SWAT: small world-based attacker traceback in ad-hoc networks

Y.  Kim; A.  Helmy

2nd International ICST Conference on Mobile and Ubiquitous Systems: Networking and Services

Research Article

SWAT: small world-based attacker traceback in ad-hoc networks

Cite: BibTeX Plain Text

@INPROCEEDINGS{10.1109/MOBIQUITOUS.2005.56,
    author={Y.  Kim and  A.  Helmy},
    title={SWAT: small world-based attacker traceback in ad-hoc networks},
    proceedings={2nd International ICST Conference on Mobile and Ubiquitous Systems: Networking and Services},
    publisher={IEEE},
    proceedings_a={MOBIQUITOUS},
    year={2005},
    month={11},
    keywords={},
    doi={10.1109/MOBIQUITOUS.2005.56}
}

Y. Kim
A. Helmy
Year: 2005
SWAT: small world-based attacker traceback in ad-hoc networks
MOBIQUITOUS
IEEE
DOI: 10.1109/MOBIQUITOUS.2005.56

Y. Kim¹, A. Helmy¹

1: Electr. Eng. Dept.-Syst., Univ. of Southern California, CA, USA

Abstract

Mobile ad hoc networks (MANETs) provide a lot of promise for many practical applications. However, MANETs are vulnerable to a number of attacks due to its autonomous nature. DoS/DDoS attacker traceback is especially challenging in MANETs for the lack of infrastructure. In this paper, we propose an efficient on-the-fly search technique, SWAT, to trace back DoS and DDoS attackers in MANETs. Our scheme borrows from small worlds, utilizes the concept of contacts, and use traffic pattern matching (TPM) and traffic volume matching (TVM) techniques. We also propose multi-directional search, in-network processing and query suppression to reduce communication overhead in energy-constrained MANETs and increase traceback robustness against spoofing and collusion. Simulation results show that SWAT successfully traces back DoS and DDoS attacker under reasonable background traffic. In addition, SWAT incurs low communication overhead (22% compared to flooding-based search).

Published: 2005-11-21
Publisher: IEEE

: http://dx.doi.org/10.1109/MOBIQUITOUS.2005.56