Cooperative Black and Gray Hole Attacks in Mobile Ad Hoc Networks
In this paper, we propose a complete protocol to detect a chain of cooperating malicious nodes in an ad hoc network that disrupts transmission of data by feeding wrong routing information. Our techniques is based on sending data in terms of equal but small sized blocks instead of sending whole of data in one continuous stream. The ﬂow of traﬃc is monitored independently at the neighborhoods of both source and destination. The results of monitoring is gathered by a backbone network of trusted nodes. With assumption that a neighborhood of any node in the ad hoc network has more trusted than malicious nodes, our protocol can not only detect but also remove a chain of cooperating malicious nodes (gray/black hole) by ensuring an end-to-end checking between the transmission of two blocks of data. The protocol takes O(mdBN ) time for detection and removal of gray/black holes chain which betters an earlier O(n 2 ) time bound  for detecting a single black hole in the network. Here, m is the number of malicious nodes in the network, dBN is the diameter of a backbone network formed out of the ﬂat ad hoc network, and n is the total number of nodes in the ad hoc network.
Mobile ad hoc networks are highly susceptible to routing attacks because of their dynamic topology and lack of any infrastructure. Two of the major routing attacks are black hole and gray hole attacks. In a black hole attack, the malicious node (referred to as black hole) replies to every routing request saying that it has a route to the given destination. So, unsuspecting nodes start sending data to the destination through the black hole. This way a black hole diverts most of the traﬃc in the network to itself, and later dumps it. A gray hole attack is a variation of the black hole attack, where the malicious node is not initially malicious, it turns malicious sometime later. This anomalus behaviour of malicious nodes prevents a trust based security solution from detecting them. In this paper, we present a mechanism to detect the malicious nodes launching the black/gray hole attacks. Our algorithm takes O(n) time on an average to ﬁnd the chain of malicious nodes. Moreover, it can detect the gray hole nodes, whether single or cooperating. The proposed technique works as follows. Initially a backbone network of strong nodes is established over the ad hoc network. Each strong node is assumed to be trustful and capable of tuning its antenna to
FREE IEEE PAPER