An Analysis of Wormhole and Blackhole

Attacks in Ad Hoc Networks

Submitted by -:
Abhishek Gupta
703/IT/08

Table of Contents
I.Abstract
II.Introduction
III.Collaborative Attack
III.aCategorization of Coolaborative Attacks
III.a.1Direct Collaborative
III.a.2 Indirect Collabortive
IV. Wormhole Attack
IV.a Severity of a Wormhole Attack
IV.b Simulations
IV.c Analysis
V. Blackhole Attack
V.a Simulations
V.b Analysis
VI. Conclusion
VII. References

3
4
5
5
5
5
6
7
9
11
13
13
18
20
21

I.Abstract
A Mobile Ad hoc Network (MANET) consists of a set of communicating wireless mobile nodes
or devices that do not have any form of fixed infrastructure or centralized authority. The security
in MANET has become a significant and active topic within the research community. This is
because of high demand in sharing streaming video and audio in various applications, one
MANET could be setup quickly to facilitate communications in a hostile environment such as
battlefield or emergency situation likes disaster rescue operation. In spite of the several attacks
aimed at specific nodes in MANET that have been uncovered, some attacks involving multiple
nodes still receive little attention. A reason behind this is because people make use of security
mechanisms applicable to wired networks in MANET and overlook the security measures that
apply to MANET. Furthermore, it may
also have to do with the fact that no survey or taxonomy has been done to clarify the
characteristics of different multiple node attacks. This thesis addresses the aforementioned gap
by providing a proper definition and categorization of collaborative attacks against MANET
from the various multiple node attacks found.
Simulation using GLOMOSIM was used to investigate the performance impact of a collaborative
blackhole and wormhole attack on a mobile ad hoc network. Network throughput, packet
delivery ratio and end-to-end delay are the performance metrics used in our result analysis.

II.Introduction
During the past few decades the world has become a global village by virtue of the technological
revolution. Information Technology (IT) is growing day-by-day. Businesses tend to use more and
more complex network environments. Despite the efforts of network administrators and IT
vendors to secure the computing environments, the threats posed to personal privacy, company
privacy and various assets by attacks upon networks and computers continue unabated. The
Mobile Ad hoc Networks (MANETs) are most certainly a part of this technological revolution. A
MANET is a collection of wireless devices or nodes that communicate by dispatching packets to
one another or on behalf of another device/node, without having any central network authority or
infrastructure controlling data routing. MANET nodes have limitless connectivity and mobility
to other nodes routing, each node acts as a router and network manager to another node [17].
Having a secured transmission and communication in MANET is a challenging and vital issue
due to the fact that there are various types of attacks that the mobile network is open to. In order
to secure communication in such networks, understanding the liable security attacks to MANET
is a great task and concern. MANETs suffer from a variety of security attacks and threats such
as: Denial of Service (DoS), flooding attack, impersonation attack, selfishnode misbehaving,
routing table overflow attack, wormhole attack, blackhole attack, and so forth. MANET is open
to vulnerabilities as a result of its basic characteristics like: no point of network management,
topology changes vigorously, resource restriction, no certificate authority or centralized
authority, to mention a few [1, 2, 4].
Previous studies show that there are different categories of attacks on MANET [1, 2, 8] such as
Passive and Active attacks, Internal and External attacks and the Routing and Packet Forwarding
attacks. Some of these attacks are termed as single attacks while some are referred to as attacks
on multiple nodes and are malicious. In this thesis, we make investigation on the multiple node
attacks against MANET and provide a new categorization of multiple node attacks. In addition,
based on the characteristics of these attacks, we will present a proper definition of such attacks in
MANET. After that, the simulations of different network sizes are performed to see the impact on
MANETs performance with and without collaborative attack. Finally, the various mitigation
plans for collaborative attacks are discussed and highlighted.

