Network wormhole attacks without a traditional wormhole

Nadav Schweitzer, Amit Dvir, Ariel Stulman

Research output: Contribution to journalArticlepeer-review


A prudent attacker tries to maximize profits during an attack, taking into account the investment cost for carrying out the attack; a cost which always exists. This includes the effort of information gathering, the energy and work needed to develop the attack, the risk of being exposed etc. The wormhole attack, in which a non-existent path is augmented to the network coaxing naive nodes to route traffic through the attackers, is accepted as one of the most destructive attacks in ad-hoc networks (e.g. MANETs, IoT, WSN, UAVs etc.). This research proposes a method to maximize the profit of the attack and challenges the axiomatic assumption of the wormhole attack protocol. We show that up to a specific point, there is a simpler alternative to the attack that does not require the creation of an additional fictitious link; yet, achieves optimal attack coverage. Simulating multiple network node/edge combinations in NS3, demonstrates how the benefit of every additional dedicated wormhole link is actually small and diminishes as link density increases. Our alternative, based on centrality measures, decreases the chance of being detected by IDS/IPS as no active topology manipulation is taking place.

Original languageEnglish
Article number103286
JournalAd Hoc Networks
StatePublished - 1 Dec 2023


  • Ad-hoc networks
  • Betweenness centrality
  • Wormhole attack


Dive into the research topics of 'Network wormhole attacks without a traditional wormhole'. Together they form a unique fingerprint.

Cite this