Dynamic variation of network topology in mobile ad hoc networks (MANET) forces network nodes to work together and rely on each other for routing. Considering the lack of a central control node, some nodes appear maliciously and selectively drop the data packets instead of transmitting to the next hop node, which is known as the gray hole attack. In order to prevent and identify the gray hole attack, an intrusion detection system (IDS) is proposed on nodes to maintain network efficiency. In addition to establishing security, the proposed anti gray hole attack mechanism extracts abnormal differences between routing packets in the route discovery phase of the ad hoc on-demand distance vector (AODV) routing protocol. It then assigns a suspicious value to each participating node and monitors the exchange of data packets between neighboring nodes in the data transfer phase using a data transmission information table. If the suspicious value reaches a predetermined threshold, IDS nodes send an alert message to other nodes about the identity of the malicious node, in order to prevent its activity on the network. Simulation results indicate that the performance of the proposed scheme in terms of packet delivery rate, packet loss rate, and routing overhead outperforms those in the literature.