SVM-Based System for Detecting
Blackhole Attacks
Abstract— Mobile Ad hoc Networks (MANETs) are now
essential in the modern world. They are crucially required in a
variety of circumstances where it is necessary to promptly put
together a network without having the luxury of time or
resources to set up infrastructure or even have human
involvement. There are numerous uses for ad hoc networks.
They can be utilized, among many other things, in education,
on the battlefield, during rescue operations, etc. These
networks are characterized by high mobility and limited
computing power, storage, and limited energy. They don't
employ infrastructure-related communication tools because
they lack infrastructure. As an alternative, these networks rely
on one another for communication and routing. In MANETs,
each node locates another node within its communication range
and uses it as a hop to pass the message through another node,
and so on. Routers, servers, firewalls, and other specialized
equipment are present in traditional networks. While in ad hoc
networks, each node serves several purposes. As an example,
nodes handle the routing task. They are therefore more
susceptible to attacks than traditional networks. The primary
objective of this research is to provide a method for blackhole
attack detection utilizing anomaly detection based on Support
Vector Machine (SVM). This detection system seeks to examine
network traffic and spot anomalies by observing node activity.
Attacking nodes in blackhole situations exhibit specific
behavioral traits that set them apart from other nodes. Our
SVM-based detection system is capable of efficiently detecting
these properties. A traffic under blackhole attack is generated
using the OMNET++ simulator to test the efficacy of this
method. The malicious node is then identified based on the
classification of the traffic into malicious and non-malicious.
The proposed solution's results shown high accuracy in
identifying blackhole attacks.
Keyword: Adhoc Networks, MANET, Routing Protocols,
Blackhole Attacks.
I. INTRODUCTION
T Mobile Ad hoc Networks (MANETs) can be created
without the aid of administrators or traditional base
infrastructure; instead, they are pre-configured to operate on
their own. In general, there are two primary types of wireless
networks: infrastructure-based and infrastructure-less [1]. In
infrastructure networks, wireless devices are configured by
administrators so they may connect to fixed base equipment
to be provided with certain services such as routing, storage,
and security. Nodes in infrastructure-less networks, like
MANETs, are self-configured and rely on one another rather
than fixed base infrastructure. In other words, each node
carries out a variety of tasks [2].
Due to these restrictions, MANETs have several
particular challenges that make them different from
traditional infrastructure networks. Two vital factors taken
into consideration when building MANETs are the
challenges with security and routing [3]. Regarding
challenges with security, MANETs generally lack the
infrastructure that enables conduct perimeter security
functions using devices such as firewalls, routers, IDS, IPS,
XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE
and others. When it comes to routing challenges, nodes
require a routing function in order to communicate with one
another efficiently. The fundamental purpose of the routing
function is to make sure that the message from the sender
takes the shortest path possible to get to its target location.
For a variety of reasons, the traditional infrastructure routing
protocols are ineffective for MANETs. One of them is that
MANETs lack infrastructure, hence routers are not present to
execute the routing task in these networks. Rather, practically
every network node performs this role. For MANETs, new,
improved routing protocols were created for this reason.
The two primary types of MANETs routing protocols are
proactive (table driven) and reactive (on demand) [4] [5].
When using a table-driven protocol, routing data is routinely
updated anytime a change occurs. In contrast, the on-demand
routing protocol only collects routing data when it is required
[6]. Ad hoc On Demand Distance Vector (AODV) is one of
the well-known on-demand routing protocols. Compared to
other on-demand routing protocols, it performs better [7][8].
However, MANETs are vulnerable to several attacks because
of their limitations. The blackhole attack is one of these. The
Blackhole is a significant attack that has a major impact on
network performance. The attacker's node acts as the shortest
path to the target in this attack. The packets it receives are
then dropped. As a result, it significantly influences the
network delivery ratio.
The key contribution of this paper is as below:
• Analyzing and classifying the various methods and
contrasting the various mitigation strategies for blackhole
attacks in MANETs.
