Deducing Malicious Attacks in Disruption Tolerant Networks

Abstract
The intermittent connectivity between nodes to transfer data is exploited using Disruption tolerant networks (DTNs).DTNs are susceptible to flood attacks which limits the network resources. A technique to detect a node has violated its rate limits. Although it is easy to detect the violation of rate limit on the internet and in telecommunication networks where the egress router and base station can account each user’s traffic , it is challenging in DTNs due to lack of communication infrastructure and consistent connectivity. A node moves around and may send data to any contacted node; it is very difficult to count the number of packets or replicas sent out by this node. If an attacker floods more packets or replicas than its limit it has to use the same count in more than one claim according to pigeonhole principle , and this inconsistency may lead to detection .The more traffic an attacker floods , the more likely it will be detected. The detection probability can be flexibly adjusted by system parameters that control the amount of claims exchanged in a contact .To overcomes the probability detection; we introduce the new concept of self –adaptive approach, where the link capacity of each packet is calculated using previous history values and then packets.
Keywords:DTN,Security,Flood Attack, Detection, Learning Automata.
INTRODUCTION
Disruption Tolerant Networks (DTNs) consist of mobile nodes carried by human beings, vehicles etc. DTNs enable data transfer when mobile nodes are only Intermittently connected, making them appropriate for applications where no communication infrastructure is available such as military scenarios and rural areas. Due to lack of consistent connectivity, two nodes can only exchange data when they move into the transmission range of each other (which is called a contact between them).DTNs employ such contact opportunity for data forwarding with “store-carry-and-forward”; i.e., when a node receives some packets, it stores these packets in its buffer, carries them around until it contacts another node, and then forwards them. Since the contacts between nodes are opportunistic and the duration of a contact may be short because of mobility, the usable bandwidth which is only available during the opportunistic contacts is a limited resource. Also, mobile nodes may have limited buffer space. Due to the limitation in bandwidth and buffer space, DTNs are vulnerable to flood attacks. In flood attacks, maliciously or selfishly motivated attackers inject as many packets as possible into the network, or instead of injecting different packets the attacker’s forward replicas of the same packet to as many nodes as possible. For convenience, we call the two types of attack packet flood attack and replica flood Attack, respectively. Flooded packets and replicas can waste the precious bandwidth and buffer resources, prevent benign packets from being forwarded and thus degrade the network service provided to good nodes. Moreover, mobile nodes spend much energy on transmitting/receiving flooded packets and replicas which may shorten their battery life. Therefore, it is urgent to secure DTNs against flood attacks. Although many schemes have been proposed to defend against flood attacks on the Internet and in wireless sensor networks, they assume persistent connectivity and cannot be directly applied to DTNs that have intermittent connectivity. In DTNs, little work has been done on flood attacks despite the many works on routing, data dissemination, black hole attack, wormhole attack, and selfish dropping behavior. We noted that the packets flooded by outsider attacker scan be easily filtered with authentication techniques. However, authentication alone doesn’t work when insider attackers flood packets and replicas with valid signatures.
Thus, it is still an open problem is to address flood attacks in DTNs .In this paper, we employ rate limiting to defend against flood attacks in DTNs. In our approach, each node has a limit over the number of packets that it, as a source node, can send to the network in each time interval. Each node also has a limit over the number of replicas that it can generate for each packet. The two limits are used to mitigate packet flood and replica flood attacks, respectively. If a node violates its rate limits, it will be detected and its data traffic will be filtered. In this way, the amount of flooded traffic can be controlled. Our main contribution is a technique to detect if a node has violated its rate limits. Although it is easy to detect the violation of rate limit on the Internet and in telecommunication networks where the egress router and base station can account each user’s traffic, it is challenging in DTNs due to lack of communication infrastructure and consistent connectivity. Since a node moves around and may send data to any contacted node, it is very difficult to count the number of packets or replicas sent out by this node. Our basic idea of detection is claim-carry-and-check. Each node itself counts the number of packets or replicas that it has sent out, and claims the count to other nodes; the receiving nodes carry the claims around when they move, exchange some claims when they contact, and cross-check if these claims are inconsistent. If an attacker floods more packets or replicas than its limit, it has to use the same count in more than one claim according to the pigeonhole principle, this inconsistency may lead to detection Based on this idea, we use different cryptographic constructions to detect packet flood and replica flood attacks. Because the contacts in DTNs are opportunistic in nature, our approach provides probabilistic detection. The more traffic an attacker floods, the more likely it will be detected. The detection probability can be flexibly adjusted by system parameters that control the amount of claims exchanged in a contact. We provide a lower and upper bound of detection probability and investigate the problem of parameter selection to maximize detection probability under a certain amount of exchanged claims. The effectiveness and efficiency of our scheme are evaluated with extensive trace-driven simulations.