Framework for statistical filtering against DDoS attacks in MANETs

A DDoS (distributed denial-of-service) attack is a distributed, large-scale attempt by malicious users to flood the victim network with an enormous number of packets. This exhausts the victim network of resources such as bandwidth, computing power, etc. The victim is unable to provide services to its legitimate clients and network performance is greatly deteriorated. There are many proposed methods in the literature which aim to alleviate this problem; such as hop-count filtering, rate-limiting and statistical filtering. However, most of these solutions are meant for the wired Internet, and there is little research efforts on mechanisms against DDoS attacks in wireless networks such as MANETs. In this paper, we study the vulnerability of MANETs to DDoS attacks and provide an overview of statistical filtering, which is commonly used as a security mechanism against DDoS attacks in wired networks. We then propose a framework for statistical filtering in MANETs to combat DDoS attacks.

[1]  M. Jiang,et al.  Cluster based routing protocol (CBRP) , 1999 .

[2]  Stuart Harvey Rubin,et al.  Distributed denial of service attacks , 2000, Smc 2000 conference proceedings. 2000 ieee international conference on systems, man and cybernetics. 'cybernetics evolving to systems, humans, organizations, and their complex interactions' (cat. no.0.

[3]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[4]  Mun Choon Chan,et al.  On the effectiveness of DDoS attacks on statistical filtering , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[5]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[6]  Zygmunt J. Haas,et al.  Determining the optimal configuration for the zone routing protocol , 1999, IEEE J. Sel. Areas Commun..

[7]  Mario Gerla,et al.  GloMoSim: A Scalable Network Simulation Environment , 2002 .

[8]  Michalis Faloutsos,et al.  Denial of service attacks at the MAC layer in wireless ad hoc networks , 2002, MILCOM 2002. Proceedings.

[9]  István Vajda,et al.  Protection against DDoS Attacks Based on Traffic Level Measurements , 2004 .

[10]  Mooi Choo Chuah,et al.  Packetscore: statistics-based overload control against distributed denial-of-service attacks , 2004, IEEE INFOCOM 2004.

[11]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[12]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.