• Creating a dataset for analyzing blackhole attacks
with OMNET++ in order to carefully examine the traffic and
research nodes behavior under attack.
• Developing a detection system to identify malicious
nodes.
The rest of this paper is structured as follows:
Background information on mobile ad hoc networks,
including their uses, traits, and difficulties, is provided in
Section 2. The related study and initiatives made by other
researchers on this subject are reviewed in Section 3. The
technique of our suggested solution is described in section 4.
The paper is concluded in Section 5, which also offers ideas
for additional research.
II. BACKGROUND
Mobile ad hoc networks are distinguished from
traditional networks in a variety of ways, particularly in
terms of security. This section covers the uses of MANETs,
security issues, and typical attacks.
1. MANETs Characteristics
 MANETs have a variety of unique characteristics that
support their distinctive uses. These characteristics are listed
below:
• Lack of infrastructure: MANETs are described as
networks with no infrastructure. As a result, they are
effective in terms of both time and money. They can be
created quickly and at relatively low cost [9]. However, it
also makes them more exposed to attacks than traditional
networks.
• Distributed management: Due to the lack of
centralized control, these functions are divided up among the
nodes. Thus, network structure, node authentication, and data
security are all impacted [10].
• Cooperativeness: MANETs use peer-to-peer
architecture rather than client-server architecture which is
usually used in traditional networks. Hence, nodes should
work together to provide the functions that are not performed
by the MANETs' lack of infrastructure security and
centralized management. The goal of this collaboration is to
increase nodes confidence.
• Multi-hop routing: Routing is one of the tasks
carried out by nodes themselves. A node uses nearby nodes
as hops to get to the destination in order to transmit a
message to another node [11]. This process is known as
multi-hop routing.
• Dynamic topology: Because MANETs have no
perimeter borders, nodes can enter and leave the network at
any time without warning. Furthermore, networks can form
independently at any time because there is no centralized
management [12] [13].
• Decentralized architecture: Each network node is
autonomous. Since they are self-configured, they can join or
leave the network without any assistance. They are free to
make these choices on their own. Additionally, even if they
are meant to, they are free to forward or drop data packets
[13].
• Limited resources: Because they rely on batteries
and have weaker processing units, nodes in MANETs have
minimal power and processing capabilities. The main issue
with a limited power supply is that it increases the
vulnerability of MANET nodes to denial-of-service attacks
[14]. In this instance, the attacker sends extra packets to
nodes to drain their batteries.
2. MANETs Security Challenges
Due to their constrained resources, lack of perimeter
protection, no physical security, and unpredictable topology,
MANETs are more vulnerable than traditional wired
networks. They are more vulnerable to both internal and
external network threats. Passive attacks and Active attacks
are the two primary types of MANETs attacks [15].
Active attacks are those where the attacker tries to change
or distort the data being sent into the network. Active attacks
include the blackhole attack, which is the key focus of this
work, routing table overflows, impersonations, rush attacks,
denial-of-service attacks, Byzantine attacks, packet
replication attacks, and distributed denial-of-service attacks.
3. MANETs Routing Protocols
The procedures or guidelines that specify how nodes will
communicate with one another are known as routing
protocols. Finding the most efficient path for a message to go
from the originator to the destination is the main goal of the
routing protocol [16]. Routing protocols can often be divided
into three categories: proactive, reactive, and hybrid [17].
In proactive routing protocols, each node maintains a
table of all possible routes, and the table is updated at
predetermined intervals whenever there is a change in the
network (for example, when a node enters or exits the
network). It is called a table-driven protocol for this reason.
The main goal of proactive protocol is effectiveness. The
nodes respond to changes well and are constantly prepared to
transfer data effectively. The main problem is the network
overhead associated with updating modifications at regular
intervals.