III.Collaborative Attack
A collaborative attack in MANET is a homogeneous attack (i.e. blackhole or wormhole attack),
involving two or more colluding nodes; classified as internal active attack that can be processed
using wired or wireless link and triggered by single or multiple attackers. It can also be referred
to as the first level of attack, in which the adversary only interests in disrupting the foundation
mechanism of the ad hoc network, for instance routing protocol, which is crucial for proper
MANET operation.
III.a Categorization of Collaborative attacks
In collaborative attacks, as defined in the previous section, there are numerous nodes involved
during the attack. These nodes can be physically existent or not existing at all. These unique
characteristics can be observed and were distinguished in the section on Multiple Node Attacks.
After the study of different multiple node attacks, and then provided the definition of
collaborative attacks, we are now going to categorize these attacks into two different categories.
III.a.1 Direct Collaborative Attacks
Here, the attacker nodes are already in existence in the original network or a malicious node
joins the network or an internal node is compromised in the network. This kind of collaborative
attacks can be referred to as direct collaborative attacks. Blackhole and Wormhole attacks belong
to this category. The reason for this classification is based on the nature behaviour of these
attacks. In the blackhole attack, one or more malicious nodes try to disrupt the network routing
operation by advertising itself as the shortest path to the destination node. Therefore, there will
be at least three physical nodes must be involved in this attack, namely: the source node,
blackhole node (malicious node) and the destination node.
The second attack belonging to this category is the wormhole attack; there always exists two
colluding malicious nodes, since they can tunnel data packets back and forth even packets not
addressed to them without being known by other nodes. Thus, the wormhole attack involves at
least two physical nodes.
III.a.2 Indirect Collaborative Attacks
The attacks in this category use different non-existent nodes in order to fake other nodes to
redirect data packets to malicious node. This kind of collaborative attacks can be referred to as
indirect collaborative attacks. The attacker nodes are not already in existence in the original
network but created along the line of their attack. Sybil attack belongs to this category of
collaborative attacks. The malicious node in Sybil can generate arbitrary number of additional
identities for itself while using only one physical node. This physical node may be a legitimate
node or an already compromised or malicious node by Sybil attack in the MANET.
Routing table overflow is another attack in this category in which the malicious node tries to
create as much as possible routes to non-existent nodes. It aims to prevent new routes from
being produced or to overpower the routing protocol.

IV.Wormhole attack
Wormhole attack is a type of a collaborative attack in which the attacker provides two chokepoints of malicious nature , that are used to degrade the network or analyze the network traffic.
These two checkpoints constitute the end points of a wormhole .The end points are connected via
a high speed link [Fig 1]of some sort or tunnel. Packets are captured from one end point and are
tunnelled to the other malicious end in some other part of the network, where they are replayed,
typically without modification. The following figure illustrates a network topology affected with
a wormhole:-

Figure 1: X and Y are the end points of the wormhole with a communication link between
them known as the wormhole link. X is in transmission range of a, b and m where as Y is in
transmission range of d, e and c.

IV.a Severity of a wormhole attack

Wormhole attack is considered one of the most severe attacks on ad hoc networks. Wormhole is
severe against on demand as well as proactive routing mechanisms. Firstly, in on demand routing
mechanisms , a wormhole is capable of attracting a significant percentage of network traffic.
This is because of the fact that most of the on demand routing protocols are shortest path routing
mechanisms using hop count as a metric and the link between the two adversial nodes of the
wormhole is a fast link with small number of hops and in most cases a single hop. Data
forwarded via the wormhole thus reaches the destination sooner or with smaller number of hops
as compared to data forwarded by the genuine nodes using multiple hops for transmission. To
understand this, let us divide the network in two partitions A and B [Fig 2], each containing one
of the end points of the wormhole. If packets are to transmitted from a node in Partition A to
Partition B, most of the routes discovered will include the wormhole due to presenting of a
shorter path. Therefore, most of the

Figure 2 : Nodes 1, 2, 3, 4 and 5 are in transmission range of M1. Nodes A, B, C and D are
in transmission range of M2. The network is divided into two partitions A and B. The
wormhole will handle significant amount of routing between partition A and Partition B.
Also nodes 1, 2, 3, 4 and 5 will consider nodes A, b, C and D as their immediate neighbours
due to the presence of wormhole.
routing done between these two partitions is affected by the wormhole. In another situation a
wormhole can directly tunnel a ROUTE REQUEST packet to its destination. When destination
nodes neighbour hear the ROUTE REQUEST packet it will follow normal routing procedure to
rebroadcast it and then discard all other ROUTE REQUEST packets originating from the same
Route Discovery. Any routes other than the wormhole is thus prevented from being discovered.
7

