Black Hole Attack, Its Detection And Mitigation

Abstract

Wireless Sensor Networks(WSN) are decentralised and ad-hoc type of networks which can be set up easily in remote locations with the help of mobile devices or nodes. Nodes in these Networks senses and monitors the physical and environmental conditions of an area and send this information to each other or a remote location through co-ordination and co-operation methods of Wireless Sensor Networks. These networks plays a key role in many fields such as military and civil surveillance, health care systems and climate monitoring where manual reading is a tedious task or is not possible.

Due to the self configuring nature of the wireless sensor networks or the nodes associated and its unattended nature due to remote locations, various kinds of security attacks are possible in these networks.These security attacks can be majorly classified as active or passive attacks. Black hole attacks or grey hole attacks are primarily active type of attacks which can reduce the throughput and efficiency of communication in the associated network which in turn can have adverse effect on the network.

In this paper, we will understand the black hole attacks and will review various techniques to detect and isolate malicious node from the network.

INTRODUCTION TO WSN

A Wireless Sensor Network(WSN) is primarily a distributed network of nodes where autonomous sensors and nodes are connected together for diverse applications. WSNs consists of multiple detection stations primarily called as sensor nodes, each of which are small, light-weight and portable in design. WSNs are bi-directional in data flow and their topology differs based upon their associated application for which they are deployed. They has many key characteristics such as: mobility of nodes,heterogeneity,very large scale of deployment,ease to use,ability to cope with node failures or attacks i.e self healing and more. The key function of a sensor node in a sensor area of WSN is to detect events, perform the local data processing, and transmit raw or processed data to the other Fig. 1. Structure of a typical Wireless Sensor Network nodes. Sink node acts as a base station which plays a vital role in wireless environment and it works like a distributed controller. The Base station in WSN is important due the following reasons: sensor nodes are prone to failure so it helps for better collection of data and provides the backup if the master node fails in any case.

A. Characteristics of WSN

1. Computing capabilities: Due to the limit of size, cost and battery power consumption as it is remotely located, program space and memory space of the sensors and other nodes is very limited.
2. Battery energy: Sensor nodes often become invalid and abandoned because the power gets exhaust in the remote location of its application Hence, the protocols or algorithms associated and used should be optimised for low battery energy consumption and high conservation.
3. Communication capabilities: The communication band- width of Senor networks is very narrow and it keeps on changing. Also the communication distance is only tens to several hundred meters.Even the sensors can be easily influenced or manipulated by rains and lightnings, therefore, it is difficult to maintain functioning of these networks smoothly.
4. Dynamic topology: The nodes can fail due to battery exhaustion or various other reasons and even new nodes can be added according to task requirements, which leads to reconfiguration of network every now and then.
5. Multi-hop communications: Sensor nodes can only com- municate with direct neighbors in the WSN. If one node needs to communicate with the other one which is beyond the coverage of the node’s radio frequency then it has to be through multi-hop route transmission of data via the interme- diate nodes.

Challenges in WSN

Wireless sensor networks have tremendous potential and growth because they will expand our ability to monitor and interact remotely with the physical world in fractions of seconds. Sensors have the ability to collect vast amounts of unknown data for further processing. Sensors can be accessed remotely and placed where it is impractical to deploy data and power lines by humans. To exploit the full potential of sensor networks, we must first address the peculiar limitations of these networks and their associated technical issues. Although data fusion requires that nodes should be synchronized, the synchronization protocols used must address the features of these networks. For these Networks to become truly ubiquitous, a number of challenges and obstacles must be overcome which doesn’t result in losing of Confidentiality and Integrity of data shared using it.

1. Energy: The first and foremost important design chal- lenge for a WSN is its energy efficiency. Power consumption can be allocated to three functional domains: Sensing, Communication part, and the last data processing part each of which requires optimization in its design and algorithm. The lifetime of a sensor node used in the network system typically exhibits a strong dependency on the battery life. The constraint most often associated with sensor network design is that sensor nodes operate with limited energy budgets. Typically, sensors are powered through batteries, which must be either replaced or recharged when depleted and it is definitely a tedious task due to its remote locations. For non rechargeable batteries, a sensor node should be able to operate until either its mission time has passed or the battery can be replaced. The length of the mission time depends on the type of application for which it is deployed.
2. Limited Bandwidth: In wireless sensor networks very less power is consumed in processing data than transmitting it. Presently, wireless communication is limited to a data rate in the order of 10-100 Kbits/second. Bandwidth limitation directly affects message exchanges among the sensors used and synchronization is impossible without message exchanges. Sensor networks often operate is limited bandwidth and performance constrained multi-hop wireless communication medium. These wireless communication links operate in the radio, infrared, or optical range of the spectrum.
3. Node Costs: A sensor network consists of a large set of sensor nodes. It means that cost of an individual node is critical to the overall financial metric of the sensor network. Clearly, the cost of each sensor node has to be kept low for the global metrics to be acceptable. Depending on the application of sensor network, large number of sensors might be scattered randomly over an environment, such as weather monitoring. If the overall cost was appropriate for sensor networks then it will be more acceptable and successful to users which need careful consideration.
4. Deployment: Node deployment is a fundamental issue which needs to be solved in Wireless Sensor Networks. A proper node deployment scheme reduces the complexity of problem drastically. Deploying and managing a high number of nodes in a relatively bounded environment requires special techniques. Hundreds to thousands of sensors may be deployed in a sensor region. There are two deployment models at present: (i) static deployment (ii) dynamic deployment. The static deployment chooses the best location according to the optimization strategy, and the location of the sensor nodes has no change in the lifetime of the network. The dynamic deployment throws the nodes randomly for optimization.
5. Security: One of the challenges in WSNs is to provide high security requirements with constrained resources. The remote and unattended operation of sensor nodes increases their exposure to malicious intrusions and attacks. The security requirements in WSNs comprise of node authentication and data confidentiality. To identify both trustworthy and unreliable nodes from a security stand points, the deployment sensors must pass a node authentication examination by their corre- sponding manager nodes or the cluster heads and then the unauthorized nodes can be isolated from the network during the node authentication procedure.

