Page 2 Lecture Notes in Computer Science 2865 Edited by G. Goos ...
Page 2 Lecture Notes in Computer Science 2865 Edited by G. Goos ...
Page 2 Lecture Notes in Computer Science 2865 Edited by G. Goos ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
152 M. Just, E. Kranakis, and T. Wancan easily jo<strong>in</strong> the network or capture a mobile node and then starts to disrupt networkcommunication <strong>by</strong> silently dropp<strong>in</strong>g packets. It is also a threat to the Internet s<strong>in</strong>ce thevarious software vulnerabilities would allow attackers to ga<strong>in</strong> remote control of routerson the Internet. If malicious packet dropp<strong>in</strong>g attack is used along with other attack<strong>in</strong>gtechniques, such as shorter distance fraud, it can create more powerful attacks (i.e.,black hole [12]) which may completely disrupt network communication.Current network protocols do not have the capability to detect the malicious packetdropp<strong>in</strong>g attack. Network congestion control mechanisms do not apply here s<strong>in</strong>ce packetsare not dropped due to congestion. L<strong>in</strong>k layer acknowledgment, such as IEEE 802.11MAC protocol [1], can detect l<strong>in</strong>k layer break, but cannot detect forward<strong>in</strong>g level break.Although upper layer acknowledgment, such as TCP ACK, allows for detect<strong>in</strong>g end-toendcommunication break, it can be <strong>in</strong>efficient and it does not <strong>in</strong>dicate the node at whichthe communication breaks. Moreover such mechanism is not available <strong>in</strong> connectionlesstransport layer protocols, such as UDP. Therefore, it is important to develop mechanismsto render networks the robustness for resist<strong>in</strong>g the malicious packet dropp<strong>in</strong>gattack.In this paper, we present a proactive distributed prob<strong>in</strong>g technique to detect andmitigate the malicious packet dropp<strong>in</strong>g attack. In our approach, every node proactivelymonitors the forward<strong>in</strong>g behavior of other nodes. Suppose node A wants to know ifnode B performs its forward<strong>in</strong>g functions, it will send a probe message to a node onehop away from node B, let us say to node C. C is supposed to respond to the probe message<strong>by</strong> send<strong>in</strong>g back an acknowledgment to A. If A can receive the acknowledgmentwith<strong>in</strong> a certa<strong>in</strong> time period, it acts as a confirmation that node B forwarded the probemessage to C. With the assumption that a probe message is <strong>in</strong>dist<strong>in</strong>guishable from anormal data packet, A knows that B will forward all the other packets.Our experiments demonstrate that <strong>in</strong> a moderately chang<strong>in</strong>g network, the prob<strong>in</strong>gtechnique can detect most of the malicious nodes with a relatively low false positiverate. The packet delivery rate <strong>in</strong> the network can also be <strong>in</strong>creased if the detected maliciousnodes are <strong>by</strong>passed from network communication. We argue that the prob<strong>in</strong>gtechnique is of practical significance s<strong>in</strong>ce it can be implemented <strong>in</strong> the applicationlayer and does not require the modification of underly<strong>in</strong>g rout<strong>in</strong>g protocols.The rema<strong>in</strong>der of the paper is organized as follows. In Section 2, we analyze theDoS attacks aga<strong>in</strong>st a network <strong>in</strong>frastructure and review the correspond<strong>in</strong>g preventionmechanisms. In Section 3, we def<strong>in</strong>e frequently used notation and term<strong>in</strong>ology. In Section4, we present our solution for monitor<strong>in</strong>g wireless ad hoc networks. In section 5,we describe the implementation and simulation of our solution. We conclude the paper<strong>in</strong> the last section.2 DoS Attacks on Rout<strong>in</strong>g InfrastructureWireless ad hoc networks are vulnerable to various types of DoS attacks, such as signal<strong>in</strong>jection, battery dra<strong>in</strong>, among others. This paper focuses on the DoS attacks on itsrout<strong>in</strong>g <strong>in</strong>frastructure. Based on the types of traffic transmitted <strong>in</strong> a network, we canclassify these DoS attacks <strong>in</strong>to two categories: DoS attacks on rout<strong>in</strong>g traffic and DoSattacks on data traffic. Such classification is also applicable to the Internet.