Analyzing, quantifying, and detecting the blackhole attack in infrastructure-less networks
详细信息 查看全文
- 作者:Christoforos Panosa ; cpanos@di.uoa.grAuthor Vitae ; Chirstoforos Ntantogianb ; dadoyan@unipi.grAuthor Vitae ; Stefanos Malliarosb ; stefmal@unipi.grAuthor Vitae ; Christos Xenakisb ; xenakis@unipi.grAuthor Vitae
- 关键词:Blackhole attack ; MANET ; AODV ; IDS ; CUSUM
- 刊名:Computer Networks
- 出版年:2017
- 出版时间:11 February 2017
- 年:2017
- 卷:113
- 期:Complete
- 页码:94-110
- 全文大小:2306 K
- 卷排序:113
文摘
The blackhole attack is one of the simplest yet effective attacks that target the AODV protocol. Blackhole attackers exploit AODV parameters in order to win route requests, and thus, attract traffic, which they subsequently capture and drop. However, the first part of the attack is often neglected in present literature, while the majority of attempts in detection focus only on the second part of the attack (i.e., packet drop). This paper provides a comprehensive analysis of the blackhole attack, focusing not only on the effects of the attack, but also on the exploitation of the route discovery process. As a result, a new critical attack parameter is identified (i.e., blackhole intensity), which quantifies the relation between AODV's sequence number parameter and the performance of blackhole attacks. In addition, a novel blackhole detection mechanism is also proposed. This mechanism utilizes a dynamic threshold cumulative sum (CUSUM) test in order to detect abrupt changes in the normal behavior of AODV's sequence number parameter. A key advantage of the proposed mechanism is its ability to accurately detect blackhole attacks with a minimal rate of false positives, even if the malicious node selectively drops packets.