4. Blackhole Attack
The AODV routing protocol is exploited by the blackhole
attack. Every node in the network has a routing table, where
it stores all the data on the most effective routes to certain
destinations, as part of the AODV routing protocol. A node
initially determines if it has the necessary information in its
own routing table before attempting to send a packet to
another node. It starts a discovery procedure if it is not found
or if the necessary route is no longer operational. The node
broadcasts a route request (RReq) to all of its neighbors in
this situation. The route reply (RRep), which includes the
most recent sequence number, broadcast ID, and hop count,
is subsequently sent back if the receiving node is the
destination node [18]. If not, it compares the routing
destination sequence and determines whether its own routing
database has any routing entries to the destination. It sends
out an RReq to its neighbors if the sequence number is less
than or equal to the one it currently holds. A fresh route
indicates a higher sequence number, which it uses to update
its own table and send an RRep back to the node it sent the
RReq to [19]. A malicious node injecting itself into a
network and then claim to have the fastest route to the target
causes a black-hole attack [20]. An illustration of this
procedure is shown in Fig. 2. Node "S" is trying to go to
node "D." Therefore, it broadcasts "RREQ" to the nearby
nodes. Node "M" quickly responds by injecting itself and
announcing that it has the optimal path. As soon as
communication begins, node "M" discards all data
transmitted through it.
4. Blackhole Attack
The AODV routing protocol is exploited by the blackhole
attack. Every node in the network has a routing table, where
it stores all the data on the most effective routes to certain
destinations, as part of the AODV routing protocol. A node
initially determines if it has the necessary information in its
own routing table before attempting to send a packet to
another node. It starts a discovery procedure if it is not found
or if the necessary route is no longer operational. The node
broadcasts a route request (RReq) to all of its neighbors in
this situation. The route reply (RRep), which includes the
most recent sequence number, broadcast ID, and hop count,
is subsequently sent back if the receiving node is the
destination node [18]. If not, it compares the routing
destination sequence and determines whether its own routing
database has any routing entries to the destination. It sends
out an RReq to its neighbors if the sequence number is less
than or equal to the one it currently holds. A fresh route
indicates a higher sequence number, which it uses to update
its own table and send an RRep back to the node it sent the
RReq to [19]. A malicious node injecting itself into a
network and then claim to have the fastest route to the target
causes a black-hole attack [20]. An illustration of this
procedure is shown in Fig. 2. Node "S" is trying to go to
node "D." Therefore, it broadcasts "RREQ" to the nearby
nodes. Node "M" quickly responds by injecting itself and
announcing that it has the optimal path. As soon as
communication begins, node "M" discards all data
transmitted through it.
III. RELATED WORK
Since ad hoc networks are becoming more and more
common and are being used in a variety of fields, blackhole
attacks have attracted the interest of numerous academics.
According to Fig. 3, the most often suggested solutions can
be divided into four categories.
A. Enhanced Routing Protocol Based
According to this mitigation strategy, improving the
current protocols will make them better able to detect and
stop blackhole attacks, as suggested by several researchers.
The MBDP-AODV advanced routing protocol was put
forth in [20]. This improved methodology employs several
statistical elements, such as the mean and standard deviation.
Figures ought to increase reasonably under typical
circumstances. The numbers, however, suspiciously increase
quickly when there is an attack. Three phases make up the
suggested remedy. Dynamic threshold calculation and
suspicion come first. The source node determines a threshold
value for the destination's sequence number at this phase.
The second phase is detection, during which the suspicious
packet is found and the network's nodes are all informed of
the malicious node ID. The malicious node is stopped from
participating in the network during the third step, which is
prevention.
By setting bait timers in each node, the authors of [7]
suggested a method for finding blackhole nodes. The timer
for the baiting is set to a random number. When the baiting
timer reaches the predetermined time, fake ID broadcasts
start to run. All requests, regardless of their nature, will
receive a response from the blackhole. They respond to those
false queries that serve as bait. As a result, the sending node
locates and maintains the blackhole node in a specific table.
