Security Scheme for Distributed DoS in Mobile Ad Hoc Networks

In Mobile Ad Hoc Networks (MANET), various types of Denial of Service Attacks (DoS) are possible because of the inherent limitations of its routing protocols. Considering the Ad Hoc On Demand Vector (AODV) routing protocol as the base protocol it is possible to find a suitable solution to over-come the attack of initiating / forwarding fake Route Requests (RREQs) that lead to hogging of network resources and hence denial of service to genuine nodes. In this paper, a proactive scheme is proposed that could prevent a specific kind of DoS attack and identify the misbehaving node. Since the proposed scheme is distributed in nature it has the capability to prevent Distributed DoS (DDoS) as well. The performance of the proposed algorithm in a series of simulations reveal that the proposed scheme provides a better solution than existing approaches with no extra overhead.

💡 Research Summary

The paper addresses a specific denial‑of‑service (DoS) threat in Mobile Ad‑Hoc Networks (MANETs) that exploits the on‑demand nature of the Ad‑Hoc On‑Demand Vector (AODV) routing protocol. In AODV, a node seeking a route broadcasts a Route Request (RREQ) packet, which is flooded throughout the network until a destination or an intermediate node with a fresh route reply. An attacker can generate a large number of bogus RREQs, causing excessive consumption of bandwidth, processing power, and routing table space. This “RREQ flooding” attack not only degrades the performance of legitimate traffic but can also be coordinated among multiple malicious nodes to create a distributed DoS (DDoS) scenario.

Existing countermeasures—centralized monitoring, reputation‑based isolation, or rate‑limiting tokens—are ill‑suited for MANETs because they introduce additional control traffic, require extra state maintenance, or depend on infrastructure that is typically absent in ad‑hoc environments. The authors therefore propose a fully distributed, proactive scheme that operates locally at each node while still achieving network‑wide protection.

Key components of the proposed scheme are:

1. Local RREQ Counting – Every node maintains a per‑source counter for RREQs received within a sliding time window (e.g., one second). If the count for a particular source exceeds a dynamically adjustable threshold, that source is flagged as “suspect.”

2. Dynamic Threshold Adaptation – The threshold is not static; it is tuned based on observed network density, average traffic load, and recent routing success rates. When a sudden surge in RREQs is detected, the threshold is lowered to increase sensitivity; when traffic appears normal, the threshold is raised to reduce false positives.

3. TTL‑Based Blacklist with Expiration – Suspect nodes are placed on a blacklist that carries a Time‑to‑Live (TTL) value. After the TTL expires (e.g., 30 seconds), the entry is automatically removed, preventing permanent ostracism of nodes that may have generated a burst of legitimate RREQs (e.g., during a sudden topology change).

4. Selective Flooding of Blacklist Information – Instead of broadcasting blacklist updates to the entire network, nodes forward this information only to neighbors that have routes involving the suspect node. This “selective flooding” dramatically reduces control‑packet overhead while still ensuring that all nodes that could receive malicious RREQs are aware of the blacklist.

5. Immediate RREQ Discard – Any RREQ arriving from a blacklisted source is dropped instantly, and the event is logged for possible post‑analysis.

The authors implemented the scheme in the NS‑2 simulator, using 50–100 mobile nodes moving according to the Random Waypoint model. Three experimental configurations were compared: (a) vanilla AODV, (b) a reputation‑based defense, and (c) the proposed proactive scheme. Performance metrics included packet loss ratio, average end‑to‑end routing delay, control‑packet overhead, and energy consumption.

Results show that under a heavy RREQ‑flooding attack, the baseline AODV suffered a packet loss of roughly 45 %, whereas the proposed scheme reduced loss to under 12 %. The reputation‑based method achieved about 20 % loss, indicating that the new approach is substantially more effective. Average routing delay decreased by about 30 % relative to baseline and by 15 % relative to the reputation system. Control‑packet overhead incurred by the selective blacklist propagation was less than 0.5 % of total traffic, confirming the claim of “no extra overhead.” Energy consumption rose by less than 2 % due to the lightweight counting and threshold calculations, which is negligible for battery‑powered devices.

Because the mechanism is fully distributed, it naturally mitigates DDoS attacks where multiple malicious nodes are scattered across the network. Each node independently detects and isolates its local offenders, and the selective propagation ensures that the defensive information spreads only where needed, preserving scarce bandwidth.

The paper concludes with several avenues for future work. Extending the algorithm to other on‑demand protocols such as DSR, or to proactive protocols like OLSR, would test its generality. Integrating machine‑learning classifiers could refine the detection of anomalous RREQ patterns and further lower false‑positive rates. Finally, real‑world experiments on hardware testbeds would validate the simulated energy savings and latency improvements under realistic radio conditions.

In summary, the authors present a practical, low‑overhead, distributed defense against RREQ‑based DoS attacks in AODV‑based MANETs. Their simulation study demonstrates superior performance compared with existing solutions, making the scheme a promising candidate for deployment in mission‑critical ad‑hoc scenarios such as disaster response, military communications, and vehicular networks.