in a very efficient way.However, in most of the presented solutions, there is a possibility of an increase in overhead and average end-to-end delay.The increase in overhead can lead to degradation in the overall performance of MANETs.This study intends to introduce a novel approach that will try to detect and eliminate cooperative malicious nodes in a path with minimum overhead and average endto-end delay.The proposed approach will make use of the signature based mechanism for malicious node detection.
The rest of the research article is organised as follows: The background study of MANETs routing protocols and related work about the different types of attacks is presented in Section I. Literature survey of different approaches and protocols used for the detection of black hole (i.e.single and cooperative) attacks are presented in Section II.Section III discussed the proposed solution approach along with the working details.Result and discussion with detail of simulation scenarios and parameters are presented in Section IV.Finally, conclusion and future work are discussed in Section V.

A. Background of Study
In the last few years, wireless networks gained attention of industry as well as from the researchers due to its application in various fields.Example of currently used wireless networks includes Mobile Ad hoc Networks (MANETs), Vehicular Adhoc Networks (VANETs), Urban Mesh Networks (UMNs), and Wireless Sensor Networks (WSNs) [17], [18].MANETs are self-organised wireless networks where nodes move freely around and interact with other nodes.Topology in MANETs is dynamic due to continuous movement of nodes in the vicinity.A node in the MANETs act as a source or destination or as a router at a time.Different routing schemes such as reactive, proactive and hybrid are employed to perform routing across the network as shown in Fig. 2. In reactive routing protocols, the source node initiates a request for the path towards the destination at a time when it has to send data to the destination [19].Reactive routing protocols consume fewer resources and thus are efficient regarding memory as it does not need to maintain a routing table for all the routes.However, selection of the best path to the destination is a tough task in reactive protocols.Proactive routing protocols maintain a routing table and contain information about paths that lead to the destination [20].Nodes that have a packet to send to any node can forward packet instantly, as routes to all nodes in the vicinity are listed in the routing.Even though proactive routing protocols can achieve good packet throughput, they have several disadvantages [47]: • Overhead of maintaining routing table .

• Slow convergence due to frequent path failures in
MANETs due to having a dynamic topology.
Hybrid protocols were introduced to combine the features of proactive and reactive routing protocols intelligently.Rout-ing is performed in two different ways; use reactive approach for communication among neighbour nodes and use proactive routing strategy for communication among nodes that are located a distance of two or more hops from each other [21].1) Ad hoc On-Demand Distance Vector (AODV): AODV routing protocol is one of the important reactive routing protocols in MANETs that make use of sequence number to select a new path for the communication between the sender and destination nodes as shown in Fig. 3 [22].To perform communication among nodes, AODV uses two different packets that are: Route request (RREQ) and Route Reply (RREP).RREQ contain information about the sending node whereas RREP is the response packet sent in a reply from intermediate nodes that have a new route to the destination node.A new route is a route whose sequence number is higher than the sequence number contained in the RREQ received at the intermediate nodes [23].Since nodes in the MANETs communicate over the wireless medium, message security is indeed a major concern.The security of routing protocol in MANETs is vulnerable to jamming attack [24], worm hole attack [4], black hole attack and gray hole attack.2) Black hole attacks in MANETs: Blackhole attack is a type of attack which is launched by one or more of the intermediates nodes (called black hole nodes).These malicious nodes send a false RREP message to the source, claiming that it has the shortest path to the intended destination node [2], [25].
Black hole attack is considered as one of the most devastating attacks on the MANETs.The black hole node intercepts the packets, coming from the source nodes and silently drop.This will lead to immense loss of packets and cause an end-to-end delay to transfer the data packets through the network.Fig. 4 shows the example network topology where AODV protocol is used as a routing protocol.Suppose one of the nodes "S" has data that is to be sent to destination node "D".The source node initiate route request by broadcasting RREQ packet to all the nodes in the neighbours.The malicious node "M" send a forge RREP reply message containing a spoofed destination address, less number of hops and smallest sequence number to deceive the source node.The source node selects the route contained in the forged RREP message for packet sending to the destination nodes.Packets that are received by the malicious nodes are dropped thereby not allowing communication between the sender and original destination.Another type of black hole attack is called Collaborative black hole attack that involves more than one node in launching the attack.The core idea behind this type of attack is to fabricate the RREP packet by all the malicious nodes with mutual understanding and cooperation [26].Fig. 5 depicts the collaborative attack launched by malicious nodes "M1" and "M2".The malicious nodes "M1" and "M2" intercept the RREQ message and reply back to the source node after a mutual consensus between "M1" and "M2".Collaborative black hole attacks are more severe than single black hole attacks and can lead to huge packet loss.