Malicious nodes are ignored when the true requests are sent
out in accordance with the data kept in the malicious nodes
table.
The authors in [22] suggested to modify the existing
AODV protocol by adding Neighbor Credit Table to each
node in the network. Whenever a data packet is sent from a
neighbor or forwarded by a neighbor, the neighbor is
assumed as a genuine node and its credit value is increased in
the table. Even the genuine node, when not participating, get
poor credit values. Then when a node wants to use the
neighbor node for transmitting a message, it checks first the
value of the table. If the neighbor node doesn’t have enough
credit, then it is not trusted and another hop should be used.
B. Reputation and Trust Based
A reputation system is a system that collects, examines,
and disseminates data about nodes' actions based on their
prior interactions.
According to [23], a selfish node can be eliminated from
the network using the Selfish Node Removal using
Reputation Model (SNRRM). The selfish node is identified
by the node's current energy level and communication rate,
according to the author. Only the sender's reputation value is
examined if both the sender (S) and the distention (D) are
inside the communication range. If the communication range
between (S) and (D) is not the same, (S) sends a control
packet to its neighbors and waits for responses. The
communication ratio is then calculated using the requests
submitted and responses received.
To monitor the node's actions, determine if they are
normal (N) or malicious (M), and estimate trust and
reputation, the authors of [24] suggested a Node Activity-
based Trust and Reputation Estimation (NA-TRE) solution.
The author claims that there are three different node states.
Nodes make their best efforts to cooperate and adhere to
routing requirements in the Normal State (NS). Resource
Limitation State (RS), in which nodes cooperate little
because they use little power heavy traffic, out of
communication range, etc. Malicious State (MS), in which
nodes cause network disruption by starting denial of service
attacks, creating new paths, delaying packets, or engaging in
other malcious behaviours that have an effect on the network.
A "Semi-Markov probability decision procedure" is used for
prediction in order to proactively separate several situations.
A reputation and trust system against blackhole attacks
was suggested by the authors in [25]. This is based on nodes'
mutual trust. If node (A) trusts node (B) in this scenario, then
(B) can also trust (A). In the same way, if (B) trusts (C) and
(C) trusts (A). So (A) can trust (B). Every node in the
network is outfitted with a reputation table in order to
implement this solution. Information regarding the neighbor
node's behavior is kept in the table. The behavior is measured
and kept up to date. Therefore, after a message is transmitted
from the source to the destination, the destination should
acknowledge receipt of the message. Each node receives an
acknowledgement, which is then transmitted back. The
trusted table is modified negatively in the same way if a
message is not received.
C. Acknowledgment Based
The acknowledgement-based solution uses a mechanism
to generate acknowledgment packets across source or
intermediate nodes in order to mitigate blackhole attacks.
Prior to route determination, acknowledgement packets are
sent. The nodes that choose not to respond are either self-
centered, low-energy, or malicious nodes.
Ad hoc On-demand Multipath Secure Routing
(AOMSR), an improved routing system based on
acknowledgement, was suggested by the authors in [27].
Based on the maximum delay in receiving the data, this
routing protocol states that a source node must maintain
several pathways from source to destination.
The authors of [28] proposed an expansion of the
acknowledgment-based approach that takes into account the
choice of the intermediate nodes that are energy-efficient and
uncongested for communication, as well as session key
agreements, a counter base end to end the cycle of
acknowledgement, and an authenticating of Ack packets by
message digest.
D. Intrusion Detection System Based
An alarm system is used by an intrusion detection system.
It sends a warning to the system when it finds an attack [29].
The IDS system has an audit register where all the data is
stored for analysis and output that is used to make
judgements.
IDS was the remedy suggested by the authors in [30].
