76 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 8, August 2010
Performance Evaluation of MANET Routing
Protocols Under Black Hole Attack
M.Umaparvathi1 and Dr. Dharmishtan K Varughese2
1
SNS College of Engineering, Coimbaotre, India
parvathicbe@yahoo.co.in
2
Professor, Karpagam College of Engineering, Coimbatore, India
Abstract:- Mobile Ad hoc Networks (MANETs) are open to a
wide range of attacks due to their unique characteristics like
dynamic topology, shared medium, absence of infrastructure,
multi-hop scenario and resource constraints. In such a network,
each mobile node operates not only as a host but also as a
router, forwarding packets for other nodes that may not be
within direct wireless transmission range of each other. Thus,
nodes must discover and maintain routes to other nodes. . Data
packets sent by a source node may be reached to destination
node via a number of intermediate nodes. In the absence of a
security mechanism, it is easy for an intermediate node to insert,
intercept or modify the messages thus attacking the normal
operation of MANET routing. One such attack is Black hole
attack. Black hole is a type of routing attack where a malicious
node advertise itself as having the shortest path to all nodes in
the environment by sending fake route reply. By doing this, the
malicious node can attract the traffic from the source nodes.
And then all the packets will be dropped. This paper analyzes the
performance evaluation of Ad hoc on-demand Distance Vector
(AODV) and its multipath variant Ad hoc On-demand Multi-
path Distance Vector (AOMDV) routing protocols under black
hole attack. Their performances were evaluated through
simulations using network simulator (NS-2). The performance
of these two protocols were analyzed and compared based on
packet delivery ratio (%), throughput (kbps), average end to end
delay (ms), and average jitter (ms).
Keywords: MANET, Black hole attack, AODV, AOMDV
1. Introduction
Mobile ad hoc networks consist of a collection of wireless
mobile nodes which dynamically exchange data among
themselves without the reliance on a fixed base station or a
wired backbone network. These nodes generally have a
limited transmission range and so, each node seeks the
assistance of its neighboring nodes in forwarding packets
and hence the nodes in an ad-hoc network can act as both
routers and hosts, thus a node may forward packets between
other nodes as well as run user applications. MANETs have
potential use in a wide variety of disparate situations. Such
situations include moving battle field communications to
disposable sensors which are dropped from high altitudes
and dispersed on the ground for hazardous materials
detection. Civilian applications include simple scenarios
such as people at a conference in a hotel where their laptops
comprise a temporary MANET to more complicated
scenarios such as highly mobile vehicles on the highway
which form an ad hoc network in order to provide vehicular
traffic management.
In a mobile ad hoc network, all the nodes co-
operate amongst each other to forward the packets in the
network and hence, each node is effectively a router. Several
routing protocols have been proposed for ad hoc networks.
The protocols AODV and AOMDV are the on-demand
routing protocols, in which the protocols discover routes as
needed. Due to the inherent characteristics of dynamic
topology and lack of centralized management, MANET is
vulnerable to various kinds of attacks [1]. One such attack is
the Black hole attack. In this attack, a malicious node sends
a forged Route REPly (RREP) packet to a source node that
initiates the route discovery in order to pretend to be a
destination node. Use of reply from an intermediate node
rather than the destination reduces the route establishment
time and also the control traffic in the network. This,
however, leads to vulnerabilities such as black holes [2].
Sequence numbers used in RREP messages serve as time
stamps and allow nodes to compare how fresh their
information on the other node is. When a node sends any
type of routing control message, RREQ, RREP etc., it
increases its own sequence number. Higher sequence
number is assumed to be more accurate information and
whichever node sends the highest sequence number, its
information is considered most up to date and route is
established over this node by the other nodes.
This paper analyses the effect of black hole attack
on the reactive routing protocol, AODV and its variant
AOMDV via simulation. The paper is organized as follows:
Section 2 describes the background of the protocol AODV,
section 3 describes the multipath on-demand routing
protocol AOMDV, and section 4 discusses the
characteristics of black hole attack. Section 5 analyses the
effects of black hole attack in the two routing protocols
AODV and AOMDV through simulations followed by
conclusions in section 6.
2. AODV Routing Protocol
Ad-hoc On-Demand Distance Vector (AODV) [3] is a
reactive routing protocol in which the network generates
routes at the start of communication. AODV uses traditional
routing tables. This means that for each destination exist
one entry in routing table and uses sequence number, that
this number ensure the freshness of routes and guarantee the
loop-free routing. It uses control messages such as Route
Request (RREQ), and Route Reply (RREP) for establishing
a path from the source to the destination. When the source
node wants to make a connection with the destination node,
it broadcasts an RREQ message. This RREQ message is
 (IJCNS) International Journal of Computer and Network Security, 77
propagated for the source, and received by neighbors of the
source node. Then these nodes broadcast the RREQ message
tot heir neighbors.
This process goes on until the packet is received by
destination node or an intermediate node that has a fresh
enough means that the intermediate has a valid route to the
destination established earlier than a time period set as a
threshold. Use of reply from an intermediate node rather
