SWAT: small world-based attacker traceback in ad-hoc networks

Abstract

Mobile ad hoc networks (MANETs) provide a lot of promise for many practical applications. However, MANETs are vulnerable to a number of attacks due to its autonomous nature. DoS/DDoS attacker traceback is especially challenging in MANETs for the lack of infrastructure. In this paper, we propose an efficient on-the-fly search technique, SWAT, to trace back DoS and DDoS attackers in MANETs. Our scheme borrows from small worlds, utilizes the concept of contacts, and use traffic pattern matching (TPM) and traffic volume matching (TVM) techniques. We also propose multi-directional search, in-network processing and query suppression to reduce communication overhead in energy-constrained MANETs and increase traceback robustness against spoofing and collusion. Simulation results show that SWAT successfully traces back DoS and DDoS attacker under reasonable background traffic. In addition, SWAT incurs low communication overhead (22% compared to flooding-based search).