(DPAA-AODV). The two modes of operation for this
protocol are online and offline. To identify a trustworthy
feature of the blackhole detection dataset (BDD) data set, the 6 can deceive all of its neighbors into considering that it was
ReliefF Model's offline phase one is applied. This is done to the one closest to them. As a result, it gets as many requests
improve selection accuracy. The learned features from the as it can. To put it another way, when nodes look for the best
previous mode are chosen for the online mode. If the findings routes and send their RReq, they will initially appear as a
indicated that the threshold had been surpassed, a malicious neighboring node and will send their RRep as soon as they
node might be responsible. can.
Host-based IDS was employed in [31], and data on nodes' C. Data Collection
typical activity was gathered there. For the purpose of
Results were gathered from two scenarios: one in which
simulating typical malicious node activity, they used the
it was considered that all nodes were cooperative and acting
GloMoSim simulator. The feature selection was then applied
normally, and another in which it was assumed that one node
using a machine learning technique (Weka 3.7.11), which
was acting maliciously. The detection system was then used
helped to identify the rogue node. This was accomplished by
to analyze the outcomes of the two scenarios. The most
applying six features: the quantity of RREQ delivered,
important data from the simulation ran in OMNET++ were
quantity of RREP forwarded, quantity of high destination
included in the dataset. It included the AODV request, the
sequence number, quantity of low count of hops to
nodes' transmission power when sending packets, and the
destination, quantity of source nodes, and quantity of
kind of data transfer (Broadcast vs. Unicast).
destination nodes.
D. Feature Selection
IV. METHODOLOGY
There are three elements that contribute to blackholes'
Four steps make up the methodology utilized in this
attack conduct in this research, as indicated in section 5. The
paper: Making the data necessary for machine learning
first characteristic is that the malicious node strengthens its
analysis is the initial step. This is accomplished using the
ability to deceive the other nodes into considering it is the
OMNET++ simulator to produce traffic data that closely
one closest to them. The second is that rogue nodes hardly
resembles real traffic while conducting a blackhole attack.
ever send any RReq requests. They would rather respond to
The generated data is then gathered in a certain manner so
as many inquiries as they can. Last but not least, they almost
that it can be examined further at a later time. The traffic
never transmit and always use unicast.
records that are gathered share a few basic traits or
characteristics. Support Vector Machine (SVM) analysis is E. Machine Learning Using (SVM)
used to classify the traffic into malicious and normal traffic
based on these behaviors. This analysis allows for the Support Vector Machine (SVM), the well-known
identification and blocking of malicious nodes. machine learning technique is frequently utilized for
activities involving pattern classification. Figure 10 shows
A. Proposed Solution the model, which is made up of three lines. The best
categorization line is the line in the center. The two
All nodes in MANETs should cooperate. In other words,
additional lines are known as the margin lines. Patterns are
they must rely on one another to fill in for the functions that
divided into two classes using these lines [34]. Based on the
the absence of infrastructure prevents. Otherwise, the
traffic analysis, this model is employed in our situation to
network as a whole won't function effectively. One attack
distinguish between malicious and normally behaving nodes.
that seeks to corrupt MANETs is called Blackhole. By
observing the behavior of such hostile nodes on a network,
such attacks can be discovered. These common behavioral
traits of theirs can be summed up as follows:
They nearly never send any RREQ, they boost their
transmission power such that they can respond to the
majority of RREQ, and they almost never broadcast and
almost always unicast. Our solution is to create a detection
system based on SVM algorithm, which can identify any
rogue node based on the above-mentioned behavioral traits.
Label those nodes after which they should be isolated from
the network.
