Detecting Flooding Attack and Accommodating Burst Traffic in Delay-Tolerant Networks

Delay-tolerant network (DTN) is developed to cope with intermittent connectivity and long delay in wireless networks. Due to limited connectivity, DTN is vulnerable to flooding attack in which malicious nodes flood the network with superfluous data to deplete the network resources. Existing works mitigate internal flooding attacks by rate limit to constrain the number of messages that nodes can generate per time slot. However, rate limit cannot flexibly accommodate burst traffic in which nodes may have sending demands higher than the rate limit for a short period. In this paper, we propose flooding detection based on encounter records (FDER) to detect flooding attack and yet allow legitimate burst traffic simultaneously. Nodes exchange their histories of encounter records (ER), which record the sentmessages during their previous encounters. The ER history is used to infer a node's new message transmission rate over time and the number of forwarded replicas per message. The adversary nodes that send too many messages or replicas can thus be detected. Since ERs serve as useful tools for monitoring the sending behavior of nodes over a long time period, FDER could detect the burst traffic violation efficiently. We also design fairness policy (FP)-a fairness forwarding policy to ensure fairness in the delivery performance fairness between nodes with normal traffic and those with burst traffic. FP uses ER information to observe nodes' rate of new message generation and adjust their forwarding priorities accordingly. Simulation results show that FDER can detect flooding attack at a higher accuracy and a lower delay compared to a state-of-the-art scheme with affordable overhead. Moreover, FP could mitigate the smart flooding attack and still provide the performance fairness to support bursty traffic scenario.