A New Method to Resist Flooding Attacks in Ad Hoc

Networks
Shaomei Li, Qiang Liu, Hongchang Chen, Mantang Tan
National Digital Switching System Research Center, Zhengzhou, 450002, China
{lsm,lq, chc, tmt} @mail.ndsc.com.cn

Abstract 2. Responsive Routing and Flooding Attack

Flooding attack is a novel and powerful attack against 2.1. Responsive Routing
on-demand Ad Hoc routing protocols. At present, FAP
(Flooding Attack Prevention) is the single scheme proposed Responsive routing is also called on-demand routing. It is
to resist such attack. This paper analyses the security hole of a routing algorithm which maintains routes only if needed to
FAP, and presents a new and simpler solution, AMTT transfer data. In responsive protocols, when source node
(Avoiding Mistaken Transmission Table) scheme. In this needs to send data, it initiates rout-finding in the network to
scheme, legal nodes can distinguish illegal nodes and refuse get the right route then uses it to send data. Commonly used
to forward packages for them, so flooding attack can be responsive protocols are DSR[6], AODV [7] and LAR[8] and
defended. Through analysis, AMTT shows it can resist so on. Compared with proactive protocols, responsive
flooding attack at little cost. protocols cost less, and they are used widely.
Let’s take AODV (Ad Hoc On-Demand Distance Vector
Keywords: Mobile Ad Hoc networks, Responsive routing, Routing) as example. When node A wants to send a packet
Flooding attack, FAP to node B without knowing a route to B, node A initiates a
route discovery by flooding Route Request (RREQ), shown
1. Introduction in Fig.1. Each midway node appends own identifier (ID)
when forwarding RREQ and sets up a reverse path pointing
Mobile Ad Hoc network is a new kind of mobile towards the source, shown in Fig.2 (virtual arrow shows
multi-hop wireless network. It does not require any fixed reverse path pointing towards the source node). When the
infrastructure such as base station or administration centre, intended destination, node B receives RREQ, it replies by
but keeps the network connection and data transmission sending a RREP (Route Reply), and does not forward it any
through the cooperation and self- organization among all the more. RREP travels along the reverse path from which
mobile nodes. Routing in Ad Hoc networks is a hotspot RREQ is forwarded, as shown in Fig.3 (solid arrow shows
since its speciality. Several widely-used mature routing the link RREP travels, and virtual arrow shows the link
protocols include OLSR[1], DSR[2], TBRPF[3], AODV[4] and which will be used to send data).
so on. Meanwhile, with the appearance of kinds of attacks,
many routing protocols for Ad Hoc networks based on
security came into being[5][6][7][8].
Flooding attack is a new and typical attack which results
in denial of service when used against all previously
on-demand routing protocols for Ad Hoc networks. Ping Yi
et.al[9] firstly introduced its model and developed FAP
scheme to resist such attack.
To the weakness of FAP, this paper presents AMTT
scheme. In AMTT scheme, each node records the status of Figure1. The forwarding route of RREQ
its related nodes and links at real time, so it can effectively
distinguish illegal nodes and refuse to forward packages for
them. By this way, flooding attacks cannot work.
The rest of the paper is organized as follows. Section 2
introduces responsive routing and the impact of flooding
attack on it. Section 3 describes FAP scheme and analyses it.
Section 4 presents AMTT scheme. Section 5 shows how to
use AMTT to resist the Ad Hoc Flooding Attack, and Figure2. The setup of reverse path
compares it with FAP. Section 6 concludes the paper and
outlines the next work.