B. Motivation
Collaborative attacks can lead to devastating impacts on a network causing huge packet loss in the MANETs.Securing routing against such destructive attacks in MANETs is a big challenge that has attracted many researchers.In [2], author proposed an approach which allows the source node to checks the Next-Hop-Node (NHN) and Previous-Hop-Node (PHN) of the Route Reply (RREP) of the intermediate nodes to ensure the authenticity of the route.In this research work, an enhanced attack detection and elimination technique are proposed that make used filtered based algorithm.The idea is to cope with collaborative black hole attack in a way that can lead to minimising overhead and average end-to-end delay.

C. Research Questions
This research work is going to answer the following research questions: • Does the proposed filtered based approach is more accurate and less resource intensive as compared to the technique discussed in [2]?
• Does signature based malicious node detection technique is more efficient than the currently available approaches?

D. Research Objectives
The significant contributions of this research work are as follows: • To analyse the effects of the single black hole and cooperative black hole attacks on AODV based MANETs.
• To mitigate the cooperative black hole attack on AODV routing protocol efficiently, while keeping packet overhead and network overhead as low as possible.
• To reduce the number of false positive nodes from being considered as malicious.
• Comparison of the proposed approach with the state of the art techniques.

E. Research Significance
Recently, wireless networks gained much attention from the researchers due to its diverse application in different fields.One of the most famous wireless networks is MANETs that has self-organised structure.Assuring data Integrity, confidentiality, and availability of wireless networks require all security concerns to be addressed.MANETs security is considered as essential concerns to assure normal functionality of the network.The lack of a centralised monitoring system and easy to access open wireless medium make MANETs more vulnerable to several attacks.Black hole attack is considered as one of the most disastrous attacks on the MANETs routing protocols.Malicious node deceives the source nodes convincing it to consider their route for sending a packet to the destination.Once the source node chooses the path containing the malicious nodes, the malicious nodes drop all the data packets received in the network [48].
The multiple attackers synchronise their efforts to harm the network cause intense damage to the network.Collaborative black hole attacks are very complex, powerful and sophisticated.Thus, dealing with these types of attacks is more challenging and exciting.Keeping in view the importance of security provisioning in MANETs, this research work introduces an enhanced approach to detect and mitigate collaborative black hole attack in an efficient way.

