Abstract
The boundary of a distributed denial of service attack, one of the most threatening attacks in a wired network, now extends to wireless mobile networks, following the appearance of a DDoS attack tool targeted at mobile phones. Many protocols and architectures for mobile networks were designed without regard to the possibility of a DDoS attack. Moreover, the existing defense mechanisms against such attacks in a wired network are not effective in a wireless mobile network, because of differences in their characteristics. In this paper, we propose a fast defense mechanism against IP spoofing traffic for mobile networks. IP spoofing is one of the features of a DDoS attack against which it is most difficult to defend. Among the various mobile networks, we focus on the Network Mobility standard that is being established by the NEMO Working Group in the IETF. Our defense consists of the following five processes: speedy detection, filtering of attack packets, identification of attack agents, isolation of attack agents, and notification of neighboring routers. We simulated and analyzed the effects on normal traffic of moving attack agents, and the results of applying our defense to a mobile network. Our experimental results show that our mechanism provides a robust defense.
This research was supported by University IT Research Center Project.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Geng, X., et al.: Defending Wireless Infrastructure Against the Challenge of DDoS Attacks. Mobile Networks and Applications 7, 213–223 (2002)
Lou, W., Liu, W., Fang, Y.: SPREAD: Enhancing Data Confidentiality in Mobile Ad Hoc Networks. In: IEEE INFOCOM (2004)
Kong, J., et al.: Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks. In: IEEE ICNP (2001)
Kim, M., Chae, K.-J.: Detection and Identification Mechanism against Spoofed Traffic Using Distributed Agents. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 673–682. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, M., Chae, K. (2005). A Fast Defense Mechanism Against IP Spoofing Traffic in a NEMO Environment. In: Kim, C. (eds) Information Networking. Convergence in Broadband and Mobile Networking. ICOIN 2005. Lecture Notes in Computer Science, vol 3391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30582-8_88
Download citation
DOI: https://doi.org/10.1007/978-3-540-30582-8_88
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24467-7
Online ISBN: 978-3-540-30582-8
eBook Packages: Computer ScienceComputer Science (R0)