Blackhole Attack in ns-2

The patch provided in this post enables a ns-2 user to simulate "Blackhole Attack in ns-2" for Mobile Ad hoc Network (MANET) Simulations. Blackhole attack has been implemented using Ad hoc On demand Distance Vector (AODV) routing protocol. As of now the patch will only work on ns-2.35 version! Patches for older versions of ns-2 will be provided soon.

Material provided with this post:

1. A patch to simulate Blackhole attack in ns-2.35 and steps to apply that patch.

2. Sample TCL script to demonstrate how to configure a malicious nodes.

3. AWK Script that calculates Packet Delivery Ratio (to confirm whether the code really works!)

Follow the steps given below to apply Blackhole patch to ns-2.35:

1. Download ns-allinone-2.35.tar.gz

2. Download Blackhole.patch

3. Unzip ns-allinone-2.35.tar.gz. You will get a folder named ns-allinone-2.35

4. Paste the downloaded Blackhole patch in the above mentioned folder.

5. Give the following command:

patch -p1 -t < Blackhole.patch

6. Go in ns-allinone-2.35 via terminal and give the following command (It is always recommended to be in root mode while giving the below command):

./install

If you already have an installed copy of ns-allinone-2.35, then follow the steps given below to apply the Blackhole patch:

1. Paste the downloaded Blackhole patch in ns-allinone-2.35 directory.

2. Give the following command:

patch -p1 -t < Blackhole.patch

3. Go in ns-allinone-2.35/ns-2.35 directory and give the following commands:

./configure
make clean
make
make install

You are done with it!

Sample TCL Script and AWK Script to verify the working of Blackhole Patch:

Download blackhole.tcl and pdf.awk from the links given below and keep them in the same folder:

blackhole.tcl

pdf.awk

How to use these files for verification?

I. Open blackhole.tcl and comment the following line (remember: # is used for commenting)

$ns at 0.0 "[$n5 set ragent_] hacker"

$n5 in the above line represents node 5. The word "hacker" has been used to represent "attacker". You may try making any other node as an hacker also. 

0.0 in the above line indicates that from beginning of the simulation itself, node 5 acts an attacker in the network. Blackhole attack is mainly launched during the Route Establishment phase and hence it is important to configure a node to be an attacker from the beginning of the simulation.

We comment the above line so that we can first analyze the behavior of a normal network without Blackhole attack. At a later point, we will uncomment this line and analyze the behavior of the network when it is attacked by node 5.

II. Run blackhole.tcl by giving the following command:

ns blackhole.tcl

III. Give the following command to run the pdf.awk and note down the results:

awk -f pdf.awk blackhole.tr

IV. Open blackhole.tcl again and uncomment the line which you commented earlier (i.e., this time the attacker will attack the network)

V. Run blackhole.tcl by using the same command as mentioned in Step II.

VI. Note down new results by running the pdf.awk as mentioned in Step III.

You would observe that none of the packets are delivered and ratio turns out to be zero.

You can also verify the working of the patch by observing packet drops in NAM window. Here is one snapshot which shows the same:

[Click on the Image to enlarge]

Acknowledgements: 

1. Thanks to E. Talipov's link: http://elmurod.net/en/index.php/archives/196 using which a major part of the patch has been designed.

2. Thanks to Gaurav Gupta for designing the sample TCL script named "blackhole.tcl" and also for his assistance in shaping up this patch.

3. Thanks to Knud F. L. for his crucial feedback on the design of the patch.

Hope it helps.

Regards,