Ranjeet Suryawanshi, Sunil Tamhankar / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue4, July-August 2012, pp.1430-1437 1430 | P a g e Performance Analysis And Minimization Of Black Hole Attack In MANET Ranjeet Suryawanshi*, Sunil Tamhankar** *(Department of Electronics, Walchand College of Engineering, Sangli, Maharashtra 416415, India ** (Associate Professor, Department of Electronics, Walchand College of Engineering, Sangli, Maharashtra 416415, India ABSTRACT A Wireless ad-hoc network is a temporary network set up by wireless mobile computers (or nodes) moving arbitrary in the places that have no network infrastructure. Since the nodes communicate with each other, they cooperate by forwarding data packets to other nodes in the network. Thus the nodes find a path to the destination node using routing protocols. However, due to security vulnerabilities of the routing protocols, wireless ad-hoc networks are unprotected to attacks of the malicious nodes. One of these attacks is the Black Hole Attack against network integrity absorbing all data packets in the network. Since the data packets do not reach the destination node on account of this attack, data loss will occur. There are lots of detection and defense mechanisms to eliminate the intruder that carry out the black hole attack. We simulated the black hole attack in various wireless ad-hoc network scenarios and have tried to find a response system in simulations. Keywords - MANET (Mobile ad hoc network), AODV(On-demand distance vector routing protocol), IDS(Intrusion detection system). I. INTRODUCTION Wireless ad-hoc networks are composed of autonomous nodes that are self- managed without any infrastructure. In this way, ad-hoc networks have a dynamic topology such that nodes can easily join or leave the network at any time. They have many potential applications, especially, in military and rescue areas such as connecting soldiers on the battle field or establishing a new network in place of a network which collapsed after a disaster like an earthquake. Ad-hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. Since the nodes communicate with each other without an infrastructure, they provide the connectivity by forwarding packets over themselves. To Support this connectivity, nodes use some routing protocols such as AODV (Ad-hoc On- Demand Distance Vector) [1], DSR (Dynamic Source Routing) and DSDV(Destination-Sequenced Distance- Vector). Besides acting as a host, each node also acts as a router to discover a path and forward packets to the correct node in the network. As wireless ad-hoc networks lack an infrastructure, they are exposed to a lot of attacks. One of these attacks is the Black Hole attack. In the Black Hole attack, a malicious node absorbs all data packets in itself. In this way, all packets in the network are dropped. A malicious node dropping all the traffic in the network makes use of the vulnerabilities of the route discovery packets of the on demand protocols, such as AODV. In route discovery process of AODV protocol, intermediate nodes are responsible to find a fresh path to the destination, sending discovery packets to the neighbor nodes. Malicious nodes do not use this process and instead, they immediately respond to the source node with false information as though it has fresh enough path to the destination. Therefore source node sends its data packets via the malicious node to the destination assuming it is a true path. Black Hole attack may occur due to a malicious node which is deliberately misbehaving, as well as a damaged node interface. II. AODV ROUTING PROTOCOL Ad-hoc On-Demand Distance Vector (AODV) [1] is an on demand routing protocol which is used to find a route between the source and destination node as needed. It uses control messages such as Route Request (RREQ), and Route Reply (RREP) for establishing a path from the source to the destination. Header information of these control messages are also explained in [1] . When the source node wants to make a connection with the destination node, it broadcasts an RREQ message. This RREQ message is propagated from the source, and received by neighbors (intermediate nodes) of the source node. The intermediate nodes broadcast the RREQ message to their neighbors. This process goes on until the packet is received by destination node or an intermediate node that has a fresh enough route entry for the destination in its routing table. Fresh enough means that the intermediate node has a valid route to the destination established earlier than a time period set as a threshold. Use of a reply from an intermediate node rather than the destination reduces the route establishment time and also the control traffic in the network. Sequence numbers are also used in the RREP messages and they serve as time stamps and allow nodes to compare how fresh their information on the other node is. When a node sends any type of routing control message, RREQ, RREP, RERR etc., it increases its own sequence number. Higher sequence number is