A Defense System on DDOS Attacks in Mobile Ad Hoc Networks

Abstract

Network security is a weak link in wired and wireless network systems. Malicious attacks have caused tremendous loss by impairing the functionalities of the computer networks. Denial of Service (DoS) and Distributed DoS (DDoS) attacks are two of the most harmful threats to the network functionality. Mobile Ad Hoc Networks (MANET) are even more vulnerable to such attacks. Ad Hoc On-Demand Distance Vector (AODV) is an outstanding wireless routing protocol. However, AODV has significant security vulnerabilities. Most current proposed security strategies for AODV or other MANET routing protocols require modifications of the protocols, or of the topology, or even both. Fixing the protocol flaws is obvious and straightforward. But it is impractical and infeasible for an operational commercial MANET. To circumscribe the attack traffic by deploying a large amount of the edge ingress control nodes or clustering the networks is effective. But it is costly and also requires protocol modification in some circumstances. The dissertation presents the security solution for AODV and AODV-like networks from a novel perspective. The proposed defense system is based on proxy-based overlay architecture. The proxy guard nodes control the service-related traffic, filter the malicious packets and reinforce the legitimate ones. It assumes a strong restriction on any secure modification on the objective MANET infrastructure. The proposed solution assures a minimum impact on the objective system infrastructure or the network communication interface to make it easy to implement and update, while providing an acceptable secure protection against DDoS attacks, such as Router Requirement (RREQ) flooding, data flooding and black-hole.