Detecting Misbehavior in MANETs Through CrossLayer Analysis

1
Detecting Misbehavior in MANETs Through
Cross-Layer Analysis
Jim Parker, Anand Patwardhan, Anupam Joshi
1. MANET
2. Assumptions
3. Routing Example
B
dgram_in
A
dgram_out
C
Datagram dgram_in has Source IP address, x ? U
B,C Destination IP address, y ? U B,C
MAC source, mac(u), u ? U B,C MAC
destination, mac(B) Corresponding dgram_out must
have Source IP address, x Destination IP
address, y MAC source, mac(B) MAC destination,
mac(u), u ? U B,C

• Persistent identities
• Symmetric channels
• Promiscuous snooping
• No central authority
• Limited/intermittent
• Internet connection

• Mobile Ad hoc Network
• Limited radio range (i.e. 802.11 30m)
• Self configuring
• Each node is a router
• No static infrastructure
• PDAs, cell phones, cars

Challenges

• Distributed detection
• Malicious vs. Selfish behavior
• Open medium of communication
• Reaction
• Forgiveness/redemption
• Colluding malicious nodes

4. Detection
Src
B to D heard by A, C D to E heard by B, C
A
Dst
E
5. Processing
B
D
Trust evolution, reputation management, recourse
C
Malicious Detection
Commendations Accusations (to other devices)

• Variables
• Accurate neighbor table
• Malicious thresholds
• Collisions
• RERR

Application
Packet dropping, mangling, injection
Transport
Routing attacks, disruptions
Link
Unfair contention, jamming
MAC/PHY
Response