移动AdHoc网的典型网络攻击与防范

Ad Hoc网络洪泛攻击防御的研究摘要：针对移动Ad Hoc网络反应式路由的洪泛攻击，分析了现有的抵御洪泛攻击的FAP方案的安全漏洞，提出了一种简单易行的CSR方案，并与FAP方案进行了对比。

关键词：移动Ad Hoc网络反应式路由洪泛攻击 FAP方案移动Ad Hoc网络是一种新型的移动多跳无线网络，它不依赖于任何固定的基础设施和管理中心，而是通过传输范围有限的移动节点间的相互协作和自我组织来保持网络连接并实现数据的传递。

Ad Hoc网络中路由的特殊性使其成为Ad Hoc网络中的重要问题，一直是该领域的研究热点。

目前，较为成熟且已在Ad Hoc网络中广为使用的路由协议路由协议有优化链路链路状态路由算法OLSR(Optimized Link State Routing Protocol)、动态源路由DSR(Dynamic Source Routing)、按需距离矢量路由AODV (Ad Hoc On-Demand Distance Vector Routing)等。

同时，随着各类攻击的出现，基于安全的Ad Hoc路由协议也相继产生[1～4]。

洪泛攻击是新近提出的一种针对Ad Hoc网络中反应式路由的攻击类型，分为RREQ报文和数据报文攻击两种。

它通过在网络中引发拒绝服务，能够对现有的所有反应式路由进行攻击。

Ping Yi等人首次提出了这种攻击的模型[5]，同时给出了抵御这种攻击的洪泛攻击预防FAP （Flooding Attack Prevention）方案。

针对FAP方案的不足，本文提出了通信状态记录CSR （Communication Status Record）方案。

该方案中各节点通过实时记录与其相关联的节点及链路的状态，从而可以有效地辨别非法节点，避免为非法节点转发报文，达到抵御洪泛攻击的效果。

1 背景知识1.1 反应式路由简介反应式路由协议又称为按需路由协议，是一种当需要发送数据时才查找路由的路由算法。

Information Security •信息安全Electronic Technology & Software Engineering 电子技术与软件工程• 169【关键词】Ad Hoc 无线网络 虫洞攻击 安全策略虫洞攻击是针对Ad Hoc 无线网络路由协议的高级攻击形式，通常情况下，这种攻击方式是由两个以上的恶意节点相互合作共同发起攻击，在攻击过程中，两个恶意节点距离较远，但是二者间却如同一步之遥，它所发生的攻击频率与机率甚至比正常路径的跳跃数还要短，因此，对虫洞攻击的防御难度系数大，对防御技术要求高。

1 Ad Hoc无线网络的组成框架与特性Ad Hoc 无线网络的组成框架可以分为两种，一种是对等式平面结构，另一种是分级结构，对等式平面结构中所有的网络节点地位平等，而分级结构中，网络是以簇为子网构成的。

目前，Ad Hoc 无线网络正逐步呈现出分级化发展态势，诸多网络路由的算法都是基于分级结构网络模式提出的。

Ad Hoc 无线网络作为一种新型的网络形式，相比于蜂窝式无线网络，其优势也较为明显。

首先，Ad Hoc 无线网络在任何时间、任何地点都不需要硬件基础网络设施的支持，而快速建立起一个移动通信网络，它的建立不依赖于其他介质，所以具有一定的独立性；其次，Ad Hoc 无线网络不存在有线基础设施的支持，主机之间的通信均通过无线传输来完成，因此，移动终端可得到的实际带宽要远小于最大带宽的理论值；最后，Ad Hoc 无线网络相对于蜂窝式无线网络要稳定的多。

2 对虫洞攻击和OLSR路由协议认知2.1 虫洞攻击的定义Ad Hoc 无线网络虫洞攻击的安全策略文/许桂月1 张常键2 宫海梅1虫洞攻击是网络中两个攻击节点共同作用，发起的一种攻击形式，在攻击节点之间存在一条高带宽、高质量的私有链条式通道，其专业术语称之为“隧道”。

虫洞攻击采取的方式特别简单，而且攻击速度相对较快，但是对Ad Hoc 无线网络的危害性却很大，采用常规的检测方法无法准确判定网络是否遭受虫洞攻击，因此，近年来，网络技术人员针对虫洞攻击的特点，制订了一套行之有效的安全防御措施，同时建立了相关的Ad Hoc 无线网络被攻击的预警机制，并收到了理想效果。

