Elsevier

Computer Communications

Volume 35, Issue 17, 1 October 2012, Pages 2125-2137
Computer Communications

A repeated game approach for analyzing the collusion on selective forwarding in multihop wireless networks

https://doi.org/10.1016/j.comcom.2012.07.006Get rights and content

Abstract

In multihop wireless networks (MWNs), the selective forwarding attack is a special case of denial of service attack. In this attack, the malicious wireless nodes only forward a subset of the received packets, but drop the others. This attack becomes more severe if multiple attackers exist and collude together to disrupt the normal functioning of the secure protocols. By colluding, each attacker can even only drop a little packets, but the overall loss of the path will be high. However, most prior researches on selective forwarding attacks assume the attackers do not collude with each other. Furthermore, the previous works also lack of comprehensive security analysis. In this paper, by utilizing the game theoretic approach, we analyze the collusion in selective forwarding attacks. We first put forward a sub-route oriented punish and reward scheme, and propose an multi-attacker repeated colluding game. Then by static and dynamic analysis of this colluding attack game, we find the sub-game equilibriums which indicate the attackers’ optimal attack strategies. Based on the analysis result, we establish a security policies for multihop wireless networks, to threaten and detect the malicious insider nodes which collude with each other to launch the selective forwarding attacks.

Introduction

The multihop wireless networks (e.g., WMNs, WSNs and MANETs) [1] are vulnerable to various insider attacks [2], [29]. With these insider attacks, the adversary compromises one or more member nodes, and changes them into insider attackers. These malicious insider attackers gain access to the public/private keys, therefore they can bypass the cryptographic system, and launch the attacks from inside of the network. Traditional secure routing protocols such as SAODV [18], Ariadne [19], and EndairA [20] only focus on preventing the attacks from unauthorized outsider nodes, but the attacks by the insider nodes may pose severe threats and may be difficult to defend by only using cryptographic measures [2]. The insider attacks include selective forwarding attacks, sybil attacks, sinkhole attacks, etc. [29]. Among all the insider attacks, those violating the routing stage, play a significant role. In this paper, we investigate the selective forwarding attack, which is a kind of denial of service attack, launched in the routing stage. In this attack, the malicious insider attacker drops subset of data-packets that it received. If the attacker drops every packet it received, it is known as black hole attack [11], [12], [13], [14], [15]. If the attacker selectively drops certain packets, it is called grey hole attack [2], [14] which is more intelligent and harder to detect.

The notion selective forwarding attack is first proposed by Karlof and Wagner [17]. So far, most of the previous researches about selective forwarding attacks only focus on single malicious node detection and are under the assumption that the malicious insider nodes do not collude with each other [2], [7], [10], [11], [12], [13], [14], [15]. Shila et al. propose an upstream neighbor and downstream neighbor joint monitoring scheme to observe the packet dropping behavior of the insider nodes, and distinguish the attackers from normal nodes taking into consideration of the channel quality [2]. Yu and Liu utilize the central limit theorem to find the threshold for maximum tolerable false positive rate, and distinguish the malicious selective dropping from the normal packet loss [7]. Xiao et al. propose a check-point based detection scheme to reveal the grey hole attackers [13]. Ramaswamy et al. present a trustworthiness based algorithm to prevent the black hole attacks [12]. Agarwal et al. construct a backbone network consisting of super power nodes which are responsible for checking the misbehavior of all the insider nodes [14]. Yu et al. propose a distributed monitoring and information sharing scheme to detect black hole nodes [15]. In all of these anti-selective forwarding schemes, the collusion between multiple attackers is not investigated. Moreover, most of them just assume that the selective forwarding attack is launched individually, and attackers do not collude with each other. Articles about Worm Hole attack, such as [21], [22], have investigated the colluding attack scenario, in which the two wormhole attackers use out-band channels or in-band channels to falsify a misbehaving route to bring harm to the wireless network. However, these works only concentrate on wormhole attackers and unauthorized nodes, but do not consider the scenario multiple selective forwarding insiders whose attack is not easy to be distinguished from normal loss rate. Therefore, it is of great importance to analyze the collusion of the selective forwarding attackers, and accordingly propose an effective intrusion detection policy and anti-collusion schemes.

The entities in the multihop wireless networks naturally pursue to optimize their own objectives [3]. Not only the legitimate user but also the malicious attackers want to maximize their utility. Game theory [27] provides a rich set of mathematical tools and models for analyzing multi-criteria optimization problems based on the information structure. There are growing interests in using game theory to solve the cooperation, incentive, optimization and attack-defence analysis problems [3]. Game theory has recently become notably prevalent in wireless network security such as intrusion detection systems (IDS) [28], [29] and cooperation models [2], [7], [5], [10]. Yu et al. design a packet forwarding game [7], and model each two nodes in the network as a pair of opponents, which is inspired by the classic prisoner’s dilemma game [27]. Shila et al. proposes a stochastic game model played between arbitrary source node and intermediate node [9]. Zhang et al. construct a reputation establishment algorithm based on game theory, and analyze the strategies of the defenders in the face of naive/smart attackers [5].