If the wormhole is near the originator of the ROUTE REQUEST packet routes more than two
hops can be prevented from being identified.
After the wormhole has become significant part of the routing the possible ways of exploiting
can be that it may be used to analyse the routing traffic. The critical points of the network such as
the sender node or the destination node may be identified and then the attack may be launched
against these. The adversial nodes of the wormhole may drop the packets instead of forwarding
them all thus creating a permanent Denial of Service Attack. In this case, this attack would be
more detrimental as the wormhole is handling significant routing of the network. The wormhole
may also selectively discard the packets such as the control packets in the on demand routing
mechanisms or modify them.
In the case of pro-active routing mechanisms which employ neighbour discovery procedures
wormhole attack is equally dangerous. These protocols use HELLO PACKETS for neighbour
discovery. If HELLO PACKETS of A are tunnelled across,via a wormhole and are transmitted to
B then A will consider B as its neighbour. The routing will get disrupted when A will try and
communicate with B as its one hop neighbour and wont be able to, as they are not in
transmission range. In Fig 2 nodes 1, 2, 3, 4 and 5 will take nodes A, B, C and D as their
immediate neighbours.
The severity of wormholes is also reflected by the fact that they are not easily detectable .
Cryptographic techniques are not useful in detecting wormhole as in most cases it only relays the
encrypted or authenticated packets. Suppose the attacker places two transceivers at two critical
positions in the network and initiates a fast link between the two. These transceivers will just
pick up packets from the network and tunnel them across. These transceivers need not be part of
the network for performing this task as they will be just sneaking on the packets transmitted by
the neighbour nodes. Cryptographic techniques will be useless in this case. The nature of
wireless communication allows the attacker to design such transceivers. It is also possible for the
attacker to transmit each bit instead of waiting for the whole packet thus decreasing the delay of
transmission. If the attacker does the tunnelling non -maliciously then the wormhole can be very
useful in routing as it provides a fast route with less number of hops .But in most scenarios this is
not the case.
In work done by[9] it has been shown that in shortest path routing protocols, two strategically
located malicious nodes can disrupt on average 32% of all communications across the network ,
when the nodes of the network are distributed uniformly. When the wormhole targets a particular
node in the network, it can disrupt on average 30% to 90%(based on the location of the target) of
all communication between the target node and all other nodes in the network. In a network of
grid topology it has been shown that 40% to 50% of all communication can be disrupted if the
wormhole is placed along the diagonal of the grid. The above study illustrates the severity of
wormhole attacks in wireless ad hoc networks.

IV.b Wormhole Attack-Simulation Results

Simulation Parameters:SIMULATION-TIME 30M
TERRAIN-DIMENSIONS (1200, 1200)
NUMBER-OF-NODES 100,120,140,160 and 180.
NODE-PLACEMENT UNIFORM
MOBILITY NONE
Traffic Generators:CBR 2 5 10000 512 0.05S 70S 100S
CBR 0 99 10000 512 0.5S 80S 400S
CBR 90 18 10000 512 0.8S 104.39S 400S
CBR 89 97 10000 512 1.1S 300.8S 700S
Malicious node pairs are introduced in the order:1)26-98
2)83-17
3)50-56
The wormholes used in the simulation are unidirectional i.e. only one of the two malicious nodes
can intercept and unicast the control packets to the other malicious node. In this scenario these
nodes are 26 ,83and 50.
Note:In this implementation of wormhole one of the ends of the wormhole must be a one hop neighbor
of the destination node. The reason for above is- The transmission range of the wormhole nodes
is much greater than that of the genuine nodes. Destination may here RREQ packets from a
malicious node but wont be able to reply because the malicious node may be out of range. Thus
it is necessary for us to place one of the ends of the wormhole as close as possible to the
destination node.

End to End Delay

0.05
0.04
0.04
0.03

0 malicious

0.03
End to End delay(sec) 0.02

2 malicious

0.02

6 malicious

4 malicious

0.01
0.01
0
50 100 150 200
No. of nodes

Fig. 3

No. of Hop Counts

50
45
40
35

0 malicious

30

2 maicious

Hop Counts 25
20

4 malicious
6 malicious

15
10
5
0
80 100 120 140 160 180 200
No.of Nodes

Fig. 4
10

Data Handled by Wormhole

1200
1000
0 malicious

800
No. of packets

2 malicious

600

4 malicious

400

6 malicious

200
0
50

100

150

200

No. of nodes

Fig. 5

In case of mobile nodes, there is a possibility that the malicious node of a wormhole may travel
out of range of the destination node thus not allowing the path containing the wormhole to get
selected.

