Detecting colluding blackhole and greyhole attack in Delay Tolerant Networks

Delay Tolerant Network (DTN) is developed to cope with intermittent connectivity and long delay in wireless networks. Due to the limited connectivity, DTN is vulnerable to blackhole and greyhole attacks in which malicious nodes drop all or part of the received packets intentionally. Although existing proposals could detect the attack launched by individuals, they fail to tackle malicious nodes cooperating to cheat the defense system. In this paper, we suggest a scheme to address both individual and collusion attacks. Nodes are required to exchange records of previous encounters and evaluate others based on their messages forwarding ratios. Malicious nodes might avoid being detected by colluding to hide misbehaving forwarding ratio metrics. To persistently drop packets and promote the metrics at the same time, attackers need to create forged encounter records at high frequency and with high number of sent messages. This leads to abnormal patterns of fake encounters in contrast with authentic ones and provides a symptom for collusion detection. Extensive simulation shows that our solution can work with various dropping probabilities and different number of attackers per collusion at high accuracy and low false positive.