1-4244-0517-3/06/$20.00 ©2006 IEEE

1

Figure3. The forwarding route of RREP
Link failures are propagated by means of RERR (Route
Error) messages.
Route Requests are initially sent with Time-to-Live (TTL)
field, to limit their propagation. Whenever RREQ is
forwarded one step, the TTL value is reduced by 1, and the
RREQ whose TTL value is 0 is ineffective and will be
dropped out.
Sequence numbers is used in AODV to determine which
route is newer.
2.2. Flooding Attack and its Effects on Responsive
Routing
Two typical kinds of flooding attack is RREQ flooding
attack and DATA flooding attack.
In RREQ flooding attack, the attacker selects many IP
addresses which do not exist in the networks as destination
addresses. Then it successively originates mass RREQ
messages with max TTL value for these void IP addresses.
Then the whole network will be full of RREQ packets which
the attacker sends. And because these destination addresses
are invalid, no node can answer RREP packets for these
RREQs, the reverse routes in the route table of midway
nodes will be occupied for longer and exhausted soon[2].
In data flooding attack, the attacker firstly sets up paths to
all nodes in the networks, after that, it steams large
quantities of useless data packets to all nodes along these
paths. The excessive data packets in network clog the
network and deplete the available network bandwidth for
communication among other nodes in the network [2].
The resource of nodes in Ad Hoc networks are very
limited, so both attacks are to exhaust the available network
bandwidth for communication so that the other nodes can
not communicate with each other for the congestion in the
network. Especially when attacking node employs RREQ
flooding attack and data flooding attack simultaneously,
network will break out quickly.
3. Analysis on FAP scheme
3.1. FAP scheme
In FAP scheme, neighbor suppression is used to resist
RREQ flooding attack. Node sets up the processing priority
1-4244-0517-3/06/$20.00 ©2006 IEEE
and threshold for RREQs from its neighbor nodes. Each
RREQ’s priority is in inverse proportion to its sending
node’s frequency of sending RREQ. And if a node has many
RREQ packages in its RREQ queue, it will compare each
package’s priority to decide the order to dispose these
RREQs. If any node’s frequency of originating RREQ
exceeds a threshold, its neighbor nodes will not receive the
RREQ from it any more. By this way, attacker couldn’t
implement RREQ flooding attack [2].
Path Cutoff is used in FAP scheme to resist data flooding
attack. When victim node detects data flooding attack, it cuts
off the path from the attacker to prevent the attacker from
continuing flooding attack. Moreover, the victim node
originates RERR message to announce other nodes that the
IP address of attacker unreachable. Then the nodes RERR
passing through will delete the route from the attack to
victim. And when the attacker originates RREQs to set up
paths to other nodes later, other nodes can refuse to by
means of no answering RREP for these RREQs. Then data
flooding attack can be held out [2].
3.2. Analysis on FAP Scheme
1) Comparing each RREQ’s priority to decide forwarding
order is only effective when the traffic in the network is
heavy. And since each RREQ’s priority is depended on its
sender’s frequency of sending RREQ, each node must make
record for every RREQ it receives and reserve space to
calculate sending frequency for its neighbor nodes.
Calculating frequency is a complicate process, which will
burden mobile nodes in Ad Hoc networks.
2) As to data flooding attack, FAP scheme employs passive
defense, it works when data flooding attack is happened and
detected. If many attackers set up routes with many legal
nodes and send large sum of useless data packages
simultaneously, it will cost a lot to implement this scheme,
and easily leads to overwhelming consequences.
3) If two or more attacking nodes cooperate in the network,
and any two set up a link to send large numbers of useless
data packages, this will cause data flooding in Ad Hoc
network, but for both sender and receiver are illegal nodes,
legal nodes cannot sense it then Path Cutoff could not work.
So such attack cannot be resisted.
4. Principle and implement of AMTT scheme
Based on FAP scheme, this paper developed AMTT
scheme.
We focus on bi-directional communication between a pair
of nodes. It is also expected that a one-to-one mapping
between medium access control and IP addresses exists.
Every host can be uniquely identified and its ID cannot be