I.J. Information Engineering and Electronic Business, 2013, 3, 49-58Published Online September 2013 in MECS (/)DOI: 10.5815/ijieeb.2013.03.06Security Challenges and Attacks in Mobile AdHoc NetworksCH.V. RaghavendranAssociate Professor, Ideal College of Arts & Sciences, Kakinada, Andhra Pradesh, IndiaE-mail: raghuchv@G. Naga SatishAssociate Professor, Ideal College of Arts & Sciences, Kakinada, Andhra Pradesh, IndiaE-mail: gantinagasatish@P. Suresh VarmaDr. , Professor, Adikavi Nannaya University, Rajahmundry, Andhra Pradesh, IndiaE-mail: vermaps@Abstract—Mobile Ad hoc Network (MANET) is an autonomous collection of mobile nodes that form a temporary network without of any existing network infrastructure or central access point. The popularity of these networks created security challenges as an important issue. The traditional routing protocols perform well with dynamically changing topology but are not designed to defense against security challenges. In this paper we discuss about current challenges in an ad hoc environment which includes the different types of potential attacks that are possible in the Mobile Ad hoc Networks that can harm its working and operation. We have done literature study and gathered information relating to various types of attacks. In our study, we have found that there is no general algorithm that suits well against the most commonly known attacks. But the complete security solution requires the prevention, detection and reaction mechanisms applied in MANET. To develop suitable security solutions for such environments, we must first understand how MANETs can be attacked. This paper provides a comprehensive study of attacks against mobile ad hoc networks. We present a detailed classification of the attacks against MANETs.Index Terms— MANETs, Security, Passive Attacks, Active Attacks, Network Layers.I.IntroductionSecurity is an ess ential s ervice for wired and wireless network communications. The success of MANET strongly depends on whether its security can be trusted. In this paper we focused on the routing security in MANET. Due to mobility and ad hoc nature, security in mobile ad hoc networks is particularly hard to achieve: the wireless links are usually fragile with high link broken ratio; nodes lack of enough physicalprotection can be easily captured, compromised, and hijacked; the sporadic nature of connectivity and the dynamically changed topology may cause frequent routes update; the absence of a certification authority and the lack of centralized monitoring or management point further deteriorate the situations. However, the characteristics of MANET pose both challenges and opportunities in achieving the security goals, such as confidentiality, authentication, integrity, availability, access control, and non-repudiation. There are a wide variety of attacks that target the weakness of MANET. During the last decade, extensive studies have been conducted on routing in mobile ad hoc networks, and have resulted in several mature routing protocols. However, in order to work properly, these protocol s need trusted working environments, which are not always available. In many situations, the environment may be adversarial. For example, some nodes may be selfish, malicious, or compromised by attackers. To address these issues, many schemes have been proposed to secure the routing protocols in ad hoc networks. So, in order to make MA NETs secure, all types of attacks are to be identified and solutions to be considered to make MANETs safe. Some of the attacks are considered in our study. However the list is possibly incomplete, and some more attacks on MANETs are likely to be discovered in near future. So Security issues in MANETs will remain a potential research area in near future.The rest of the paper is organized as follows. In Section 2 we introduced Mobile Ad Hoc Networks. In Section 3, we discussed on security requirements for MANETs. In Section 4, we described the security challenges. In Section 5, we briefly discuss about different type of attacks. In Section 6, security attacks are discussed on layer wise. In Section 7, we concluded our study on security challenges.II.Mobile Ad Hoc NetworksNow-a-days, Mobile ad hoc network (MANET) is one of the recent active fields and has received marvelous attention because of their self-configuration and self-maintenance capabilities [1]. MANET is a collection of mobile devices connected through wireless links to serve a specific purpose. MANETs provide users with easier ways to connect and communicate without the need for prior setup or a centralized server. MANETs are particularly used in situation where a fast installation is needed and no infrastructure is available. The only condition the device has to fulfill is the communication interface, as it needs one to build up a connection to other devices. The networks are self-organized and adaptive. As it has no infrastructure the participants are directly connected with one another and not to an access point, to a gateway or something similar. The nodes must, therefore, not just send and receive, but also forward packets. In MANETs the composition of the nodes varies very rapidly: in every moment a new node may connect or an established node may disconnect. MANETs use wireless connections for communication and that the devices are battery powered.MANETs are currently used in many areas and have various defining characteristics that differentiate them from other wireless networks such as WLAN. Possible applications of MANET include: soldiers relaying information for situational awareness on the battlefield, business associates sharing information during a meeting, attendees using laptop computers to participate in an interactive conference, and emergency disaster relief personnel coordinating efforts after a fire, hurricane or earthquake. Other possible applications include personal area and home networking, location-based services, and sensor networks.III.Security RequirementsAd hoc networks are very open to anyone. Their biggest advantage is also one of their biggest disadvantages. Anyone with the proper hardware and knowledge of the network topology and protocols can connect to the network. This allows potential attackers to infiltrate the network and carry out attacks on its participants with the purpose of stealing or altering information.Any routing protocol must encapsulate an essential set of security requirements like confidentiality, authentication, availability, integrity, non-repudiation, authorization and accounting [2]. These need to be addressed in order to maintain a reliable and secure ad-hoc network environment. These have to be protected against defects and more importantly against malicious intent.3.1 ConfidentialityConfidentiality is the process of keeping the information sent unreadable to unauthorized readers [2]. Transmission of sensitive information requires confidentiality. Routing and packet forwarding information must also remain confidential. Attacks against confidentiality aims at getting access to private or confidential data, for instance user names and passwords, credit card numbers, secret reports etc. To keep the confidentiality, it is required to ensure to communicate with right partner. Confidentiality can be achieved using any of the available encryption techniques, provided that proper access key systems are used. Protecting privacy involves more than encryption and requires more sophisticated techniques to hide the identity or the location of the user.3.2 AuthenticationAuthenticity means the verifying and proving the identity of the participants in a network. This is important to ensure genuine access to the network. The nodes wish to communicate with each other need to verity the identity of each other to satisfy that they are communicating with authorized party [2].3.3 AvailabilityServices or resources should be available to genuine users whenever required. It ensures the survivability of the network despite malicious incidents. This is very important in many applications.3.4 IntegrityThe integrity is the ability to guarantee that the received message is the real one that has not been tampered or changed. This is an essential in situations such as banking, military operations and equipment controls. As with confidentiality, integrity can apply to a stream of messages, a single message or selected fields within a message [2]. But, the most useful and straightforward approach is total stream protection. Integrity guarantees that the authorized parties are only allowed to modify the information or messages so that it is never corrupted.3.5 Non-repudiationThe goal of non-repudiation is related to a fact that if an entity sends a message, the entity cannot deny that the message was sent by it. If a message is sent, the receiver can prove that the message was sent by the alleged sender. In the same way, after sending a message, the sender can prove that the message was received by the alleged receiver. This may be of great importance in some situations but might not be in some others.3.6 Authorization and AccountingNodes participating in a network need to have proper permissions to access shared resources on that network. In a MANET, nodes should be able to restrict othersfrom accessing private information on their devices. Moreover, in some cases, the authorization policies are accompanied by accounting mechanisms to track resource utilization to identify bottlenecks, charging users for services or for statistical information about the network. Both authorization and accounting require robust methods to ensure correctness of protocols and proper utilization of resources.IV.Security ChallengesActive attacks [3, 4, 5] in MANET range from deleting messages, injecting messages, impersonate a node etc thus violating confidentiality, authentication, availability, integrity, and non-repudiation. Unlike the wired networks achieving security in MANETs is challenging. According [6] Ad hoc networks pose a number of nontrivial challenges to security design, such as the following.4.1 Dynamic TopologyNodes are mobile and can be connected dynamically in an arbitrary manner. Links of the network vary timely and are based on the proximity of one node to another node. This dynamis m could be better protected with distributed and adaptive security mechanis ms [2]. 