A wireless ad hoc network has an autonomous structure in which network nodes scattered around without the help of specific infrastructure communicate and cooperate with one another through wireless media. In a wireless ad hoc network, all the nodes perform a series of routing processes during communication and deliver messages to the final destination. That is, for a message to be transmitted from the original sender to the final destination, multiple nodes repeat the process of receiving the message from the previous node and sending it to the next node. Accordingly, if one of the nodes misbehaves during the message transmission delivery process, communication cannot be made properly. Misbehavior is an intentional damage to the network by not following the routing process and by causing the loss of messages. Most of misbehaviors bring damages such as denial of service to the network. For example, if all packets to be delivered by a malicious node disguised as a normal node are discarded, all communication sessions that use a route including the node cannot get service. This type of attacks includes black hole, gray hole (selective forwarding), wormhole, message blocking, and message delivery to a wrong path.
Such attacks are detected by the method of network monitoring that watches continuously whether messages are delivered properly to the next hop. This method basically uses watchdog. Watchdog observes through overhearing, which is a characteristic of communication technology based on wireless media, whether the node at the next hop delivers the message, which has been passed by the watchdog to the hop, to its next hop accurately. However, the use of watchdog has the difficulty that each message transmission has to be overheard continuously. Furthermore, it should have information on all messages transmitted. There are also technical limitations in watchdog itself.
Thus, in this study, we reviewed problems in previous researches, and as a solution for the problems, proposed a new monitoring method that does not use overhearing watchdog. The proposed method can detect attacks in a more effective way while solving problems in the existing watchdog method. In the proposed method, each node accumulates statistical data on messages that it has processed in the communication process. Based on information accumulated in itself and neighbor nodes to be monitored, each node determines whether a neighbor node under monitoring is normal or damaging the network through frequent wrong routing behaviors. An experiment using a network simulator showed that the proposed method is more efficient than other existing methods.
Wormhole attack is one of the most severe threats to ad hoc networks. There have been many researches to overcome the wormhole attack. These researches, however, still have some limitations to handle wormhole attacks properly such as burden of computation, complicated pre-work for each communication, and no defense method. In this study, we propose an effective wormhole attack defense mechanism that can properly detect wormhole attacks and respond to them. Each node maintains its neighbors’ information. According to the information, each node can identify replayed packet. We analyze the effectiveness of the proposed method and the efficiency of the approach by using traffic and memory space measure.