ATTENTION: ATTackEr Traceback Using MAC Layer AbNormality DetecTION
نویسنده
چکیده
Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless networks due to limited network and host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origins, to discourage attackers from launching attacks, and for forensics. However, attacker traceback in Mobile Ad-hoc Networks (MANETs) is a challenging problem due to the dynamic topology, and limited network resources. It is especially difficult to trace back attacker(s) when they are moving to avoid traceback. In this paper, we introduce the ATTENTION protocol framework, which pays special attention to MAC layer abnormal activity under attack. ATTENTION consists of three classes, namely, coarse-grained traceback, fine-grained traceback and spatio-temporal fusion architecture. For energy-efficient attacker searching in MANETs, we also utilize small-world model. Our simulation analysis shows 79% of success rate in DoS attacker traceback with coarse-grained attack signature. In addition, with fine-grained attack signature, it shows 97% of success rate in DoS attacker traceback and 83% of success rate in DDoS attacker traceback. We also show that ATTENTION has robustness against node collusion and mobility.
منابع مشابه
CATCH: A protocol framework for cross-layer attacker traceback in mobile multi-hop networks
1570-8705/$ see front matter 2009 Elsevier B.V doi:10.1016/j.adhoc.2009.07.002 * Corresponding author. Tel.: +1 858 740 4505. E-mail addresses: [email protected], v2 Kim), [email protected] (A. Helmy). Flooding-type Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in mobile multi-hop networks due to its limited network/host resources. Attacker traceback...
متن کاملA Layer-2 Extension to Hash-Based IP Traceback
Hash-based IP traceback is a technique to generate audit trails for traffic within a network. Using the audit trails, it reconstructs not only the true attack paths of a Distributed Denial of Service attack (DDoS attack), but also the true path of a single packet attack. However, hash-based IP traceback cannot identify attacker nodes themselves because it has no audit trail on the subnet’s laye...
متن کاملAttacker Traceback and Countermeasure with Cross-layer Monitoring in Wireless Multi-hop Networks
متن کامل
GOSSIB vs. IP Traceback Rumors
To identify sources of distributed denial-of-service attacks, path traceback mechanisms have been proposed. Traceback mechanisms relying on probabilistic packet marking (PPM) have received most attention, as they are easy to implement and deploy incrementally. In this paper, we introduce a new concept, namely Groups Of Strongly SImilar Birthdays (GOSSIB), that can be used by to obtain effects s...
متن کاملIncreasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition
Probabilistic Packet Marking (PPM ) is one of the most promising schemes for performing IP Traceback. PPM reconstructs the attack graph in order to trace back to the attackers. Finding the Completion Condition Number (i.e. precise number of packets required to complete the traceback) is very important. Without a proper completion-condition, we might reconstruct a wrong attack-graph and attacker...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009