A Flow Monitoring Scheme to Defend Reduction-of-Quality (RoQ) Attacks in Mobile Ad-hoc Networks

Arunmozhi, S.; Venkataramani, Y.

doi:10.1080/19393555.2010.514651

Cited by 10 publications

(6 citation statements)

References 10 publications

(4 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To stop RoQ attacks on MANETs, Arunmozhi and Venkataramani in [82] have proposed a flow monitoring (FMON) scheme that employs a MAC layer-based detection scheme based on the frequency and retransmission of RTS/CTS and data, as well as a response based on ECN marking. The performance of FMON has been compared to SWAN and SPA-ARA protocols.…”

Section: Previous Methods For Detection Of Roq Attacksmentioning

confidence: 99%

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behaviour therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called lowrate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11'46" and 46'48" to classify the emulated and real traffic datasets, respectively.

show abstract

Section: Previous Methods For Detection Of Roq Attacksmentioning

confidence: 99%

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

et al. 2021

View full text Add to dashboard Cite

show abstract

“…This attack has the aim of reducing service quality to legitimate users. The attacker throttles the network traffic in order to end systems, transmitting high-rate bursts on longer timescales, and flooding the border router queue on which most legitimate user packets are dropped [40]- [43]. The attack target, which in this case can be any transport layer protocol, is what differentiates the Shrew from the RoQ attacks.…”

Section: ) Roq Attackmentioning

confidence: 99%

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

et al. 2022

View full text Add to dashboard Cite

The potential for being the target of Denial of Service (DoS) attacks is one of the most severe security threats on the Internet. Attackers have been modifying their attack format over the years, damaging specific conditions of operating systems and protocols in an attempt to deny or diminish the quality of the service provided to legitimate users. Nowadays, attacks are stealthier and mimic legitimate user traffic in such a way that detection mechanisms against High-rate DoS attacks are no longer sufficient. This evolving type of attack, known as LDoS (Low-rate Denial of Service) attacks, has the potential to produce more damage than its predecessor due to its stealth nature and the lack of suitable detection and defense methods. This survey summarizes and complements previous studies and surveys related to this specific type of attack. First, we propose a taxonomy of the LDoS attacks, which were divided into three broad categories based on their modus operandi: QoS attacks, Slow rate attacks, and Service queue attacks. Next, we detail numerous detection mechanisms and counter-measures available against eight types of LDoS attacks. More specifically, we describe the methods used to throttle the attack traffic. Finally, we provide a feature comparison table for some existing attack tools. This survey aims at providing an extensive review of the literature for helping researchers and network administrators find up-to-date knowledge on LDoS attacks.

show abstract

“…The attacking node at first agrees to forward data packet or messages then fails to do so and starts behaving like a malicious node 8 . At first the attacker node behaves normally and replies true route replies(RREP) messages to other nodes to invoke route request (RREQ) messages and accepts or takes the sending packets and finally drops few or all packets to launch denial of service (DoS) attack 9 . If nodes in the neighborhood try to send data packets over attacking or victim nodes lose connection to target or destination node or network and may want to discover or rebuild a route again by broadcasting route request (RREQ) messages.…”

Section: Packet Drop Attack (Gray Hole)mentioning

confidence: 99%

“…Node 5 cybercasts a RREQ (route request) packet to all its 1-Hop nodes i.e. 4,6,7,8,9 and request for a route to cooperative node Node-6. After receiving a route reply (RREP) from suspected node 4, node 5 sends an enquiry packet to the node 6 via node 4 and confirms from node6 about probe packet.…”

Section: Local Anomaly Detection (Lad)mentioning

confidence: 99%

Detection and Defense Against Packet Drop Attack in MANET

Ahamad¹

2016

ijacsa

View full text Add to dashboard Cite

Abstract-MANET is a temporary network for a specified work and with the enormous growth MANETs it is becoming important and simultaneously challenging to protect this network from attacks and other threats. Packet drop attack or gray hole attack is the easiest way to make a denial of service in these dynamic networks. In this attack the malicious node reflects itself as the shortest path and receives all the packets and drops the selected packets in order to give the user the service that that is not correct. It is a specific kind of attack and protects the network and user from detecting this malicious activity. In this article I have proposed an efficient for step technique that confirms that this attack can be detected and defended with least efforts and resource consumption.

show abstract

A Flow Monitoring Scheme to Defend Reduction-of-Quality (RoQ) Attacks in Mobile Ad-hoc Networks

Cited by 10 publications

References 10 publications

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

Detection and Defense Against Packet Drop Attack in MANET

Contact Info

Product

Resources

About