Resisting flooding attacks in ad hoc networks

Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. In this paper, we present a new DOS attack and its defense in ad hoc networks. The new DOS attack, called ad hoc flooding attack, can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets or sends a lot of attacking DATA packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzed ad hoc flooding attack, we develop flooding attack prevention (FAP), a generic defense against the ad hoc flooding attack in mobile ad hoc networks. The FAP is composed of neighbor suppression and path cutoff. When the intruder broadcasts exceeding packets of route request, the immediate neighbors of the intruder observe a high rate of route request and then they lower the corresponding priority according to the rate of incoming queries. Moreover, not serviced low priority queries are eventually discarded. When the intruder sends many attacking DATA packets to the victim node, the node may cut off the path and does not set up a path with the intruder any more. Mobile ad hoc networks can prevent the ad hoc flooding attack by FAP with little overhead.

[1]  Joseph P. Macker,et al.  Mobile Ad hoc Networking (MANET): Routing Protocol Performance Issues and Evaluation Considerations , 1999, RFC.

[2]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[4]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[5]  Elizabeth M. Belding-Royer,et al.  A secure routing protocol for ad hoc networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[6]  Panagiotis Papadimitratos,et al.  Secure link state routing for mobile ad hoc networks , 2003, 2003 Symposium on Applications and the Internet Workshops, 2003. Proceedings..

[7]  N. Asokan,et al.  Securing ad hoc routing protocols , 2002, WiSE '02.

[8]  Pekka Nikander,et al.  Stateless connections , 1997, ICICS.

[9]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[10]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.

[11]  Ion Stoica,et al.  Taming IP packet flooding attacks , 2004, Comput. Commun. Rev..

[12]  Manel Guerrero Zapata Secure ad hoc on-demand distance vector routing , 2002, MOCO.

[13]  Nitin H. Vaidya,et al.  Location-aided routing (LAR) in mobile ad hoc networks , 1998, MobiCom '98.

[14]  David B. Johnson,et al.  The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks , 2003 .

[15]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[16]  Yih-Chun Hu,et al.  Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks , 2002, MobiCom '02.

[17]  Stefan Schlott,et al.  Securing ad hoc routing protocols , 2004, Proceedings. 30th Euromicro Conference, 2004..

[18]  Yih-Chun Hu,et al.  SEAD: secure efficient distance vector routing for mobile wireless ad hoc networks , 2002, Proceedings Fourth IEEE Workshop on Mobile Computing Systems and Applications.

[19]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[20]  Srdjan Capkun,et al.  Self-Organized Public-Key Management for Mobile Ad Hoc Networks , 2003, IEEE Trans. Mob. Comput..

[21]  Donal O'Mahony,et al.  Secure routing for mobile ad hoc networks , 2005, IEEE Communications Surveys & Tutorials.