IV.c Analysis
Average End To End Delay:
This is the average delay between the sending of the data packet by the CBR source and its
receipt at the corresponding CBR receiver.
This includes all the delays caused during route acquisition, buffering and processing at
intermediate nodes, retransmission delays at the MAC layer, etc.
A significant drop in the values of average end to end delay (fig 1) can be observed from the
graph as we increase the number of malicious nodes in the network. Average value of End to End
Delay taken over various no. of nodes in the network with no malicious nodes is 0.0306 sec.
Value for 6 malicious nodes is 0.01774 thus giving a drop of around 42%. This drop can be
explained by the fact that the route through the wormhole is a route with smaller no. of hops.
11

Thus the buffering time, processing at intermediate nodes, retransmission delays etc are reduced
significantly which in turn reduces the end to end delay.

Number of Hop Counts:

It is the total number of hop counts for all the selected routes in the network. The value of this
metric(fig 2) also shows drop in the values as we increase the number of wormholes of the node.
Average no. of hop counts with no wormholes is 30. The value with 3 wormholes is 17.

Data Handled by Wormholes:

Data handled by malicious nodes increases (fig 3) as we introduce more wormholes in the
network. The 3 wormholes in the network are handling around 50% of the data being generated.
Another observation that can be made from the graph is that there no significant difference in the
values for 2 and 3 wormholes. This shows that the 3rd wormhole introduced in the network is not
attracting any traffic towards itself. Functioning of wormholes is dependent on the location(its
closeness to the senders, the direction of the wormhole link-should be towards the destination).

Throughput:
Throughput values show an increase (fig 4) as we introduce wormholes in the network. The
wormholes in the above implementation do not have the packet dropping property. The
throughput, thus increases with the introduction of wormholes as wormholes allows the senders
to find shorter routes to the destination.

12

V. Blackhole Attack
A blackhole attack occurs when a malicious node impersonates the destination node or forging
route reply message that is sent to the source node, with no effective route to the destination. The
malicious node may generate unwanted traffics and usually discards packets received in the
network . When this malicious node (blackhole node) has effects on one or more nodes, making
them malicious as well, then this kind of attack can be referred to as multiple node attack or
collaborative attack.
In a blackhole attack, the malicious node presents itself as having the shortest path to the
node it is impersonating, making it easier to intercept the message. To achieve this, the
malicious node waits and tries to get the replies from nearby nodes in order to discover a safe
and valid route. This route could be forged, illegitimate or an imitation but it appears
genuine to the source node.

V.a Simulations
Simulation Parameters:SIMULATION-TIME 30M
TERRAIN-DIMENSIONS (1200, 1200)
NUMBER-OF-NODES 100, 120, 140, 160 and 180.
NODE-PLACEMENT UNIFORM
MOBILITY RANDOM-WAYPOINT
MOBILITY-WP-PAUSE
20S
MOBILITY-WP-MIN-SPEED 0
MOBILITY-WP-MAX-SPEED 5
RADIO-TX-POWER
4.0
Traffic Generators:CBR 9 90 10000 512 0.05S

70S 100S

CBR 0 99 10000 512 0.05S 80S 400S

CBR 0 4 10000 512 0.8S 104.39S 400S
CBR 80 90 10000 512 1.1S 300.8S 700S
CBR 32 67 10000 512 1.1S 400.8S 700S
13

CBR 22 70 10000 512 1.1S 500.8S 700S

CBR 99 58 10000 512 1.1S 600.8S 800S
CBR 63 33 10000 512 1.1S 800.8S 1200S
CBR 27 28 10000 512 1.1S 900.8S 1300S
CBR 33 34 10000 512 1.1S 1000.8S 1100S
CBR 59 99 10000 512 1.1S 1200.8S 1600S
CBR 1 3 10000 512 1.1S 1500.8S 1800S

