This Article 
 Bibliographic References 
 Add to: 
Stealthy Attacks in Wireless Ad Hoc Networks: Detection and Countermeasure
August 2011 (vol. 10 no. 8)
pp. 1096-1112
Issa Khalil, United Arab Emirates University, Al Ain
Saurabh Bagchi, Purdue University, West Lafayette
Stealthy packet dropping is a suite of four attacks--misrouting, power control, identity delegation, and colluding collision--that can be easily launched against multihop wireless ad hoc networks. Stealthy packet dropping disrupts the packet from reaching the destination through malicious behavior at an intermediate node. However, the malicious node gives the impression to its neighbors that it performs the legitimate forwarding action. Moreover, a legitimate node comes under suspicion. A popular method for detecting attacks in wireless networks is behavior-based detection performed by normal network nodes through overhearing the communication in their neighborhood. This leverages the open broadcast nature of wireless communication. An instantiation of this technology is local monitoring. We show that local monitoring, and the wider class of overhearing-based detection, cannot detect stealthy packet dropping attacks. Additionally, it mistakenly detects and isolates a legitimate node. We present a protocol called SADEC that can detect and isolate stealthy packet dropping attack efficiently. SADEC presents two techniques that can be overlaid on baseline local monitoring: having the neighbors maintain additional information about the routing path, and adding some checking responsibility to each neighbor. Additionally, SADEC provides an innovative mechanism to better utilize local monitoring by considerably increasing the number of nodes in a neighborhood that can do monitoring. We show through analysis and simulation experiments that baseline local monitoring fails to efficiently mitigate most of the presented attacks while SADEC successfully mitigates them.

[1] A.A. Pirzada and C. McDonald, "Establishing Trust in Pure Ad-Hoc Networks," Proc. Australasian Conf. Computer Science (ACSC '04), vol. 26, no. 1, pp. 47-54, 2004.
[2] S. Buchegger and J.-Y. Le Boudec, "Performance Analysis of the CONFIDANT Protocol: Cooperation Of Nodes-Fairness in Distributed Ad-Hoc NeTworks," Proc. ACM MobiHoc, pp. 80-91, 2002.
[3] Y. Huang and W. Lee, "A Cooperative Intrusion Detection System for Ad Hoc Networks," Proc. ACM Workshop Security of Ad Hoc and Sensor Networks (SASN '03), pp. 135-147, 2003.
[4] Y.C. Hu, A. Perrig, and D. Johnson, "Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols," Proc. ACM Workshop Wireless Security (WiSe '03), pp. 30-40, 2003.
[5] Y.C. Hu, A. Perrig, and D.B. Johnson, "Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks," Proc. IEEE INFOCOM, pp. 1976-986, 2003.
[6] I. Khalil, S. Bagchi, and N. Shroff, "LiteWorp: A Lightweight Countermeasure for the Wormhole Attack in Multihop Wireless Networks," Proc. Int'l Conf. Dependable Systems and Networks (DSN '05), pp. 612-621, 2005.
[7] I. Khalil, S. Bagchi, and N.B. Shroff, "MobiWorp: Mitigation of the Wormhole Attack in Mobile Multihop Wireless Networks," Ad Hoc Networks, vol. 6, no. 3, pp. 344-362, May 2008.
[8] I. Khalil, S. Bagchi, C. Nina-Rotaru, and N. Shroff, "UNMASK: Utilizing Neighbor Monitoring for Attack Mitigation in Multihop Wireless Sensor Networks," Ad Hoc Networks, vol. 8, no. 2, pp. 148-164, 2010.
[9] S.J. Lee and M. Gerla, "Split Multipath Routing with Maximally Disjoint Paths in Ad Hoc Networks," Proc. IEEE Int'l Conf. Comm. (ICC '01), pp. 3201-3205, 2001.
[10] Q. Zhang, P. Wang, D. Reeves, and P. Ning, "Defending against Sybil Attacks in Sensor Networks," Proc. Int'l Workshop Security in Distributed Computing Systems (SDCS '05), pp. 185-191, 2005.
[11] C. Basile, Z. Kalbarczyk, and R.K. Iyer, "Neutralization of Errors and Attacks in Wireless Ad Hoc Networks," Proc. Int'l Conf. Dependable Systems and Networks (DSN '05), pp. 518-527, 2005.
[12] B. Carbunar, I. Ioannidis, and C. Nita-Rotaru, "JANUS: Towards Robust and Malicious Resilient Routing in Hybrid Wireless Networks," Proc. ACM Workshop Wireless Security (WiSe '04), pp. 11-20, 2004.
[13] B. Awerbuch, R. Curtmola, D. Holmer, C. Nita-Rotaru, and H. Rubens, "ODSBR: An On-Demand Secure Byzantine Resilient Routing Protocol for Wireless Ad Hoc Networks," ACM Trans. Information and System Security, vol. 10, no. 4, 2008.
[14] "Statistical Wormhole Detection in Sensor Networks," Lecture Notes in Computer Science, R. Molva, G. Tsudik, and D. Westhoff, eds., pp. 128-141, 2005.
[15] D. Liu and P. Ning, "Establishing Pair-Wise Keys in Distributed Sensor Networks," Proc. ACM Conf. Computer and Comm. Security (CCS '03), pp. 52-61, 2003.
[16] D. Johnson, D. Maltz, and J. Broch, "The Dynamic Source Routing Protocol for Multihop Wireless Ad Hoc Networks," Ad Hoc Networking, Addison-Wesley, 2001.
