Elsevier

Ad Hoc Networks

Volume 5, Issue 5, July 2007, Pages 613-625
Ad Hoc Networks

Analysis of area-congestion-based DDoS attacks in ad hoc networks

https://doi.org/10.1016/j.adhoc.2006.04.002Get rights and content

Abstract

Increased instances of distributed denial of service (DDoS) attacks on the Internet have raised questions on whether and how ad hoc networks are vulnerable to such attacks. This paper studies the special properties of such attacks in ad hoc networks. We examine two types of area-congestion-based DDoS attacks – remote and local attacks – and present in-depth analysis on various factors and attack constraints that an attacker may use and face. We find that (1) there are two types of congestion – self congestion and cross congestion – that need to be carefully monitored; (2) the normal traffic itself causes significant packet loss in addition to the attack impacts in both remote and local attacks; (3) the number of flooding nodes has major impacts on remote attacks while, the load of normal traffic and the position of flooding nodes are critical to local attacks; and (4) given the same number of flooding nodes and attack loads, a remote DDoS attack can cause more damage to the network than a local DDoS attack.

Introduction

DDoS attacks present a serious threat to network computing and have recently attracted much attention [1], [2], [3], [4], [5], [6]. When a DDoS attack is launched, a large number of hosts controlled by the attackers flood a target with a high volume of packets to significantly degrade the target’s service performance or render it unable to deliver any service. Ad hoc networks differ from the Internet in several critical ways that make them especially vulnerable to DDoS attacks. First, ad hoc nodes are peers. Because of this, once an attacker compromises a node, they can attack the network from inside. Second, every node in an ad hoc network is not only a host but also a router. Thus, it is harder to determine whether a suspicious packet is from an attacker or relayed from a legitimate node. These features indicate that there may be “easier” ways to cause denial of service (DoS) in ad hoc networks than in the Internet, and that existing Internet DDoS defense mechanisms may not be enough to counter DDoS attacks in ad hoc networks.

Although congestion was recognized as a simple and effective DoS attack approach in ad hoc networks, previous studies mainly focused on individual attackers and the attack impacts on individual nodes and traffic flows. In an ad hoc network, it is easy for attackers to attack simultaneously from distributed locations; however, it is not clear how damaging the attacks can be and what are the unique characteristics of the attacks. Due to the relative newness of these concerns, more research on the properties and methods of DDoS attacks in ad hoc networks is needed.

Motivated by these observations, we explore the possible DDoS attacks and their impacts on ad hoc networks. In particular, we investigate how attackers flood legitimate routes with junk packets. Because wireless bandwidth is limited, the junk packets can easily cause severe wireless channel contention among nearby nodes on the legitimate routes. Therefore, the attack creates network-wide congestion instead of congestion surrounding only the destination as in conventional Internet DDoS attacks. In this paper, we explore and discuss two types of congestion – self and cross congestions – that may be caused by attacks. We analyze the important factors that may affect the attacks. We also review the existing defense mechanisms against these DDoS attacks. This research lays the necessary foundation for developing more effective defense strategies against DDoS attacks in ad hoc networks.

Section snippets

Background

In this section, we present background information on DDoS and DoS attacks and review related works.

Area-congestion-based DDoS attacks

Congestion has been recognized as a simple and effective DoS attack approach in ad hoc networks. In this section, we examine the special features and concerns of area-congestion-based DDoS attacks.

Remote attacks

In this section, we describe how an attacker can inject packets into legitimate routes without being detected. We also analyze the characteristics of remote attacks, study their impacts, and review possible defense methods.

Local attacks

In this section, we analyze the characteristics of local attacks, study their impacts, and preview possible defense methods.

Conclusion

DDoS attacks are already a serious threat to the Internet. In this paper, we show that DDoS attacks are also a serious threat to ad hoc networks and are more difficult to deal with in ad hoc networks. We studied the attack impacts of two types of DDoS attacks and compared important factors that influence the attacks. We find that a remote attack is a more effective and efficient method for DDoS attackers to damage the network. More flooding nodes and higher attack load cannot increase, but even

Acknowledgement

This work was supported by NSF ANI-0335241, NSF CCR-0233324, and Department of Energy Early Career PI Award.

Qijun Gu is an assistant professor in Department of Computer Science, Texas State University, San Marcos. He received the PhD degree in Information Sciences and Technology from Pennsylvania State University in 2005. His research interests include wireless/mobile computing, denial of service, key management, ad hoc network, networking optimization, P2P sharing system.

References (35)

  • P. Ferguson et al.

    Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing

    RFC

    (1998)
  • S. Savage, D. Wetherall, A. Karlin, T. Anderson, Practical network support for IP traceback, in: Proceedings of ACM...
  • R. Mahajan et al.

