By Topic

Detecting Wormhole Attacks in Mobile Ad Hoc Networks through Protocol Breaking and Packet Timing Analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Gorlatova, M.A. ; Commun. Res. Center, Ottawa Univ., Ont. ; Mason, P.C. ; Wang, M. ; Lamont, L.
more authors

We have implemented a fully-functional wormhole attack in an IPv6 802.11b wireless mobile ad hoc network (MANET) test bed running a proactive routing protocol. Using customised analysis tools we study the traffic collected from the MANET at three different stages: i) regular operation, ii) with a "benign" wormhole joining distant parts of the network, and iii) under stress from wormhole attackers who control a link in the MANET and drop packets at random. Our focus is on detecting anomalous behaviour using timing analysis of routing traffic within the network. We first show how to identify intruders based on the protocol irregularities that their presence creates once they begin to drop traffic. More significantly, we go on to demonstrate that the mere existence of the wormhole itself can be identified, before the intruders begin the packet-dropping phase of the attack, by applying simple signal-processing techniques to the arrival times of the routing management traffic. This is done by relying on a property of proactive routing protocols- that the stations must exchange management information on a specified, periodic basis. This exchange creates identifiable traffic patterns and an intrinsic "valid station" fingerprint that can be used for intrusion detection

Published in:

Military Communications Conference, 2006. MILCOM 2006. IEEE

Date of Conference:

23-25 Oct. 2006