Title :
CapMan: Capability-Based Defense against Multi-Path Denial of Service (DoS) Attacks in MANET
Author :
Jia, Quan ; Sun, Kun ; Stavrou, Angelos
Author_Institution :
Dept. of Comput. Sci., George Mason Univ., Fairfax, VA, USA
fDate :
July 31 2011-Aug. 4 2011
Abstract :
This paper presents a capability-based security mechanism called CapMan. Our approach is designed to prevent Denial-of-Service (DoS) attacks on wireless communications, particularly against multi-path communication in Mobile Ad-hoc Networks (MANETs). CapMan offers a mechanism for a per flow, distributed bandwidth control by all the participating nodes along multiple communication paths. By exchanging summary capability messages, each node can maintain a global view of the overall throughput of flows in the network, and then dynamically adjust local constraints to prevent potential DoS attacks against a specific node or the network. Our approach is capable of scalably curtailing sophisticated DoS attacks that target multi-path routing protocols, even in the case that both the initiator and the responder of a network flow are malicious insiders and collude to deprive the network of valuable resources. We provide a theoretical analysis of our algorithms and also evaluate the protection and overhead of our prototype using AOMDV for routing.
Keywords :
mobile ad hoc networks; routing protocols; telecommunication security; AOMDV; CapMan; DoS attacks; MANET; capability-based defense; distributed bandwidth control; malicious insiders; mobile ad-hoc networks; multipath communication; multipath denial-of-service attacks; multipath routing protocols; multiple communication paths; network flow; wireless communications; Bandwidth; Computer crime; Mobile ad hoc networks; Network topology; Routing; Routing protocols; Throughput;
Conference_Titel :
Computer Communications and Networks (ICCCN), 2011 Proceedings of 20th International Conference on
Conference_Location :
Maui, HI
Print_ISBN :
978-1-4577-0637-0
DOI :
10.1109/ICCCN.2011.6005808
