Analysis of area-congestion-based DDoS attacks in ad hoc networks
Introduction
DDoS attacks present a serious threat to network computing and have recently attracted much attention [1], [2], [3], [4], [5], [6]. When a DDoS attack is launched, a large number of hosts controlled by the attackers flood a target with a high volume of packets to significantly degrade the target’s service performance or render it unable to deliver any service. Ad hoc networks differ from the Internet in several critical ways that make them especially vulnerable to DDoS attacks. First, ad hoc nodes are peers. Because of this, once an attacker compromises a node, they can attack the network from inside. Second, every node in an ad hoc network is not only a host but also a router. Thus, it is harder to determine whether a suspicious packet is from an attacker or relayed from a legitimate node. These features indicate that there may be “easier” ways to cause denial of service (DoS) in ad hoc networks than in the Internet, and that existing Internet DDoS defense mechanisms may not be enough to counter DDoS attacks in ad hoc networks.
Although congestion was recognized as a simple and effective DoS attack approach in ad hoc networks, previous studies mainly focused on individual attackers and the attack impacts on individual nodes and traffic flows. In an ad hoc network, it is easy for attackers to attack simultaneously from distributed locations; however, it is not clear how damaging the attacks can be and what are the unique characteristics of the attacks. Due to the relative newness of these concerns, more research on the properties and methods of DDoS attacks in ad hoc networks is needed.
Motivated by these observations, we explore the possible DDoS attacks and their impacts on ad hoc networks. In particular, we investigate how attackers flood legitimate routes with junk packets. Because wireless bandwidth is limited, the junk packets can easily cause severe wireless channel contention among nearby nodes on the legitimate routes. Therefore, the attack creates network-wide congestion instead of congestion surrounding only the destination as in conventional Internet DDoS attacks. In this paper, we explore and discuss two types of congestion – self and cross congestions – that may be caused by attacks. We analyze the important factors that may affect the attacks. We also review the existing defense mechanisms against these DDoS attacks. This research lays the necessary foundation for developing more effective defense strategies against DDoS attacks in ad hoc networks.
Section snippets
Background
In this section, we present background information on DDoS and DoS attacks and review related works.
Area-congestion-based DDoS attacks
Congestion has been recognized as a simple and effective DoS attack approach in ad hoc networks. In this section, we examine the special features and concerns of area-congestion-based DDoS attacks.
Remote attacks
In this section, we describe how an attacker can inject packets into legitimate routes without being detected. We also analyze the characteristics of remote attacks, study their impacts, and review possible defense methods.
Local attacks
In this section, we analyze the characteristics of local attacks, study their impacts, and preview possible defense methods.
Conclusion
DDoS attacks are already a serious threat to the Internet. In this paper, we show that DDoS attacks are also a serious threat to ad hoc networks and are more difficult to deal with in ad hoc networks. We studied the attack impacts of two types of DDoS attacks and compared important factors that influence the attacks. We find that a remote attack is a more effective and efficient method for DDoS attackers to damage the network. More flooding nodes and higher attack load cannot increase, but even
Acknowledgement
This work was supported by NSF ANI-0335241, NSF CCR-0233324, and Department of Energy Early Career PI Award.
Qijun Gu is an assistant professor in Department of Computer Science, Texas State University, San Marcos. He received the PhD degree in Information Sciences and Technology from Pennsylvania State University in 2005. His research interests include wireless/mobile computing, denial of service, key management, ad hoc network, networking optimization, P2P sharing system.
References (35)
- et al.
Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing
RFC
(1998) - S. Savage, D. Wetherall, A. Karlin, T. Anderson, Practical network support for IP traceback, in: Proceedings of ACM...
- et al.
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communications Review
(2002) - J. Mirkovic, G. Prier, P. Reiher, Attacking DDoS at the source, in: Proceedings of IEEE ICNP, 2002, pp....
- A. Yaar, A. Perrig, D. Song, Pi: a path identification mechanism to defend against DDoS attacks, in: Proceedings of...
- A. Yaar, A. Perrig, D. Song, SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks, in: IEEE...
- CERT advisory CA-1996-21 TCP SYN flooding and IP spoofing attacks. Available from:...
- CERT advisory CA-1998-01 smurf IP denial-of-service attacks. Available from:...
- CERT advisory CA-1996-01 UDP port denial-of-service attack. Available from:...
- T. Aura, P. Nikander, J. Leiwo, DoS-resistant authentication with client puzzles, in: Proceedings of Security Protocols...
Security problems in the TCP/IP protocol suite
ACM SIGCOMM Computer Communication Review
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Security in wireless sensor networks
Communications of the ACM
Cited by (12)
Lifetime elongation of ad hoc networks under flooding attack using power-saving technique
2014, Ad Hoc NetworksCitation Excerpt :In order to evaluate and verify the proposed jointly defensive approach, simulation experiments are conducted using the NS-2 network simulator [14]. Basically we adopted similar presentation for most of parameters of simulation environment used in [6], and made adjustments on some key parameters like topology size, grid profile, simulation time, and other related parameters. The network simulation environment was configured as follows:
A light-weight authentication scheme for wireless sensor networks
2011, Ad Hoc NetworksCitation Excerpt :In this sense, the scheme makes use of pairwise keys, in such a way that the compromise of a node reveals no information about links that it is not directly involved in. Denial-of-service: the scheme has a high degree of resistance to this kind of attacks [21]. A malicious entity could try to exhaust the authenticators set by continuously requesting an authentication process and not responding to the issued challenges or by providing incorrect replies.
PN design against RREQ flood attacks in manets
2015, International Journal of Applied Engineering ResearchPerformance evaluation of mobile ad hoc networks under flooding-based attacks
2014, International Journal of Communication SystemsThe impact of resource consumption attack on mobile ad-hoc network routing
2014, International Journal of Network SecurityA petri net design toward prolonging operational lifetime of ad hoc networks under flooding attack
2014, Lecture Notes in Electrical Engineering
Qijun Gu is an assistant professor in Department of Computer Science, Texas State University, San Marcos. He received the PhD degree in Information Sciences and Technology from Pennsylvania State University in 2005. His research interests include wireless/mobile computing, denial of service, key management, ad hoc network, networking optimization, P2P sharing system.
Peng Liu is now an assistant professor of Information Sciences and Technology at Penn State University and the director of Cyber Security Lab. He received his BS and MS degree from the University of Science and Technology of China. He received his PhD degree from George Mason University in 1999. His research interests are in computer and network security. He has published a monograph and about 80 referred technical papers. He is the proceedings chair of the 2003 and 2004 ACM Conference on Computer and Communications Security. He is a program committee member of more than 35 conferences (e.g., WWW 2004, CCS 2006, INFOCOM 2007), and a referee for about 20 journals (e.g., ACM Transactions on Information and Systems Security). He is a recipient of the United States DOE Early CAREER Award.
Chao-Hsien Chu is an associate professor of Information Sciences and Technology and the executive director of the Center for Information Assurance at Pennsylvania State University. He received a PhD in Business Administration from Penn State. His current research interests are in communication networks design, information assurance and security (especially in wireless security, intrusion detection, and cyber forensics), and intelligent technologies (fuzzy logic, neural network, genetic algorithms, etc.) for data mining (e.g., bioinformatics, privacy preserving).