II. LITERATURE REVIEW
Wireless networks growth is observed in the last few years due to its applications in many fields.MANETs are one of the most famous wireless networks that attracted research community due to their versatile nature.MANETs have a high dynamic topology and self-organised.Their decentralised nature has lead to the number of security concerns in their deployment.One of the most severe threat is the black hole attack.Some solutions are proposed by the researchers, which cope with the black hole attacks in the context of MANETs routing protocols (i.e.proactive, reactive and hybrid routing protocol).Few of the proposed approaches are discussed below.
Author in [29] introduced an approach that instructs all of the intermediate nodes to provide the information about next hope of its path that leads to the destination.Intermediate nodes incorporate the required information in its route reply (RREP) packet at the time of sending replies to the route request (RREQ) packet of the sender.The source nodes do not send packets immediately on the route specified by the intermediate.The source will try to send a special message FRq to the next hop node to ensure whether this node has a valid route to the destination [29].The next hope node will reply with a special message FRp that contain the resultant information.At the sender side, if the next hope response regarding valid host is acknowledged with a positive reply, then route is constructed and chosen as the best path for transmission of data.However, if the response in FRp message contains negative acknowledgment then sender broadcast an alarm packet all other nodes to cope with this situation at their end.The proposed mechanism has good results regarding malicious node detection.However, extra overhead cost associated with the additional message sent to the next hop nodes for ensuring valid route.Secondly, the proposed solution is only feasible for single black hole detection and has no way to mitigate the cooperative black hole attacks [49].
Author in [30] has introduced a new approach to mitigating the issues related to cooperative black hole attacks in MANETs.The proposed mechanism makes use of an additional Data Routing Information (DRI) table that is used to detect the malicious nodes placed in the MANETs [30].The idea is to get information about the next hop of all the neighbour nodes who claim to have a valid route to the destination.The neighbour nodes provide the required information in the RREP packet to the source that is placed in the source DRI table.Also, the source node requests the next hop node whether it has a valid route to the destination.Moreover, the next hop node is also required to provide information about its next hop node to the source node.The resulted information is helpful regarding cross-checking the validity of the node.However, this will lead to increase the average end-to-end delay.Author in [2] proposed an approach that allows the source node to checks the Next Hop Nodes (NHN) and Previous Hop Nodes (PHN) of the Route Reply (RREP).
The packet is forwarded from the intermediate nodes to ensure the authenticity of the route [2].The information regarding PHN and NHN is stored in a particular table called DRI.The proposed approach works in three different phases.In the first phase, the new path is to find out.Next step is to check the trustworthiness of the selected path, and lastly, the malicious nodes are eliminated.The path that has the highest sequence number is selected as the best path for sending packets towards the destination.The algorithm detects all the attacking nodes that generate the false packets.One of the problems with the proposed technique is the overhead involved in processing the information regarding checking and storing NHN and PHN information in the DRI table.
Author in [31] proposed a table based approach to mitigate the cooperative black hole attack in the context of MANETs.The idea is to use data control packet to ensure the authenticity of all the nodes in the selected path.The concept of extended DRI table is used to detect and eliminate the malicious black hole nodes.The simulation result reveals improved overhead with no false positive records during the malicious nodes detection and elimination.
Enhanced Secure Trusted AODV (ESTA) protocol is proposed to mitigate the security issues related to the black hole attacks in MANETs [32].The proposed approach makes use of an asymmetric key to assure security across the network.Also, a trust-based mechanism is used to select multiple paths for the delivery of packets across the network.The route selection involves two different tables namely "LINK-Table " to store information about the RREQ received from several neighbour nodes, and "Link-info" is a special control packet used by an intermediate node that is part of the selected path.The main drawback of the proposed approach is the overhead involved in storing information in two different tables [50].
Author in [33] introduced an approach to mitigate the black hole attacks in context of MANETs protocol.The proposed solution maintains a special table namely Collect Route Reply Table (CRRT) to prevent black hole attacks from occurring the MANETs.The main idea is to keep information about the sequence number and arrival time of the RREP packet from its neighbour nodes.The obtained information is used to calculate the timeout value about the RREP by first RREP arrival.Moreover, the source node looks for the repeated next hop nodes to ensure whether the route is safe or not.Repeated entry found the route and will be considered as safe.However, if no repeated next hop node found in the CRRT, any random path is chosen for the data delivery to the destination.One of the problems with this technique is that if no repeated next hop nodes are found in the CRRT.Then there is a fair chance of black hole attack at a time when the algorithm chooses a random path.
The concept of Fidelity Table is proposed to extend the approach to cope with the black hole (cooperative) attacks [34].The table keeps information about all of the nodes of MANETs, by assigning every node a fidelity level.The fidelity level is used to find out the reliability of the intended nodes.The value of fidelity is calculated based on each nodes participation in routing convergence.The nodes fidelity status is checked after a certain interval of time and thus considered as malicious if its value dropped down to zero.
Author in [35] introduced Baited-Black hole DSR (BDSR) secure routing protocol that has the potential to mitigate the collaborative (black hole) attacks in the context of MANETs.The basic idea of the proposed approach is to allow the sending node to select one of the neighbour nodes to detect malicious nodes.The sender node makes use of that neighbour nodes address for replying to the RREP message.Thus, black hole nodes can be detected and prevented by applying the concept of reverse tracing.
The idea of watchdog was proposed by [36] to tackle the problems related to black hole malicious in the context of MANETs.The basic idea is to use eavesdropping during the communication of the next hop node, to find out malicious activities, performed by the black hole nodes.The packet sent by the sending node is placed in the buffer and is compared with the overhead packet by the watchdog.If both of the packets found to be matching, the node is considered as legitimate, and thus packet is removed from the buffer.However, if there is a mismatch between the two packets, then the failure tally is incremented for the adjacent node.It may be the possibility that packet remained in the buffer for a certain period, which crosses the threshold value.Thus, a node will be considered as malicious if the value of tally crosses a certain threshold and the sending node is notified about the black hole node.Pathrater helps in finding the malicious free routes.Moreover, all the nodes keep track of the trustworthiness rating of every known node [36].The shortest path is selected by the Pathrater in case if there are some routes leading to the intended destination node.One of the issue with the proposed technique is that it may not be possible to figure out malicious node if the transmission power is limited, partial packet drops or false behaviour [50]- [55].
Author in [37] proposed a novel technique namely REAct system to detect malicious black hole nodes in MANETs.The proposed approach is consist of three phases and are mentioned below: 1) Audit, 2) Search, and 3) Identification.
In the audit, each packet is verified before forwarded to the intended destination from the audit node.An audit node is selected by the sending node that makes use of bloom filter to generate a behavioural proof.Also, the sending node also makes use of bloom filter to generate a behavioural proof which is then compared with the proof produced by the audit node.The result of this comparison is used to identify the segment that has the black hole node.However, the proposed method can detect the malicious node only after an attack has already been launched by the malicious node.