[17] C.E. Perkins and E.M. Royer, "Ad-Hoc On-Demand Distance Vector Routing," Proc. Second IEEE Workshop Mobile Computing Systems and Applications (WMCSA '99), pp. 90-100, 1999.
[18] D. Ganesan, B. Krishnamurthy, A. Woo, D. Culler, D. Estrin, and S. Wicker, "An Empirical Study of Epidemic Algorithms in Large Scale Multihop Wireless Networks," Technical Report Intel IRP-TR-02-003, Intel Research, Mar. 2002.
[19] C.E. Perkins and P. Bhagwat, "Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers," ACM SIGCOMM Computer Comm. Rev., vol. 24, pp. 234-244, 1994.
[20] "The Network Simulator - ns-2,", 2011.
[21] S. Bagchi, S. Hariharan, and N.B. Shroff "Secure Neighbor Discovery in Wireless Sensor Networks," Technical Report ECE 07-19, Purdue Univ,, 2007.
[22] R. Muraleedharan, and L.A. Osadciw, "Jamming Attack Detection and Countermeasures in Wireless Sensor Network Using Ant System," Proc. Wireless Sensing and Processing, vol. 6248, p. 62480G, 2006.
[23] S. Buchegger and J.L. Boudec, "Robust Reputation System for P2P and Mobile Ad-Hoc Networks," Proc. Workshop Economics of Peer-to-Peer Systems, 2004.
[24] I. Khalil, S. Bagchi, and N. Shroff, "SLAM: Sleep-Wake Aware Local Monitoring in Sensor Networks," Proc. 37th Ann. IEEE/IFIP Int'l Conf. Dependable Systems and Networks (DSN '07), pp. 565-574, June 2007.
[25] N. Sastry, U. Shankar, and D. Wagner, "Secure Verification of Location Claims," Proc. ACM Workshop Wireless Security (WiSe '03), pp. 1-10, 2003.
[26] L. Hu and D. Evans, "Using Directional Antennas to Prevent Wormhole Attacks," Proc. Network and Distributed System Security Symp. (NDSS '04), pp. 131-141, 2004.
[27] S. Hariharan, N. Shroff, and S. Bagchi, "Secure Neighbor Discovery in Wireless Sensor Networks," Technical Report ECE 07-19, Purdue Univ., 2007.
[28] S. Marti, T.J. Giuli, K. Lai, and M. Baker, "Mitigating Routing Misbehavior in Mobile Ad Hoc Networks," Proc. Sixth Ann. Int'l Conf. Mobile Computing and Networks, pp. 255-265, 2000.
[29] R. de Oliveira and T. Braun, "A Dynamic Adaptive Acknowledgment Strategy for TCP over Multihop Wireless Networks," Proc. IEEE INFOCOM, pp. 1863-1874, 2005.
[30] M. Vutukuru, K. Jamieson, and H. Balakrishnan, "Harnessing Exposed Terminals in Wireless Networks," Proc. USENIX Symp. Networked Systems Design and Implementation (NSDI '08), pp. 59-72, 2008.
[31] I. Khalil and S. Bagchi, "MISPAR: Mitigating Stealthy Packet Dropping in Locally-Monitored Multi-Hop Wireless Ad Hoc Networks," Proc. ACM Int'l Conf. Security and Privacy in Comm. Networks (SecureComm '08), 1460913 , 2008.
[32] Wireless_pdfMICA2_Datasheet.pdf , 2011.
[33] I. Stojmenovic, Handbook of Sensor Networks: Algorithms and Architecture. Wiley, 2005.
[34] F. Ye, H. Luo, J. Cheng, S. Lu, and L. Zhang, "A Two-Tier Data Dissemination Model for Large-Scale Wireless Sensor Network," Proc. Eighth ACM Ann. Conf. Mobile Computing and Networking, pp. 148-159, 2002.
[35] C. Hartung, R. Han, C. Seielstad, and S. Holbrook, "FireWxNet: A Multi-Tiered Portable Wireless System for Monitoring Weather Conditions in Wildland Fire Environments," Proc. ACM MobiSys, pp. 28-41, 2006.
[36] C. Hartung, J. Balasalle, and R. Han, "Node Compromise in Sensor Networks: The Need for Secure Systems," Technical Report CU-CS-990-05, Dept. of Computer Science, Univ. of Colorado, Jan. 2005.
[37] S. Ganeriwal, L.K. Balzano, and M.B. Srivastava, "Reputation-Based Framework for High Integrity Sensor Networks," ACM Trans. Sensor Networks, vol. 4, no. 3, pp. 1-37, , May 2008.
[38] G. Shafer, A Mathematical Theory of Evidence. Princeton Univ., 1976.
[39] K. Liu, J. Deng, P.K. Varshney, and K. Balakrishnan, "An Acknowledgment-Based Approach for the Detection of Routing Misbehavior in MANETs," IEEE Trans. Mobile Computing, vol. 6, no. 5, pp. 536-550, May 2007.

Index Terms:
Local monitoring, misrouting, multihop wireless networks, packet dropping, transmission power control.
Issa Khalil, Saurabh Bagchi, "Stealthy Attacks in Wireless Ad Hoc Networks: Detection and Countermeasure," IEEE Transactions on Mobile Computing, vol. 10, no. 8, pp. 1096-1112, Aug. 2011, doi:10.1109/TMC.2010.249
Usage of this product signifies your acceptance of the Terms of Use.