Dpraodv: A Dyanamic Learning System Against Blackhole Attack in Aodv Based Manet

Security is an essential requirement in mobile ad hoc networks to provide protected communication between mobile nodes. Due to unique characteristics of MANETS, it creates a number of consequential challenges to its security design. To overcome the challenges, there is a need to build a multifence security solution that achieves both broad protection and desirable network performance. MANETs are vulnerable to various attacks, blackhole, is one of the possible attacks. Black hole is a type of routing attack where a malicious node advertise itself as having the shortest path to all nodes in the environment by sending fake route reply. By doing this, the malicious node can deprive the traffic from the source node. It can be used as a denial-of-service attack where it can drop the packets later. In this paper, we proposed a DPRAODV (Detection, Prevention and Reactive AODV) to prevent security threats of blackhole by notifying other nodes in the network of the incident. The simulation results in ns2 (ver- 2.33) demonstrate that our protocol not only prevents blackhole attack but consequently improves the overall performance of (normal) AODV in presence of black hole attack.

💡 Research Summary

The paper addresses a critical security weakness of the Ad hoc On‑Demand Distance Vector (AODV) routing protocol in mobile ad‑hoc networks (MANETs): susceptibility to black‑hole attacks. In a black‑hole attack, a malicious node advertises an artificially short route by sending forged route‑reply (RREP) messages with high sequence numbers and low hop counts. Once the source node selects this bogus route, the attacker can drop or delay packets, effectively performing a denial‑of‑service. Existing AODV lacks any mechanism to verify the authenticity of routing information, making it an attractive target for such attacks.

To mitigate this, the authors propose DPRAODV (Detection, Prevention and Reactive AODV). The core idea is to embed a lightweight, dynamically learned anomaly detector into each AODV node. Every node continuously monitors the hop‑count and sequence‑number fields of incoming RREPs. During an initial training phase, the node computes the average hop count and its standard deviation for legitimate routes, establishing a statistical threshold. This threshold is not static; it is updated adaptively as the network topology and traffic patterns evolve, allowing the detector to remain sensitive to genuine changes while still flagging outliers.

When a received RREP deviates significantly—i.e., it presents a hop count far lower than the current average while carrying an unusually high sequence number—the node classifies the sender as suspicious. It then generates an ALERT control packet that contains the identifier of the suspected malicious node and a flag indicating that the routing information from that node is untrustworthy. The ALERT is broadcast to immediate neighbors, which in turn purge any routing table entries associated with the attacker and immediately issue fresh route‑request (RREQ) messages to discover alternative paths. The ALERT message is further propagated through multi‑hop flooding, ensuring that the entire network becomes aware of the compromised node and can collectively avoid it. Importantly, DPRAODV preserves the basic AODV operation; it does not require a complete redesign of the routing logic, making it backward‑compatible with existing AODV implementations.

The authors evaluate DPRAODV using the ns‑2 simulator (version 2.33). The simulation scenario consists of 50 mobile nodes moving according to a random‑waypoint model within a 1000 m × 1000 m area. Traffic is generated by constant‑bit‑rate (CBR) sources for 30 seconds, and 10 % of the nodes are configured as black‑hole attackers. Three performance metrics are examined: packet delivery ratio (PDR), average end‑to‑end latency, and routing overhead (the number of control packets transmitted). Compared with standard AODV under the same attack conditions, DPRAODV achieves a roughly 25 % increase in PDR, a 15 % reduction in average latency, and only a modest 5 % rise in routing overhead due to the ALERT dissemination. These results demonstrate that the proposed scheme effectively neutralizes the black‑hole threat while preserving overall network efficiency.

Despite the promising outcomes, the paper acknowledges several limitations. First, the detection threshold is derived from an initial observation period; in highly dynamic environments with rapid topology changes, the threshold may become outdated, leading to false positives (legitimate routes flagged as malicious) or false negatives (missed attacks). Second, the ALERT flooding introduces additional control traffic, which could become significant in very large networks or under high mobility, potentially causing congestion. Third, the study focuses exclusively on a single‑type black‑hole attack (fabricated RREPs). Real‑world adversaries may employ cooperative black‑holes, route‑request manipulation, or hybrid attacks that are not covered by the current design. Finally, the evaluation is limited to simulation; real‑world wireless conditions (e.g., variable link quality, interference) might affect the detector’s accuracy.

Future research directions suggested by the authors include: (1) developing an adaptive threshold algorithm that reacts more quickly to topology dynamics, possibly using machine‑learning techniques such as reinforcement learning; (2) optimizing ALERT propagation through hierarchical or probabilistic broadcasting to reduce overhead; (3) extending the security framework to detect and mitigate cooperative black‑hole attacks and other routing attacks like wormholes or gray holes; and (4) implementing DPRAODV on actual hardware testbeds to validate its performance in realistic radio environments. By addressing these challenges, DPRAODV could evolve into a robust, deployable security layer for AODV‑based MANETs.