than the destination reduces the route establishment time
and also the control traffic in the network. This, however,
leads to vulnerabilities such as black holes [2]. Sequence
numbers used in RREP messages serve as time stamps and
allow nodes to compare how fresh their information on the
other node is. When a node sends any type of routing
control message, RREQ, RREP etc., it increases its own
sequence number. Higher sequence number is assumed to be
more accurate information and whichever node sends the
highest sequence number, its information is considered most
up to date and route is established over this node by the
other nodes.
3. Overview of AOMDV
The main idea in AOMDV [5] is to compute multiple paths
during route discovery. It is designed primarily for highly
dynamic ad hoc networks where link failures and route
breaks occur frequently. When single path on-demand
routing protocol such as AODV is used in such networks, a
new route discovery is needed in response to every route
break. Each route discovery is associated with high overhead
and latency. This inefficiency can be avoided by having
multiple redundant paths available. Now, a new route
discovery is needed only when all paths to the destination
break. To keep track of multiple routes, the routing entries
for each destination contain a list of the next-hops along
with the corresponding hop counts. All the next hops have
the same sequence number. For each destination, a node
maintains the advertised hop count, which is defined as the
maximum hop count for all the paths. This is the hop count
used for sending route advertisements of the destination.
Each duplicate route advertisement received by a node
defines an alternate path to the destination. To ensure loop
freedom, a node only accepts an alternate path to the
destination if it has a lower hop count than the advertised
hop count for that destination. AOMDV can be used to find
node-disjoint or link-disjoint routes. To find node-disjoint
routes, each node does not immediately reject duplicate
RREQs. Each RREQ arriving via a different neighbor of the
source defines a node-disjoint path. This is because nodes
cannot broadcast duplicate RREQs, so any two RREQs
arriving at an intermediate node via a different neighbor of
the source could not have traversed the same node. In an
attempt to get multiple link-disjoint routes, the destination
replies to duplicate RREQs regardless of their first hop. To
ensure link-disjoint ness in the first hop of the RREP, the
destination only replies to RREQs arriving via unique
neighbors. After the first hop, the RREPs follow the reverse
paths, which are node disjoint and thus link-disjoint. The
trajectories of each RREP may intersect at an intermediate
node, but each takes a different reverse path to the source to
ensure link-disjoint ness.
Vol. 2, No. 8, August 2010
The performance study of AOMDV relative to AODV
under a wide range of mobility and traffic scenarios reveals
that AOMDV offers a significant reduction in delay, often
more than a factor of two. It also provides reduction in the
routing load and the end to end delay.
4. Black Hole Attack
In black hole attack, a malicious node injects false route
replies to the route requests it receives advertising itself as
having the shortest path to a destination [6]. These fake
replies can be fabricated to divert network traffic through
the malicious node for eavesdropping, or simply to attract
all traffic to it in order to perform a denial of service attack
by dropping the received packets.
In AODV, the sequence number is used to determine
the freshness of routing information contained in the
message from the originating node. When generating RREP
message, a destination node compares its current sequence
number, and the sequence number in the RREQ packet plus
one, and then selects the larger one as RREPs sequence
number. Upon receiving a number of RREP, the source node
selects the one with greatest sequence number in order to
construct a route. But, in the presence of black hole [8]
when a source node broadcasts the RREQ message for any
destination, the black hole node immediately responds with
an RREP message that includes the highest sequence
number and this message is perceived as if it is coming from
the destination or from a node which has a fresh enough
route to the destination. The source assumes that the
destination is behind the black hole and discards the other
RREP packets coming from the other nodes. The source
then starts to send out its packets to the black hole trusting
that these packets will reach the destination. Thus the black
hole will attract all the packets from the source and instead
of forwarding those packets to the destination it will simply
discard those [9]. Thus the packets attracted by the black
hole node will not reach the destination.
5. Simulation Methodology
The performances of AOMDV and AODV routing protocols
under the presence of black holes were evaluated using NS-2
simulator. The simulations have been carried out under a
wide range of mobility and traffic scenarios. The goal is to
study how AOMDV outperforms with AODV, particularly
in terms of end-to-end delay, jitter, through-put and packet
delivery ratio.
5.1. Network Simulator
The entire simulations were carried out using NS-2.34
network simulator which is a discrete event driven simulator
developed at UC Berkeley [4] as a part of the VINT project.
The goal of NS-2 is to support research and education in
networking. It is suitable for designing new protocols,
comparing different protocols and traffic evaluations. NS2 is
developed as a collaborative environment. It is distributed as
open source software. The propagation model used in this
simulation study is based on the two-ray ground reflection
model. The simulation also includes an accurate model of
the IEEE802.11 Distributed Coordination Function (DCF)
wireless MAC protocol.
78 (IJCNS) International Journal of Computer and Network Security,
Vol. 2, No. 8, August 2010