Author in [38] introduced an approach for the detection of malicious (black hole) nodes in the context of MANETs that make use of the concept related to Merkle tree.The proposed solution can detect most of the malicious nodes at the cost of excessive computation overhead involved in the routing phase.Th proposed solution can detect and remove malicious black hole attacks in the context of MANETs.The basic theme of the research work is to make use of equal and small sized blocks of data and to observe the data packets during the transmission to detect cooperative malicious nodes.If the packets do not arrive at the intended destination, passing through a certain intermediate nodes, those nodes will be considered as malicious nodes.A major issue with the proposed solution is that it can lead to the increase in false positive records, which can consider some of the legitimate nodes as a malicious.
Author in [39] introduced an approach to mitigate the black hole attacks in MANETs routing protocols by making use of a certificate-based authentication method.Each node needs to have a certificate for authentication before they can start transmission over the network.The proposed solution performs the authentication of nodes in two distinct phases.First phase is related to the issuance of certificate whereas the second phase starts with the authentication of nodes over the MANETs.At the moment when the route is established between the source and destination, the nodes that are involved in the routing path enter into certification phase.The sending nodes send an authentication message to the destination node upon the reply of authentication and then the source node transmits the data to the destination.However, if the node is found to have incorrect information then this will lead to the revoking of the certificate, thereby considering the node as malicious.
Author in [40] came up with a novel approach namely Secure AODV (SAODV) to mitigate the problem of black hole attack in the context of MANETs.The proposed approach has led to cope with the security concerns inherent in the AODV and do avoid the black hole attacks.SAODV uses extra packets (i.e., for exchanging random numbers) to ensure the legitimacy of the destination node.Verification phase starts at a time when the RREP message is received by the sending node.The sender node then transmits verification (secure RREQ Packet) packets to the destination node that contains a random number generated at the sender side.The destination node then replies with a secure RREP packet that contains the random number generated.To obtain the best route, the source node waits until it gets two or more RREP (i.e., secure packets) along two different paths that have the same random number.Proposed algorithm will be unable to identify the black hole nodes in case of receiving only a single secure RREP packet.The overhead of maintaining information about the nodes and extra packets can lead to the processing overhead involved in the routing process.Moreover, the end-to-end delay is also increased because source node has to wait for the RREP packets from the receiver nodes that will be arriving through different paths towards the source.
Author in [41] extended the approach proposed in that make use of password-based approach during the routing process.All the nodes need to have a password at time of route selection process.Author in [42] introduced an approach namely DPRAODV, for the detection and isolation of black hole attacks in the context of MANETs.The basic theme behind the working of the proposed technique is that upon reception of RREP packet from the destination node, the sender node looks for the sequence number in its routing table and also try to find whether the sequence number is higher than a specified threshold value and is updated instantly.A node is considered as malicious RREP sequence has a higher value than the maximum threshold.The detected malicious node is blacklisted, and all of the nodes are sent an ALARM packet.The ALARM packet contains the black hole malicious node's address to alert the neighbour nodes.In this way, the nodes discard the RREP packet initiated from the black hole.However, one of the drawbacks of the proposed approach is the excessive overhead involved in maintaining the threshold value after a constant period.
for the detection of malicious black hole attacks in MANETs.The proposed approach is comprised of two parts that are detection and reaction.All the intermediate nodes maintain a special table called Black Identification Table (BIT) that contains the information about sending and receiving packets originating from the source node.A node is identified as malicious if there is a difference between the number of send and received packets.After malicious node identification, the next task is to isolate the black hole node and information is updated in a special table called Isolation Table (IT).Moreover, the ID of the black hole node is broadcasted across the whole network to prevent the malicious node from further participation in the routing operation.Higher packet delivery ratio is achieved, at the cost of small additional delay in the overall communication in the network.
The cluster-based technique is proposed in to cope with the issues related to black hole attacks in MANETs.The technique is also known as Black hole Attack Prevention System in Clustered MANETs (BHAPSC) that try to find out malicious nodes existence and its location at a specific time.The idea behind the proposed solution is to maintain a special table called Friendship (Table ) that maintain the information about the cluster head and its neighbours within a certain cluster [44].Based on the information of Friendship table, the conclusion are drawn about the node trustworthiness.The next hop node is said to be stranger if the table does not contain the record of the next hop.A special parameter called trust estimator is used to calculate the trust level, and thus table is updated with the value calculated at the trust level of a given next hop node.In the situation, where the node trust level (value) crosses the threshold value, that node's ID will be broadcasted as black hole node, to all the nodes in the network.The approach is costly regarding overhead in maintaining the trust information about all the nodes and processing involved in broadcasting information across the whole network for trust convergence.
Most of the proposed techniques were suffered from two different limitations.Firstly, the overhead required was too costly due to which the achieved throughput was very low.Second, the problem was the increase of end-to-end delay which causes performance degradation in most of the cases.Moreover, a significant problem with some of the proposed solution is the false positive records identification that leads to the performance degradation of the network.The resource constraints in MANETs require a malicious detection solution that is less costly regarding resources as well as efficient regarding the end-to-end delay.This work presents the solution that makes use of the signature-based scheme.The basic idea behind the proposed algorithm is to make use of the sequence number assigned to the nodes.In MANETs based networks, all the nodes are assigned a sequence number in a range of minimum to maximum.
Let Min-Seq-No be the minimum sequence number, Max-Seq-No be the maximum sequence number and Source-Seq-No is the sequence number of the node that can be either source or destination node.If the packet sends is an RREQ packet the Source-Seq-No represents the source sequence number.However, if the packet received is RREP, then the Source-Seq-No represents the sequence number of the destination node.Any node that sends or forwards an RREQ is accepted if the value of the sequence number of that node is in between the minimum and maximum sequence number allowed in the MANETs (minimum and maximum are controlled in the proposed algorithm).However, if the sequence number is greater or less than the specified sequence numbers then the RREQ is rejected, and the node is considered as a malicious node.Similarly, the node that responds with an RREP packet is considered as a malicious node if its sequence number does not lie between the minimum and maximum sequence numbers specified.The collaborative attacks are handled in a way if all the nodes whose sequence numbers are higher than the specified maximum allowed sequence numbers and smaller than that of the sequence number allowed in the MANETs routing protocol.Table I presents the details about different approaches along with their limitations.

