worm3-bekar - Page 1-2677-5/08/$25.00 ©2008 IEEE ANALYSIS...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Page 1 978-1-4244-2677-5/08/$25.00 ©2008 IEEE ANALYSIS OF WORMHOLE INTRUSION ATTACKS IN MANETS Viren Mahajan, Maitreya Natu, and Adarshpal Sethi University of Delaware {mahajan,natu,[email protected] ABSTRACT * Wormhole refers to an attack on MANET routing protocols in which colluding nodes create an illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors but are actually distant from one another. Our focus in this paper is a particular form of the wormhole attack called the self- contained in-band wormhole. In this paper we analyze the criterion for successful wormhole attack on a MANET. Based on results collected from a Qualnet simulation, we evaluate the likelihood of such an attack. We further classify the wormhole scenarios into successful, unsuccessful, doubtful, interesting, and uninteresting. We also define wormhole strength and observe that the detection ratio of the technique proposed in [12] varies with wormhole strength as well as with the network topology. The simulation statistics also show that the wormholes having higher strength have a higher detection ratio as compared to the ones with lower strength. 1. INTRODUCTION A wormhole is an attack on the routing protocol of a Mobile Ad-hoc Network (MANET). In a wormhole attack, two or more colluding nodes create an illusion that two remote regions of a MANET are directly connected through nodes that appear to be neighbors but are actually distant from one another. This shortcut is created by connecting the purported neighbors through a covert communication channel. A wormhole thus allows an attacker to create two attacker-controlled choke points which can be utilized by the attacker to degrade or analyze traffic at a desired time. Our focus in this paper is a particular form of the wormhole attack called the self- contained in-band wormhole. Many intrusions hold a close resemblance to faults in their manifestation. A case for integrated intrusion detection and fault localization was made in [14]. In * Prepared through collaborative participation in the Communications and Networks Consortium sponsored by the U.S. Army Research Laboratory under the Collaborative Technology Alliance Program, Cooperative Agreement DAAD19-01-2-0011. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation thereon. continuation of that work, an intrusion detection system to detect wormhole using fault localization techniques was proposed in [12]. It exploited anomaly in the end-to-end delay and per-hop delay patterns to identify the nodes involved in a wormhole attack and gave an architecture and an algorithm for wormhole detection....
View Full Document

This note was uploaded on 03/19/2012 for the course CS 1313 taught by Professor Aman during the Spring '12 term at Punjab Engineering College.

Page1 / 7

worm3-bekar - Page 1-2677-5/08/$25.00 ©2008 IEEE ANALYSIS...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online