Detecting flooding attack while accommodating burst traffic in delay tolerant networks
- Resource Type
- Conference
- Authors
- Ngoc Diep, P.T.; Yeo, C.K.
- Source
- 2017 Wireless Telecommunications Symposium (WTS) Wireless Telecommunications Symposium (WTS), 2017. :1-7 Apr, 2017
- Subject
- Communication, Networking and Broadcast Technologies
Erbium
Peer-to-peer computing
Routing protocols
Delays
Monitoring
Authentication
History
flooding attack
encounter record
DTN
- Language
Delay Tolerant Network (DTN) is developed to cope with intermittent connectivity and long delay in wireless networks. Due to limited connectivity, DTN is vulnerable to flooding attack in which malicious nodes flood the network with superfluous data to deplete the network resources. Existing works mitigate internal flooding attacks by rate-limit to constrain the number of messages that nodes can generate per time slot. However, rate-limit cannot flexibly accommodate burst traffic in which nodes may have sending demand higher than the rate-limit for a short period. In this paper, we propose FDER to detect flooding attack and yet allow legitimate burst traffic simultaneously. Nodes exchange their histories of encounter records (ER) which record the sent messages during their previous encounters. The ER history is used to infer a node's new message transmission rate over time and the number of forwarded replicas per message. Nodes which send too many messages or replicas can thus be detected. Since ER serves as a useful tool for monitoring nodes' sending behavior over a long time period, FDER could detect the burst traffic violation efficiently. Simulation results show that FDER can detect flooding attack at higher accuracy and lower delay compared to state-of-the-art scheme.