III. PROPOSED SIGNATURE BASED BLACK HOLE DETECTION MECHANISM
This work extends the work carried by [2] towards the mitigation of cooperative black hole attacks in AODV based MANETs routing protocol.The proposed algorithm makes use of the sequence number to identify the black hole nodes during the communication over the network.The pseudo-code of the algorithm is given as below: The basic idea behind the proposed algorithm is to make use of the sequence number assigned to the nodes.In MANETs based networks, all the nodes are assigned a sequence number in a range of minimum to maximum.Let Min-Seq-No be the minimum sequence number, Max-Seq-No be the maximum sequence number and Source-Seq-No is the sequence number of the node that can be either source or destination node.
If the packet sends are an RREQ packet the Source-Seq-No represents the source sequence number.However, if the packet received is RREP, then the Source-Seq-No represents the sequence number of the destination node.Any node that sends/forwards an RREQ is accepted if the value of the sequence number of that node is in between the minimum and maximum sequence number allowed in the MANETs (minimum and maximum are controlled in the proposed algorithm).However, if the sequence number is higher or less than the specified sequence numbers then the RREQ is rejected, and the node is considered as a malicious node.
Similarly, the node that responds with an RREP packet is considered as a malicious node if its sequence number does not lie between the minimum and maximum sequence numbers specified.The collaborative attacks are handled in a way if all the nodes whose sequence numbers are higher than the specified maximum allowed sequence numbers and smaller than that of the sequence number allowed in the MANETs routing protocol.

