Efficient traceback of DoS attacks using small worlds in MANET

The mobile ad hoc network (MANET) is an increasingly promising area of research with many practical applications. However, MANET is vulnerable to a number of attacks, including denial-of-service (DoS) attacks, due to its autonomous nature. DoS attacker traceback is a challenging issue in MANET, since each node works as an autonomous terminal, acting as both host and router. Node mobility in MANET makes the problem even worse, since it is hard to trace back an attacker when it is moving around, frequently changing network topology. We propose to use an efficient, on-the-fly search technique to trace back DoS attackers. Our scheme is based on the small world concept and effectively extends Contacts for MANET (Helmy, A., et al., ACM Baltzer MONET Journal, 2004), utilizing location information. In addition, to deal with address spoofing problems in DoS attacks, we use traffic patterns matching (TPM) (Mansfield, G. et al., Computer Networks, vol.34, p.650-70, 2000) and propose to use traffic volume matching (TVM) as matching-in-depth to identify an attacker. We also propose in-network processing and directional expanded ring search to reduce communication overhead in attacker traceback. We show that our scheme successfully traces back an attacker using both TPM and TVM. Also, our scheme incurs very low communication overhead.