Detecting Flooding Attack in Delay Tolerant Networks by Piggybacking Encounter Records

Delay Tolerant Network (DTN) is developed to cope with intermittent connectivity and long delay in wireless networks. Due to limited bandwidth, connectivity and buffer space, DTN is vulnerable to flooding attack where malicious nodes flood the network with excess data to deplete the network resources. In this paper, we propose a detection scheme for flooding attack that piggybacks on an existing encounter record (ER)-based scheme of detecting blackhole attack. Nodes are required to exchange their histories of ER which record the sent messages during their previous encounters. As a result, flooding adversaries who send too many messages or replicas can be detected. Malicious nodes may hide their flooding by deleting unfavorable ERs. However, this leads to inconsistency in the sequence number and timestamp of the ERs. We use these observations to design the final scheme. Simulation results show that our solution can detect flooding attack at high accuracy. Due to the piggybacking feature, our scheme can be incorporated with existing security work to form a more robust misbehavior detection system that can detect multiple attacks with little additional overhead.