A repeated game approach for analyzing the collusion on selective forwarding in multihop wireless networks
Introduction
The multihop wireless networks (e.g., WMNs, WSNs and MANETs) [1] are vulnerable to various insider attacks [2], [29]. With these insider attacks, the adversary compromises one or more member nodes, and changes them into insider attackers. These malicious insider attackers gain access to the public/private keys, therefore they can bypass the cryptographic system, and launch the attacks from inside of the network. Traditional secure routing protocols such as SAODV [18], Ariadne [19], and EndairA [20] only focus on preventing the attacks from unauthorized outsider nodes, but the attacks by the insider nodes may pose severe threats and may be difficult to defend by only using cryptographic measures [2]. The insider attacks include selective forwarding attacks, sybil attacks, sinkhole attacks, etc. [29]. Among all the insider attacks, those violating the routing stage, play a significant role. In this paper, we investigate the selective forwarding attack, which is a kind of denial of service attack, launched in the routing stage. In this attack, the malicious insider attacker drops subset of data-packets that it received. If the attacker drops every packet it received, it is known as black hole attack [11], [12], [13], [14], [15]. If the attacker selectively drops certain packets, it is called grey hole attack [2], [14] which is more intelligent and harder to detect.
The notion selective forwarding attack is first proposed by Karlof and Wagner [17]. So far, most of the previous researches about selective forwarding attacks only focus on single malicious node detection and are under the assumption that the malicious insider nodes do not collude with each other [2], [7], [10], [11], [12], [13], [14], [15]. Shila et al. propose an upstream neighbor and downstream neighbor joint monitoring scheme to observe the packet dropping behavior of the insider nodes, and distinguish the attackers from normal nodes taking into consideration of the channel quality [2]. Yu and Liu utilize the central limit theorem to find the threshold for maximum tolerable false positive rate, and distinguish the malicious selective dropping from the normal packet loss [7]. Xiao et al. propose a check-point based detection scheme to reveal the grey hole attackers [13]. Ramaswamy et al. present a trustworthiness based algorithm to prevent the black hole attacks [12]. Agarwal et al. construct a backbone network consisting of super power nodes which are responsible for checking the misbehavior of all the insider nodes [14]. Yu et al. propose a distributed monitoring and information sharing scheme to detect black hole nodes [15]. In all of these anti-selective forwarding schemes, the collusion between multiple attackers is not investigated. Moreover, most of them just assume that the selective forwarding attack is launched individually, and attackers do not collude with each other. Articles about Worm Hole attack, such as [21], [22], have investigated the colluding attack scenario, in which the two wormhole attackers use out-band channels or in-band channels to falsify a misbehaving route to bring harm to the wireless network. However, these works only concentrate on wormhole attackers and unauthorized nodes, but do not consider the scenario multiple selective forwarding insiders whose attack is not easy to be distinguished from normal loss rate. Therefore, it is of great importance to analyze the collusion of the selective forwarding attackers, and accordingly propose an effective intrusion detection policy and anti-collusion schemes.
The entities in the multihop wireless networks naturally pursue to optimize their own objectives [3]. Not only the legitimate user but also the malicious attackers want to maximize their utility. Game theory [27] provides a rich set of mathematical tools and models for analyzing multi-criteria optimization problems based on the information structure. There are growing interests in using game theory to solve the cooperation, incentive, optimization and attack-defence analysis problems [3]. Game theory has recently become notably prevalent in wireless network security such as intrusion detection systems (IDS) [28], [29] and cooperation models [2], [7], [5], [10]. Yu et al. design a packet forwarding game [7], and model each two nodes in the network as a pair of opponents, which is inspired by the classic prisoner’s dilemma game [27]. Shila et al. proposes a stochastic game model played between arbitrary source node and intermediate node [9]. Zhang et al. construct a reputation establishment algorithm based on game theory, and analyze the strategies of the defenders in the face of naive/smart attackers [5].
According to the related works, the challenging issues of the researches on selective forwarding attacks mainly fall into the following categories.
According to the related works, the challenging issues of the researches on selective forwarding attacks mainly fall into the following aspects.
First, since the selective forwarding attack is launched from inside of the network, the insider attackers bypass the public key and private key system [29]. Therefore, besides using cryptographic methods as the first line of defence, it is necessary to propose non-cryptographic solutions as a second line of defense [2]. Among those non-cryptographic solutions, game theory is one of the effective mathematical tools to solve the attacker-defender interaction problems. However, how to introduce the traditional game theory into the practical selective forwarding attack scenario, is a challenging topic.
