Lightweight packet-drop detection for ad hoc networks
First Claim
Patent Images
1. A method of determining nodes suspected of dropping packets in an ad hoc network comprising the steps of:
- creating statistics at network nodes in the ad hoc network regarding IP flow packets originated, received, or forwarded to neighbors; and
analyzing the statistics to determine network nodes suspected of dropping packets.
5 Assignments
0 Petitions
Accused Products
Abstract
In packet-drop attacks in ad hoc networks, a malicious network node chooses to selectively drop packets that are supposed to be forwarded, which results in adverse impact on application good-put and network stability. A method and system for detection of packet-drop attacks in ad hoc networks requires network nodes to report statistics on IP flow packets originated, received, or forwarded to neighbors. These statistics are analyzed and correlated to determine nodes suspected of dropping packets.
39 Citations
16 Claims
-
1. A method of determining nodes suspected of dropping packets in an ad hoc network comprising the steps of:
-
creating statistics at network nodes in the ad hoc network regarding IP flow packets originated, received, or forwarded to neighbors; and
analyzing the statistics to determine network nodes suspected of dropping packets. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An ad hoc network including lightweight packet-drop detection comprising:
-
a plurality of network nodes reporting statistics regarding IP flow packets originated, received, or forwarded to neighbor network nodes; and
at least one coordinator node associated with one or more network nodes for receiving the reports and analyzing the statistics for determining network nodes suspected of dropping packets. - View Dependent Claims (11, 12, 13)
-
-
14. A program storage device, readable by machine, tangibly embodying a program of instructions executable by the machine to cause the machine to perform a method for reporting statistics regarding IP flow packets, comprising the steps of:
-
initiating flow database at node to null;
for each IP packet originated at or transiting node;
check if source and destination IP address pair exists in flow database if flow does not exist;
create new entry for flow (defined by unique source and destination IP address pair);
set Sampling-Start-Time to current time;
increment Received-Packet-Count;
increment Forwarded-Packet-Count for current Next-Hop-IP;
if current Next-Hop-IP does not exist in Next-Hop-Structure, create entry and update;
else, update existing entry;
reset Liveness for flow;
go to check if source and destination IP address pair exists in flow database for next flow step; and
initiate Reporting-Time-Slot;
when current Reporting-Time-Slot ends for all flows in database send report to coordinator node that includes following information obtained from the flow'"'"'s database entry;
source and destination IP, Sampling-Start-Time, Received-Packet-Count, and Next-Hop-Structure;
reduce Liveness in flow'"'"'s database entry by Reporting-Time-Slot;
if Liveness≦
zero, delete flow from database;
else, in the flow'"'"'s database entry, reset Sampling-Start-Time to the current time, Received-Packet-Count to zero, and Forwarded-Packet-Count for all Next-Hop-IP in Next-Hop-Structure to zero; and
go to initiate Reporting-Time-Slot step.
-
-
15. A program storage device, readable by machine, tangibly embodying a program of instructions executable by the machine to cause the machine to perform a method for analyzing statistics for determining network nodes suspected of dropping packets in an ad hoc network, comprising the steps of:
-
for each received message from a network node separate out reports for individual flows within message;
for each individual flow report in message if no entry exists for that flow in Flow-List maintained at coordinator node create new entry for flow (Each Flow-List entry includes a list of nodes (Flow-Node-List) that have sent reports about flow);
start Flow-Timer for flow 704;
if no entry exists for node in Flow-Node-List of Flow-List create new entry for node (Each entry in Flow-Node-List has Report-Duration=(current time−
Sampling-Start-Time), Received-Packet-Count, and Next-Hop-Structure);
else if entry for node exists in Flow-Node-List, then ignore report since it is duplicate (each node sends one report per flow during each Reporting-Time-Slot);
go to separate out reports for individual flows within message step;
when a Flow-Timer expires, for each node entry X in Flow-Node-List belonging to flow;
if Received-Packet-Count is not equal to the sum of Forwarded-Packet-Count for all Next-Hop-IP in Next-Hop-Structure, increment Suspect-Counter for node X by difference/Received-Packet-Count;
for each node entry X in Flow-Node-List belonging to flow for each Next-Hop-IP in Next-Hop-Structure, decrement Received-Packet-Count in Next-Hop-IP'"'"'s Flow-Node-List entry, by Forwarded-Packet-Count in Next-Hop-Structure of X;
for each node entry X in Flow-Node-List belonging to flow if abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count)>
Permissible-Packet-Loss increment Suspect-Counter in Network-Node-List entry for node X, by abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count) and increment Suspect-Counter in Network-Node-List entry for all nodes that list X as Next-Hop-IP in their Flow-Node-List entry, by abs(Received-Packet-Count)/(sum of Forwarded-Packet-Count) 806.else decrement Suspect-Counter in Network-Node-List entry for node X, by Credit-Value and decrement Suspect-Counter in Network-Node-List entry for all nodes that list X as Next-Hop-IP in their Flow-Node-List entry, by Credit-Value;
delete flow entry from unique flow list;
a plurality of network nodes reporting statistics regarding IP flow packets originated, received, or forwarded to neighbor network nodes; and
at least one coordinator node associated with one or more network nodes for receiving the reports and determining network nodes suspected of dropping packets. - View Dependent Claims (16)
-
Specification