4.2 ScalabilityScalability is an important issue concerning security. Security mechanisms should be capable of handling a large network as well as small ones [1].4.3 AutonomousNo centralized administration entity is available to manage the operation of the different mobile nodes.4.4 Poor Transmission QualityThis is an inherent problem of wireless communication caused by several error sources that result in degradation of the received signal.4.5 Bandwidth OptimizationWireless links have significantly lower bandwidth than the wired links.4.6 Device DiscoveryIdentifying relevant newly moved in nodes and informing about their existence need dynamic update to facilitate automatic optimal route selection.4.7 Infrastructure less and Self OperatedSelf healing feature demands MANET should realign itself to blanket any node moving out of its range.4.8 Limited ResourcesMobile nodes rely on battery power, which is a scarce resource. Also computational power and storage capacity are limited.4.9 Limited Physical SecurityMobility implies higher security risks such as peer-to-peer network architecture or a shared wireless medium accessible to both legitimate network users and malicious attackers.4.10 Ad hoc AddressingChallenges in standard addressing scheme are to be implemented.4.11 Topology MaintenanceUpdating information of dynamic links among nodes in MANETs is a major challenge.Providing secure communication in such changing and dynamic environment, as well as protection against specific threats and attacks, leads to development of various security schemes and architectures.V.Security AttacksMANET provides network connectivity between mobile nodes over potentially multihop wireless channels mainly through Link Layer protocols that ensure one-hop connectivity, and Network Layer protocols that extend the connectivity to multiple hops. These distributed protocols assume that all nodes are cooperative. This assumption is unfortunately not true in an unfriendly environment. Because cooperation is assumed but not enforced in MANETs, malicious attackers can easily disrupt network operations by violating protocol specifications.Many characteristics might be used to classify security attacks in the MANETs [7]. They would include looking at the behavior of the attacks (passive vs. active), the source of the attacks (external vs. internal), the processing capability of the attackers (mobile vs. wired), the number of the attackers (single vs. multiple) different protocol layer, stealthy or non-stealthy, and cryptography or non-cryptography related.5.1 Passive vs. ActiveThe Passive attacks steal valuable information in the targeted networks. Examples of passive attacks are eavesdropping attacks and traffic analysis attacks. Detecting this kind of attack is difficult because neither the system resources nor the critical network functions are physically affected to prove the intrusions [8].An Active attack attempts to alter system resources or affect their operation [8]. These actively alter the data, with the intent of overloading the network, obstructing the operation or to cut off certain nodesfrom their neighbors so they can not use the networks services effectively anymore. To execute active attacks, the attacker must be able to inject packets into the network. Table 1 shows the general taxonomy of security attacks against MANET. Examples of active attacks comprise actions such as message modifications, message replays, message fabrications and the denial of service attacks.Table 1: Security Attacks Classification5.2 External vs. InternalExternal attacks are launched by adversaries that are not legally part of the network. These attacks usually aim to cause network congestion, denying access to specific network function or to disrupt the whole network operations. Bogus packets injection, denial of service, and impersonation are some of the attacks that are usually initiated by the external attackers.Internal attacks are sourced from inside a particular network. A compromised node with access to all other nodes within its range poses a high threat to the functional efficiency of the whole network. Attacks that are caused by the misbehaving internal nodes are difficult to detect because to distinguish between normal network failures and misbehavior activities in the ad hoc networks is not an easy task.5.3 Mobile vs. Wired AttackersMobile attackers have the same capabilities as the other nodes in the ad hoc networks. Their capabilities to harm the networks operations are also limited because of limited resources. With the limited transmitting capabilities and battery powers, mobile attackers could only jam the wireless links within its vicinity but not the whole networks operations.Wired attackers are attackers that are capable of gaining access to the external resources such as the electricity. Since they have more resources, they could launch more severe attacks in the networks, such as jamming the whole networks or breaking expensive cryptography algorithms. Existence of the wired attackers in the ad hoc networks is always possible as long as the wired attackers are able to locate themselves in the communication range and have access to the wired infrastructures. 5.4 Single vs. Multiple AttackersAttackers might choose to launch attacks against the ad hoc networks independently or by colluding with the other attackers. Single attackers usually generate a moderate traffic load as long as they are not capable to reach any wired facilities. Since they also have similar abilities to the other nodes in the networks, their limited resources become the weak points to them [9]. If several attackers are colluding to launch attacks, defending the ad hoc networks against them will be much harder. Colluding attackers could easily shut down any single node in the network and be capable to degrading the effectiveness of network’s distributed operations including the security mechanis ms.5.5 Attacks on Different Layers of the Internet ModelThe attacks can be classified according to the five layers of the Internet model. Table 2 presents a classification of various security attacks on each layer of the Internet model. Some attacks can be launched at multiple layers.Table 2: Security Attacks on each layer in MANET5.6 Stealthy vs. Non-stealthy AttacksSome security attacks use stealth, where the attackers try to hide their actions from either an individual who is monitoring the system or an intrusion detection system (IDS). But other attacks such as DoS cannot be made stealthy.5.7 Cryptography vs. Non-cryptography Related AttacksSome attacks are non-cryptography related, and others are cryptographic primitive attacks. Table 3 shows cryptographic primitive attacks and the examples.Table 3: Cryptog raphic Primitive Attacksyer-Wise Security Attacks6.1 Physical Layer Attacks6.1.1 Eavesdropping:This is intercepting and reading of messages and conversations by unintentional receivers. The nodes share a wireless medium and the wireless communication use the RF spectrum and broadcast by nature which can be easily intercepted with receivers tuned to the proper frequency. Signals broadcast over airwaves can be easily intercepted with receivers tunedto the proper frequency. As a result transmitted message can be overheard as well as fake message canbe injected into the network.6.1.2 Interference and Jamming:Accidentally or intentionally, interference can happen with radio waves of MANETs, because WLAN use unlicensed radio frequencies. Other electromagnetic devices operating in the infrared or 2.4 GHz RF can overlap with WLA N traffic. A powerful transmitter can generate signal that will be strong enough to overwhelm the target signal and can disrupting communications. This condition is called jamming. Jamming attacks can be mounted from a location remote to the target networks. This makes this attack extremely inevitable. Pulse and random noise are the most common type of signal jamming [9].6.2 Data Link Layer Attacks6.2.1 Traffic Analysis:Traffic analysis attack adversaries monitor packet transmission to infer important information such as a source, destination, and source-destination pair. Dataon who is communicating with whom, how often, how much, and when is easily available to any eavesdropper within range of the wireless network. Even if the payload is encrypted, standard MANET protocols transmit enough header and routing information in the clear making traffic analysis relatively easy for attackers. Traffic analysis is a threat to secure communication, either by identifying targets for attacks such as denial-of-service or encryption cracking, or by revealing communication relationships. Traffic analysisin ad hoc networks may reveal:•the existence and location of nodes •the communications network topology•the roles played by nodes•the current sources and destination of communications and•the current location of specific individuals or functions6.2.2 Disruption MAC (802.11):Many attacks can be launched in link layer by disrupting the cooperation of the protocols of this layer. Wireless medium access control (MAC) protocols haveto coordinate the transmission of the nodes on the common communication