Developing a Hybrid Detection Approach to Mitigating Black Hole and Gray Hole Attacks in Mobile Ad Hoc Networks

Abstract

Mobile ad hoc networks (MANETs) have revolutionized wireless communications by enabling dynamic, infrastructure-free connectivity across various applications, from disaster recovery to military operations. However, these networks are highly vulnerable to security threats, particularly black hole and gray hole attacks, which can severely disrupt network performance and reliability. This study addresses the critical challenge of detecting and mitigating these attacks within the framework of the dynamic source routing (DSR) protocol. To tackle this issue, we propose a robust hybrid detection method that significantly enhances the identification and mitigation of black hole and gray hole attacks. Our approach integrates anomaly detection, advanced data mining techniques, and cryptographic verification to establish a multi-layered defense mechanism. Extensive simulations demonstrate that the proposed hybrid method achieves superior detection accuracy, reduces false positives, and maintains high packet delivery ratios even under attack conditions. Compared to existing solutions, this method provides more reliable and resilient network performance, dynamically adapting to evolving threats. This research represents a significant advancement in MANET security, offering a scalable and effective solution for safeguarding critical MANET applications against sophisticated cyber-attacks.

1. Introduction

Mobile ad hoc networks (MANETs) have emerged as a revolutionary paradigm in wireless communications, offering dynamic, infrastructure-free connectivity across a wide spectrum of applications, from disaster recovery to military operations [1,2]. The inherent flexibility and rapid deployment capabilities of MANETs make them invaluable in scenarios where traditional network infrastructure is unavailable or impractical. Despite their numerous advantages, MANETs are inherently vulnerable to a variety of security threats, with black hole and gray hole attacks representing particularly severe challenges to network integrity and performance [3]. These attacks exploit the decentralized nature of MANETs and the trust assumptions built into many routing protocols, potentially leading to significant disruptions in data transmission and overall network reliability. The dynamic source routing (DSR) protocol, widely adopted in MANETs due to its efficiency, unfortunately lacks robust, built-in security mechanisms to counteract sophisticated attacks such as black hole and gray hole intrusions [4]. This security gap poses a critical challenge to the widespread adoption and trustworthiness of MANETs in sensitive applications. In order to address these challenges, this work proposes a novel hybrid detection method specifically designed to mitigate and identify black hole and gray hole attacks within MANETs employing the DSR protocol. Our proposed methodology synergizes multiple detection techniques to create a comprehensive defense mechanism, aiming to significantly enhance the security posture of MANETs without compromising their inherent advantages of flexibility and efficiency.

The primary contributions of this research are threefold:

• The development of an innovative hybrid detection method that leverages the strengths of anomaly detection, data mining techniques, and cryptographic verification to accurately identify and isolate malicious nodes within MANETs.
• An enhancement of the dynamic source routing (DSR) protocol through the integration of our hybrid detection method, thereby improving its resilience against both known and emerging security threats.
• A rigorous empirical validation of the proposed approach through extensive simulations, demonstrating significant improvements in key network performance metrics under various attack scenarios.

The remainder of this paper is structured as follows: Section 2 explores the current state of the art in MANET security, focusing particularly on the existing strategies for combating black hole and gray hole attacks. This review sets the stage for our own contributions by highlighting the strengths and limitations of current approaches. Section 3 presents a detailed discussion of our proposed hybrid detection method. The results of the experimental evaluations are discussed in Section 5. Moreover, this section presents not only our experimental findings but also a comparison of our hybrid method with traditional approaches, highlighting its strengths and potential areas for further refinement. Section 6 summarizes the study’s outcomes, highlights its contributions to the field, and suggests directions for future research. This structure ensures a comprehensive presentation of our study from its foundational concepts to its practical implications.

2. Related Work

The security of mobile ad hoc networks (MANETs) has been the subject of extensive research, particularly with regard to mitigating black hole and gray hole attacks. Traditional detection methods have laid the foundation for MANET security, with the watchdog mechanism being one of the earliest approaches [5]. In [3], the authors proposed a method that continuously monitors the behavior of neighboring nodes to detect malicious activity. While effective in certain scenarios, the watchdog mechanism can suffer from false positives in dynamic network conditions and is vulnerable to collusion attacks.