The malicious nodes chosen are introduced in the order :- 75,96,33 and 2

Static Nodes

Throughput
250000
200000

0 malicious
1 malicious

150000
Throughput

2 malicious
100000

3 malicious
4 malicious

50000
0
50

100

150

200

No. of Nodes

Fig.7

14

Packet Delivery Ratio

1.2
1

0 malicious

0.8

1 malicious
2 malicious

Pdr 0.6

3 malicious

0.4

4 malicious

0.2
0
80 100 120 140 160 180 200
No. of Nodes

Fig.8

Data handled by Malicious Nodes

10000
9000
8000

No. of packets

7000

0 malicious

6000

1 malicious

5000

2 malicious

4000

3 malicious

3000

4 malicious

2000
1000
0
50

100 150 200

No. of Nodes

Fig.9

15

Mobile Nodes

Throughput
250000
200000

0 malicious
1 malicious

150000
Throughput

2 malicious
100000

3 malicious
4 malicious

50000
0
80 100 120 140 160 180 200
No. of Nodes

Fig. 10

Packet Delivery Ratio

1.2
1
0 malicious

0.8

1 malicious
Pdr 0.6

2 malicious

0.4

4 malicious

3 malicious

0.2
0
90 100110120130140150160170180190
No. of Nodes

16

Fig.11

Data Handled by Malicious Nodes

9000
8000
7000
0 malicious

6000

1 malicious

5000

2 malicious

No. of Packets 4000

3 malicious

3000

4 malicious

2000
1000
0
50

100

150

No. of Nodes

Fig. 12

17

200

V.b Analysis
The simulations have been carried out in GloMoSim Network Simulator.The results for
following metrics have been extracted:a) Throughput
b) Packet Delivery Ratio
c) Data Handled by Malicious nodes
The results were taken for static as well as mobile environments. For each, 25 different
simulations were carried out each time varying the number of nodes for a particular number of
malicious nodes in the network. The analysis is as follows:Throughput:
Throughput can be defined as the average rate of successful message delivery over a
communication channel.

18

Throughput = (Total bits received by each application at server / session time) .

In the static environment there is a significant decrease in throughput values of the network with
and without Blackhole attack (fig 1). Average throughput value of the network without the attack
is 182532 bits/sec. The average value with attack comprising of 4 malicious nodes is 17974
bits/sec. There is a 90% drop in throughput values, indicating the severity of the attack. The drop
in throughput values can be attributed to the packet dropping mechanism of the Blackhole nodes.
Another observation that can be made from the graph is that there is no significant difference in
the throughput values of the network with 1,2,3 and 4 malicious nodes(for 1 malicious node the
average value of throughput varying with no. of nodes is 28022 bits/sec and for 4 malicious
nodes it is 17973 malicious nodes giving a drop of around 35%) as compared to the difference
between the values of the network without attack and that of with the attack comprising of 1
malicious node. This can be explained by the fact that activity of a Blackhole node depends on
the presence of other blackhole nodes in the network. One of the Blackhole nodes attracts a large
percentage of network traffic and thus does not leave enough for rest of the malicious nodes of
the network. Thus, a strategically placed blackhole node in the network is capable of attracting
traffic equivalent to that attracted by multiple blackhole nodes.
Whereas in mobile environment (fig 4), the difference in the values of throughput of the network
with malicious nodes are more pronounced( 41968 bits/sec for 1 malicious node and 15792
bits/sec for 4 malicious nodes thus giving a drop of 62%) than those in the case of static
nodes(drop of 35 %). This can be explained by the fact that the dependency of behavior of
blackhole nodes on other malicious blackhole nodes is reduced in this case. Due to mobility,
malicious nodes would be attracting data packets from different set of nodes from time to time.
The behavior of blackhole nodes is also dependent on its position(its effectiveness will increase
with its closeness to the senders).In mobile environment a malicious node may be closer to a
group of senders for some time interval, during which it will be most effective. It will be
handling the major chunk of the total data handled by the malicious nodes, thus not allowing
other malicious nodes to handle data packets. When its distance increases from the senders its
effectiveness will decrease which would in turn allow other blackhole nodes to get involved.
Also, in general the throughput values decreases with the introduction of mobility in the network.

Packet Delivery Ratio:

Packet Delivery Ratio can be defined as the ratio between the number of packets originated by
the application layer CBR sources and the number of packets received by the CBR sink at the
final destination.
19

The values of PDR (fig 2) range from 0.977 (average value for no malicious nodes) to
0.13136(for 4 malicious nodes) in the case of static nodes and 0.9468(no malicious nodes) to
0.24(4 malicious nodes)in the case of mobile nodes (fig 5) for network with and without attack.
This huge drop in the values can be attributed to the packet dropping mechanism of Blackhole
nodes. This clearly shows the severity of the Blackhole attack. Introduction of just 4 malicious
Blackhole nodes in an active network of 12 traffic generators and over 100 nodes paralyses the
network functioning to an extent of almost killing it.
The observation of no significant difference in the PDR values of the network with 1,2,3 and 4
malicious nodes as compared to the difference between the values of the network without attack
and that of with the attack comprising of 1 malicious node can be made here. Also, in the case of
mobile nodes this difference does increase as it increases in the case of throughput. The reason
for the above is the same as explained in the analysis of throughput behavior.
Introduction of mobility increases the average PDR when the network is under Blackhole Attack
as compared to the case of static nodes. Mobility of nodes allows new routes involving different
set of nodes to be found out from time to time. This reduces the probability of the Blackhole
node to be in the route all the time. The result is increased PDR.

