Since in ad hoc networks nodes need to cooperatively forward packets for each other, without necessary countermeasures, such networks are extremely vulnerable to traffic-injection attacks, especially to those attacks launched by insider attackers. Injecting an overwhelming amount of traffic into the network can easily cause network congestion and decrease the network lifetime. In this chapter we focus on traffic-injection attacks launched by insider attackers. After investigating the possible types of traffic-injection attacks, we present two sets of defense mechanisms to combat such attacks. The first set of defense mechanisms is fully distributed, whereas the second is centralized with decentralized implementation. The detection performance of each of the mechanisms is also formally analyzed. Both theoretical analysis and experimental studies have demonstrated that, with such defense mechanisms, there is hardly any gain to be obtained by launching traffic-injection attacks from the attackers' point of view.

Introduction

In this chapter, we study a class of powerful attacks: traffic-injection attacks. Specifically, attackers inject an overwhelming amount of traffic into the network in an attempt to consume valuable network resources, and consequently degrade the network performance. Since, in ad hoc networks, nodes need to cooperatively forward packets for other nodes, such networks are extremely vulnerable to traffic-injection attacks, especially those launched by insider attackers.

Roughly speaking, traffic-injection attacks can be classified into two types: query-flooding attacks and injecting-data-packets attacks (IDPAs). Owing to the changing topology or traffic pattern, nodes in ad hoc networks may need to frequently update their routes, which may require broadcasting route-query messages.