Performance Evaluation of Mesh based Multicast Reactive Routing Protocol under Black Hole Attack

A mobile ad-hoc network is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. The wireless and dynamic nature of ad-hoc networks makes them vulnerable to attacks especially in routing protocols. Providing security in mobile ad-hoc networks has been a major issue over the recent years. One of the prominent mesh base reactive multicast routing protocols used in ad-hoc networks is On Demand Multicast Routing protocol (ODMRP). The security of ODMRP is compromised by a primary routing attack called black hole attack. In this attack a malicious node advertises itself as having the shortest path to the node whose packets it wants to intercept. This paper discusses the impact of black hole attack on ODMRP under various scenarios. The performance is evaluated using metrics such as packet delivery ratio and end to end delay for various numbers of senders and receivers via simulation. Simulations are carried out using network simulator ns-2. The results enable us to propose solutions to counter the effect of black hole attack.

💡 Research Summary

The paper investigates the vulnerability of the On‑Demand Multicast Routing Protocol (ODMRP), a widely used mesh‑based reactive multicast routing protocol for mobile ad‑hoc networks (MANETs), to the black‑hole attack. The authors begin by outlining the characteristics of MANETs—dynamic topology, limited power, and the broadcast nature of wireless links—that make them attractive targets for routing attacks. They then describe ODMRP’s operation: periodic dissemination of Join Query and Join Reply messages to construct a mesh of redundant paths, which improves resilience under normal conditions but also provides an avenue for malicious nodes to manipulate routing information.

A black‑hole attack is defined as a scenario in which a compromised node falsely advertises itself as having the shortest path to a destination, thereby inserting itself into the routing tables of neighboring nodes. Once on the path, the attacker discards or alters all multicast packets destined for the targeted group, effectively creating a “hole” in the network. Because ODMRP does not incorporate authentication or trust verification for routing messages, such deception goes undetected.

To quantify the impact of this attack, the authors set up a series of simulations using the Network Simulator version 2 (ns‑2). The simulation area is 1000 m × 1000 m, with node counts of 50, 75, and 100. Nodes follow the Random Waypoint mobility model with average speeds ranging from 1 m/s to 10 m/s. Traffic is generated using a Constant Bit Rate (CBR) source at 4 kbps per flow, with a packet size of 512 bytes. The proportion of malicious nodes is varied from 0 % to 20 % in increments of 5 %. For each configuration, the authors examine three numbers of senders (1, 3, and 5) and three numbers of receivers per group (10, 20, and 30), thereby creating a matrix of 27 distinct scenarios. Each scenario is executed ten times with different random seeds, and the results are averaged to reduce stochastic variance.

Two primary performance metrics are evaluated: Packet Delivery Ratio (PDR) and average End‑to‑End Delay (E2ED). The authors also record auxiliary metrics such as routing overhead and energy consumption, although these are not the focus of the analysis. The results reveal a clear, non‑linear degradation of performance as the black‑hole ratio increases. When the malicious node proportion is below 5 %, PDR remains relatively high (≈85 %). However, once the proportion exceeds 10 %, PDR drops sharply to below 60 %, with the most pronounced losses observed in scenarios with five concurrent senders. The simultaneous presence of multiple senders amplifies the effect because each sender’s traffic is independently attracted to the malicious node, leading to cumulative packet loss.

End‑to‑End Delay exhibits a similar trend but with a more pronounced escalation. At low attack rates, the increase in delay is modest and can be attributed to occasional route recomputation and retransmissions. At higher attack rates (≥15 %), the network experiences frequent route breakages, causing repeated route discoveries and multiple retransmission attempts. This results in a steep rise in average delay, sometimes exceeding 300 ms compared to the baseline of under 100 ms in a benign environment. The authors also note that sparse networks (fewer nodes) and high mobility exacerbate the problem, as the malicious node can more easily dominate the limited set of viable paths.

In the discussion, the paper proposes several mitigation strategies. First, a trust‑based routing extension is suggested, where each node maintains a reputation score derived from observed forwarding behavior; nodes with low scores are excluded from mesh construction. Second, the authors advocate for redundant transmission over multiple disjoint paths, thereby reducing the probability that a single compromised node can intercept all copies of a packet. Third, they recommend cryptographic protection of routing control messages—digital signatures or Message Authentication Codes (MACs)—to prevent false advertisements. Finally, they suggest incorporating periodic path verification and anomaly detection algorithms that monitor sudden spikes in packet loss or delay, enabling the network to isolate suspicious nodes in real time.

The conclusion reiterates that while ODMRP offers efficient multicast delivery under normal conditions, its lack of built‑in security mechanisms makes it highly susceptible to black‑hole attacks, especially in dense multicast scenarios with multiple senders. The simulation study quantifies this susceptibility and provides a baseline for future work. The authors call for experimental validation on real hardware testbeds, the development of machine‑learning‑based intrusion detection tailored to MANET environments, and the exploration of combined attack models (e.g., black‑hole plus wormhole or routing loop attacks). By addressing these avenues, the research community can move toward robust, secure multicast routing solutions for the next generation of mobile ad‑hoc networks.