# Intrusion Detection for Black Hole and Gray Hole in MANETs.

## Presentation on theme: "Intrusion Detection for Black Hole and Gray Hole in MANETs."— Presentation transcript:

Intrusion Detection for Black Hole and Gray Hole in MANETs

S E G D F H C B M A Black hole and gray hole attack

S E G D F H C B M A 1 1 2 2 2 3 3 3 4 4 1

S E G D F H C B M A

 Black hole: drop all data packets & cheat the previous node.  Gray hole: drop part of the data & cheat the previous node.  Gray Magnitude: the percentage of the packets which are maliciously dropped by an attacker(a node received 100 packets, and forwarded 70 packets, gray magnitude=70%)  Black hole drop 100% (special gray hole)  Goal of this paper: find the black or gray hole, and calculate the Gray Magnitude.  They calculate the Gray Magnitude to make sure the node is a gray hole, in case of mismarking(collision problem). Black hole and gray hole attack

A Path-based Detecting Method S A D B C E A, C, E, B are neighbors of S, Only A is on the path to D, so S only watch A.

A Path-based Detecting Method S A D 1, every node should keep a FwdPktBuffer; 2, S send p01 to A, a signature is added into the FwdPktBuffer and S overhears A. 3, when A forwards P01, S releases the signature. B Forward Packet Buffer Sign 01 Overhear Sign 01 Overhear

overhear rate S A B D Explain: A forward 10 packets to B------------total overheard packer number=10; B forward 8 packets to D -----------total forwarded packer number=8; Overhear rate: OR=10/8 If the forwarding rate is lower than the overheard(8<10), the detecting node(A) will consider the next hop(B) as a black or gray hole. Latter, the detecting node(A) would avoid forwarding packets through this suspect node(B). 10 8

 ln this scheme, each node only depends on itself to detect a black or gray hole. The algorithm does not send out extra control packets so that Routing Packet Overhead  requires no encryption on the control packets to avoid further attacks on detection information sharing  There is no need to watch all neighbors' behavior. Only the next hop in the route path should be observed. As a result, the syste1n performance waste on detection algorithm is lowered. Advantage of the Algorithm

 When A find B is a BH or GH, A chooses another path. A Path-based Detecting Method: SA D B C Watch dog: SA D B C  When A find B is a BH or GH, A tell S to choose another path.

 In fig 2, Node S is source node and Node C is destination node.  Packet I is transmitted from Node B to Node C. At the same time, Packet 2 is transmitted from Node S to Node A.  Consequently, Packet 1 and Packet 2 will collide at Node A.  Then Node S will retransmit Packet 2; but Packet 1 will not be sent again because Packet 1 has been received by Node C successfully.  As a result, Node A misses Packet l and treats it being dropped by Node B deliberately. Collision problem

How do they define whether a node is a gray hole or not? OR(N) <(I-Tf ) ·(l- ACR(N)) Td(N) = 1- (l - T1 ) ·(l - ACR(N)) But briefly, when Dropped packets > collided packets The next node is a gray hole. They use a lot of equations to calculate the drop packets rate, the overheard rate and the collided rate

 maximum transmission range is 250m  distance between two neighbors is 200m  so that a node can only have 4 neighbors Simulation Results and Discussion

 Overall Packet Delive1y Rate: the percentage of the data packets which are actually received by the destination.  GM = gray magnitude  Based on this result, we will only focus on gray hole With gray magnitude of 0.6 or above, because a lower gray magnitude cannot bring about great damage to the network

Reported Collision Rate

Detection Rate

 Detection Rate & False Positive Rate vs. Gray Hole Number: Detection threshold is set to 0.6, and the attackers' gray magnitude is between 60% to 100%  Approximately, detection rate still keeps above 90%, and false positive rate is lower than 5%. This result reflects that our detection scheme is valid for attackers with gray magnitude between 60% and l 00%.

 1, What is Gray Magnitude ?  the percentage of the packets which are maliciously dropped by an attacker(a node received 100 packets, and forwarded 70 packets, gray magnitude=70%)  Black hole drop 100% (special gray hole)  2, What is FwdPktBuffer?  Forward packet buffer.(put forwarded packet’s signature)  3, What’s the difference between A Path-based Detecting Method and Watchdog mechanism? Questions:

 When A find B is a BH or GH, A chooses another path. A Path-based Detecting Method: SA D B C Watch dog: SA D B C  When A find B is a BH or GH, A tell S to choose another path.

Download ppt "Intrusion Detection for Black Hole and Gray Hole in MANETs."

Similar presentations