Congestion-Based RoQ DDoS Attacking and Defense Scheme in Mobile Ad Hoc Networks

Congestion-targeted RoQ (reduction of quality of service) DDoS (distributed denial of service) attacking is discussed in details for the first time. The principle of attacking is pointed out on the basis of the analysis of network capacity. The four categories of the attacking patterns such as pulsing attacking, round robin attacking, self-whisper attacking and flooding attacking, are also described. The defense schemes are proposed, which include the detection of three signals, such as RTS/CTS packets, signal interference frequency and retransmission times, and response scheme with ECN (explicit congestion notification) marking method. The extensive NS2 simulation results show that the pulsing attacking mode leads to the great jitter of the goodput and delay. The increasing of delay and decreasing of goodput becomes obvious with the addition of attacking flows. The delay performance goes up to 110 times and goodput performance drops down to 77.42% when five attacking flows with the same rate occur. The complicated topology is more vulnerable and the distribution of attacking nodes will generate more obvious impacts. The dropping packets are also growing corresponding with the addition of attacking flows, because of IFQ (interface queue) overflow and routing overhead.