Here the black hole attack takes place after the

Packet Delivery ratio
attacking node receives RREQ for the estimation node that
it is going to impersonate. To succeed in the black hole 100
attack, the attacker must generate its RREP with sequence 80
number greater than the sequence number of the destination

PDR(%)
60 AODV
[6]. Upon receiving RREQ, the attacker set the sequence
AOMDV
number of REP as a very high number, so that the attacker 40

node can always attract all the data packets from the source 20
and then drop the packets [7]. 0
For the performance analysis of the network, a 0 1 2 3 4 5
regular well-behaved AODV network [AODV] was used as Number of block holes
a reference. Then black holes were introduced into the
network. Simulations were carried out for the MANET with Figure 2. Comparison of Packet Delivery ratio
one and more black holes. Then using the same set of
scenarios, the simulation was carried out with the variant
protocol AOMDV. The simulation parameters are tabulated Throughput - AODV & AOMDV
in Table 1.
10

Table 1: Simulation Parameters 8

Throuphput
Parameter Value 6 AODV
Simulator NS-2 (ver 2.34) AOMDV
4

2
Simulation Time 500 sec
Number of mobile nodes 50 0
0 1 2 3 4 5
Topology 1000 m X 1000 m
Number of black holes
Transmission range 250 m
Routing Protocol AODV & AOMDV Figure 3. Comparison of Throughput
Maximum bandwidth 1Mbps
Traffic Constant Bit Rate
Maximum Speed
5 m/s End-to-end Delay - AODV & AOMDV
Source destination pairs 22
350
The sample screen shot of a scenario of 50 mobile nodes 300
End-to-end Delay

with five black holes is shown in the figure Fig.1. 250

200 AODV
150 AOMDV
100
50
0
0 1 2 3 4 5
Number of black holes

Figure 4. Comparison of End-to-end Delay

Jitter - AODV & AOMDV

160
Figure 1. Sample simulation scenario with 5 black holes 140
120
The following figures show the performance comparison of 100
Jitter

the two routing protocols AODV and AOMDV based on the AODV
80
AOMDV
routing parameters packet delivery ratio, average 60
throughput, average delay and average jitter. 40
20
0
0 1 2 3 4 5
Number of black holes

Figure 5. Comparison of Average Jitter

 (IJCNS) International Journal of Computer and Network Security, 79
Vol. 2, No. 8, August 2010