Enhancements to basic routing protocols have also been proposed to incorporate security features, in order to protect personal data [6]. In [7], the authors introduced SAODV (Secure AODV), which extends the AODV protocol with digital signatures and hash chains to protect against route manipulation. These secure routing protocols provide resistance against attacks, but they often introduce significant computational and communication overhead.

Intrusion detection systems (IDSs) for mobile ad hoc networks (MANETs) employ a variety of techniques, including anomaly-based, signature-based, and specification-based detection, to identify network anomalies [3,8]. The primary challenge in IDS implementation is achieving an optimal balance between detection accuracy and computational efficiency in resource-constrained MANET environments. In this context, recent research has focused on developing hybrid approaches that combine multiple detection techniques, such as statistical techniques, artificial intelligence, and data mining techniques, to enhance accuracy and reduce false positives [9]. In [10], the authors proposed an advanced anomaly detection framework that utilizes the statistical modeling of normal network behavior and machine learning algorithms for pattern recognition. This approach offers enhanced adaptability to evolving network conditions; however, it necessitates meticulous calibration to minimize the occurrence of false alarms. With regard to data mining and clustering techniques, in [11], the authors introduced an approach incorporating K-means clustering and decision trees for node behavior categorization and malicious node classification. These techniques provide a more nuanced understanding of node behavior, but they may require significant computational resources. The application of machine learning and artificial intelligence methodologies has the potential to enhance the precision and efficacy of attack-detection mechanisms [5,12]. In [13,14,15], the authors provided a comprehensive review using machine and deep learning to develop an intrusion detection system that can effectively determine the best possible next step of a malicious node. In particular, the former authors proposed a system designed for Internet-of-Things (IoT) networks, offering valuable insights that can be adapted to the context of mobile ad hoc networks (MANETs). In the latter work, the authors employ a deep neural network (DNN) model for the detection of blackhole attacks in VANETs, whereby the probability of the next node being a blackhole attack node is predicted. Furthermore, the implementation of the DNN model resulted in a reduction in delays during the optimization process and an enhancement in system performance.

Furthermore, recent empirical studies have demonstrated the effectiveness of hybrid detection methods in enhancing MANET security. In [16,17] the authors conducted comprehensive evaluations, revealing significant improvements in detection accuracy, reduced false positive rates, and the maintenance of high packet delivery ratios even under attack conditions. In this context, in [18], the authors introduced the concept of on-demand multipath distance vector routing, which provides inherent resilience against certain types of attacks by maintaining multiple route options. This approach, while not specifically tailored to these attack mitigation, offers a foundation for more robust routing mechanisms in MANETs.

Despite the technological advancements that have been made, the constantly evolving nature of security threats and the specific characteristics of mobile ad hoc networks (MANETs) require continued research and innovation in this crucial area of network security. The impact of these malicious activities on network performance has been the subject of extensive examination by numerous researchers. In [19], the authors discussed the effects of malicious nodes on multicast routing protocols in vehicular delay-tolerant networks, a specific application of MANETs. Their findings highlight the need for attack-resilient multicast protocols in highly mobile network scenarios.

These diverse research efforts collectively demonstrate the multifaceted nature of MANET security challenges and the ongoing need for innovative, integrated solutions that can address the complex interplay of factors such as energy efficiency, reliability, mobility, and scalability while effectively mitigating sophisticated attacks like black hole and gray hole intrusions.

3. The Proposed Approach

This section introduces a novel hybrid detection methodology specifically designed to identify and mitigate the risks posed by black hole and gray hole attacks within mobile ad hoc networks (MANETs), utilizing the dynamic source routing (DSR) protocol. The proposed approach combines the strengths of multiple detection techniques into a coherent and multi-faceted defense mechanism uniquely tailored to addressing the inherent security challenges of MANETs. The methodology is structured into three integrated components:

• Anomaly Detection

This component forms the foundation of the hybrid approach, establishing a baseline of normal network behavior through statistical models. By continuously monitoring network traffic and comparing real-time data against this baseline, the system can detect deviations indicative of potential attacks. The use of statistical anomaly detection ensures the early identification of unusual patterns that may signify black hole or gray hole activities.

