Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis
- 1 October 2006
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
We have implemented a fully-functional wormhole attack in an IPv6 802.11b wireless mobile ad hoc network (MANET) test bed running a proactive routing protocol. Using customised analysis tools we study the traffic collected from the MANET at three different stages: i) regular operation, ii) with a "benign" wormhole joining distant parts of the network, and iii) under stress from wormhole attackers who control a link in the MANET and drop packets at random. Our focus is on detecting anomalous behaviour using timing analysis of routing traffic within the network. We first show how to identify intruders based on the protocol irregularities that their presence creates once they begin to drop traffic. More significantly, we go on to demonstrate that the mere existence of the wormhole itself can be identified, before the intruders begin the packet-dropping phase of the attack, by applying simple signal-processing techniques to the arrival times of the routing management traffic. This is done by relying on a property of proactive routing protocols- that the stations must exchange management information on a specified, periodic basis. This exchange creates identifiable traffic patterns and an intrinsic "valid station" fingerprint that can be used for intrusion detectionKeywords
This publication has 12 references indexed in Scilit:
- Wormhole attacks in wireless networksIEEE Journal on Selected Areas in Communications, 2006
- Defending against wormhole attacks in mobile ad hoc networksWireless Communications and Mobile Computing, 2006
- LITEWORP: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless NetworksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Preventing wormhole attacks on wireless ad hoc networks: a graph theoretic approachPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Wormhole Attacks Detection in Wireless Ad Hoc Networks: A Statistical Analysis ApproachPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Secure node misbehaviors in mobile ad hoc networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Verifying physical presence of neighbors against replay-based attacks in wireless ad hoc networksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Mobile ad hoc network security - a taxonomyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Intrusion detection in wireless ad hoc networksIEEE Wireless Communications, 2004
- Intrusion Detection Techniques for Mobile Wireless NetworksWireless Networks, 2003