B. Data Generation
It is possible to simulate both the actions of good and bad Fig. 10. Support Vector Machine (SVM)
nodes using OMNET++ 5.7. On 7 nodes, the simulation was
performed. One of them served as a transmitter and is V. RESULTS
stationary (node1). Since it is irrelevant to illustrating the The simulator was configured to examine seven nodes
behavior of the mobile nodes, which form the simulation's interacting with one another. A rogue node that imitated a
central nodes, this node is excluded from the graphs. This blackhole attack was set up as one of the nodes. 10 minutes
simulation involves two scenarios. In scenario one, all nodes were given for running the simulation. 21,337 records
are cooperative and there are no malicious nodes. produced by the simulation were among the records the
Accordingly, all of the nodes are acting normally. In the system examined. The algorithm eventually succeeded in
second scenario, node 6 was configured to act maliciously categorizing the records into two groups: legitimate records
while the other nodes carry on with their regular operations. and harmful records. 16,609 of the 21,337 records were
All nods have a 1 mW radio transmission power setting. classified as normal, while 4,726 were classified as
In this instance, node 6's radio transmission power was malicious. This was supported by the following three main
set at 5 mW. By boosting its radio transmission power, node aspects:
 whether a change is made to the transmission power. The Fig. 8. Results of the simulator in presence of a
rogue node modifies its transmission power as previously blackhole attack
mentioned in order to look close to the Rreq sender. . Conclusion and Future Work
• Exceptionally increased response to as many requests as MANETs are networks without any physical
feasible. infrastructure; instead, they rely on nodes cooperation by
• Almost never transmit broadcast messages; only ever enabling both client and router functionality. These networks
send unicast. are underresourced and lack numerous security elements.
They are therefore more vulnerable than networks using
Based on the attributes, the machine learning algorithm traditional infrastructure. In this paper, we covered the
clearly detected the malicious documents. Through analysis various MANET applications, security issues, and one of the
of its behaviors based on the features listed above, the system most widespread attacks, the blackhole attack. We reviewed,
has demonstrated a high degree of accuracy in identifying organized, and contrasted the remedies suggested in the
malicious nodes. literature to decrease blackhole attacks. Then, using machine
learning, a suggested method for identifying and preventing
such attacks was put out.
Normal Behaviour
180 640
We used OMNET++ to simulate a malicious node in a
160 MANET network in order to thoroughly explore blackhole
620 attacks, and we produced a data set that we used for analysis
140
120 600 and examining the behavior of the malicious node serving as
100 the blackhole attack. Transmission power, the amount of
580 responses in comparison to the other nodes, and the type of
80
60 560 communication—broadcast or unicast—were our three main
40 areas of attention for spotting blackhole attacks. Machine
540
20 learning was used to thoroughly investigate these three
0 520 features. This research's limitation is that just seven nodes
Node 2 Node 3 Node 4 Node 5 Node 6 Node 7 were used for the simulation, and only one node served as the
attacker. A larger network may be put up in the future for
AODV Rrep AODV Rreq greater analysis, and the attackers may consist of more than
one node. This will make it possible to analyze blackhole
Fig. 7. Results of the simulator in absence of a attacks in greater networks in greater depth and to analyze
blackhole attack network data when there are multiple attacker nodes present.

In our scenario, node 6 has its radio transmission power References

boosted to 5 mW while the other nodes are left with their
default settings of 1 mW. The second characteristic of
blackhole attackers is that they respond to as many requests
as they can while remaining nearly silent in terms of sending
route requests (RReq). The blackhole attacker hardly rarely
broadcasts, and all of its communication takes the form of
unicast, which is the final but not the least aspect. As seen in
Fig. 7, the graph's six nodes behave normally. They all send
RReps and RReqs in a typical manner. In the words, each
node has a relative proportion between the number of RReq
and the number of RRep.
The numbers of RRep sent by node 6 to the other nodes
are vastly different, as seen in Fig. 8. The transmission power
of node 6 has been increased to 5 mW, whereas the
transmission power of the other nodes is 1 mW, explaining
why this is the case. Additionally, compared to the rest of the
nodes and nodes that are close toBehaviour
Malcious one another, node 6 sends
almost no RReqs.