• Data Mining Techniques

Building upon the initial anomaly detection, this component employs advanced data mining techniques, including clustering and classification algorithms, to analyze and categorize nodes based on their behavior. These techniques allow for the isolation of nodes that exhibit suspicious behavior patterns, further refining the accuracy of the detection process. The use of K-means clustering and decision trees helps distinguish legitimate and malicious nodes, enhancing the robustness of the detection system.

• Cryptographic Verification

The final layer of the proposed methodology involves the use of cryptographic techniques to verify the legitimacy of nodes flagged as suspicious. By employing public key infrastructure (PKI) and digital signatures, this component ensures that only authenticated nodes participate in the network, thereby safeguarding the integrity of data transmissions and preventing unauthorized access.

• Sequential Integration

The proposed hybrid detection method is executed sequentially, beginning with anomaly detection to identify irregularities, followed by the application of data mining techniques to analyze and classify nodes, and culminating in cryptographic verification to authenticate and isolate malicious entities. This step-by-step process ensures comprehensive protection against black hole and gray hole attacks, enhancing the overall security and reliability of MANETs.

3.1. Anomaly Detection and Data Mining Techniques

The foundation of our hybrid detection method relies on anomaly detection. This phase utilizes statistical models to establish a baseline of normal network behavior. The continuous monitoring of network traffic enables the early detection of deviations that may indicate potential security threats. The process begins with the establishment of a baseline through the statistical modeling of network parameters, including packet arrival rates, routing request frequencies, and hop counts. This baseline defines a profile of normal network operations based on historical data. Real-time monitoring then compares ongoing network traffic against this established baseline. Anomalies, such as unusual traffic patterns, unexpected spikes in data transmission rates, or irregular route requests, trigger alerts. The anomaly detection process can be mathematically represented as follows:

$$AnomalyScore={\displaystyle \frac{|x-\mu |}{\sigma }}$$

(1)

where x is the observed value, $\mu$ is the mean of the normal behavior, and $\sigma$ is the standard deviation. Building upon initial anomaly detection, the method further refines its analysis through advanced data mining techniques. This stage involves clustering and classification algorithms to categorize nodes based on behavioral patterns, isolating those exhibiting signs of malicious activity. K-means clustering is employed to group nodes based on behavioral features such as packet forwarding rates and response times. The clustering process can be represented as follows:

$$J=\sum _{i=1}^k\sum _{j=1}^n\left|\right|x_j^{\left(i\right)}-{\mu }_i{\left|\right|}^2$$

(2)

where J is the objective function to be minimized, k is the number of clusters, $x_j^{\left(i\right)}$ is the j-th node in cluster i, and ${\mu }_i$ is the centroid of cluster i.

Moreover, key features indicative of malicious behavior are extracted, and classification algorithms such as decision trees and support vector machines (SVMs) are used to classify nodes as legitimate or malicious. The decision tree algorithm can be represented as follows:

$$E\left(T\right)=-\sum _{i=1}^m{p}_i{log}_2\left(p_i\right)$$

(3)

where $E\left(T\right)$ is the entropy of the node set T, and $p_i$ is the proportion belonging to class i.

The final tier of our proposed method incorporates cryptographic techniques to verify the legitimacy of nodes flagged as suspicious. Public key infrastructure (PKI) and digital signatures serve as critical tools in this phase, facilitating the authentication of node identities and the integrity of their data transmissions. Nodes sign their transmissions using private keys, with verification performed using the corresponding public keys. This process can be represented as follows:

$$Signature=Sig{n}_{private}\left(H\left(m\right)\right)$$

(4)

where $H\left(m\right)$ is the hash of the message m.