or transmission medium. The IEEE 802.11 MA C is vulnerable to DoS attacks. To launch the DoS attack, the attacker may exploit the binary exponential backoff scheme. For example, the attacker may corrupt frames easily by adding some bitsor ignoring the ongoing transmission. Capture effect is an important effect to consider in link layer, which means that nodes that are heavily loaded tend to capture the channel by sending data continuously, thereby resulting lightly loaded neighbors to back off endlessly. Malicious nodes may take the advantage of this capture effect vulnerability. Another vulnerabilityto DoS attacks is exposed in IEEE 802.11 MAC through Network Allocation Vector (NA V) field carried in the RTS/CTS (Ready to Send/Clear to Send) frames.6.2.3 WEP weakness:The WEP was designed by a group of IEEE volunteer members, aiming at giving some layer of security to wireless networks. IEEE 802.11 W EP incorporates Wired Equivalent Privacy (W EP) to provide WLAN systems a modest level of privacy by encrypting radio signals. The WEP protection technique suggested for adhoc network fall short of the objective of data privacy, data integrity and authentication. Various security standards such as IEEE 802.11i, WPA, and IEEE 802.1 X were suggested to enhance the security issues in 802.11.Despite their efficiency, these standards do not provide any robustness to the security approach for monitoring of the authentication in a distributed architecture. Some of the weaknesses 802.11 WEP are listed below [11] [12] [13],•Key management is not specified in the W EP protocol.•The initialization vector (IV) used in WEP is sent in clear.•The WEP has not planed a mechanism to ensure data source authentication.The combined use of a non-cryptographic integrity algorithm, CRC 32 with the stream chipper is a security risk and may cause message privacy and message integrity attacks.6.3 Network Layer Attacks6.3.1 Wormhole Attack:The wormhole attack [14] is one of the most sophisticated and severe attacks in MANETs. The wormhole attack is possible even if the attacker has not compromised any hosts and even if all communication provides authenticity and confidentiality. In this attack, a pair of colluding attackers record packets at one location and replay them at another location using a private high speed network. The Fig 1 shows the Wormhole attack. It is also possible for the attacker to forward each bit over the wormhole directly, without waiting for an entire packet to be received before beginning to tunnel the bits of the packet, in order to minimize delay introduced by the wormhole. Furthermore, the attacker is invisible at higher layers; unlike a malicious node in a routing protocol, which can often easily be named, the presence of the wormhole and the two colluding attackers at either endpoint of the wormhole are not visible in the route.Fig. 1: Wormhole attack6.3.2 Blackhole Attack:In this attack, a malicious nodes trick all their neighboring nodes to attract all the routing packets to them. It exploits the routing protocol to advertise itself as having a good and valid path to a destination node. It tries to become an element of an active route. As in the wormhole attacks, malicious nodes could launch the black hole attacks by advertising themselves to the neighboring nodes as having the most optimal route to the requested destinations. The blackhole attack is illustrated in Fig 2. However, unlike in the wormhole attacks where multiple attackers colluded to attack one neighboring node, in the black hole attacks, only one attacker is involved and it threatens all its neighboring nodes.Fig. 2: Blackhole attackThe blackhole attack is performed in two steps. At first step, the malicious node exploits the mobile ad hoc routing protocol such as AODV, to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting the packets. In second step, the attacker consumes the packets and never forwards. In an advanced form, the attacker suppresses or modifies packets originating from some nodes, while leaving the data from the other nodes unaffected.6.3.3 Byzantine attack:Byzantine attack can be launched by a single malicious node or a group of nodes that work in cooperation. A compromised intermediate node works alone or set of compromised intermediate nodes works in collusion to form attacks. The compromised nodes may create routing loops, forwarding packets in a long route instead of optimal one, even may drop packets. This attack degrades the routing performance and also disrupts the routing services [15].6.3.4 Flooding attack:In this attack, attacker exhausts the network resources, such as bandwidth and to consume a node’s resources, such as computational and battery power or to disrupt the routing operation to cause severe degradation in network performance. For example, in AODV protocol, a malicious node can send a large number of RREQs in a short period to a destination node that does not exist in the network. Because no one will reply to the RREQs, these RREQs will flood thewhole network. As a result, all of the node battery power, as well as network bandwidth will be consumed and could lead to denial-of-service [16].6.3.5 Resource consumption attack:In MANETs energy is a critical parameter because the battery-powered devices try to conserve energy by transmitting only when absolutely necessary [17]. The target of resource consumption attack is to send request of excessive route discovery or unnecessary packets to the victim node in order to consume the battery life. An attacker or compromised node thus can disrupt the normal functionalities of the MANET. This attack is also known as sleep deprivation attack.6.3.6 Location disclosure attacks:This attack is a part of the information disclosure attack. The malicious node leaks information regarding the location or the structure of the network and uses the information for further attack. It gathers the node location information such as a route map and knows which nodes are situated on the target route and then plans further attack scenarios. The leakage of such information is devastating in security sensitive scenarios Traffic analysis is one of the unsolved security attacks against MANETs.6.4 Trans port Layer Attacks6.4.1 Session hijacking:Session hijacking is a critical error and gives a malicious node the opportunity of behaving as a legitimate system. The attacker takes the advantage that, all the communications are authenticated only at the beginning of session setup and performs the session hijacking attack. At first, the attacker spoofs the IP address of target machine and determines the correct sequence number that is expected by the target and performs a DoS attack on the victim. As a result, the target system becomes unavailable for some time. The attacker now continues the session with the other system as a legitimate system.6.4.2 SYN flooding:The SYN flooding attack is also Denial of Service (DoS) attack which is performed by creating a large number of half-opened TCP connections with a victim node. For two nodes to communicate using TCP, they must first establish a TCP connection using a three-way handshake. The three messages exchanged during the handshake, illustrated in Figure 3. The sender sends a SYN mess age to the receiver with a randomly generated ISN (Initial Sequence Number). The receiver also generates another ISN and sends a SYN message including the ISN as an acknowledgement of the r e c e iv ed S YN me s s ag e.T he s en de r s e nds acknowledgement to the receiver. In this way the connection is established between two communicating parties using TCP three way handshakes.Fig. 3: TC P Three Way Handshake6.5 Application Layer Attacks6.5.1 Repudiation:Firewalls are used to keep packets in or keep packets out in the network layer. In the transport layer, entire connections can be encrypted, end-to-end. But these solutions taken to solve authentication or non-repudiation attacks in network layer or in transport layer are not enough to solve the problems. Repudiation refers to a denial of participation in the communication. Example of repudiation attack on a commercial system includes a selfish person could deny conducting an operation on a credit card purchase or deny any on-line transaction [10].6.6 Multilayer AttacksSome security attacks can be launched from multiple layers instead of a particular layer. Examples of multi-layer attacks are denial of service (DoS), man-in-the middle and impersonation attacks.6.6.1 Denial of Service:In Denial of service (DoS) type of attack, the attacker injects a large amount of junk packets into the network. These packets overspend a significant portion of network resources, and introduce wireless channel contention and network contention in the MANET. The limitation of the wireless links is utilized in resource depletion attacks. The attackers transfer big, unnecessary volumes of data between them to deplete the bandwidth of the links. The resource depletion attack is shown in the Figure 4. During this transfer A and B might send and receive only with a limited efficiency.Denial of service attacks aim at the complete disruption of the routing function and therefore the entire operation of the ad hoc network. Specific instances of denial of service attacks include the routing table overflow [18] and the sleep deprivation torture [19]. In a routing table overflow attack the malicious node floods the network with bogus route creation packets in order to consume the resources of the participating nodes and disrupt the establishment of legitimate routes. The sleep deprivation torture attack aims at the consumption of batteries of a specific nodeby constantly keeping it engaged in routing decisions.SYN w ith ISNaACK ISNa and SYN w ithACK ISNb。