Second, the traditional detection mechanisms against selective forwarding attacks only focus on single attacker detection. However, some smart attackers may collude with each other to launch selective forwarding attack. These smart attackers are autonomous entities. They are not only malicious but also rational [6], [5], [10], [27], [28], which means they can intelligently adjust the packet drop quantities, without being detected. When these rational attackers collude with each other, each of them only drops a few packets which are not easy to detect (this malicious drop is even difficult to distinguish from normal packet loss due to channel problems [2]). However, the total drop quantity from the attacker group still remains very high, which seriously affect the QoS [2], [29] of the multihop wireless network.
At last, most of the previous works on selective forwarding attack lack the security analysis. To detect and defend the collusion in selective forwarding attacks, it is essential to analyze the attack strategies and preferences of the attackers [28]. A security analysis deserving its name is a method that the defender first looks at the maximal damage that an attacker can cause for a specific defence, and then searches for the proper security decisions [8]. To prevent and detect the selective forwarding attacks, we need to construct a clear and specific mathematical model for the real attack scenario, and perform comprehensive analysis of the collusion between the attackers.
In the prior works, the researchers seldom discuss what will happen if multiple attackers exist and collude with each other on selective forwarding. According to the scheme proposed in work [2], in the multihop wireless network, if errors are static or if the errors are considered as average, the network manager can detect any loss rate above the threshold which is derived from the MAC layer collision rate. This scheme works well when some malicious nodes are distributed in the multihop wireless network and do not collude with each other. Even if there are many malicious nodes in one route deployed following a sequence “Good Node—Bad Node—Good Node—Bad Node”, the check packet in this scheme can be used to detect the nodes who are launching various kinds of attacks.
However, the scheme in work [2] does not take into consideration that some smart malicious node may collude with each other. If two malicious nodes sandwich a legitimate node between them, these two malicious nodes can give false record data in the check packet together, and make a false accusation on the legitimate middle node. In this case, the innocent middle node will be punished for the packet losing which is caused by the attackers while the colluding attackers can escape from being detected. Especially, when some attackers are deployed next to each other like a sequence “Good Node—Bad Node—Bad Node—Good Node”, and collude with each other, all these attackers are hard to be detected by this scheme. Furthermore, in [2], the authors proposed the threshold for normal loss to distinguish the attack from normal packet loss, however, in real world, different nodes may face different MAC layer collision levels. Therefore, the threshold may vary for different nodes, which will make the false negative rate increasing. Worse still, each attacker may drop only a small quantity of packet which does not exceed the threshold, however, the total packet loss on the whole sub-route still remains very high.
In this paper, to detect and defence against the colluding attackers, a sub-route oriented reward/punish scheme is proposed, taking into account of the strategies and utilities of the colluding attackers which form a malicious group and launch selective forwarding attacks. In our scheme, the punishment to each colluding attacker is strongly related to the overall performance of this malicious group. Those insider nodes which participated in the colluding attack will be severely punished. This sub-route oriented punish scheme can be utilized to threaten the insider attackers not to collude with each other. Besides the sub-route oriented reward/punishment scheme, a repeated game approach [31] is utilized for a comprehensive security analysis. By extending the classical Cournot model [27], we design a multi-attacker repeated colluding game. Through static and dynamic analysis of this game, we derive the sub-game equilibriums, and show the attackers’ optimal attack strategies, which are different from the single attacker case. Numerical analysis shows the relationship between attackers’ strategies and corresponding utilities. Based on the game theoretic analysis results, thresholds are derived for threatening and detecting the malicious attackers. Then security policies are established to reveal the colluding attackers. The security policies take both one-shot attack and repeated attack into consideration. Moreover, two kinds of different colluding attackers, the smart attacker and naive attackers, can be distinguished by the security policies. This security policies can be used to design a more intelligent and accurate anomaly intrusion detection system for the multihop wireless networks. By using the sub-route oriented and game based defence scheme, even if the malicious nodes are located near each other, collude together and give false data, they will still be punished by the defending mechanism.
Section snippets
System model
In this section, we first describe the scenario of the collusion in selective forwarding attacks. Then, we propose the sub-route oriented reward and punish scheme. After that, we put forward the attacker’s utility function and construct the colluding attack game model. We assume the network is in Promiscuous Mode and the packet drop can be monitored by the IDS systems [29]. By utilizing the upstream and downstream joint monitoring [2], the packet loss rate at each insider node (which may due to
Static analysis
In Section 2, we have proposed the N-attacker colluding attack game model. To obtain the attack strategies and preference of the attackers, we need to find the equilibrium [27], [28] of this colluding attack game. In this section, we will analyze the equilibrium in one-shot colluding attack game. Since the analysis only concentrates on the attack during one stage of communication, it is the so-called static analysis. In this static analysis, the Nash attack strategy as well as the Colluding
Dynamic analysis
In Section 3, we reveal that the collusion cannot be reached in the one-shot attack. In the real network scenario, since the communication between the source and the destination node repeats, the N-attacker selective forwarding attack also repeats. And in each stage of communication, the attack repeats once. In this section, we extend the one-shot static attack game into multi-round dynamic attack game, and find the sub-game equilibrium [27] which indicates the preference of the attackers.
