ATTENTION: ATTackEr Traceback Using MAC Layer AbNormality DetecTION

  • Yongjin Kim
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in wireless multi-hop networks due to limited network and host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origins, to discourage attackers from launching attacks, and for forensics. However, attacker traceback in wireless multi-hop networks is a challenging problem due to the dynamic topology, and limited network/host resources. In this paper, we introduce the ATTENTION protocol framework, which pays special attention to MAC layer abnormal activity under attack. For energy-efficient attacker searching, we also utilize small-world model. Our simulation analysis shows 97% of success rate in DoS attacker traceback and 83% of success rate in DDoS attacker traceback.


DoS DDoS Traceback 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Belenky, A., Ansari, N.: On IP Traceback. IEEE Communication Magazine (July 2003)Google Scholar
  2. 2.
    Bellovin, S.M.: ICMP Traceback Messages, IETF draft 2000,
  3. 3.
    Burch, H., Cheswick, B.: Tracing Anonymous Packets to Their Approximate Source. In: Proc. 2000 USENIX LISA Conf., December 2000, pp. 319–327 (2000)Google Scholar
  4. 4.
    Helmy, A.: Small World in Wireless Networks. IEEE communication letters (2001)Google Scholar
  5. 5.
    Helmy, A.: Contact-extended Zone-based Routing for Transactions in Ad Hoc Networks. IEEE Transactions on Vehicular Technology (July 2003)Google Scholar
  6. 6.
    Kim, Y., Helmy, A.: SWAT: Small World-based Attacker Traceback in Ad-hoc Networks. IEEE/ACM Mobiquitous (2005)Google Scholar
  7. 7.
    Snoeren, A.C., et al.: Single-Packet IP Traceback. IEEE/ACM Trans. Net. (December 2002)Google Scholar
  8. 8.
    Yaar, A., Perrig, A., Song, D.: FIT: Fast Internet Traceback. In: IEEE INFOCOM 2005 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Yongjin Kim
    • 1
  1. 1.5775 Morehouse DriveSan DiegoU.S.A.

Personalised recommendations