无线移动Ad Hoc网络违规行为分析无线移动Ad Hoc网络违规行为分析摘要：无线移动Ad Hoc网络通过IEEE 802.11MAC协议中DCF机制竞争无线信道,该技术的特点是多个接入节点共享一个无线信道。

在分布式和开放的无线网络环境中,无线网络用户间需要有效和公平地使用有限的网络资源。

然而,有些节点为了自身利益,利用违规行为,获得大的网络优势。

本文主要分析MAC层存在的违规行为及产生这些违规行为的原因。

关键词：无线移动Ad hoc网络IEEE 802.11协议DCF机制违规行为1、引言近几年,随着社会的进步,人们对灵活、快捷、方便的通信方式要求越来越高,无线网络经历了一个快速开展阶段,提出了许多新的研究课题,无线移动自组网(Wireless Mobile Ad Hoc Networks)受到广泛关注,由于其不需要预先布置固定的根底设施,能充分表达无线网络的移动性和灵活性,因而非常适合战场通讯、灾难救助等场合。

无线移动Ad Hoc网络是一个复杂的由多个无线节点组成的分布式、动态自组织、多跳的通讯系统。

它的每个节点既是端节点,又是路由节点。

无线移动Ad Hoc网络的节点进行数据传输时,采用无线媒体访问控制(MAC)占用信道。

IEEE802.11MAC协议通常使用DCF机制,其核心是CSMA/CA〔带有回避冲突的载波侦听多址接入〕,该技术的共同特点是多个接入节点共享一个无线信道。

但是在不可信的网络环境中,一些有自私性行为的节点可能不遵循MAC协议而获得很大的信道带宽资源,本文主要分析MAC层存在的违规行为及产生这些违规行为的原因。

2、协议的介绍IEEE802.11的MAC层协议对于信道竞争的解决有两种方式:一种是集中式机制(PCF点协调功能),另一种是分布式机制(DCF分布协调功能)。

本文主要是针对DCF机制中存在的违规行为进行检测。

DCF机制是基于CSMA/CA〔带冲突防止的载波侦听多址接入〕协议。

移动Ad Hoc网络中针对拥塞的RoQ DDoS攻击及其防御任伟;刘腾红;金海
【期刊名称】《计算机研究与发展》
【年(卷),期】2006(43)11
【摘要】根据网络容量理论,移动Ad Hoc网络中存在针对拥塞的RoQ分布式拒绝服务攻击,其攻击模式包括脉冲攻击、循环攻击、自消耗攻击和泛洪攻击.防御机制包括检测和响应,检测信号包括RTS/CTS包频率、信号干涉频率以及包重传次数,响应机制依靠ECN标记和通知.NS2模拟结果显示,复杂拓扑结构将更容易受到攻击,攻击节点的分散将加大攻击效果.脉冲攻击产生明显的吞吐率和延迟抖动,当同速率攻击流增加到5个时,受害流吞吐率下降到77.42%,延迟增加110倍.
【总页数】6页(P1927-1932)
【作者】任伟;刘腾红;金海
【作者单位】中南财经政法大学信息学院,武汉,430074;华中科技大学计算机科学与技术学院,武汉,430074;香港科技大学计算机系,香港;中南财经政法大学信息学院,武汉,430074;华中科技大学计算机科学与技术学院,武汉,430074
【正文语种】中文
【中图分类】TP3
【相关文献】
1.一种用于移动Ad Hoc网络的拥塞适应路由协议 [J], 蒋道霞;潘守伟;徐佳;刘凤玉
2.移动ad hoc网络中DOS攻击及其防御机制 [J], 易平;钟亦平;张世永
3.移动Ad Hoc网络的跨层优化拥塞控制 [J], 徐伟强;汪亚明;俞成海;刘良桂;张云华
4.802.11移动Ad Hoc网络中针对MAC层的分布式拒绝服务攻击 [J], 任伟;金海
5.移动Ad Hoc网络基于路由协议的拥塞控制 [J], 徐祎;周少琼;柏诗玉
因版权原因，仅展示原文概要，查看原文内容请购买。

防范典型网络攻击和受攻击方法分析随着互联网发展的迅猛，网络安全问题越来越受到人们的关注。

在当今社会中，网络攻击不仅呈现出数量激增的趋势，而且攻击手段和手法也在不断升级。

为了保证网络系统的安全和稳定，防范网络攻击已经成为企业管理和个人安全的重要问题。

下面将就几种典型的网络攻击方式进行分析，并提供防范受攻击的方法。

一、Phishing AttackPhishing Attack（钓鱼攻击）是一种通过仿冒合法的网站或电子邮件取得受害者个人账户信息的攻击手段。

攻击者通常会利用社交工程学的技巧，以伪造的信任机构打扮成银行、电子商务网站、政府机构等负责人员发送电子邮件或者网站链接，诱骗受害者填写个人账户信息。

近年来，Phishing Attack攻击者的手段越来越高明，甚至使用了采用欺诈性短信或者内容欺骗的犯罪手法。

防御策略：1. 将符合自身业务范畴的所有网站、电子邮件都加入第三方反钓鱼机构的黑名单。

2. 用户网站维护的人员要进行培训、普及计算机安全常识。

3. 在网站页面的“帮助”中加入钓鱼警示信息。

二、DDoS AttackDDoS攻击是指分布式拒绝服务攻击（Distributed Denial of Service AttacK），是一种旨在使网络或者服务器资源耗尽以达到服务拒绝或使服务器停止运行的攻击手段。

防御策略：1. 加密数据和传输数据：可以借助VPN、SSL、TLS等工具对网络流量和通信进行加密和加密通信。

2. 设立服务器资源：设立目标，以限制对服务器的访问次数和访问数据包数量，防止服务器负载和资源消耗。

三、Worms and Viruses蠕虫病毒是一种独立于计算机操作系统的病毒，常常利用漏洞、互联网和本地网络来散布和传播。

恶意病毒程序可以轻易地在受害者计算机上繁殖自身，并根据预定的程序在计算机上执行。

防御策略：1. 安装流行的防病毒软件。

2. 更新软件包：当出现新的漏洞时，随时更新所有软件包，弥补漏洞。

2011.38 Ad Hoc 无线网络虫洞 攻击安全策略研究滕萍辽宁警官高等专科学校公安信息系 辽宁 116036摘要：随着信息技术的发展，无线网络已经成为现代通信系统的一个重要组成部分。

Ad Hoc 无线网络就是其中的一种。

虫洞攻击是一种针对移动Ad Hoc 网络路由协议的高级攻击形式，极难防御。

本文提出了一种较为简便的网络拓扑分析算法检测虫洞攻击，并基于该算法提出了OLSR 路由协议安全改进机制。

关键词：Ad Hoc ；虫洞攻击；OLSR0 引言无线移动Ad Hoc(Mobile Ad Hoc Networks)网络作为一种无中心控制的多跳传输网络，逐渐成为移动通信网络的一种重要类型。

移动Ad Hoc 网络工作在一个要求节点共同协作的开放环境中，同时该网络节点间共享型无线链路易被截获，具有通信缺乏身份认证保障、没有集中监控和管理机制、拓扑结构变化频繁和节点资源受限等特征。

网络因此存在很多安全漏洞，极易受到各种类型的攻击，如欺骗攻击、自私攻击、拒绝服务攻击等。

其中，虫洞攻击是一种针对移动Ad Hoc 网络路由协议的高级攻击形式。

这种攻击能对网络造成很大危害，并且极难防御，一般的安全加密手段对其没有作用。

绝大部分Ad Hoc 网络路由协议没有针对虫洞攻击的安全机制，不能有效检测虫洞攻击。

本文提出了一种较为简便的网络拓扑分析算法检测虫洞攻击，并基于该算法提出了OLSR 路由协议安全改进机制。

1 虫洞攻击与OLSR 路由协议 1.1 虫洞攻击虫洞(Wormhole)攻击是一种针对Ad Hoc 网络路由协议的高级攻击形式。

它是网络中的两个攻击节点合谋发动的一种协同攻击。

攻击节点间建立了一条高质量高带宽的私有链路通道，称为“隧道”(Tunnel)。

攻击节点X 在网络中监听并记录接收到的分组，然后通过“隧道"秘密的将该分组传到网络中另一端的合谋节点Y ，再由Y 将分组重新注入网络中，如图1所示。

Ad Hoc网络的安全威胁及对策安全性是决定Ad Hoc网络潜能能否得到充分施展的一个关键所在，特别是Ad Hoc网络在军事上和商业上的应用。

由于不依赖固定基础设施，Ad Hoc网络为其使用的安全体系结构提出了新的挑战。

相比于传统的网络，Ad Hoc网络更易受到各种安全威胁和攻击，包括被动窃听、数据篡改和重发、伪造身份和拒绝服务等。

用于传统网络的安全解决方案不能直接应用于Ad Hoc网络，现存的用于Ad Hoc网络的大多协议和提案也没有很好解决安全问题，特别是没有考虑特定的环境。

Ad Hoc网络的安全及目标在传统网络中，网络采用层次化体系结构，主机之间的连接是准静态的，具有较为稳定的拓扑，可以提供多种服务来充分利用网络的现有资源，包括路由器服务、命名服务、目录服务等。