SECURITY ATTACKS

Network security attacks are unauthorized actions or breaches against private, corporate or governmental IT assets in order to destroy them, modify them or steal sensitive data from them. As more enterprises invite employees to access data from mobile devices, networks become more vulnerable to data theft or total destruction of the data or network.Following are the types of attacks possible on a network:-

• Passive Attacks
• Active Attacks

A. Passive Attacks

A passive attack, in computing security, is an attack charac- terized by the attacker monitoring communication or systems. Reading emails, tracking internet usage and using a system’s microphone or camera to ”spy” on an individual or an organi- sation comes in this category. In a passive attack, the intruder does not attempt to alter the system or to change the data but rather collect the data hindering the confidentiality of the data.

The types of passive attacks are:

• Traffic Analysis
• Packet Eavesdropping
• Monitoring

B. Active Attacks

An active attack, in computing security, is an attack char- acterized by the attacker attempting to break into the system hindering the integrity and availability of the data. During an active attack, the intruder may introduce data into the system as well as potentially change data within the system. Types of active attacks are:

Save your time!
We can take care of your essay

• Proper editing and formatting
• Free revision, title page, and bibliography
• Flexible prices and money-back guarantee

Place Order

• Denial of Service Attack
• Wormhole Attack
• Sybil Attack
• Sinkhole Attack

BLACK HOLE ATTACK IN WSN

Blackhole attack is a hazardous attack in the MANETs. In this attack, a malicious node grabs the packet coming fromthe source node to itself by imitating itself as a destination node. When source node sends RREQ message to all its neighbor nodes during route discovery process, a malicious node immediately sends fake RREP message to the source node before other nodes can send RREP. So source nodes after receiving first RREP from malicious node rejects all other RREP from other neighboring nodes and thus considers the completion of Route Discovery process and send data packets to the malicious node which can be called a mali- cious blackhole node. By doing this all the data transmission between source node and destination node is obstructed and hence the performance of system is compromised. [1]. The

A. Packet Delivery Ratio

It is the ratio of packets acquired by the destination node to the total number of packets including the dropped packets.

B. Average Delay Analysis

This can be defined as the amount of delay occurring between dispatching of packet from source node and acquiring a packet at the destination node [10]. It includes all the delays throughout the data flow like packet re-transmission, buffering and route discovery process delays in a network.

C. Throughput

It is the ratio of packet acquired by the destination node to the entire number of packets sent by the source node. Here, We see the drastic impact of black hole attack in wireless sensor networks.As there is no security provided, malicious nodes can enter into the network and can have disastrous effects on the network which can adversely affect the ideal performance of the network.

EXPERT SYSTEM BASED INTRUSION DETECTION

The Expert System that we designed is named as ADIOS: Advanced Detection of Intrusions On Sensor networks which Fig. 5. Throughput uses a combination of a watchdog mechanism and a node- resident expert system to make judgements on the basis of neighbour node behaviour when trying to identify an attack on the network system. This system is based on following assumptions:

• The wireless network interface cards or NIC on the nodes being used should be capable of promiscuous mode i.e. a node can overhear and process transmis- sions of other nodes until and unless it is in its range.
• The antennas used on the nodes should be omni- directional as it supports communication between the diversified nodes in WSNs.
• There is bidirectional communication symmetry between nodes.

A. The Architecture of ADIOS System

The ADIOS Network System is comprised of five main components: lightweight expert system, expert knowledge, memory resident table, majority voting system and the watch- dog system.

