Performance of an IDS in an Adhoc Network under Black Hole and Gray Hole attacks Mozmin Ahmed North Eastern Regional Institute of Science and Technology Nirjuli, Itanagar Arunachal Pradesh, India mozahmed@rediffmail.com Md. Anwar Hussain North Eastern Regional Institute of Science and Technology Nirjuli, Itanagar Arunachal Pradesh, India Abstract— In Mobile Adhoc Networks (MANETs), more security is required in the system compared to the wired Network. The Wireless networks are susceptible to many attacks like Black Hole Attacks, Gray Hole Attacks, Worm Hole Attacks, Sink Hole, Sleep Deprivation Torture, Sybil Attack etc. These Networks needs to be protected using firewalls, encryption software, network failure detection schemes for detecting the attacks and minimizing their effects. Many of these schemes designed so far are not absolute and require more supporting systems. Therefore an effective intrusion detection system (IDS) is important to identify the malicious nodes, isolate the problem created by such nodes and notify the information of the malicious node to the other nodes. The ultimate aim of these schemes is to provide the necessary security cover to the network by adding encryption to maintain confidentiality and integrity. In this paper, we introduce a novel Intrusion Detection System (IDS) and examine the performance of the network by introducing  Black Hole Attack and Gray Hole Attack. The proposed work is simulated using ns 2.35 in Debian Linux 6. The result of simulations shows the comparison considering the total packet drop and network throughput. The AODV[1][2] protocol in ns is modified (blackholeaodv and grayholeaodv protocol) to simulate both the attacks. Similarly, the AODV protocol is modified (idsaodv protocol) to implement the IDS (Intrusion Detection System) for the attacks[4][6]. Keywords — AODV protocol, Black Hole Attack, Gray Hole Attack, Intrusion Detection System, MANETS, Packet Drop & Network Throughput. I. INTRODUCTION A mobile Adhoc network (MANET) is a collection of wireless mobile hosts that are organized and maintained in a distributed manner without a fixed infrastructure[3]. The malicious nodes are either the broken node or the selfish node that becomes non-functional and silently drops the packets[7]. Figure : 1. Adhoc network. Black hole attack and Gray hole attack are involved in dropping packets. Black hole attack drops all received packets intended for forwarding, whereas Gray hole attack drops packets at certain frequencies. A Black Hole attack can be done by just one node which forges the sequence number and hop count of a routing message in order to forcibly grab the route. The Black Hole node will then eavesdrop, or directly drop the received data packets. A Gray Hole attack is a type of Denial of Services attack. Here the node forms false routing information in the network. A Gray Hole do not drop all the packets, it just drops a part of the packets[5]. Intrusion Detection is the process used to identify intrusions. Intrusion Detection Systems look for attack signatures, which are specific patterns that usually indicate malicious or suspicious intent. IDS work on the basis of examining activity on a specific machine or network and decide whether the activity is normal or suspicious[7][8]. Figure: 2. Network with link formation. In the above figure, the nodes S1, S2, S4, S5, S6 and S7 forms network. They form their update with the neighbouring nodes. The node S1 gets update from S2, S2 gets its updates from S1, S3 and S4 and so on. When a system detects data as malicious, it assigns a marker to those packets and the communicating nodes ignore those marked packets. Figure: 3. Block diagram to show malicious node attack.