ATTENTION: ATTackEr Traceback Using MAC Layer AbNormality DetecTION
Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless multi-hop networks due to limited network and host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origins, to discourage attackers from launching attacks, and for forensics. However, attacker traceback in wireless multi-hop networks is a challenging problem due to the dynamic topology, and limited network/host resources. In this paper, we introduce the ATTENTION protocol framework, which pays special attention to MAC layer abnormal activity under attack. For energy-efficient attacker searching, we also utilize small-world model. Our simulation analysis shows 97% of success rate in DoS attacker traceback and 83% of success rate in DDoS attacker traceback.
KeywordsDoS DDoS Traceback
Unable to display preview. Download preview PDF.
- 1.Belenky, A., Ansari, N.: On IP Traceback. IEEE Communication Magazine (July 2003)Google Scholar
- 2.Bellovin, S.M.: ICMP Traceback Messages, IETF draft 2000, http://www.research.att.com/smb/papers/draft-bellovin-itrace-00.txt
- 3.Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proc. 2000 USENIX LISA Conf., December 2000, pp. 319–327 (2000)Google Scholar
- 4.Helmy, A.: Small World in Wireless Networks. IEEE communication letters (2001)Google Scholar
- 5.Helmy, A.: Contact-extended Zone-based Routing for Transactions in Ad Hoc Networks. IEEE Transactions on Vehicular Technology (July 2003)Google Scholar
- 6.Kim, Y., Helmy, A.: SWAT: Small World-based Attacker Traceback in Ad-hoc Networks. IEEE/ACM Mobiquitous (2005)Google Scholar
- 7.Snoeren, A.C., et al.: Single-Packet IP Traceback. IEEE/ACM Trans. Net. (December 2002)Google Scholar
- 8.Yaar, A., Perrig, A., Song, D.: FIT: Fast Internet Traceback. In: IEEE INFOCOM 2005 (2005)Google Scholar