A. Research Nature
The design of research methodology depends on the type of research, i.e., quantitative, qualitative and mixed approach.The qualitative approach is mostly used in research about social interaction, social settings, and social process [1].On the other hand, quantitative-based research is used to find a numerical evaluation of the underlying research.The work in this study is evaluated using quantitative approach (i.e., simulation) in comparing the performance of the proposed algorithm with the work done in [2].The simulation technique is a most common way of evaluating the performance of the developed systems.Some simulation tools (i.e., NS-2 [3], NS-3 [4], OMNeT++ [5], OPNET [6] and QualNet [7].) based on sequential/parallel Discrete Event Simulation (DES) kernel are being employed by network researchers to verify their protocol designs.However, the selection of a network simulator depends on several important factors such as ease of configuration, learning curve of the programming language involved, type of scenario one may intend to simulate, provisioning of GUI environment, and support for scalability.This study considers OPNET modeler [6] as simulation tool.

B. Simulation Tool
Selection of relevant simulation tool is an important part of the performance evaluation.The selection of a network simulator depends on several important factors such as ease of configuration, learning curve of the programming language involved, type of scenario one may intend to simulate, provisioning of GUI environment, and support for scalability.OPNET modeler is selected to quantify the performance of the proposed algorithm.OPNET require the configuration of Visual C++ environment for the successful compilation and execution of the simulation.The implementation of simulation in OPNET required C language as a development platform to build the simulation application.The platform specification for simulation experiment about the proposed algorithm is shown in Table II: The simulation is sometimes conducted, to ensure the accuracy of the presented results.The same simulation is performed for the technique proposed in [2] and compared with the simulation of the proposed technique.The simulation is executed for 1000 seconds during each simulation run.The number of nodes chosen for the simulation is 45, and the number of malicious nodes is in the range of 1-18 nodes during different simulation execution.Random Way Point (RWP) mobility model is considered in this study [8] for nodes movement in the MANETs.All the nodes moved at the speed of 10 meters per second during the simulation execution.Fig. 6 shows the OPNET graphical view of the nodes used for the simulation experiments.

IV. RESULTS AND DISCUSSION
Four parameters, i.e.Average Throughput, Average Packet drop, Average Delay and Malicious Detection Rate are used to quantify the performance of the proposed signature-based approach.The overhead involved in malicious node detection may lead to the decrease in throughput.The packets will drop if the malicious node is not detected in due time.Packet Drop rate is used to compare the effectiveness of the proposed approach as compared to that of the existing techniques.End to end delay is defined as the time required for a packet to reach the intended destination.Malicious Detection Rate represents the success rate of detecting black hole attacking nodes, during the routing process in AODV.The proposed algorithm is implemented using OPNET and compared with the technique proposed in the base paper.The same simulation is run with four different combinations where a various number of malicious nodes (i.e., 1, 3, 6, 9, 12 and 18) are used.The results obtained from the simulation are discussed as below.Average throughput is defined as average data packets received per unit time at the destination from a sender [45].Fig. 7 presents the results regarding the achieved throughput for signature-based black hole detection technique and cooperative black hole attack with a various number of malicious nodes.A slight improvement (i.e., 2-5 %) in throughout is observed, when the number of black hole nodes was 1 and 3, during the first two simulations run.The proposed algorithm achieves better throughput (7-16%) with the increase in a number of malicious nodes as compared to that of state of the art technique.The presented results lead to the conclusion that with the increase in a number of a black hole, the proposed algorithm still able to achieve higher average throughput as compared to that of the technique used in [2] for cooperative black hole node detection.Moreover, both techniques reveal almost similar results with single black hole attack or when the number of black hole nodes is less than or equal to 3.