Data integrity is ensured through the use of hash functions:

$$H=SHA-256\left(m\right)$$

(5)

In Equation (5), H(m) represents the hash value generated from the message mmm using the SHA-256 hash function. SHA-256 (Secure Hash Algorithm 256-bit) is a cryptographic hash function that produces a fixed-size 256-bit (32-byte) hash value from an arbitrary-size input message. This hash function is designed to be a one-way function, meaning that it is computationally infeasible to reverse the hash value in order to retrieve the original input message. The use of SHA-256 in our method ensures the integrity of data by providing a unique hash value for each message. If the data are altered in any way during transmission, the hash value computed at the receiver’s end will differ from the original hash value, thereby indicating potential tampering. This mechanism is crucial in verifying the authenticity and integrity of the messages exchanged within the network, especially in the presence of malicious nodes attempting to disrupt communication.

Node authentication is further reinforced through the use of certificates issued by trusted certificate authorities (CAs).

The hybrid detection method unfolds sequentially, starting with anomaly detection to screen for irregularities, followed by the in-depth analysis of flagged nodes using data mining techniques, and culminating in the cryptographic verification of suspected attackers. This comprehensive approach ensures the early detection, accurate identification, and effective mitigation of black hole and gray hole attacks in MANETs.

This innovative detection method promises to significantly enhance the security landscape of MANETs by offering a robust solution capable of adapting to the dynamic nature of these networks. By integrating diverse detection techniques, our approach aims to establish a more resilient defense against sophisticated threats, ensuring the reliability and integrity of data transmission within these critical communication infrastructures.

3.2. Sequential Integration

Our proposed hybrid detection method unfolds sequentially, starting with anomaly detection to screen for irregularities, followed by the in-depth analysis of flagged nodes using data mining techniques, and culminating in the cryptographic verification of suspected attackers. This comprehensive approach ensures the early detection, accurate identification, and effective mitigation of black hole and gray hole attacks in MANETs.

• Simulation of MANET environment: initial setup and configuration of the MANET environment and implementation of the DSR protocol.
• Monitoring network traffic: continuous traffic monitoring to detect deviations from normal behavior.
• Implementing hybrid detection algorithms: applying anomaly detection, clustering, and classification techniques.
• Attack detection and type identification: identifying anomalies and classifying the type of attack (black hole or gray hole).
• Mitigation strategy implementation: deploying appropriate countermeasures to mitigate identified attacks.
• Post-mitigation network analysis: assessing network performance and security post-mitigation.
• Success evaluation: determining the effectiveness of the mitigation strategy. If unsuccessful, re-evaluation and adjustment of detection mechanisms.

This innovative detection method promises to significantly enhance the security landscape of MANETs by offering a robust solution capable of adapting to the dynamic nature of these networks. By integrating diverse detection techniques, our approach aims to establish a more resilient defense against sophisticated threats, ensuring the reliability and integrity of data transmission within these critical communication infrastructures.

Figure 1 illustrates a flowchart of the proposed hybrid detection method for identifying and mitigating black hole and gray hole attacks in mobile ad hoc networks (MANETs). The flowchart outlines the sequential steps involved in the implementation and execution of this approach, starting from the initialization of the MANET environment, where the network topology is established with nodes randomly distributed within a defined area. Following this, the dynamic source routing (DSR) protocol is implemented to manage the routing of packets between nodes, which is central to the network’s operation and the focus of the proposed security enhancements. Next, the continuous monitoring of network traffic is conducted to detect any irregularities that may indicate malicious activities. If an anomaly is detected, the hybrid detection algorithm, which integrates anomaly detection, data mining techniques, and cryptographic verification, is triggered to accurately identify and classify potential threats. Upon the detection of an attack, the system identifies the type of attack, whether it is a black hole or gray hole attack, and then it deploys appropriate mitigation strategies to neutralize the threat. After the mitigation strategy is applied, a post-mitigation analysis is performed to assess the effectiveness of the response, including the evaluation of key network performance metrics such as the packet delivery ratio and latency. Finally, the system determines whether the mitigation efforts were successful. If the attack has been successfully mitigated, the process concludes; if not, the system may loop back to re-evaluate the detection and mitigation processes, ensuring continuous protection.

