Mobile ad hoc network (MANET) is defined as the category of wireless network that is capable of operating without any fixed infrastructure. The main assumption considered in this network is that all nodes are trusted nodes but in real scenario, some nodes can be malicious node and therefore can perform selective dropping of data packets instead of forwarding the data packets to the destination node. These malicious nodes behave normally during route discovery phase and afterwards drop fractions of the data packets routed through them. Such type of attack is known as smart gray hole attack which is variation of sequence number based gray hole attack. In this paper, we have launched smart gray hole attack and proposed a new mechanism for mitigating the impact of smart gray hole attack. Mitigating Gray hole Attack Mechanism (MGAM) uses several special nodes called as G-IDS (gray hole-intrusion detection system) nodes which are deployed in MANETs for detecting and preventing smart gray hole attack. G-IDS nodes overhear the transmission of its neighbouring nodes and when it detects that the node is dropping the data packets which are greater than threshold value then it broadcast the ALERT message in the network notifying about the identity of malicious node. The identified malicious is then blocked from further its participation by dropping the request and reply packet. In order to validate the effectiveness of our proposed mechanism, NS-2.35 simulator is used. The simulation results show that the proposed mechanism performs slightly well as compared with the existing scheme under smart gray hole attack.
Mobile ad hoc network (MANET) is a progressing and most pervasive technology in wireless network which is recognized as an infrastructure less network . It is selfconfigurable, temporary and scalable type of networks . These types of networks are suitable for critical operation such as battlefield, emergency rescue operation etc. where it is difficult to set up infrastructure based network . In this type of network, each device not only acts as a host and but also as a router . The routing protocol such as ad hoc on-demand distance vector (AODV) , Dynamic source routing (DSR)  etc. which are used for communication are based on assumption that all nodes are cooperative and trustworthy . Therefore, the MANET routing protocols are highly vulnerable to various types of denial of service (DoS) attacks , particularly packet dropping attack. The packet dropping attack can be categorized as Full packet drop and Partial packet drop attack. The full packet drop attack is known as black hole attack and the partial packet drop attack is known as gray hole attack. In case of Full packet drop attack, the malicious node do not participate in route discovery process and try to attracts the data traffic by giving false routing information and drops all the data packet received by it whereas in case of Partial packet drop attack, the malicious node participates genuinely in the route discovery process and also forwards the genuine reply packet received from the destination. When the source node sends the data packets through the path which contains gray hole node, it drops some of the data packets and the performance of the network slightly degrades. Therefore, there is need to provide security in ad-hoc network for dealing with the attacks. In this paper, the main contribution is that we have proposed a new mechanism called as Mitigating Gray hole Attack Mechanism (MGAM) for reducing the impact of smart gray hole attack in the network.
The remainder of the paper is structured as follows. Sect. 2 describes different types of gray hole attack and the procedures for launching smart gray hole attack. In Sect. 3, we explained about various existing schemes for dealing with gray hole attack in MANET. In Sect. 4, we describes in detail about the working mechanism of proposed methodology. Section 5 discusses about the experimental parameters and analysis in NS-2. In Sect. 6, we shows the performance comparison of our approach with ABM. The advantages and shortcomings of proposed approach and conclusions are discussed in Sects. 7 and 8 respectively.
2 Gray hole attack
Gray hole attack or selective forwarding attack is denial of service attack [8, 9] which is variation of black hole attack in which initially the node do not appear as a malicious but later on turns into malicious one and drops selective data packets. There can be two types of possible gray hole attacks in the MANET as depicted in Fig. 1. The first type of gray hole attack is Sequence Number based gray hole attack which is introduced in  in which the node gives false route reply by sending high destination sequence number with minimum hop count to the source node The source node on receiving the reply packets starts sending the data packets through the route which contains gray hole node and then selectively drops the data packets. The second type of gray hole attack is Smart gray hole attack which is variation of sequence number based gray hole attack in which the node behaves normally during the route discovery process and then drops some fractions of the data packets. The gray hole node behaves in an unpredictable manner in the network and therefore, it is difficult to detect these attack [11, 12] than the black hole node where the malicious node drops all the received data packets [13–16]. In order to launch the smart gray hole attack, we have presented the procedure as shown in 2.1 and 2.2 subsections. Initially the smart gray hole node is made to participates normally in route discovery process in order to find the route towards the destination but when it receives the data packets, it checks whether the trusted variable is True or False. If smart gray hole attack is to be launched between Time T1 and T2, the Trusted variable is set to the False and then it performs selective packet drop otherwise it forwards the data packets to the next node or to the destination node.
3 Related work
There are many existing schemes which have been proposed by many researchers for dealing with selective packet dropping attack.
The author in  proposed a technique that can detects chain of collaborative malicious nodes which performs selective packet drop in the network. In this approach, the total data traffic is divided into some small sized blocks. The source node sends a prelude message to the destination node before sending a block of the data to notify it about the incoming data block and starts the timer. After sending prelude message, it broadcasts a monitor message to all its neighbour nodes to monitor the activities of the next node and begins with the transmission of data packets. On the other hand, the destination node sends a postlude message which contains the number of data packets received by destination node. If the source node receives the postlude message within the expiry of timer, it checks the number of received packet with the total number of sent packet by it and if the differences is within the tolerable range, it sends the next block of the data packet else it starts detection of malicious node and then remove malicious node from the network by collecting the responses from the monitoring nodes. The drawback of this approach is that it has high routing overhead due to various extra control packets and the author has not done performance evaluation of the proposed approach.
In , special nodes called as IDS nodes are deployed in the network which has the ability to overhear its nearby transmission. In this technique, only the destination nodes are allowed to send the reply packet on receiving the request packet and intermediate nodes are forbidden to send the reply packet. There are certain rules according to which if nodes does not works, it is declared as malicious node. The IDS node monitors and increases the suspicious value of its nearby node according to abnormal difference between requests (RREQs) and replies (RREPs) packets transmitted from the node. If any intermediate node is not the destination node and that has never broadcasted a request packet for a specific path, but forwarded a reply packet for the path, then nearby IDS node will increment its suspicious value by 1 in its suspicious node table. When the suspicious value of a node becomes greater than the threshold value, IDS nodes broadcast a block message to all nodes in the network for blocking suspicious node and thus isolating it from the network. Although this approach is able to detect the black hole attack and sequence number based gray hole attack in the network but it fails in case of smart gray hole attack. The smart gray hole node participates correctly in route discovery and also forwards the request packet due to which it is unable to detect it and hence is the limitation of this approach.
In , the author has proposed a new methodology for mitigating the effects of the gray hole node by employing special nodes i.e. intrusion detection system (IDS) in the network. The source node intimates to the destination node about the number of packets it will forward through alternative path. Whenever the destination node does not get the actual number of data packets, it transmits query request (QRREQ) packet to the node which is at a distance of 2- hop from it and waits for the query reply (QRREP) packet. The query reply (QRREP) packet contains data about the number of data packets forwarded by the node to its next hop neighbor in the source route. On receiving the query reply (QRREP) packet, the destination node verifies whether its previous hop node has relayed all the data packets that it received from its previous hop node. When the destination node found that its previous node has not forwarded all the packets received from its previous node, it makes its entry into suspected list and alert to the nearby IDS nodes about the suspected node. The IDS nodes listens to the malicious node’s transmission and broadcast the block message in the network which contains the identity of malicious node whenever it detects any anomaly and then isolates the malicious node from the network. The limitation of this approach is that the malicious nodes can behave normally after receiving the query packet and can forward the data packets due to which the IDS node would not be in position to detect it.