Active Attacks
These attacks are the attempts to modify data,
gain authentication, or procure authorization by
inserting false packets into the data stream or modifying
the packet transition through the network. Thus, in
active attacks, attacker actively participates to disrupt
the normal operation of the network e.g packet
forwarding attacks [10]. These attacks may further be
classified as external and internal attacks [11]. An
external attack is caused by nodes that do not belong
to the network while an internal attack is an attack
from compromised or hijacked nodes that belong to
the network. Various active attacks are next considered
in detail.
- Packet Dropping: An attacker can either
selectively or completely drop packets to disrupt
the normal operation of the network. If the packets
dropped are both control as well as data packets
then this attack is called a black hole. The gray
hole accounts for dropping only selected
messages e.g. data packets.
- Modification of protocol message fields: Due to
the lack of infrastructure and vulnerability of
wireless links, security in ad hoc networks is
much more difficult than traditional networks.
Building the trust relationship between entities
(nodes) is a fundamental problem in ad hoc
networks, since the availability of servers, which
distribute trust certificates, is not guaranteed in
these dynamic networks. The absence of methods
that determine trust level of a node can help the
malicious nodes/compromised nodes to
participate in route discovery. These may
intercept and filter routing protocol packets to
disrupt communication. In Remote Redirection
attacks, a malicious node diverts the traffic
towards itself by advertising itself as on a shortest
path to the destination node [9]. This is more
prevalent with protocols like AODV. In Denial
of service- DoS) attacks, a malicious node may
modify the source route and create loops in the
network. This type of attack is more prominent
in DSR.
- Impersonation: The attacker node achieves this
by misrepresenting its identity by changing its
own IP or MAC address to that of some other
node, thus, impersonating that node.
- Fabrication: Generation of false error messages
is called fabrication of messages.
|
|
These attacks are difficult to detect. The attacker can achieve
these attacks in three ways.
-
A malicious node can succeed in launching
Denial of Service attack against a benign
node by sending false route failure messages
to the benign nodes. Such nodes then
invalidate the route in their route caches.
-
A node may even poison the route cache,
for example in DSR, by adding routing
information in its own cache by overhearing
transmissions on routes of which it is not a
part. Thus, an attacker may malign the
route cache of a node by sending out wrong
transmissions.
-
A malicious node may cause the overflow
of the routing tables of the nodes by sending
the transmission for nodes that do not
actually exist.
-
Wormhole Attacks: In these attacks, the attacker
receives packet at one point in the network and
tunnels them to another part of the network and
relays them into the network from that point
onwards. In the case of reactive protocols, like
AODV, this attack may be launched by tunneling
every request to target the destination node. It
can cause the “Hello” packets to travel from one
node to another while there may be actually no
link between them.
In Table 1 we summarize various types of attacks
in MANET and techniques used to execute them.
TABLE 1: arious attacks and techniques used to
execute them
Type of Attack |
Technique Used |
|
|
Black hole and Sleep Deprivation |
Incorrect ource route
advertisement with
modification of sequence
number to maximal value |
|
|
Denial of Service and non-relay of packets (Selfishness) |
Packet Dropping |
|
|
Sleep Deprivation |
Malicious Flooding
Injecting data or |
|
|
Routing Loops |
control packets with
incorrect address
(Spoofing) |
|
|
|
|