Attacker traceback with cross-layer monitoring in wireless multi-hop networks

Quantified Score

Visualization

Abstract

Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless networks due to its limited network/host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origin, for forensics, and to discourage attacker from launching attacks. However, attacker traceback in wireless multi-hop networks is a challenging problem, and existing attacker traceback schemes developed for the Internet cannot be directly applied to wireless multi-hop networks due to the peculiar characteristics of wireless multi-hop networks (e.g., dynamic/autonomous network topology, limited network/host resources such as memory and bandwidth). We introduce a protocol framework for attacker traceback geared toward wireless multi-hop networks with special attention to cross-layer abnormality monitoring. The basic building blocks of our protocol framework consist of abnormality detection, abnormality characterization, abnormality searching, abnormality matching, and countermeasure. We show that our protocol framework successfully tracks down attacker (Avg. of 100% in DoS attacker traceback, avg. of 96% in DDoS attacker traceback) under diverse network environments (e.g., high background traffic, DDoS attack, and partial node compromise) with low communication, computation, and memory overhead.