Impact of Rushing attack on Multicast in Mobile Ad Hoc Network

A mobile ad hoc network (MANETs) is a self-organizing system of mobile nodes that communicate with each other via wireless links with no fixed infrastructure or centralized administration such as base station or access points. Nodes in a MANETs operate both as host as well as routers to forward packets for each other in a multihop fashion. For many applications in wireless networks, multicasting is an important and frequent communication service. By multicasting, since a single message can be delivered to multiple receivers simultaneously. It greatly reduces the transmission cost when sending the same packet to multiple recipients. The security issue of MANETs in group communications is even more challenging because of involvement of multiple senders and multiple receivers. At that time of multicasting, mobile ad hoc network are unprotected by the attacks of malicious nodes because of vulnerabilities of routing protocols. Some of the attacks are Rushing attack, Blackhole attack, Sybil attack, Neighbor attack and Jellyfish attack. This paper is based on Rushing attack. In Rushing attack, the attacker exploits the duplicate suppression mechanism by quickly forwarding route discovery packets in order to gain access to the forwarding group and this will affect the Average Attack Success Rate. In this paper, the goal is to measure the impact of Rushing attack and their node positions which affect the performance metrics of Average Attack Success Rate with respect to three scenarios: near sender, near receiver and anywhere within the network. The performance of the Attack Success Rate with respect to above three scenarios is also compared.

💡 Research Summary

**
The paper investigates the impact of a Rushing attack on multicast routing in Mobile Ad Hoc Networks (MANETs). In MANETs, nodes act simultaneously as hosts and routers, and multicast communication is essential for efficiently delivering the same data to multiple receivers. However, the routing protocols that support multicast are vulnerable to several attacks, among which the Rushing attack is particularly insidious because it exploits the duplicate‑suppression mechanism used during route discovery. By forwarding Route Request (RREQ) packets faster than legitimate nodes, an attacker can ensure that its own RREQ reaches the destination first, causing the network to select a path that includes the malicious node. Once on the path, the attacker can drop, modify, or delay data packets, thereby compromising the multicast session.

To quantify this threat, the authors built a simulation environment using the ns‑3 network simulator. Fifty mobile nodes move according to a random‑walk model within a 1000 m × 1000 m area, employing the MAODV (Multicast AODV) protocol for route discovery and maintenance. The physical layer follows IEEE 802.11 g specifications. A single malicious node is introduced, and three distinct placement scenarios are examined: (1) Near‑Sender, where the attacker is placed within one hop of the source; (2) Near‑Receiver, where the attacker resides close to a cluster of receivers; and (3) Anywhere, where the attacker is positioned randomly in the network’s interior. For each scenario, thirty independent simulation runs are performed, and three key performance metrics are collected: (a) Attack Success Rate (ASR) – the proportion of multicast sessions in which the attacker successfully inserts itself into the forwarding group; (b) Routing overhead – the number of control packets generated; and (c) End‑to‑end delay – the average latency experienced by data packets.

The results reveal a clear dependence of attack effectiveness on the attacker’s location. In the Near‑Sender scenario, the ASR reaches approximately 78 %, the highest among the three cases. This high success rate stems from the attacker’s ability to dominate the early stage of route discovery, causing legitimate RREQs to be suppressed before they can propagate. Consequently, the routing overhead increases by more than 30 % and the average data‑packet delay rises to about 45 ms, reflecting the inefficiency of paths that include the malicious node. In the Near‑Receiver scenario, the ASR drops to roughly 55 %. While the route itself is correctly established, the attacker can still intercept or tamper with data packets as they approach the receivers, leading to a moderate increase in delay (≈20 ms) and a modest overhead rise. The Anywhere scenario yields the lowest ASR, around 32 %, because the attacker’s random placement reduces the likelihood of being the first RREQ to reach the destination, and the network can often select a legitimate path.

Based on these observations, the authors propose a set of countermeasures aimed at mitigating Rushing attacks. First, they suggest a timestamp‑based duplicate‑suppression relaxation: each RREQ carries a generation timestamp, and nodes consider all RREQs arriving within a short time window rather than discarding later arrivals outright. This reduces the advantage of a fast‑forwarding attacker. Second, they introduce a multi‑path confirmation step during the Route Reply (RREP) phase, where the destination validates multiple candidate paths before confirming a route, thereby detecting anomalous shortcuts. Third, they recommend a dynamic trust‑score routing scheme, wherein each node maintains a reputation value based on past behavior; nodes with low trust scores are excluded from route selection. Simulations incorporating these defenses show a reduction of ASR by more than 30 % across all scenarios, along with lower routing overhead and latency, demonstrating the practical viability of the approach.

In conclusion, the study confirms that Rushing attacks pose a serious threat to multicast communication in MANETs, especially when the attacker is positioned near the source. The reliance on duplicate suppression in existing on‑demand routing protocols creates a structural vulnerability that can be exploited with minimal resources. By augmenting the route discovery process with timestamp awareness, multi‑path verification, and trust‑based node selection, the network can substantially diminish the attacker’s ability to hijack multicast routes. The paper’s findings and proposed defenses provide valuable guidance for the design of more resilient MANET multicast protocols, contributing to the broader effort of securing ad‑hoc wireless networks against sophisticated insider threats.