TY - JOUR
T1 - Network wormhole attacks without a traditional wormhole
AU - Schweitzer, Nadav
AU - Dvir, Amit
AU - Stulman, Ariel
N1 - Publisher Copyright:
© 2023 Elsevier B.V.
PY - 2023/12/1
Y1 - 2023/12/1
N2 - A prudent attacker tries to maximize profits during an attack, taking into account the investment cost for carrying out the attack; a cost which always exists. This includes the effort of information gathering, the energy and work needed to develop the attack, the risk of being exposed etc. The wormhole attack, in which a non-existent path is augmented to the network coaxing naive nodes to route traffic through the attackers, is accepted as one of the most destructive attacks in ad-hoc networks (e.g. MANETs, IoT, WSN, UAVs etc.). This research proposes a method to maximize the profit of the attack and challenges the axiomatic assumption of the wormhole attack protocol. We show that up to a specific point, there is a simpler alternative to the attack that does not require the creation of an additional fictitious link; yet, achieves optimal attack coverage. Simulating multiple network node/edge combinations in NS3, demonstrates how the benefit of every additional dedicated wormhole link is actually small and diminishes as link density increases. Our alternative, based on centrality measures, decreases the chance of being detected by IDS/IPS as no active topology manipulation is taking place.
AB - A prudent attacker tries to maximize profits during an attack, taking into account the investment cost for carrying out the attack; a cost which always exists. This includes the effort of information gathering, the energy and work needed to develop the attack, the risk of being exposed etc. The wormhole attack, in which a non-existent path is augmented to the network coaxing naive nodes to route traffic through the attackers, is accepted as one of the most destructive attacks in ad-hoc networks (e.g. MANETs, IoT, WSN, UAVs etc.). This research proposes a method to maximize the profit of the attack and challenges the axiomatic assumption of the wormhole attack protocol. We show that up to a specific point, there is a simpler alternative to the attack that does not require the creation of an additional fictitious link; yet, achieves optimal attack coverage. Simulating multiple network node/edge combinations in NS3, demonstrates how the benefit of every additional dedicated wormhole link is actually small and diminishes as link density increases. Our alternative, based on centrality measures, decreases the chance of being detected by IDS/IPS as no active topology manipulation is taking place.
KW - Ad-hoc networks
KW - Betweenness centrality
KW - Wormhole attack
UR - http://www.scopus.com/inward/record.url?scp=85172365502&partnerID=8YFLogxK
U2 - 10.1016/j.adhoc.2023.103286
DO - 10.1016/j.adhoc.2023.103286
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:85172365502
SN - 1570-8705
VL - 151
JO - Ad Hoc Networks
JF - Ad Hoc Networks
M1 - 103286
ER -