Forensic Analysis of DoS Attack Traffic in MANET

This paper investigates distributed denial of service attacks using non-address-spoofing flood (NASF) over mobile ad hoc networks (MANET). Detection features based on statistical analysis of IDS log files and flow rate information are proposed. Detection of NASF attack is evaluated using three metrics, including detection ratio, detection time and false detection rate. Thus, the proposed framework address important issues in forensic science to identify what and when does the attack occur. Different NASF attack patterns with different network throughput degradations are simulated and examined in this paper.

[1]  Saswati Sarkar,et al.  A framework for misuse detection in ad hoc Networks-part I , 2006, IEEE Journal on Selected Areas in Communications.

[2]  Edward W. Knightly,et al.  Denial of service resilience in ad hoc networks , 2004, MobiCom '04.

[3]  Rajendra V. Boppana,et al.  Mitigating malicious control packet floods in ad hoc networks , 2005, IEEE Wireless Communications and Networking Conference, 2005.

[4]  David A. Maltz,et al.  The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4 , 2007, RFC.

[5]  Haiyun Luo,et al.  Security in mobile ad hoc networks: challenges and solutions , 2004, IEEE Wireless Communications.

[6]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[7]  Chen Eric Yi-Hua,et al.  Defending against distributed denial of service attacks , 2005 .

[8]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[9]  Eoghan Casey,et al.  Network traffic as a source of evidence: tool strengths, weaknesses, and future needs , 2004, Digit. Investig..

[10]  Yinghua Guo,et al.  Network Forensics in MANET: Traffic Analysis of Source Spoofed DoS Attacks , 2010, 2010 Fourth International Conference on Network and System Security.

[11]  C.-H. Chu,et al.  Tactical bandwidth exhaustion in ad hoc networks , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[12]  John A. Stankovic,et al.  Security in wireless sensor networks , 2004, SASN '04.

[13]  Ian F. Akyildiz,et al.  Wireless mesh networks: a survey , 2005, Comput. Networks.

[14]  D. Jhonson The Dynamic Source Routing Protocol (DSR) for Mobile Ad Hoc Networks for IPv4 , 2007 .

[15]  Bruce J. Nikkel Generalizing sources of live network evidence , 2005, Digital Investigation. The International Journal of Digital Forensics and Incident Response.

[16]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[17]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.