4. Experimental Setup

To evaluate the effectiveness of the proposed hybrid detection method, a series of experiments was conducted in a simulated MANET environment. This section provides details on the experimental environment, the datasets used, and the specific parameters configured for the evaluation.

4.1. Simulation Environment

The experiments were performed using the NS-3 network simulator, which is widely recognized for its accuracy in modeling MANET environments. The simulation setup was configured as follows:

• Number of nodes: The network consisted of 50 to 100 nodes randomly distributed over a 1000 m × 1000 m area.
• Mobility model: The Random Waypoint Mobility Model was utilized, with nodes moving at speeds ranging from 1 to 20 m per second. This model reflects the dynamic nature of MANETs, simulating realistic node movements
• Traffic model: Constant-bit-rate (CBR) traffic was generated between randomly selected source and destination pairs. The packets were 512 bytes in size, with an interval of 0.1 s between each packet.
• Routing protocol: The dynamic source routing (DSR) protocol was used as the routing framework to ensure consistency with the focus of this research.
• Simulation duration: Each simulation ran for 1000 s to ensure that sufficient data was collected for accurate performance analysis.

4.2. Attack Scenarios

Both black hole and gray hole attacks were simulated in the network. In the black hole scenario, malicious nodes dropped all the packets they received, whereas, in the gray hole scenario, malicious nodes selectively dropped packets based on their content. Varying numbers of malicious nodes (5%, 10%, and 20% of the total nodes) were introduced to evaluate the robustness of the proposed detection method.

4.3. Performance Metrics

To assess the performance of our method, the following metrics were measured:

• Detection accuracy: the percentage of correctly identified malicious nodes.
• False positive rate: the rate at which legitimate nodes were incorrectly identified as malicious.
• Packet delivery ratio (PDR): the ratio of packets successfully delivered to the destination versus the total number of packets sent.
• Network latency: the average time taken for packets to reach their destination.
• System overhead: the additional computational and network resources consumed via the detection method.

4.4. Dataset

The dataset used for evaluation was generated using the NS-3 simulator, and it reflects realistic MANET traffic patterns and attack scenarios. The dataset contains detailed logs of node interactions, packet transmissions, and attack behaviors, which were used to train and test the anomaly detection models.

5. Result and Discussion

Figure 2 presents a comparison of the detection accuracy (%) for black hole and gray hole attacks. The analysis comprises three methodologies: Watchdog, DSR, and a proposed hybrid approach. The results show that each approach is effective in detecting these two types of attacks. The watchdog demonstrated a moderate level of accuracy, with detection rates of $85\%$ for black hole attacks and $78\%$ for gray hole attacks. DSR achieved results with an accuracy of $90\%$ for black hole attacks and $82\%$ for gray hole attacks. The hybrid approach achieved a detection accuracy of $97\%$ for black hole attacks and $93\%$ for gray hole attacks. The findings suggest that the hybrid approach outperforms Watchdog and DSR in accurately detecting both types of attacks. This solution shows promise in enhancing network security against such threats.

Figure 3 presents the false positive rates (%) for black hole and gray hole attacks, as measured via the Watchdog, DSR, and proposed hybrid-approach methodologies. False positives are instances where legitimate nodes are wrongly identified as attackers. The results show the effectiveness of each method in minimizing incorrect identifications. The false positive rates for Watchdog were higher, with $12\%$ for black hole attacks and $15\%$ for gray hole attacks. DSR demonstrated improved performance with decreased rates of $9\%$ for black hole attacks and $11\%$ for gray hole attacks. The hybrid approach effectively reduced false positives, with rates as low as $3\%$ for black hole attacks and $2\%$ for gray hole attacks. The hybrid approach was found to effectively reduce false positives, thereby enhancing the accuracy and reliability of attack detection compared to the Watchdog and DSR methods.

