Countering False Accusations and Collusion in the Detection of In-Band Wormholes

Cooperative intrusion detection techniques for MANETs utilize ordinary computing hosts as network intrusion sensors. If compromised, these hosts may inject bogus data into the intrusion detection system to hide their activities or falsely accuse well-behaved nodes. Approaches to Byzantine fault tolerance involving voting are potentially applicable, but must address the fact that only nodes in particular topological locations at particular times are qualified to vote on whether an attack occurred. We examine these issues in the context of a prototype distributed detector for self-contained, in-band wormholes in OLSR networks. We propose an opportunistic voting algorithm and present test results from a 48-node testbed in which colluding attackers generate corroborating false accusations against pairs of innocent nodes. The results indicate that opportunistic voting can instantaneously suppress false accusations when the network topology and routes chosen by OLSR provide a sufficient number of nearby honest observers to outvote the attackers.