目前已经提出了一系列针对这类环境的安全机制和策略，如加密、认证、访问控制和权限管理、防火墙等。

Ad Hoc网络不依赖固定基础设施，具有灵活的自组织性和较强的健壮性。

Ad Hoc网络中没有基站或中心节点，所有节点都可以移动、节点间通过无线信道建立临时松散的连接，网络的拓扑结构动态变化。

Ad Hoc网络由节点自身充当路由器，也不存在命名服务器和目录服务器等网络设施。

根据应用领域的不同，Ad Hoc网络在体系结构、设计目标、采用的协议和网络规模上都有很大差别。

尽管基本的安全要求，如机密性和真实性，在Ad Hoc网络中仍然适用。

但是Ad Hoc网络不能牺牲大量功率用于复杂的计算，并要考虑无线传输的能耗和稀少无线频谱资源。

另外，节点的内存和CPU功率很小，强安全保护机制难以实现。

这些约束在很大程度上限制了能够用于Ad Hoc网络的安全机制，因为安全级别和网络性能是相关的。

因此，传统网络中的许多安全策略和机制不能直接用于Ad Hoc网络，需要对现有的安全方法加以改进，并采用新的安全策略和方法。

Ad Hoc网络的安全目标与传统网络中的安全目标基本上是一致的，包括:数据可用性、机密性、完整性、安全认证和抗抵赖性。

移动ad hoc网络中DOS攻击及其防御机制易平;钟亦平;张世永【期刊名称】《计算机研究与发展》【年(卷),期】2005(42)4【摘要】移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击.提出了移动ad hoc网络中一种新的DOS攻击模型--ad hoc flooding攻击及其防御策略.该攻击主要针对移动ad hoc网络中的按需路由协议,如AODV,DSR等.ad hoc flooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信.分析ad hoc flooding攻击之后,提出了两种防御策略:其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文.其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文.模拟实验证实,通过这两种方法的结合,能够有效地阻止网络中的ad hoc flooding攻击行为.【总页数】8页(P697-704)【作者】易平;钟亦平;张世永【作者单位】复旦大学计算机与信息技术系,上海,200433;复旦大学计算机与信息技术系,上海,200433;复旦大学计算机与信息技术系,上海,200433【正文语种】中文【中图分类】TP393【相关文献】1.保护节点资源的Ad Hoc网络DOS攻击防御机制 [J], 刘永磊;沈来信2.保护节点资源的Ad Hoc网络DOS攻击防御机制 [J], 刘永磊;沈来信3.移动Ad Hoc网络中DoS攻击的建模与仿真 [J], 马涛;单洪4.移动Ad Hoc网络中针对拥塞的RoQ DDoS攻击及其防御 [J], 任伟;刘腾红;金海5.移动Ad Hoc网中一种路由DoS攻击的分布式防御机制 [J], 宋建华;马传香;洪帆因版权原因，仅展示原文概要，查看原文内容请购买。

移动Ad hoc 网络的安全问题和解决策略朱弘飞 10207065ABSTRACTA Mobile Ad hoc Network(MANET) is a collection of mobile nodes that forms a provisional network dynamically without any aid of prefabricated infrastructures. The intrinsic nature of Ad hoc networks and the significant ignorance of security in most routing protocols make them vulnerable to many security attacks. However, Ad hoc is essential in circumstances where a distributed wireless network is required without any permanent base stations, especially for military purpose. So, enforcing security becomes an extremely necessary and challenging issue. The security depends on securing the routing information as well as the data transmission. Based on these analyses, I propose some security mechanisms suitable to the MANET。

Key words ：MANET Routing protocol Security EncryptionIntroductionI.MANET网络的基本概念和用途Ad Hoc是特定的无线网络结构，它强调多跳，自组织，无中心的概念。