Figure 4 shows the packet delivery ratio (PDR) (%) for three scenarios: black hole attack, gray hole attack, and no attack. The PDR was measured using Watchdog, DSR, and the proposed hybrid approach. The PDR, also known as the packet delivery ratio, is a metric used to determine the percentage of packets that successfully reach their intended destination out of the total number of packets sent. In the black hole attack scenario Watchdog achieved a packet delivery ratio (PDR) of $72\%$. DSR achieved higher performance of $78\%$, while the hybrid approach exhibited the highest success rate of $88\%$. In a gray hole attack, Watchdog records a PDR of $75\%$. DSR enhances it to $79\%$, and the hybrid approach maintains a PDR of $87\%$. In the absence of attacks, the no-attack scenario demonstrated higher PDRs when all three methodologies were employed. Watchdog had a PDR of $91\%$, DSR had a PDR of $93\%$, and the hybrid approach had a PDR of $97\%$. The results indicate that the hybrid approach is effective in maintaining a high PDR even during attack scenarios. This suggests that it has the potential to ensure successful packet delivery in the presence of network threats when compared to other methods.

Figure 5 displays the network latency (in milliseconds, ms) for three scenarios: black hole attack, gray hole attack, and no attack. The data are presented using three methodologies: Watchdog, DSR, and the proposed hybrid approach. Network latency refers to the time it takes for a packet to travel from its source to its destination. Lower values are preferred, as they suggest quicker data transmission. The latency of Watchdog in the case of a black hole attack was 220 ms, which was reduced to 205 ms via DSR. The hybrid approach achieved the lowest latency at 180 ms. During a gray hole attack, Watchdog records a latency of 210 ms. DSR lowers it to 200 ms, and the hybrid approach maintains a latency of 175 ms. In the absence of attacks, the no-attack scenario demonstrated reduced latencies according to all three methodologies. The latency of Watchdog was 100 ms, DSR had a latency of 95 ms, and the hybrid approach had a lower latency of 90 ms. The findings suggest that the hybrid approach has the potential to enhance the data transmission speed in various scenarios by reducing network latencies when compared to the other methods.

Figure 6 displays the system overhead (%) for three scenarios: black hole attack, gray hole attack, and no attack. The data were analyzed using three methodologies: Watchdog, DSR, and the proposed hybrid approach. System overhead is the additional resources, such as computational power or bandwidth, utilized in a detection system. Lower values indicate a greater degree of system effectiveness. Watchdog experiences an overhead of $18\%$ when dealing with a black hole attack. DSR reduces the overhead to $15\%$, and the hybrid approach further minimizes it to $10\%$. In the scenario of a gray hole attack, Watchdog experiences a $20\%$ overhead, which is then decreased to $16\%$ with the assistance of DSR. The hybrid approach manages to achieve the lowest overhead of $9\%$. In the absence of attacks, the no-attack scenario demonstrated decreased overhead when all three methodologies were employed. The overhead of Watchdog was $5\%$, DSR had an overhead of $4\%$, and the hybrid approach had the lowest overhead of $3\%$. The outcomes highlight the efficiency of the hybrid approach in using fewer additional resources compared to the Watchdog and DSR methods in different scenarios, indicating its potential to create a more resource-effective detection system.

The comprehensive analysis in

Table 1. Overview of the result of our approach.

Metric	Scenario	Watchdog	DSR	Hybrid Approach
Detection Accuracy (%)	Black Hole Attack	85	90	97
	Gray Hole Attack	78	82	93
False Positive Rate (%)	Black Hole Attack	12	9	3
	Gray Hole Attack	15	11	2
Packet Delivery Ratio (%)	Black Hole Attack	72	78	88
	Gray Hole Attack	75	79	87
	No Attack	91	93	97
Network Latency (ms)	Black Hole Attack	220	205	180
	Gray Hole Attack	210	200	175
	No Attack	100	95	90
System Overhead (%)	Black Hole Attack	18	15	10
	Gray Hole Attack	20	16	9
	No Attack	5	4	3

clearly demonstrates that the hybrid detection approach excels across all evaluation metrics. It not only improves detection accuracy and reduces false positives but also enhances packet delivery ratios, minimizes network latency, and reduces system overhead. These improvements underscore the hybrid approach’s potential to provide a robust and reliable security solution for MANETs, effectively mitigating the impacts of black hole and gray hole attacks.

