          !  "  ##"$ %%# &   ’’’( © 2010, IJARCS All Rights Reserved 192 ISSN No. 0976-5697 A Modified Grayhole Attack Detection Technique in Mobile Ad-hoc Networks Mangesh M. Ghonge * Faculty Department of Computer Science & Engineering Jawaharlal Darda Institute of Engineering & Technology, Yavatmal, India Pradeep M. Jawandhiya Assistant Professor & Head of Department Department of Computer Science & Engineering Jawaharlal Darda Institute of Engineering & Technology, Yavatmal, India Abstract: Mobile Ad Hoc Networks are vulnerable to various types of Denial of Service (DoS) attacks for the absence of fixed network infrastructure. The Gray Hole attack is a type of DoS attacks. In this attack, an adversary silently drops some or all of the data packets sent to it for further forwarding even when no congestion occurs. Our proposed scheme comprises two steps of detecting malicious node in the network: Detection of malicious activity, Identification of malicious node. The first step is to detect any malicious activity took place in network or not and second if malicious activity took place in the network then identification of that malicious node. Keywords: MANET, Security attacks, Grayhole attack I. INTRODUCTION An ad hoc network is a collection of nodes that do not rely on a predefined infrastructure to keep the network connected. So the functioning of Ad-hoc networks is dependent on the trust and co-operation between nodes. Nodes help each other in conveying information about the topology of the network and share the responsibility of managing the network. Hence in addition to acting as hosts, each mobile node does the function of routing and relaying messages for other mobile nodes. Early research work on route establishment in MANET has mainly focused on the probability and the efficiency, and assumes nodes are trustworthy and cooperative. Recently, more attention has been given to security problems in MANET The Gray Hole attack is a kind of Denial of Service (DoS) attacks. In this attack, an adversary first exhibits the same behavior as an honest node during the route discovery process, and then silently drops some or all of the data packets sent to it for further forwarding even when no congestion occurs. The malicious nodes could degrade the network performance; disturb route discovery process, etc. In this paper, we proposed a simple two step method to detect the malicious node in the network and isolate the node from the network. II. RELATED WORKS Marti et al [1] proposed to trace malicious nodes by using watchdog/pathrater. This scheme was consisted of two related algorithms: 1) the watchdog algorithm. When a node forwards a packet, the node’s watchdog verifies that the next node in the path also forwards the packet. The watchdog does this by promiscuously listening to the next node’s transmissions. If the watchdog finds the next node does not forward the packet during a certain period of time, the next node will be suspected as a malicious node. If the next node’s tally exceeds a predefined threshold, the watchdog will accuse the next node as a malicious node to the source node; 2) the pathrater algorithm. The source node selects the path that most likely to deliver packets, according to the reports provided by watchdogs equipped with each node in the network. The proposal has two shortcomings: 1) to monitor the behavior of nodes two or more hops away, one node has to trust the information from other nodes, which introduces the vulnerability that good nodes may be bypassed by malicious accusation; 2) bi-directional communication links are needed. Awerbuch et al [2] proposed to detect malicious nodes by using acknowledgements sent by destination node. This scheme was consisted of three related algorithms: 1) The route discovery with fault avoidance. By using flooding, cryptography algorithms and weight list, the source nodes could discover route that will deliver packets; 2) The Byzantine fault detection. Based on binary search algorithm and the input path, the source node could detect malicious nodes with Byzantine behavior; 3) The link weight management. This algorithm is used to update the link weight. The proposal has three shortcomings: 1) the bandwidth overhead is significant, as the destination node will send an acknowledgement whenever it receives a packet; 2) it is a challenging work to make sure that the source node has a shared key with each node in the network; 3) the probe packet is easily to be distinguished from other general packet, as the probe packet contains a probe list. Just el al [3] have reviewed the related works on tracing packet dropping nodes, and proposed to detect malicious nodes by using the probe technique. This scheme was consisted of three related algorithms: 1) The probing path selection algorithm. This algorithm is used to select the probing paths; 2) The probing algorithm. This algorithm is used to detect possible malicious nodes in the probing path; the diagnosis algorithm. This algorithm is used to test the possible malicious nodes by using the property of bi-directional communication link. The proposal has four shortcomings: 1) the source node will begin to probe malicious nodes when it finds that Gray Hole attack has taken place. On considering the dynamic topology of MANET and the random behavior of malicious nodes, this method is not satisfying; 2) bi-directional communication links are needed; 3) the efficiency of this method is related to the location of the malicious nodes in the source route; 4) in order to keep malicious nodes from distinguishing probing packets, the probing packets must be encrypted. Huang el al [4] proposed to detect malicious