Data Handled by Malicious Nodes:

Equal to number of packets dropped by malicious nodes and inversely proportional to Packet
Delivery Ratio. As large as 86% of the total data packets (fig 3) generated by the source nodes
are being dropped by the malicious nodes.

VI.Conclusion
A significant amount of research has been devoted to study security issues as well as
countermeasures to various attacks in MANET. However, we believe that there is still much
research work needed to be done in the area. The underlying rationale is that, existing security
solutions are well-matched with specific attacks, these solutions have proven to be useful to
defend against known attacks, but eventually they fail to counteract unanticipated or combined
attacks. In this thesis, we try to discover multiple node attacks and categorize them as direct or
indirect collaborative attacks but we still have doubts that there could be some other kind of
attacks that can be classified as collaborative attacks. Thus, further research would be carried out
in order to validate the theoretical model: the definition of collaborative attacks and in
identifying other collaborative attacks. Due to time constraints, we only simulate the blackhole
20

attack on MANET to show how this attack impacts the regular operation in MANET. Therefore,
in order to further establish the consequences of collaborative attacks, another direction for
future work would be to simulate other types of collaborative attacks, e.g., wormhole, sybil and
routing table overflow attacks and compare the results. Such studies may result in a more
complete picture of how network performance is affected during a specific collaborative attack
or even combined collaborative attacks. The aforementioned research is quite challenging but
interesting to conduct. Finally, the development of a mitigation plan capable of defending against
various collaborative attacks would be considered as another important direction for future work.

VII. REFERENCES
[1] H. Deng, W. Li, and D. P. Agrawal, "Routing security in wireless ad hoc networks," IEEE
Communications Magazine, vol. 40, pp. 70-75, 2002.
[2] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, "Security in Mobile Ad Hoc Networks:
Challenges and Solutions," IEEE Wireless Communications, vol. 11, pp. 38-47, 2004.
[3] T. Clausen Ed. and P. Jacquet Ed., "Optimized link state routing protocol (OLSR)," IETF
RFC 3626, October 2003.
[4] L. Peters, F. De Turck, I. Moerman, B. Dhoedt, P. Demeester, and A. A. Lazar, "Network
layer solutions for wireless shadow networks," Proceedings of the International Conference
on #etworking, International Conference on Systems andInternational Conference on Mobile
Communications and Learning Technologies, IC#/ICO#S/MCL'06, vol. 2006, p. 1628384,
2006.
[5] L. Peters, I. Moerman, B. Dhoedt, and P. Demeester, "MEHROM: Micromobility support
with efficient handoff and route optimization mechanisms," 16th ITC Specialist Seminar on
Performance Evaluation of Wireless and Mobile Systems (ITCSS16 2004), pp. 269 - 278,
2004.
[6] IEEE Std. 802.11, "Wireless LAN Medium Access Control (MAC) and Physical Layer
(PHY) Specifications," 1997.
[7] A. Mishra, Security and Quality of Service in Ad Hoc Wireless #etworks, 2008.
[8] S. A. Razak, S. M. Furnell, and P. J. Brooke, "Attacks against Mobile Ad Hoc Networks
21

Routing Protocols," 2004.

[9] L. Tamilselvan and V. Sankaranarayanan, "Prevention of co-operative blackhole attack in
MANET," Journal of #etworks, vol. 3, pp. 13-20, 2008.
[10] S. Saraeian, F. Adibniya, M. GhasemZadeh, and S. Abtahi, "Performance Evaluation of
AODV Protocol under DDoS Attacks in MANET," Proceedings of World Academy of
Science, Engineering and Technology, vol. Vol. 33, pp. 501 - 503, September 2008.
[11] H.-X. Tan and W. K. G. Seah, "Framework for statistical filtering against DDoS attacks in
MANETs," ICESS 2005 - Second International Conference on Embedded Software and
Systems, vol. 2005, pp. 456-465, 2005.
[12] S. Djahel, F. Nait-Abdesselam, and A. Khokhar, "An acknowledgment-based scheme to
defend against cooperative blackhole attacks in optimized link state routing protocol," IEEE
International Conference on Communications, pp. 2780-2785, 2008.
[13] F. Anjum and P. Mouchtaris, Security for Wireless Ad Hoc #etworks, Illustrated Edition:
illustrated, Wiley-Interscience, 2007.

22