Detecting and Mitigating DoS Attacks in Wireless Networks without Affecting the Normal Behaving Nodes

In this paper we investigate the DoS attack detection and mitigation problem in wireless networks. The DoS attacks are difficult to mitigate because the legitimate nodes can also generate large amount of packets in a short time. The difficulty in differentiating between the malicious nodes and the legitimate nodes always prevents the DoS detection and mitigation schemes from achieving satisfactory performance. We propose a new scheme for DoS mitigation, which requires a node to undertake packet forwarding responsibility if it sends large amount of packets through other nodes. The responsibility is proportionate to the amount of packets the network delivers for the node. By placing this requirement, we are able to differentiate the normal nodes from the malicious nodes, since a normal node is willing to undertake its responsibility while a malicious node would not. However, if a malicious node drops the packets that are supposed to be forwarded, its neighbors are able to detect it and then isolate the malicious node. As the result, a malicious node will have to either pay for its attack by helping forward other nodes´ packets or drop the packets and then be isolated.