Framework for statistical filtering against DDoS attacks in MANETs

Abstract

A DDoS (Distributed Denial-Of-Service) attack is a distributed, large-scale attempt by malicious users to flood the victim network with an enormous number of packets. This exhausts the victim network of resources such as bandwidth, computing power, etc. The victim is unable to provide services to its legitimate clients and network performance is greatly deteriorated. There are many proposed methods in the literature which aim to alleviate this problem; such as hop-count filtering, rate-limiting and statistical filtering. However, most of these solutions are meant for the wired Internet, and there is little research efforts on mechanisms against DDoS attacks in wireless networks such as MANETs. In this paper, we study the vulnerability of MANETs to DDoS attacks and provide an overview of statistical filtering, which is commonly used as a security mechanism against DDoS attacks in wired networks. We then propose a framework for statistical filtering in MANETs to combat DDoS attacks. © 2005 IEEE.