The performance study of AOMDV relative to AODV under
a wide range of mobility and traffic scenarios reveals that
AOMDV offers better through-put, better packet delivery
ratio, reduction in jitter and significant reduction in delay
even with the presence of black hole nodes.
[9] Deng, H., Li, W., Agrawal, D., “Routing Security in
Wireless Ad Hoc Networks” IEEE Communication
Magazine (October 2002) pp. 70-75.
Authors Profile

6. Conclusion Ms.Umaparvathi completed her

B.E.(ECE) from Madras University in
This paper analyses the effect of black hole in an AODV the year 1995. She completed her
and AOMDV network. For this purpose, a MANET with M.Tech (Communication Systems)
AODV and AOMDV routing protocol with black holes were from NIT, Trichirapalli in the year 2005.
implemented in NS-2. Using fifteen different scenarios each Currently she is doing Ph.D in
with 50 nodes and with five different speeds, the parameters Anna University of Technology, Coimbatore. Her research
packet delivery ratio, throughput, end-to-end delay and jitter interests are wireless networks, Information security and
were measured. Having simulated, it is seen that, the packet Digital Signal Processing.
loss is more with the presence of black hole in AODV than
in AOMDV. And also AOMDV produced more throughput, Dr. Dharmishtan K Varughese
less end-to end-delay and jitter when compared with AODV. completed his B.Sc.(Engg.) from College
In general, AOMDV always offers a superior immune of Engineering, Trivandrum in the year
routing performance against black hole attack than AODV 1972. He completed his M.Sc.(Engg.)
from College of Engineering,
in a variety of mobility and traffic conditions. Thus, it is
Trivandrum in the year 1981. He
better to consider the defense mechanism against the black completed his Ph.D from
hole attack in MANET based on AOMDV than that of
AODV. Indian Institute of Science, Bangalore in the year 1988. He
was working as Senior Joint Director from the year 2003 to
2007. Currently he is working as a Professor in Karpagam
References College of Engineering, Coimbatore. His research interests
[1] Y.C.Hu and A.Perrig, “A survey of secure wireless ad are Microstrip Antennas, Microwave Theory, Information
Theory and Optical fiber Communication.
hoc routing,” IEEE Security &Privacy Magazine, vol.2,
no.3, pp. 28-39, May/June 2004.
[2] Y.A. Huang and W.Lee, “Attack analysis and detection
for ad hoc routing protocols,” in Proceedings of 7th
International Symposium on Recent Advances in
Intrusion Detection (RAID’04), pp. 125-145, French
Riviera, Sept. 2004.
[3] Perkins CE, Belding-Royer E, Das SR. Ad hoc on-
demand distance vector (AODV) routing.
http://www.ietf.org/rfc/rfc3561.txt, July 2003. RFC
3561.
.[4] The Network Simulator, NS-2, Available from
www. isi.edu/ nsnam/ ns.
[5] Mahesh K. Marina and Samir R. Das, "On- Demand
Multipath Distance Vector Routing in Ad Hoc
Networks", in proceedings of 9th IEEE International
Conference on Network Protocols, 11- 14 November
2001, pp: 14- 23.
[6] Shideh Saraeian, Fazllolah Adibniya, Mohammed
GhasemZadeh and SeyedAzim Abtahi, “Performance
Evaluation of AODV Protocol under DDoS Attacks in
MANET,” in the Proceedings of World Academy of
Science, Engineering and Technology, Volume 33,
September 2008, ISSN 2070-3740.
[7] Dokurer, S.; Ert, Y.M.; Acar, C.E., “Performance
analysis of ad hoc networks under black hole attacks,”
In the proceedings of IEEE SoutheastCon 2007, 22-25
March 2007 Page(s):148 – 153 D.O.I 10.1109 /
SECON.2007.342872.
[8] Mohammad Al-Shurman and Seong-Moo Yoo, Seungjin
Park, “Black hole Attack in Mobile Ad Hoc Networks”
Proceedings of the 42nd annual Southeast regional
conference ACM-SE 42, APRIL 2004, pp. 96-97.