    Controlling high bandwidth aggregates in the network

    ACM SIGCOMM Computer Communications Review

    (2002)
  • J. Mirkovic, G. Prier, P. Reiher, Attacking DDoS at the source, in: Proceedings of IEEE ICNP, 2002, pp....
  • A. Yaar, A. Perrig, D. Song, Pi: a path identification mechanism to defend against DDoS attacks, in: Proceedings of...
  • A. Yaar, A. Perrig, D. Song, SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks, in: IEEE...
  • CERT advisory CA-1996-21 TCP SYN flooding and IP spoofing attacks. Available from:...
  • CERT advisory CA-1998-01 smurf IP denial-of-service attacks. Available from:...
  • CERT advisory CA-1996-01 UDP port denial-of-service attack. Available from:...
  • T. Aura, P. Nikander, J. Leiwo, DoS-resistant authentication with client puzzles, in: Proceedings of Security Protocols...
  • S.M. Bellovin

    Security problems in the TCP/IP protocol suite

    ACM SIGCOMM Computer Communication Review

    (1989)
  • J. Ioannidis, S.M. Bellovin, Implementing pushback: Router-based defense against DDoS attacks, in: Proceedings of NDSS...
  • J. Li, J. Mirkovic, M. Wang, P. Reiher, L. Zhang, SAVE: source address validity enforcement protocol, in: Proceedings...
  • J. Mirkovic et al.

    A taxonomy of DDoS attack and DDoS defense mechanisms

    ACM SIGCOMM Computer Communication Review

    (2004)
  • A. Perrig et al.

    Security in wireless sensor networks

    Communications of the ACM

    (2004)
  • J. Bellardo, S. Savage, 802.11 Denial-of-service attacks: real vulnerabilities and practical solutions, in: Proceedings...
  • Q. Gu, P. Liu, C.-H. Chu, Tactical bandwidth exhaustion in ad hoc networks, in: Proceedings of the 5th Annual IEEE...
  • Cited by (12)

    • Lifetime elongation of ad hoc networks under flooding attack using power-saving technique

      2014, Ad Hoc Networks
      Citation Excerpt :

      In order to evaluate and verify the proposed jointly defensive approach, simulation experiments are conducted using the NS-2 network simulator [14]. Basically we adopted similar presentation for most of parameters of simulation environment used in [6], and made adjustments on some key parameters like topology size, grid profile, simulation time, and other related parameters. The network simulation environment was configured as follows:

    • A light-weight authentication scheme for wireless sensor networks

      2011, Ad Hoc Networks
      Citation Excerpt :

      In this sense, the scheme makes use of pairwise keys, in such a way that the compromise of a node reveals no information about links that it is not directly involved in. Denial-of-service: the scheme has a high degree of resistance to this kind of attacks [21]. A malicious entity could try to exhaust the authenticators set by continuously requesting an authentication process and not responding to the issued challenges or by providing incorrect replies.

    • PN design against RREQ flood attacks in manets

      2015, International Journal of Applied Engineering Research
    • Performance evaluation of mobile ad hoc networks under flooding-based attacks

      2014, International Journal of Communication Systems
    View all citing articles on Scopus

    Qijun Gu is an assistant professor in Department of Computer Science, Texas State University, San Marcos. He received the PhD degree in Information Sciences and Technology from Pennsylvania State University in 2005. His research interests include wireless/mobile computing, denial of service, key management, ad hoc network, networking optimization, P2P sharing system.

    Peng Liu is now an assistant professor of Information Sciences and Technology at Penn State University and the director of Cyber Security Lab. He received his BS and MS degree from the University of Science and Technology of China. He received his PhD degree from George Mason University in 1999. His research interests are in computer and network security. He has published a monograph and about 80 referred technical papers. He is the proceedings chair of the 2003 and 2004 ACM Conference on Computer and Communications Security. He is a program committee member of more than 35 conferences (e.g., WWW 2004, CCS 2006, INFOCOM 2007), and a referee for about 20 journals (e.g., ACM Transactions on Information and Systems Security). He is a recipient of the United States DOE Early CAREER Award.

    Chao-Hsien Chu is an associate professor of Information Sciences and Technology and the executive director of the Center for Information Assurance at Pennsylvania State University. He received a PhD in Business Administration from Penn State. His current research interests are in communication networks design, information assurance and security (especially in wireless security, intrusion detection, and cyber forensics), and intelligent technologies (fuzzy logic, neural network, genetic algorithms, etc.) for data mining (e.g., bioinformatics, privacy preserving).

    View full text