Comparative Analysis

To strengthen the validation of our proposed hybrid detection method, we extended our comparisons beyond Watchdog and DSR by including other state-of-the-art solutions mentioned in the related work section. Specifically, we compared our approach with the methodologies presented in [1,3,5]. The results, summarized in

Table 2. Overview of the results of the comparative evaluations.

Metric	Scenario	Watchdog	DSR	Dual Attack Detection	Collaborative Detection	Hybrid Detection
Detection Accuracy (%)	Black Hole Attack	85	90	92	90	97
	Gray Hole Attack	78	82	88	85	93
False Positive Rate (%)	Black Hole Attack	12	9	8	7	3
	Gray Hole Attack	15	11	10	9	2
Packet Delivery Ratio (%)	Black Hole Attack	72	78	85	80	88
	Gray Hole Attack	75	79	82	77	87
Network Latency (ms)	Black Hole Attack	220	205	200	195	180
	Gray Hole Attack	210	200	190	185	175
System Overhead (%)	Black Hole Attack	18	15	14	12	10
	Gray Hole Attack	20	16	15	13	9

, show that, while methods such as the dual-attack detection technique and collaborative detection are competitive in specific scenarios, our hybrid approach consistently outperformed these methods across multiple metrics, particularly in detection accuracy and false positive rates under both black hole and gray hole attack conditions. For example, our method achieved a detection accuracy of 97% for black hole attacks, compared to 92% for the dual attack detection technique and 90% for the collaborative detection method. Additionally, our approach demonstrated significantly lower system overhead and network latency, making it more suitable for deployment in resource-constrained MANET environments. These comparisons reinforce the significance of our hybrid approach in improving the security and reliability of MANETs against sophisticated attacks, offering a scalable and adaptable solution that can meet the evolving demands of MANET environments.

6. Conclusions

This research addressed the critical security challenges posed by black hole and gray hole attacks in mobile ad hoc networks (MANETs) utilizing the dynamic source routing (DSR) protocol. Our novel hybrid detection method, which synergizes anomaly detection, data mining techniques, and cryptographic measures, demonstrated significant improvements over existing approaches like Watchdog and standalone DSR.

Our simulations and analyses revealed superior detection accuracy for both black hole and gray hole attacks, substantially reduced false-positive rates, improved packet delivery ratios (PDRs) under attack scenarios, reduced network latency, and lower system overhead. These results underscore the potential of our hybrid approach in enhancing MANET security and reliability against sophisticated cyber threats.

Despite the promising results, our study encountered several limitations that warrant acknowledgment. Our evaluation was primarily simulation-based, and real-world implementation may present unforeseen challenges. We focused mainly on black hole and gray hole attacks, while other types of attacks may require additional consideration. The performance of our approach in very large-scale MANETs needs further investigation, and a detailed analysis of the energy impact on resource-constrained devices is needed.

Building on this research, we propose several avenues for future work. Real-world deployments will be crucial to validate our simulation results in actual MANET environments. Adapting the hybrid approach to detect and mitigate a broader range of MANET security threats is another important direction. We also see potential in exploring advanced machine learning techniques, particularly deep learning, to further enhance detection accuracy and adaptability. Investigating the integration of our hybrid method with other network layers could lead to a more comprehensive security solution. Developing energy-aware variants of the hybrid approach will be essential to better suit resource-constrained devices in MANETs. Finally, exploring the potential of blockchain technology could enhance the trustworthiness and integrity of the detection system.

In conclusion, our hybrid detection method represents a significant advancement in MANET security, particularly against black hole and gray hole attacks. While limitations exist, the approach shows great promise in improving network reliability and performance under threat conditions. The proposed future work directions aim to address current limitations and further enhance the robustness and applicability of this security solution in diverse MANET scenarios. As MANETs continue to play a crucial role in various applications, from disaster recovery to military operations, the ongoing development of robust security measures remains paramount. Our research contributes to this vital field, paving the way for more secure and reliable ad hoc network communications in an increasingly connected world.