Simulation and numerical analysis
In the previous sections, the colluding attack game is analyzed through theoretical approaches. Given each node’s drop quantity, we can calculate the expected utility of the nodes. For the malicious sub-route, we obtained the formula and constrains which can be used to predict the equilibrium drop quantity for each attacker, and the expected damage that the network may suffer when the attackers rationally choose their equilibrium drop quantity. Notice that the equilibrium drop quantity is the
Detection and defending policies
In the previous sections, we first propose the sub-route oriented reward and punishment scheme to threaten the insider nodes not to collude with each other. Then based on this sub-route oriented reward and punishment, we formalize the interaction between the multiple selective forwarding attackers, and construct the colluding attack game model. Static and dynamic analyses of the attackers’ strategies are given and the attackers’ optimal drop quantities are derived. The experiment and numerical
Impact of attackers’ distribution on security policy
In this subsection, we discuss how the distribution of attackers can have different attack effect, and analyze the effectiveness of proposed schemes and policies when they are confront of various distributions of the attackers. Consider two kinds of distributions. One scenario is that the malicious nodes are deployed next to each other, which is illustrated in Fig. 8-a; the other scenario is that good nodes are sandwiched between the bad nodes, such that: “Good Node—Bad Node—Good Node—Bad Node
Conclusion
Selective forwarding attack is one of the major insider attacks in multihop wireless network. This kind of attack becomes worse if multiple malicious insider nodes collude together to disrupt the normal functioning of the secure protocols. However, most of the previous works only focus on detecting the single selective forwarding attacker, and assume that the attackers do not collude with each other. However, when multiple smart attackers exist in the network, and cooperate with each other, the
Acknowledgments
The first two authors Dong Hao and Xiaojuan Liao are sponsored by the governmental scholarship from China Scholarship Council (CSC). The authors thank anonymous reviewers and the editors who gave valuable and insightful comments.
References (31)
- et al.
CHEMAS: Identify suspect nodes in selective forwarding attacks
Journal of Parallel and Distributed Computing
(2007) - T. Krag and S. Bettrich, Wireless mesh networking. o’reilly wireless dev center, Janurary 20,...
- et al.
Mitigating selective forwarding attacks with a channel-aware approach in WMNs
IEEE Transactions on Wireless Communications
(2010) - et al.
Guest editorial non-cooperative behavior in networking
IEEE Journal on Selected Areas in Communications
(2007) - M. Felegyhazi, J.-P. Hubaux, Game theory in wireless networks: a tutorial, EPFL Technical Report: LCA-REPORT-2006-002,...
- et al.
Maintaining defender’s reputation in anomaly detection against insider attacks
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
(2010) - C.F. Chiasserini, P. Nuggehalli, V. Srinivasan, R.R. Rao, Cooperation in wireless ad hoc networks, in: The proceedings...
- et al.
Game theoretic analysis of cooperation stimulation and security in autonomous mobile ad hoc networks
IEEE Transactions on Mobile Computing
(2007) - D. Gollmann, From access control to trust management, and back – a petition, in: Proceedings of IFIPTM’2011, 2011,...
- D.M. Shila, T. Anjali. A game theoretic approach to gray hole attacks in wireless mesh networks, in: The proceedings of...
Cited by (17)
Utilize DBN and DBSCAN to detect selective forwarding attacks in event-driven wireless sensors networks
2023, Engineering Applications of Artificial IntelligenceEnergy-efficient Security Technique Implementation for Selective Forwarding Attack in WSN
2023, 11th International Conference on Internet of Everything, Microwave Engineering, Communication and Networks, IEMECON 2023Black Hole and Selective Forwarding Attack Detection and Prevention in IoT in Health Care Sector: Hybrid meta-heuristic-based shortest path routing
2021, Journal of Ambient Intelligence and Smart EnvironmentsCTS: A Channel-Aware Trust System to Alleviate the Negative Effects Caused by Sinkhole and Selective Forwarding Attacks in Wireless Sensor Networks
2020, Lecture Notes in Electrical Engineering