According to the related works, the challenging issues of the researches on selective forwarding attacks mainly fall into the following categories.

According to the related works, the challenging issues of the researches on selective forwarding attacks mainly fall into the following aspects.

First, since the selective forwarding attack is launched from inside of the network, the insider attackers bypass the public key and private key system [29]. Therefore, besides using cryptographic methods as the first line of defence, it is necessary to propose non-cryptographic solutions as a second line of defense [2]. Among those non-cryptographic solutions, game theory is one of the effective mathematical tools to solve the attacker-defender interaction problems. However, how to introduce the traditional game theory into the practical selective forwarding attack scenario, is a challenging topic.

Second, the traditional detection mechanisms against selective forwarding attacks only focus on single attacker detection. However, some smart attackers may collude with each other to launch selective forwarding attack. These smart attackers are autonomous entities. They are not only malicious but also rational [6], [5], [10], [27], [28], which means they can intelligently adjust the packet drop quantities, without being detected. When these rational attackers collude with each other, each of them only drops a few packets which are not easy to detect (this malicious drop is even difficult to distinguish from normal packet loss due to channel problems [2]). However, the total drop quantity from the attacker group still remains very high, which seriously affect the QoS [2], [29] of the multihop wireless network.

At last, most of the previous works on selective forwarding attack lack the security analysis. To detect and defend the collusion in selective forwarding attacks, it is essential to analyze the attack strategies and preferences of the attackers [28]. A security analysis deserving its name is a method that the defender first looks at the maximal damage that an attacker can cause for a specific defence, and then searches for the proper security decisions [8]. To prevent and detect the selective forwarding attacks, we need to construct a clear and specific mathematical model for the real attack scenario, and perform comprehensive analysis of the collusion between the attackers.

In the prior works, the researchers seldom discuss what will happen if multiple attackers exist and collude with each other on selective forwarding. According to the scheme proposed in work [2], in the multihop wireless network, if errors are static or if the errors are considered as average, the network manager can detect any loss rate above the threshold which is derived from the MAC layer collision rate. This scheme works well when some malicious nodes are distributed in the multihop wireless network and do not collude with each other. Even if there are many malicious nodes in one route deployed following a sequence “Good Node—Bad Node—Good Node—Bad Node”, the check packet in this scheme can be used to detect the nodes who are launching various kinds of attacks.

However, the scheme in work [2] does not take into consideration that some smart malicious node may collude with each other. If two malicious nodes sandwich a legitimate node between them, these two malicious nodes can give false record data in the check packet together, and make a false accusation on the legitimate middle node. In this case, the innocent middle node will be punished for the packet losing which is caused by the attackers while the colluding attackers can escape from being detected. Especially, when some attackers are deployed next to each other like a sequence “Good Node—Bad Node—Bad Node—Good Node”, and collude with each other, all these attackers are hard to be detected by this scheme. Furthermore, in [2], the authors proposed the threshold for normal loss to distinguish the attack from normal packet loss, however, in real world, different nodes may face different MAC layer collision levels. Therefore, the threshold may vary for different nodes, which will make the false negative rate increasing. Worse still, each attacker may drop only a small quantity of packet which does not exceed the threshold, however, the total packet loss on the whole sub-route still remains very high.

In this paper, to detect and defence against the colluding attackers, a sub-route oriented reward/punish scheme is proposed, taking into account of the strategies and utilities of the colluding attackers which form a malicious group and launch selective forwarding attacks. In our scheme, the punishment to each colluding attacker is strongly related to the overall performance of this malicious group. Those insider nodes which participated in the colluding attack will be severely punished. This sub-route oriented punish scheme can be utilized to threaten the insider attackers not to collude with each other. Besides the sub-route oriented reward/punishment scheme, a repeated game approach [31] is utilized for a comprehensive security analysis. By extending the classical Cournot model [27], we design a multi-attacker repeated colluding game. Through static and dynamic analysis of this game, we derive the sub-game equilibriums, and show the attackers’ optimal attack strategies, which are different from the single attacker case. Numerical analysis shows the relationship between attackers’ strategies and corresponding utilities. Based on the game theoretic analysis results, thresholds are derived for threatening and detecting the malicious attackers. Then security policies are established to reveal the colluding attackers. The security policies take both one-shot attack and repeated attack into consideration. Moreover, two kinds of different colluding attackers, the smart attacker and naive attackers, can be distinguished by the security policies. This security policies can be used to design a more intelligent and accurate anomaly intrusion detection system for the multihop wireless networks. By using the sub-route oriented and game based defence scheme, even if the malicious nodes are located near each other, collude together and give false data, they will still be punished by the defending mechanism.