B. Average Packet Drop
Fig. 8 shows the results regarding some packets dropped when employing signature-based scheme with an increasing number of malicious nodes (i.e., 1, 2, and 3).Packets drop is reduced to zero with the implementation of the signaturebased scheme for AODV based MANETs.The highest number of packets drops is observed when the number of cooperativebased malicious nodes are increased up to 3. The results lead to the conclusion that signature base malicious node detection technique is efficient by having minimum average packet drop.

C. Average Delay
The average delay is defined as the average delay experienced by a packet to reach the intended destination [46].The average delay is obtained by dividing the total delay by the total number of packets sent during the whole communication.The results presented in Fig. 9 corresponds to the average E2E delay, experienced by the network, for the signaturebased algorithm.Results reveal better performance (regarding average end-to-end delay) for the proposed algorithm.

D. Average Processing Time
Fig. 10 shows the results of processing time taken on each of the techniques (i.e., proposed signature-based algorithm, and existing technique) for trusted route selection with varying number of malicious (cooperative black hole) nodes.The horizontal axis represent the number of black hole nodes, whereas the vertical axis represent the processing time (seconds) required to select the best suited route from source to the destination.The processing time for 1 and 3 number of black hole nodes on the proposed technique is almost equal to that of the base paper.Results shows an improvement of 10-22 % in processing time, for the route selection on our proposed algorithm as compared to that of the technique proposed in base paper.From the given results it can be concluded that the proposed algorithm can provide better connection rate as compared to that of the existing techniques.The proposed technique provides more scalable solution with a reasonable amount of processing time required for stable and trusted route selection from the sender to the destination nodes.

E. Malicious Detection Rate
Fig. 11 presents the results of the black hole nodes detection rate on both the techniques (i.e., base paper and proposed technique).The simulation is configured for 45 mobiles nodes and varying number (i.e. 6, 9, 12, 15 and 18) of black hole nodes.An equal detection rate is observed in both the techniques, i.e., proposed signature-based algorithm and base paper [2].The results show an improvement of 11-17 %, as the number of black hole nodes is increased up to 6,9,12,15 and 18.The simulation results conclude that the proposed algorithm achieves better performance regarding malicious detection.

V. CONCLUSION AND FUTURE WORK
This research work presents an essential step towards an efficient detection of cooperative black hole attacks.The concept of signature-based detection in combination with the use of sequence number, lead to the implementation of an efficient approach for the detection of malicious attacks in AODV-based MANETs.The results obtained through simulation shows significant improvements regarding collaborative black hole detection.Results lead to the conclusion that with the increase in a number of malicious node in cooperative black hole attack, the proposed algorithm still able to achieve good throughput as compared to state of art techniques.Moreover, the proposed algorithm is efficient regarding detecting collaborative black hole attacks and can lead to efficient results regarding increased malicious attacks.Even though some techniques have been introduced to mitigate the black hole attacks in MANETs, many of the proposed solutions were capable of detecting single black hole attack and are unable to detect and avoid collaborative-based black hole attacks in the context of AODV based MANETs.The benefits of the proposed algorithm are mentioned below: 1) Better malicious detection rate for higher number of black hole nodes in the context of the cooperative black hole attacks.2) Achieved less processing time regarding trusted path selection.3) Good throughput and average delay.
In future, this research work will be extended by analysis of the proposed algorithm for Proactive routing (DSDV and DSR) protocols in MANETs.It is also recommended to increase the number of malicious nodes up to 100-150 and to the check the behavior of these routing protocols with the proposed technique.

Fig. 7
Fig. 7 shows the average throughput of the signature-based scheme with a different number of nodes.Signature-based scheme achieves the high throughput of 40.4 Packets/Second.For single black hole attack, the average throughput is 39.2 Packets/Second.The minimum throughput value is observed when the cooperative black hole attack has three number of nodes.Results show an improved throughput by employing signature-based scheme as compared to the scenarios of cooperative black hole attack.

Fig. 10 .
Fig. 10.Average processing time of signature-based malicious node detection technique.

TABLE I .
SUMMARY OF PROPOSED APPROACHES FOR BLACK HOLE ATTACKS DETECTION