Detection Mechanisms
Watchdog:
The watchdog method is a strategy proposed before in other studies that detects misbehaving nodes acting alone by maintaining a buffer that contains recently sent packets. When a node forwards a packet, the node’s watchdog ensures that the next node in the path also forwards the packet. The watchdog does this by listening all nodes promiscuously. If the next node does not forward the packet then it is termed as misbehaving. In other words, in this scheme, every packet that is overheard by the watchdog is compared with the packet in the buffer to see if there is a match. A match confirms that the packet has been successfully delivered and it is removed from the buffer. If a packet has remained in the buffer beyond the timeout period, then a failure counter for the node responsible for forwarding the packet is incremented. If this counter exceeds a predetermined threshold then the node is termed as malicious and the network is informed accordingly by a message sent by the node that detects the problem.
We also have developed the Bayesian Watchdog, a tool that merge the watchdog with bayesian filters. It is more robust agains environmental noise but consume more CPU resources.
[Top]
Designed by Jorge Hortelano.
Watchdog for NS-2:
An adaptation of the watchdog presented above to the Network Simulator 2. It is designed to be use with the AODV protocol of this simulator but can easily adapted to other protocols.
[Top]
Designed by Jorge Hortelano.
Reputation:
The reputation method can detect and isolate selfish nodes or black hole attacks in ad hoc networks. The mechanism relies on the principle that a node autonomously (i.e., without communicating with other neighboring nodes) evaluates its neighbours based on the completion of the requested service(s). If the path selected by the routing protocol can no complete a requested service, the confidence on this link is decreased, when is less that the confidence of other link, the node forces the routing protocol to change the selected route. However the price paid to avoid a malicious node can be the selection of a non optimal path, losing overall throughput. To decide if the route is being attacked by a malicious node, the node doing a service request must evaluate if there is a response for that request. For example evaluating the throughput incoming from the destination node (in a web request) or detecting if the connection is established. This technique is a detection method that allows a node knowing if there is any problem in the used path. However, it is unable to determine exactly what is the cause of this misbehavior or which node is behaving maliciously.
[Top]
Designed by Jorge Hortelano.
Reaction Mechanisms
PerRo:
The (Persistent Route) PerRo performs a solution against reiterative blackhole attacks. Conceptually, it acts promoting a route to a persistent state. This mechanism forces a determinate set of node (involved in the same route) to use the same links (even if the routing protocol proposes alternative links to be used) while all of them are available. Technically, it makes a "photo" of the routing table and forces the use of the 1-hop neighbour link towards the destination node. If every node executes this solution, we have a set of persistent links that perform a route. In order to know when stopping the deployment of the policy, it is mandatory knowing the availability state of the route. Periodically, the destination node is heartbeated with ICMP echo requests by every node. If after a configurable time tolerance factor (in seconds) no response is received, the PerRo becomes disabled and notifies a server the policy has expired. In the case that the notification is sent to an upper level so that this last one coordinates the detention of PerRo in the rest of nodes.
[Top]
Designed by Jesús Friginal