I. J. Computer Network and Information Security, 2012, 6, 49-55Published Online June 2012 in MECS (/)DOI: 10.5815/ijcnis.2012.06.07Preventive Aspect of Black Hole Attack in Mobile AD HOC NetworkKumar Roshan,Vimal BibhuDepartment of Computer Science & Engineering,DIT School of Engineering, Plot -48A, Knowledge Park – III, Greater Noida, Uttar Pardesh, Indiakmr.roshan1@vimalbibhu@Abstract —Mobile ad hoc network is infrastructure less type of network. In this paper we present the prevention mechanism for black hole in mobile ad hoc network. The routing algorithms are analyzed and discrete properties of routing protocols are defined. The discrete properties support in distributed routing efficiently. The protocol is distributed and not dependent upon the centralized controlling node. Important features of Ad hoc on demand vector routing (AODV) are inherited and new mechanism is combined with it to get the multipath routing protocol for Mobile ad hoc network (MANET) to prevent the black hole attack. When the routing path is discovered and entered into the routing table, the next step is taken by combined protocol to search the new path with certain time interval. The old entered path is refreshed into the routing table. The simulation is taken on 50 moving nodes in the area of 1000 x 1000 square meter and the maximum speed of nodes are 5m/sec. The result is calculated for throughput verses number of black hole nodes with pause time of 0 sec. to 40 sec., 120 sec. and 160 sec. when the threshold value is 1.0. Index Terms—AODV –Ad Hoc On Demand Distance Vector Routing, MANET–Mobile Ad Hoc Network, DSDV,CBR -Constant bit Pattern, TCP –Transmission Control ProtocolI. INTRODUCTIONIn the present era, the study of MANETs has gained a lot of interest of researchers due to the realization of the nomadic Computing A Mobile Ad hoc Network (MANET), as the name suggests, is a self-configuring network of wireless and hence mobile devices that constitute a network capable of dynamically changing topology. The network nodes in a MANET, not only act as the ordinary network nodes but also as the routers for other peer devices. In this way, ad-hoc networks have a dynamic topology such that nodes can easily join or leave the network at any time. Ad-hoc networks are suitable for areas where it is not possible to set up a fixed infrastructure. Since the nodes communicate with each other without an infrastructure, they provide the connectivity by forwarding packets over themselves. To support this connectivity, nodes use some routing protocols such as AODV, Dynamic source routing (DSR) and Destination-sequenced distance-vector routing (DSDV). Besides acting as a host, each node also acts as a router to discover a path and forward packets to the correct node in the network. As wireless ad-hoc networks lack an infrastructure, they are exposed to a lot of attacks. One of these attacks is the Black Hole attack [1].The black hole attack is an active insider attack, it has two properties: first, the attacker consumes the intercepted packets without any forwarding. Second, the node exploits the mobile ad hoc routing protocol, to advertise itself as having a valid route to a destination node, even though the route is spurious, with the intention of intercepting packets [2][3]. In other terms, a malicious node uses the routing protocol to advertise as having the shortest path to nodes whose packets it wants to intercept. In the case of AODV protocol, the attacker listens to requests for routes. When the attacker receives a request for a route to the target node, the attacker creates a reply where an extremely short route is advertised, if the reply from malicious node reaches to the requesting node before the reply from the actual node, a fake route has been created. Once the malicious device has been able to insert itself between the communicating nodes, it is able to do anything with the packets passing between them. It can choose to drop the packets to form a denial-of-service attack. Another instance can be seen when considering a category of attacks called “The Black Hole Attacks”. Here, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept.50 Preventive Aspect of Black Hole Attack in Mobile AD HOC NetworkII. WORKING OF BLACK HOLEBased on original AODV protocol, any intermediate node may respond to the RREQ message if it has fresh enough route, which is checked by the destination sequence number contained in the RREQ packet. In Figure 4 node 1 is source node where as node 4 is destination node. Source node broadcasts route request packet to find a route to destination node. Here node 3 acts as black hole. Node 3 also sends a route reply packet to the source node. But a route reply from node 3 reaches to source node before any other intermediate node. In this case source node sends the data packet to destination node through node 3. But as the property of black hole node that this node does not forward data packets further and dropped it. But source node is not aware of it and continues to send packet to the node 3. In this way the data, which has to be reached to the destination, fails to reach there. There is no way to find out such kind of attack. These nodes can be in large number in a single MANET, which makes the situation more critical is shown in figure 1 [5].Figure 1: Black Hole AttackIII. ROUTING PROTOCOL IN MANETRouting means how we can route a data packet from a source to a destination. In the case of MANET, a packet necessarily route several hops (multi hop) before reaches to the destination, a routing protocol is needed [6]. The routing protocol has two main functions, selection of routes for various source destination pair and delivery of the messages to their correct destination. Movement of nodes in MANET causes the nodes to move in and out of the range from one another, as a result there is continuous making and breaking of links in the network. Since the network relies on multi-hop transmissions for communication, this imposes major challenges for the network layer to determine the multi-hop route over which the data packets can be transmitted between a given pair of source and destination nodes. Figure 5 shows how the movement of a single node ( C ) changes the network topology rendering the existing route between A and E (i.e. A-C-E) unusable [7]. The network needs to evaluate the changes in the topology caused by this movement and establish a new route from A to E (suchas A-D-C-E) is shown is figure 2.Figure 2: Path changes due to mobility of nodeIV. DESIRABLE PROPERTIES OF ROUTINGPROTOCOLS OF MANETThere are some desirable properties in routing protocol that are different from conventional routing protocol like link state and distance vector routing protocol .4.1 Distributed operationThe protocol should be distributed. It should not be dependent on a centralized controlling node. This is the same case for stationary networks. The difference is that nodes in an ad-hoc network can enter/leave the network very easily and because of mobility the network can be partitioned [8].4.2 Loop FreeTo improve the overall performance, we want the routing protocol to guarantee that the routes supplied are loop-free. This avoids any waste of bandwidth or CPU consumption.4.3 Demand Based OperationTo minimize the control overhead in the network and thus not wasting network resources more than necessary, the protocol should be reactive. This means that the protocol should only react when needed and that the protocol should not periodically broadcast control information.4.4 Unidirectional Link SupportThe radio environment can cause the formation of unidirectional links. Utilization of these links and not only the bi-directional links improves the routing protocol performance.4.5 SecurityThe radio environment is especially vulnerable to impersonation attacks, so to ensure the wanted behavior from the routing protocol; we need some sort of preventive security measures. Authentication and encryption is probably the way to go and the problemhere lies within distributing keys among the nodes in the ad-hoc network.4.6 Power ConservationThe nodes in an ad-hoc network can be laptops and thin clients, such as PDAs that are very limited in battery power and therefore uses some sort of stand-by mode to save power. It is therefore important that the routing protocol has support for these sleep modes.4.7 Multiple RoutesTo reduce the number of reactions to topological changes and congestion multiple routes could be used. If one route has become invalid, it is possible that another stored route could still be valid and thus saving the routing protocol from initiating another route discovery procedure [9].4.8 Quality Service SupportSome sort of Quality of Service support is probably necessary to incorporate into the routing protocol. This has a lot to do with what these networks will be used for. It is necessary to remember that the protocols are still under development and is probably extended with more functionality. The primary function is still to find a route to the destination, not to find the best/optimal/shortest-path routeV. AD HOC ON DEMAND VECTOR ROUTINGAODV shares DSR’s on-demand characteristics in that it also discovers routes on an as needed basis via a similar route discovery process. However, AODV adopts a very different mechanism to maintain routing information. It uses traditional routing tables, one entry per destination. This is in contrast to DSR, which can maintain multiple route cache entries for each destination [10]. Without source routing, AODV relies on routing table entries to propagate an RREP back to the source and, subsequently, to route data packets to the destination. AODV uses sequence numbers maintained at each destination to determine freshness of routing information and to prevent routing loops. All routing packets carry these sequence numbers [11].An important feature of AODV is the maintenance of timer-based states in each node, regarding utilization of individual routing table entries. A routing table entry is expired if not used recently. A set of predecessor nodes is maintained for each routing table entry, indicating the set of neighboring nodes which use that entry to route data packets. These nodes are notified with RERR packets when the next-hop link breaks. Each predecessor node, in turn, forwards the RERR to its own set of predecessors, thus