移动adhoc网络中DOS攻击及其防御机制

DOS Attack and Defense in Mobile Ad Hoc Networks

移动adhoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击.提出了移动adhoc网络中一种新的DOS攻击模型———adhocflooding攻击及其防御策略.该攻击主要针对移动adhoc网络中的按需路由协议,如AODV,DSR等.adhocflooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信.分析adhocflooding攻击之后,提出了两种防御策略:其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文.其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文.模拟实验证实,通过这两种方法的结合,能够有效地阻止网络中的adhocflooding攻击行为.

Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. Presented in this paper is the ad hoc flooding attack, a new attack, which results in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. The intruder broadcasts mass useless route request packets or sends a lot of useless DATA packets to exhaust the communication bandwidth and node resource so that the valid communication can not be kept. After analyzing the attack, flooding attack prevention (FAP) is developed, which is a generic defense against the ad hoc flooding attacks in mobile ad hoc networks. The FAP is composed of neighbor suppression and path cutoff. When the intruder broadcasts exceeding packets of route request, the immediate neighbors of the intruder observe a high rate of route request and then they lower the corresponding priority according to the rate of incoming queries. Moreover, not serviced low priority queries are eventually discarded. When the intruder sends many useless DATA packets to the victim node, the node may cut off the path and does not set up a path with the intruder any more. The results of the implementation show that FAP can prevent the ad hoc flooding attack efficiently.