6000
5000
4000
3000
2000
1000
0 0
Node 2 Node 3 Node 4 Node 5 Node 6 Node 7
AODV Rrep AODV Rreq
1. M. H. a. M. S. A. a. M. H. a. M. A. a. R. A. A. a. J. M. A.
Hassan, "Mobile ad-hoc network routing protocols of
time-critical events for search and rescue missions,"
Bulletin of Electrical Engineering and Informatics, vol.
10, no. 1, pp. 192--199, 2021.
2. P. a. V. S. a. R. D. B. a. D. S. a. o. Rani, "Mitigation of
black hole attacks using firefly and artificial neural
network," Neural Computing and Applications, pp. 1--
11, 2022.
3. S. K. a. S. T. Prasad, "Performance comparison of
multipath routing protocols for mobile ad hoc
network," International Journal of Systems, Control and
Communications, vol. 13, no. 1, pp. 82--98, 2022.
4. Shrivastava, Prashant Kumar, and L. K. Vishwamitra.
"Comparative analysis of proactive and reactive routing
protocols in VANET environment." Measurement:
1400
Sensors 16 (2021): 100051.
1200
1000
5. Mukti, Fransiska Sisilia, et al. "A Comprehensive
Performance Evaluation of Proactive, Reactive and
800
Hybrid Routing in Wireless Sensor Network for Real
600
Time Monitoring System." 2021 International
400
Conference on Computer Science and Engineering
200
(IC2SE). Vol. 1. IEEE, 2021.
6. A. M. a. K. S. a. M. A. H. Shantaf, "Performance
evaluation of three mobile ad-hoc network routing
protocols in different environments," in 2020
International Congress on Human-Computer
Interaction, Optimization and Robotic Applications
(HORA), 2020.
7. A. a. A. Z. M. Yasin, "Detecting and isolating black-hole
attacks in MANET using timer based baited technique,"
Wireless Communications and Mobile Computing,
2018.
8. D. a. M. A. a. A. S. a. P. S. Ramphull, "A review of
mobile ad hoc NETwork (MANET) Protocols and their
Applications," in 2021 5th international conference on
intelligent computing and control systems (ICICCS),
2021.
9. D. Kanellopoulos, "Congestion control for MANETs:
An overview," ICT Express, vol. 5, no. 2, pp. 77--83,
2019.
10. D. a. S. V. K. Kanellopoulos, "Survey on power-aware
optimization solutions for manets," Electronics, vol. 9,
no. 7, p. 1129, 2020.
11. B. S. K. a. A. M. a. K. A. R. a. G. P. Anibrika, "A Survey
of Modern Ant Colony Optimization Algorithms for
MANET: Routing Challenges, Perpectives and
Paradigms," International Journal of Engineering
Research and Technology (IJERT), 2020.
12. N. a. C. U. Yadav, "Secure Routing in MANET:A
Review," in 2019 International Conference on Machine
Learning, Big Data, Cloud and Parallel Computing
(COMITCon), 2019.
13. S. J. J. a. R. A. a. S. S. Thangaraj, "Comprehensive
Learning on Characteristics, Applications, Issues and
Limitations of Manets," International Journal of
Innovative Technology and Exploring Engineering
(IJITEE) ISSN, pp. 2278--3075, 2019.
14. K. A. a. A. S. Alshaker, "Availability in IOT for MANET
network," Materials Today: Proceedings, 2021.
15. N. a. M. R. Sivapriya, "Analysis on Essential Challenges
and Attacks on MANET Security Appraisal,"
JOURNAL OF ALGEBRAIC STATISTICS, vol. 13, no. 3,
pp. 2578--2589, 2022.
16. M. a. A. L. a. A. R. S. a. H. M. A. a. A. S. a. S. M. A.
Maad Hamdi, "A Review of Applications,
Characteristics and Challenges in Vehicular Ad Hoc
Networks (VANETs)," in 2020 International Congress
on Human-Computer Interaction, Optimization and
Robotic Applications (HORA), 2020.
