Practical network support for IP traceback
Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Tracing Anonymous Packets to Their Approximate Source
LISA '00 Proceedings of the 14th USENIX conference on System administration
CARD: a contact-based architecture for resource discovery in wireless ad hoc networks
Mobile Networks and Applications
SWAT: Small World-based Attacker Traceback in Ad-hoc Networks
MOBIQUITOUS '05 Proceedings of the The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services
Defending against flooding-based distributed denial-of-service attacks: a tutorial
IEEE Communications Magazine
IEEE Communications Magazine
Hi-index | 0.00 |
Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless networks due to its limited network/host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origin, for forensics, and to discourage attacker from launching attacks. However, attacker traceback in wireless multi-hop networks is a challenging problem, and existing attacker traceback schemes developed for the Internet cannot be directly applied to wireless multi-hop networks due to the peculiar characteristics of wireless multi-hop networks (e.g., dynamic/autonomous network topology, limited network/host resources such as memory and bandwidth). We introduce a protocol framework for attacker traceback geared toward wireless multi-hop networks with special attention to cross-layer abnormality monitoring. The basic building blocks of our protocol framework consist of abnormality detection, abnormality characterization, abnormality searching, abnormality matching, and countermeasure. We show that our protocol framework successfully tracks down attacker (Avg. of 100% in DoS attacker traceback, avg. of 96% in DDoS attacker traceback) under diverse network environments (e.g., high background traffic, DDoS attack, and partial node compromise) with low communication, computation, and memory overhead.