changed throughout the lifetime of the Ad Hoc network.
Two corresponding nodes take security scheme, such as
shared key or authentication to ensure link only can be built
2
between legal nodes, but medial nodes needn’t to attend the 4.4. Communication Record
authentication process [9].
When a node forwards a data package, such as from A to
4.1. AMTT scheme B, it sets the Communication Record of the item whose
source IP address is A and destination IP address is B in its
In AMTT scheme, each node establishes an avoiding AMTT as 1. In this way, whenever sends a data package,
mistaken transmission table. This table is used to record midway nodes set the corresponding Communication Record
received RREQ packages and enroll existed legal in their AMTTs by 1. For example, when a data package sent
communication routes. by A to B passing T and Q, they change their AMTTs as
Table1. Format of AMTT shown in Table 4.
S IP D IP RREQ Seq Vald Comm Each node periodically(such as 4*(Round Trip Time))
Addr Addr Num Num Indic Rec statistic its AMTT’s each item’s Communication Record,
S IP Addr: Source IP Address; and deletes the item whose increasing value is less than the
D IP Addr: Destination IP Address; average value of all the items’ increasing values. By this way,
RREQ Num: Number of RREQ Packages; if a legal communication is broken off because of the
Seq Num: Sequence Number of RREQ; mobility of destination node or other reasons. The nodes
Vald Indic: Validity Indication, 0 indicates this route is legal, included in the old route will delete these invalid items
1 indicates it is illegal; related to this communication with the lapse of time, and the
Comm Rec: Num of Data Packages Passed Through; resource of AMTT will not be occupied in vain.
Table4. Communication Record
4.2. RREQ Value S IP D IP RREQ Seq Vald Comm
Addr Addr Num Num Indic Rec
When node A wants to send package to node B, it floods A’s IP B’s IP 1 s 1 1
RREQ package. Every node receiving this RREQ adds an
item in its AMTT, fills the source IP address, destination IP 4.5. Deletion of items in AMTT
address, sequence number according to the package, and sets
the RREQ Num as 1. After that, whenever receives a RREQ After two nodes finish their communication, source node
with the same source IP address, destination IP address and will send RANC (Rout Announcement) to intermediate
sequence number, this RREQ Value will increase by 1. All nodes. All the nodes receives RANC will delete
nodes do the same statistic to the received RREQ packages. corresponding items in their AMTTs.
For example, when the RREQ package sent by node A As mentioned in 4.4, if node A and B change to a new link
passes through node T and node Q, these two nodes add an to communicate before the communication is finished, node
item in their own AMTT respectively, as in Table 2. A will not send RANC, so intermediate nodes in the old
Table2. RREQ Value route if not used in the new route will can not update and
S IP D IP RREQ Seq Vald Comm delete the items related to the old route. But since the
Addr Addr Num Num Indic Rec existence of the auto-monitor described in 4.4, these useless
A’s IP B’s IP 1 s NULL NULL items will be deleted with the elapse of time.
4.3. Validity Indication
5. Analysis on AMTT scheme
After node B receives RREQ from A, it adds
corresponding item in its AMTT. Then B sends RREP 5.1. How AMTT Resist Flooding Attack
package whose source IP address is A’s IP address,
destination IP address is B’s IP address and sequence Let’s assume that one node T’s AMTT has n items. Their
number is s through B-Q-T-A to node A. When this RREP Source IP Address, Destination IP Address and RREQ Num
reaches node Q and T, they check its validity. If node B is are respectively ( S i , D i , R V Q i ) , here 0≤i<n.
found legal, they search their AMTTs, and set corresponding Node T periodically (such as average Round Trip Time) and
items’ Validity Indication as 1. Otherwise, they discard this
RREP package and do not set the Validity Indication. For ordinally statistics each source node’s RVQ all =
example, upon receiving RREP sent by legal node B, Node (RVQ 0 + RVQ1 + ⋅ ⋅ ⋅ + RVQ i + … + RVQ n −1 ), the RREQ
Q and T modifies their AMTT items as shown in Table 3.
Table3. Validity Indication number sending from S i to all Di ( i = 01,......,(
， n −1) ). Then
S IP D IP RREQ Seq Vald Comm
it will compare RVQall with its threshold, assume it
Addr Addr Num Num Indic Rec
A’s IP B’s IP 1 s 1 NULL is threshold . If RVQall overruns threshold , node T will