1. Lightweight Expert System: The lightweight expert sys- tem (LES) lies at the center of our System and provides theintelligence that drives the IDS.Here the machine reasoning and inferencing happens and finally the judgements are made regarding suspicious network activity.
2. Expert Knowledge: The expert knowledge contains the definitions, rules and sequence of events that describe to the LES what a black hole attack looks like. It can be modified to make this system work for other kinds of attacks similar to Black Hole Attacks.
3. Watchdog System: This module contains the network interface card of a node in promiscuous mode and it has the ability to read and write to the memory resident table. It records activity of interest in the table for the LES to analyze on the basis of triggers.
4. Memory Resident Table: The MRT module is expected to be the subsystem that consumes most of the memory used by the ADIOS system. It is used to capture Network events of interest such as route requests, route replies and abnormal forwarding by a neighbour temporarily for checking.
5. Majority Voting System: The majority voting system is partly responsible for mitigating attacks on the given network as it makes the final decision of classification whether a node is Black or not on the basis of majority system. addhere.png

B. How are Attacks Detected

Our approach to the process of detection of Attacks using ADIOS resolve around its implementation for the different layers of communication. These are as follows:

1. Malicious Node Detection at MAC Layer: Media Access Control (MAC) protocols are designed specifically for WSN in order to reduce the Energy Consumption and considering their Processor limitations. There are two main categories of MAC protocols for WSNs based upon how the MAC manages when certain nodes can communicate on the channel i.e. Time Division Multiple Access(Assigns different time slots to nodes eliminating contention) and Carrier Sense Multiple Access(Uses carrier sensing and backoffs to avoid collisions). Malicious Node Detection at MAC Layer is based upon the concept of the value of hop-count with reference to a constant value for black node detection and prevention separately by blacklisting the black node and eliminating it from the network.
2. Malicious Node Detection at Network Layer: The net- work layer in an ad-hoc wireless network is responsible for neighbor discovery,routing, and dynamic resource allocation. The important variation in the routing used by sensor networks is in network processing as data aggregating and filtering the redundant information. The technique used for Malicious node detection and pre- vention at Network Layer is based on the concept of the path- selection algorithm,stability and load of the network and as a result the attacker node gets labelled Red and is eliminated from the network.
3. Malicious Node Detection at Physical Layer: The physical layer in WSNs deals with modulation and demodulation of digital data, i.e. transmission and reception of the data. It is done by the transceivers present in the sensor nodes. The main functions of physical layer are carrier frequency selection and generation, encryption and decryption, modulation and demodulation, transmission and reception of the data in the Network System.

The concept of detecting and mitigating the intrusions at the Physical Layer is based on the concept of the transmission power associated to the network and the distance between the sender and the receiver and as a result the Black node gets detected from the network system.

C. Simulation Results and Analysis

Simulation results shows us how efficient the proposed system performs in real life scenarios and helps us understand it easily using graphs. To simulate the efficacy of each node monitoring a random subset of the network events, the network traffic containing black hole attacks was generated. Also, these attacks happened throughout the traffic dump and the nodes were instructed to only monitor random portions of this traffic and report when anomalies were found. The number of nodes in a neighbourhood and the number of attacks were varied during these simulations. These simulations were run 1000 times and the averages were taken which is shown using Per. of attacks detected vs Per. of events monitored.

REFERENCES

1. Shaveta, Pawan Luthra, Er. Gagandeep ”Implementation of blackhole attack under aodv routing protocol”, Chennai, India, IEEE, 2017
2. Taylor Vincent F, Fokum Daniel T ”Mitigating Black Hole Attacks in Wireless Sensor Networks Using NodeResident Expert Systems”, Washington, DC,pp.1-7,IEEE,2014.
3. Abhinav Kaurav, Kakelli Anil Kumar ”Detection and Prevention of Blackhole Attack in Wireless Sensor Network Using Ns-2.35 Simula- tor” International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 2017
4. Abdullah Aljumah, Tariq Ahamed Ahanger ”Futuristic Method to Detect and Prevent Blackhole Attack in Wireless Sensor Networks ”
5. Hanane Kalkhaa,Hassan, Satori, Khalid Satori ”Preventing Black Hole Attack in Wireless Sensor Network Using HMM”
6. Maryam Motamedi,Nasser Yazdani ”Detection of Black Hole Attack in Wireless Sensor Network Using UAV ”
7. Yingpei Zeng, Jiannong Cao, Shigeng Zhang, ShanqingGuo, Li Xie ”Random-walk based approach to detect clone attacks in wireless sensor networks”
8. Nitin A. Sakhare, Nilesh U. Sambhe ”DETECTION OF MALICIOUS NODE BY BLACK HOLE ATTACK IN WIRELESS SENSOR NET- WORK BASED ON DATA MINING”
9. Shalu Malik, Dr. Anil Kumar Sharma ”DETECTION AND ISOLATION TECHNIQUE FOR BLACKHOLE ATTACK IN WIRELESS SENSOR NETWORK ”
10. Samir Athmani, Djallel Eddine Boubiche, Azeddine Bilami ”Hierarchi- cal energy efficient intrusion detection system for black hole attacks in WSNs”
11. Er. Amandeep Kaur, Er. Parveen Kaur, C. Er. HarisharanAggarwal ”Intrusion Detection System (IDS) for Black hole attacks- A Literature”