17. S. Yogarayan, "Wireless Ad Hoc Network of MANET,
VANET, FANET and SANET: A Review," Journal of
Telecommunication, Electronic and Computer
Engineering (JTEC), vol. 13, no. 4, pp. 13--18, 2021.
18. H. Al-Refai, "An Enhanced AODV Protocol Against
Black Hole Attack Based on Classification Algorithm,"
Int. J. Open Problems Compt. Math, vol. 13, no. 2, 2020.
19. F.-H. a. C. H.-P. a. C. H.-C. Tseng, "Black hole along
with other attacks in MANETs: a survey," Journal of
Information Processing Systems, vol. 14, no. 1, pp. 56--
78, 2018.
20. S. a. C. S. Gurung, "A dynamic threshold based
approach for mitigating black-hole attack in MANET,"
Wireless Networks, vol. 24, no. 8, pp. 2957--2971, 2018.
21. P. Sarao, "Performance Analysis of MANET under
Security Attacks," Journal of Communications, vol. 17,
no. 3, 2022.
22. K. a. S. M. Rama Abirami, "Preventing the impact of
selfish behavior under MANET using Neighbor Credit
Value based AODV routing algorithm," vol. 43, no. 4,
pp. 1--7, 2018.
23. A. M. a. D. H. El-Semary, "BP-AODV: Blackhole
protected AODV routing protocol for MANETs based
on chaotic map," IEEE Access, vol. 7, pp. 95197--95211,
2019.
24. M. a. o. ponnusamy, "Detection of selfish nodes
through reputation model in mobile adhoc network-
MANET," Turkish Journal of Computer and
Mathematics Education (TURCOMAT), vol. 12, no. 9,
pp. 2404--2410, 2021.
25. A. a. O. M. a. D. N. a. T. A. Hammamouche,
"Lightweight reputation-based approach against simple
and cooperative black-hole attacks for MANET,"
Journal of information security and applications, vol.
43, pp. 12--20, 2018.
26. R. L. a. R. C. Raghavendar, "Node activity based trust
and reputation estimation approach for secure and QoS
routing in MANET," International Journal of Electrical
and Computer Engineering, vol. 6, no. 9, p. 5340, 2019.
27. D. a. D. P. Dave, "An effective Black hole attack
detection mechanism using Permutation Based
Acknowledgement in MANET," 2014.
28. M. A. a. D. B. Hussain, "Preventing Malicious Packet
Drops in MANETs by Counter Based Authenticated
Acknowledgement.," Ingénierie des Systèmes
d’Information, vol. 25, no. 2, pp. 173--181, 2020.
29. M. P. a. M. R. a. A. S. Preet, "RESEARCH
TECHNOLOGY INTRUSION DETECTION SYSTEM
FOR MANET," INTERNATIONAL JOURNAL OF
ENGINEERING SCIENCES, 2020.
30. F. a. Y. M. B. a. N. A. Albalas, "Detecting black hole
attacks in MANET using relieff classification
algorithm," in Proceedings of the 5th International
Conference on Engineering and MIS, 2019.
31. M. B. a. K. Y. M. a. A. M. Yasin, "Feature Selection for
Black Hole Attacks," J. Univers. Comput. Sci., vol. 22,
no. 4, pp. 521--536, 2016.
32. M. Y. Ms Katakam and Adilakshmi, "Black hole Attack
Detection Using Machine Learning Algorithms in
MANET--Performance Comparision," 2020.
33. J. a. F. S. a. L. W. a. K. J. a. M. X. a. Z. R. a. S. D. Xu, "An
algorithm for determining data forwarding strategy
based on recommended trust value in MANET,"
International Journal of Embedded Systems, vol. 12, no.
4, pp. 544--553, 2020.
34. Ibrahim, Ibrahim, and Adnan Abdulazeez. "The role of
machine learning algorithms for diagnosing diseases."
Journal of Applied Science and Technology Trends 2.01
(2021): 10-19.