Section snippets

System model

In this section, we first describe the scenario of the collusion in selective forwarding attacks. Then, we propose the sub-route oriented reward and punish scheme. After that, we put forward the attacker’s utility function and construct the colluding attack game model. We assume the network is in Promiscuous Mode and the packet drop can be monitored by the IDS systems [29]. By utilizing the upstream and downstream joint monitoring [2], the packet loss rate at each insider node (which may due to

Static analysis

In Section 2, we have proposed the N-attacker colluding attack game model. To obtain the attack strategies and preference of the attackers, we need to find the equilibrium [27], [28] of this colluding attack game. In this section, we will analyze the equilibrium in one-shot colluding attack game. Since the analysis only concentrates on the attack during one stage of communication, it is the so-called static analysis. In this static analysis, the Nash attack strategy as well as the Colluding

Dynamic analysis

In Section 3, we reveal that the collusion cannot be reached in the one-shot attack. In the real network scenario, since the communication between the source and the destination node repeats, the N-attacker selective forwarding attack also repeats. And in each stage of communication, the attack repeats once. In this section, we extend the one-shot static attack game into multi-round dynamic attack game, and find the sub-game equilibrium [27] which indicates the preference of the attackers.

Simulation and numerical analysis

In the previous sections, the colluding attack game is analyzed through theoretical approaches. Given each node’s drop quantity, we can calculate the expected utility of the nodes. For the malicious sub-route, we obtained the formula and constrains which can be used to predict the equilibrium drop quantity for each attacker, and the expected damage that the network may suffer when the attackers rationally choose their equilibrium drop quantity. Notice that the equilibrium drop quantity is the

Detection and defending policies

In the previous sections, we first propose the sub-route oriented reward and punishment scheme to threaten the insider nodes not to collude with each other. Then based on this sub-route oriented reward and punishment, we formalize the interaction between the multiple selective forwarding attackers, and construct the colluding attack game model. Static and dynamic analyses of the attackers’ strategies are given and the attackers’ optimal drop quantities are derived. The experiment and numerical

Impact of attackers’ distribution on security policy

In this subsection, we discuss how the distribution of attackers can have different attack effect, and analyze the effectiveness of proposed schemes and policies when they are confront of various distributions of the attackers. Consider two kinds of distributions. One scenario is that the malicious nodes are deployed next to each other, which is illustrated in Fig. 8-a; the other scenario is that good nodes are sandwiched between the bad nodes, such that: “Good Node—Bad Node—Good Node—Bad Node

Conclusion

Selective forwarding attack is one of the major insider attacks in multihop wireless network. This kind of attack becomes worse if multiple malicious insider nodes collude together to disrupt the normal functioning of the secure protocols. However, most of the previous works only focus on detecting the single selective forwarding attacker, and assume that the attackers do not collude with each other. However, when multiple smart attackers exist in the network, and cooperate with each other, the

Acknowledgments

The first two authors Dong Hao and Xiaojuan Liao are sponsored by the governmental scholarship from China Scholarship Council (CSC). The authors thank anonymous reviewers and the editors who gave valuable and insightful comments.

References (31)

  • B. Xiao et al.

    CHEMAS: Identify suspect nodes in selective forwarding attacks

    Journal of Parallel and Distributed Computing

    (2007)
  • T. Krag and S. Bettrich, Wireless mesh networking. o’reilly wireless dev center, Janurary 20,...
  • D.M. Shila et al.

    Mitigating selective forwarding attacks with a channel-aware approach in WMNs

    IEEE Transactions on Wireless Communications

    (2010)
  • L. Buttyan et al.

    Guest editorial non-cooperative behavior in networking

    IEEE Journal on Selected Areas in Communications

    (2007)
  • M. Felegyhazi, J.-P. Hubaux, Game theory in wireless networks: a tutorial, EPFL Technical Report: LCA-REPORT-2006-002,...
  • N. Zhang et al.

    Maintaining defender’s reputation in anomaly detection against insider attacks

    IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

    (2010)
  • C.F. Chiasserini, P. Nuggehalli, V. Srinivasan, R.R. Rao, Cooperation in wireless ad hoc networks, in: The proceedings...
  • W. Yu et al.

    Game theoretic analysis of cooperation stimulation and security in autonomous mobile ad hoc networks

    IEEE Transactions on Mobile Computing

    (2007)
  • D. Gollmann, From access control to trust management, and back – a petition, in: Proceedings of IFIPTM’2011, 2011,...
  • D.M. Shila, T. Anjali. A game theoretic approach to gray hole attacks in wireless mesh networks, in: The proceedings of...
  • E.A. Panaousis, C. Politis, A game theoretic approach for securing AODV in emergency Mobile Ad Hoc Networks, in:...
  • S. Marti, T.J. Giuli, K. Lai, M. Baker, Mitigating routing misbehavior in mobile ad hoc networks, in: Proc. of...
  • S. Ramaswamy, H. Fu, M. Sreekantaradhya, J. Dixon, and K. Nygard, Prevention of cooperative black hole attack in...
  • P. Agrawal, R.K. Ghosh, S.K. Das, Cooperative black and gray hole attacks in mobile ad hoc networks, in: Proceedings of...
  • C.W. Yu, T.K. Wu, R.H. Cheng, S.C. Chang, A distributed and cooperative black hole node detection and elimination...
  • Cited by (17)

    View all citing articles on Scopus
    View full text