1-4244-0517-3/06/$20.00 ©2006 IEEE 3

search all the Validity Indication and Communication
Record of the items whose Source IP Address is S i . If all
these items’ Validity Indication and Communication Record
are null, it can decide S i as attacker, and refuses to forward
packages from S i any more. Every legal node does the same
thing periodically, so they can distinguish illegal nodes and
resist RREQ flooding attack in time.
Meanwhile, whenever data packages reach node T, node T
will search its AMTT before forwarding it. If there is an item
for this package and its Validity Indication is 1, node T will
forward it, otherwise it will discard it.
Because illegal node can not pass security authentication,
it will not build link with legal nodes. Then its neighbor
nodes’ AMTTs will not have the items whose Validity
Indication is 1 for this node, so no node will forward the
data packages from this illegal node. This successfully
resists data flooding attack.
5.2. The Validity of AMTT scheme
1) Each node uses RREQ value in AMTT to record the
number of RREQ packets sent by neighbor nodes, and
periodically statistics every RREQ Num in the table to
detect whether a RREQ flooding attack is going on.
2) Legal link is enrolled in AMTT, so legal nodes won’t
forward data packages for attacking nodes. It can avoid data
flooding in the origination.
5.3. The comparison of AMTT scheme and FAP
scheme
1) AMTT scheme can resist the attack made by the
corporative work of two or more attacking nodes, which
cannot be solve in FAP scheme.
2) The algorithm in AMTT scheme is simple, and since
the table is dynamically constructed and deleted, it won’t put
much burden on each node.
3) All in all, AMTT scheme is simpler and has high
precision in LANs without high security and in which each
node’s traffic is almost equal, such as many mobile hosts
constructing a temporary conferencing LAN.
1-4244-0517-3/06/$20.00 ©2006 IEEE
6. Conclusion
In this paper, AMTT scheme is proposed to resist flooding
attack on responsive routing. This scheme is simple and can
defend flooding attack at little cost. Compared with FAP
scheme, this scheme nees little calculation and is more
suitable to be used in LANs in which each node’s traffic is
almost equal.
This paper only considers that source node and
destination node using one link to communicate, based on
this, we will do research on how to use more links to
share traffic.
References
[1] Thomas Clausen, Philippe Jacquet, Anis Laouiti et.al,
“Optimized link state routing protocol”, Internet-Draft,
draft-ietf-manet-Olsr-06.txt, September, 2001, Work in progress.
[2] David B. Johnson, David A. Maltz, Yih-Chun Hu, and Jorjeta G.
Jetcheva, “The Dynamic Source Routing Protocol for Mobile Ad
Hoc Networks (DSR)”, Internet-Draft, draft-ietf-manet-dsr-07.txt,
February , 2002, Work in progress.
[3] Richard G. Ogier, Fred L. Templin, Bhargav Bellur, and Mark
G.Lewis, “Topology broadcast based on reverse-path forwarding
(TBRPF)”, Internet-Draft, draft-ietf-manet-tbrpf-05.txt, March,
2002, Work in progress.
[4] Charles E. Perkins, Elizabeth M. Belding-Royer, and Samir R.
Das, “Ad Hoc On Demand Distance Vector (AODV) Routing”,
Internet-Draft, draft-ietf-manetaodv-10.txt, January, 2002, Work in
progress.
[5] Yih-Chun Hu, David B.Johnson, and Adrian Perring, “Secure
Efficient Distance Vector Routing in Mobile Wireless Ad Hoc
Networks”, In Fourth IEEE Workshop on Mobile Computing
Systems and Applica-tions(WMCSA ’02),June, 2002.
[6] Panagiotis Papadimitratos and Zygmunt J.Haas, “Secure
Routing for Mobile Ad Hoc Networks”, In SCS Communication
Networks and Distributed systems Modeling and Simulation
Conference (CNDS 2002), January, 2002.
[7] Adrian Perring, Robert Szewczyk, and Victor Wen.et.al “SPINS:
Security Protocols for Sense Network”, In Seventh Annual ACM
International Conference on Mobile Computing and
Networds(MobiCom 2001), July, 2001.
[8] Mael Guerrero Zapata and N.Asokan, “Securing Ad Hoc
Routing Protocols”, In Proceedings of the ACM Workshop on
Wireless Security(WiSe 2002), September, 2002.
[9] Ping Yi, Zhoulin Dai, and Yiping Zhong, et.al, “Resisting
flooding attacks in Ad Hoc networks”, In proceedings of
International Conference on Information Technology: Coding and
Computing (ITCC'05), April, 2005.
4