effectively erasing all routes using the broken link. In contrast to DSR, RERR packets in AODV are intended to inform all sources using a link when a failure occurs. Route error propagation in AODV can be visualized conceptually as a tree whose root is the node at the point of failure and all sources using the failed link as the leaves5.1 Characteristics of AODVAODV is a very simple, efficient, and effective routing protocol for Mobile Ad-hoc Networks which do not have fixed topology. This algorithm was motivated by the limited bandwidth that is available in the media that are used for wireless communications. It borrows most of the advantageous concepts from DSR and DSDV algorithms. The on demand route discovery and route maintenance from DSR and hop-by-hop routing, usage of node sequence numbers from DSDV make the algorithm deal with topology and routing information. Obtaining the routes purely on-demand makes AODV a very useful and desired algorithm for MANET’s[12]. AODV allows mobile nodes to responds to link breakages and changes in network topology in a timely manner. The operation of AODV is loop-free, and avoiding the “count-to-infinity” problem offers quick convergence when the ad hoc network topology changes. When link breaks, AODV causes the affected set of nodes to be notified so that they are able to invalidate the routes using the lost link.The metrics of a network on the basis of that we can check out the performance of a MANET, simulation parameter that will be used for generating the result of this new routing protocol, results and the analysis on the basis of these results.VI. SIMULATION MODELThe mobility simulations that have done in this paper used the node movement pattern of 50 nodes in the area of 1000x1000 square meter and maximum speed of nodes will be 5 m/sec. Also the traffic pattern of 50 nodes in which there will be maximum 5 connections with CBR (constant bit pattern) and different seed value have been used in the simulation. Seed value is used for generating the random traffic pattern. By changing only the seed value for generating the CBR or TCP connections, it changes the complete traffic pattern files. In another term, with different seed value, number of connection I same but timing of connections will change and also the placement of these connections will change.Traffic generator [11] is located under ~ns/indep-utils/cmu-scen-gen/ and is called cbrgen.tcl and tcpgen.tcl. They may be used for generating CBR and TCP connections respectively.To create CBR connections, runThe generator for creating node movement [11] files is to be found under ~ns/indep-utils/cmu-scen-gen/setdest/ directory. Compiles the files under setdest with argument in the following way.The general setting regarding simulation result for nodes are summarized in table 1.Table 1. General Setting for Simulation Result6.1 ThroughputIt is the total number of received packet per unit time. In another term, throughput is the packet size (in term of bits) that is going to be transmitted divided by the time that is used to transmit these bits.Throughput = Total No. of packet received / Total traversing time6.2 End to End DelayThis is defined as the delay between the time at which the data packet was originated at the source and the time it reaches the destination.Delay = Receiving time – Sending time6.3 Packet Delivery Ratio (PDR)The ratio between the number of packets received by the CBR sink at the final destination and the number of packets originated by the CBR sources.PDR = Total No. of packet received / Total No. of packet sent.VII. RESULTFirst, results are calculated for throughput vs. number of black hole node with pause times 0 sec, 40 sec, 120 sec and 160 sec, when threshold value (th2 is 1.0). These line charts are shown below in figure 3,4,5,6,7,8,9 and 10.Figure 3: Throughput vs. Black hole nodes for 0 secondpause time.Figure 4: Throughput vs. Black hole nodes for 40 secondpause time.Figure 5: Throughput vs. Black hole seconds pause timeFigure 6: Throughput vs. Black hole nodes for 160 secondspause timeThe results are shown in table 7 increases in the value of throughput when the modified AODV based on watchdog mechanism is active in the presence of 3 black hole nodes, when scenario of node movement for pause time is 0 sec, 40 sec, 120 sec and 160 sec given in table 2.Table 2: Percentage increase in Throughput in thepresence of 3 Black hole nodesThe results are shown in table 8 increases in the value of throughput when the modified AODV based on watchdog mechanism is active in the presence of 5 black hole nodes, when scenario of node movement for pause time is 0 sec, 40 sec, 120 sec and 160 sec is given in table 3.Table 3: Percentage increase in Throughput in the presenceof 5 Black hole nodesFigure 7: Packet delivery ratio vs. Black hole node for 0second pause timeFigure 8: Packet delivery ratio vs. Black hole node for 40seconds pause timeFigure 9: Packet delivery ratio vs. Black hole node for 120seconds pause timeFigure 10: Packet delivery ratio vs. Black hole node for 160seconds pause timeThe results are shown in table 9 increases in the value of packet delivery ratio when the modified AODV based on watchdog mechanism is active in the presence of 3 black hole nodes, when the scenario of node movement for pause time is 0 sec, 40 sec, 120 sec and 160 sec in given in table 4.Table 4: Percentage increase in PDR in the presence of 3Black hole nodesThe results are shown in table 10 increases in the value of packet delivery ratio when the modified AODV based on watchdog mechanism is active in the presence of 5 black hole nodes, when the scenario of node movement for pause time is 0 sec, 40 sec , 120 sec and 160 sec is given in table 5.Table 5: Percentage increase in PDR in the presence of 5Black hole nodesIn another simulation, when threshold value (th2 is 0.5), and all other simulation parameter is same as that for threshold value (th2 is 1). Line charts are shown in figure 11.Figure 11: Throughput vs. Pause time for 5 Black holenodesVIII. CONCLUSIONSimulated results are taken on ns-2.31 which runs on Red Hat Linux Enterprise Server. A network of 50 nodes was taken for simulation with different pause time i.e. 0, 40, 120 and 160 seconds. Throughput and packet delivery ratio was calculated for existing AODV running for different scenarios having 0, 3 and 5 black hole nodes.Using same simulation parameter modified AODV was tested on above-mentioned networks having 0, 3 and 5 black hole nodes, for both watchdog active and inactive mode.The experimental results show that when the black hole nodes is increased up to 6% of total network nodes then in the presence of watchdog active throughput increases up to 3% to 8% for different scenarios. When the black hole nodes is increased up to 10% of total network nodes then in the presence of watchdog active throughput increases up to 10% to 18% for different scenarios.The experimental results also show that when the black hole nodes is increased up to 6% of total network nodes then in the presence of watchdog active packet delivery ratio increases up to 2% to 7% for different scenarios. When the black hole nodes is increased up to 10% of total network nodes then in the presence of watchdog active packet delivery ratio increases up to 6% to 17% for different scenarios.Calculated value of throughput for 5 block holes in the network, when threshold value is 0.5 is increased by approximately 5%-8%, where as in the case of threshold values 1.0 throughput is increased by 10%-18% for the same network when watchdog is active. Thus we can say that throughput for 5 black hole nodes with threshold value 0.5 in the network with varying pause time 0, 40,120,160 seconds, decreases when compared with throughput calculated for threshold value 1.0.REFERENCES[1] Tamilselvan, L and Sankaranarayanan, V. (2007).Prevention of blackhole attack in MANET. The 2nd International Conference on WirelessBroadband and Ultra WidebandCommunications.AusWireless,21-21.[2] Chen Hongsong; Ji Zhenzhou; and Hu Mingzeng(2006). A novel security agent scheme for AODVrouting protocol based on thread state transition.Asian Journal of Information Technology,5(1),54-60.[3] Sanjay Ramaswamy; Huirong Fu; ManoharSreekantaradhya; John Dixon; and Kendall Nygard (2003). Prevention of cooperative black hole attack in wireless Ad hoc networks. In Proceedings of 2003 International Conference on Wireless Networks, (ICWN’03), Las Vegas,Nevada, USA, pp. 570-575.[4] T. Clausen, P. Jacquet, “Optimized L ink StateRouting Protocol (OLSR)”, RFC 3626, Oct. 2003.[5] J. Hortelano et al., “Castadiva: A Test-BedArchitecture for Mobile AD HOC Networks”,18th IEEE Int. Symp. PIMRC, Greece, Sept. 2007.[6] Vesa Kärpijoki,“Security in Ad hoc Networks,”http://www.tcm.hut.fi/Opinnot/Tik110.501/2000/papers/karpijoki.pdf.[7] Janne Lundberg, “Routing Security in Ad HocNetworks,”/cache/papers/cs/19440/http:zSzzSzwww.tml.hut.fizSz~jluzSznetseczSz netsec-lundberg.pdf/routing-security-in-ad.pdf[8] Charles E. Perkins, and Elizabeth M. Royer, “Ad-hoc On-Demand Distance Vector (AODV) Routing,” Internet Draft, November 2002.[9] B.Wu et al., “A Survey of Attacks andCountermeasures in Mobile Ad Hoc Networks,”Wireless/Mobile Network Security, Springer, vol.17,2006.[10] Sanjay Ramaswamy, Huirong Fu ,ManoharSreekantaradhya, John Dixon and Kendall Nygard.“Prevention of Cooperative Black Hole Attack in Wireless Ad Hoc Networks”. Department ofComputer Science, IACC 258 North Dakota StateUniversities, Fargo, ND 58105.[11] P. Michiardi, R. Molva. "Simulation-basedAnalysis of Security Exposures in Mobile Ad Hoc Networks". European WirelessConference, 2002.[12] Santoshi Kurosawal, hidehisa, Nakayama, NeiKato, Abbas Jamalipour and Yoshiaki Nemoto.“Detecting Blackhole Attack on AODV –based Mobile Ad Hoc Networks by Dynamic LearningMethod” in International Journal of NetworkSecurity, Vol.5, No.3, pp.338-346, Nov.2007 Author Profile:Mr. Kumar Roshan is MCA and pursuing M.Tech in Computer Science & Engineering from IETE, New delhi. He has published many papers in international journals.Mr. Vimal Bibhu is M.Tech is Computer Science & Engineering and Pursuing Doctor of Philosophy in Computer Science from B.R.A Bihar University Muzaffarpur, Bihar, India. He has published many papers in different International Journals. He is also member of different professional organizations like -IACSIT, IEANG and SERC.。