Lightweight packet-drop detection for ad hoc networks
First Claim
Patent Images
1. A method for determining nodes suspected of dropping packets in a network, the method comprising:
- creating statistics at a network node in an ad hoc network, wherein the statistics correspond to an Internet Protocol (IP) flow packet received at or transmitted from the network node, and wherein the statistics include a next hop structure comprising an IP address of a next-hop neighboring node and a number of flow packets transmitted from the network node to the next-hop neighboring node during a first time period;
transmitting the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets;
storing the statistics in a database maintained by the network node; and
deleting a non-active flow from the database according to a timer corresponding to the non-active flow, wherein the statistics include the timer.
5 Assignments
0 Petitions
Accused Products
Abstract
In packet-drop attacks in ad hoc networks, a malicious network node chooses to selectively drop packets that are supposed to be forwarded, which results in adverse impact on application good-put and network stability. A method and system for detection of packet-drop attacks in ad hoc networks requires network nodes to report statistics on IP flow packets originated, received, or forwarded to neighbors. These statistics are analyzed and correlated to determine nodes suspected of dropping packets.
12 Citations
4 Claims
-
1. A method for determining nodes suspected of dropping packets in a network, the method comprising:
-
creating statistics at a network node in an ad hoc network, wherein the statistics correspond to an Internet Protocol (IP) flow packet received at or transmitted from the network node, and wherein the statistics include a next hop structure comprising an IP address of a next-hop neighboring node and a number of flow packets transmitted from the network node to the next-hop neighboring node during a first time period; transmitting the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets; storing the statistics in a database maintained by the network node; and deleting a non-active flow from the database according to a timer corresponding to the non-active flow, wherein the statistics include the timer.
-
-
2. A method for determining nodes suspected of dropping packets in a network, the method comprising:
-
creating statistics at a network node in an ad hoc network, wherein the statistics correspond to an Internet Protocol (IF) flow packet received at or transmitted from the network node, and wherein the statistics include a next hop structure comprising an IP address of a next-hop neighboring node and a number of flow packets transmitted from the network node to the next-hop neighboring node during a first time period; transmitting the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets; storing the statistics in a database maintained by the network node; and wherein the creating statistics further comprises; comparing a first flow identification corresponding to a source address of the IP flow packet and a destination address of the IP flow packet to a plurality of flow identifications stored in the database; and creating a new entry in the database corresponding to the first flow identification if the first flow identification does not match one of the plurality of flow identifications stored in the database.
-
-
3. A network node of an ad hoc network, the network node comprising:
-
a processor configured to create statistics corresponding to an Internet Protocol (IP) flow packet received at or transmitted from the network node, and wherein the statistics include a next hop structure comprising an IP address of a next-hop neighboring node and a number of flow packets transmitted from the network node to the next-hop neighboring node during a time period; and a transmitter configured to transmit the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets; wherein the processor is further configured to store the statistics in a database maintained by the network node and to delete a non-active flow from the database according to a timer corresponding to the non-active flow, and wherein the statistics include the timer.
-
-
4. A network node of an ad hoc network, the network node comprising:
-
a processor configured to create statistics corresponding to an Internet Protocol (IP) flow packet received at or transmitted from the network node, and wherein the statistics include a next hop structure comprising an IP address of a next-hop neighboring node and a number of flow packets transmitted from the network node to the next-hop neighboring node during a time period; and a transmitter configured to transmit the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets; wherein the processor is further configured to; store the statistics in a database maintained by the network node; compare a first flow identification corresponding to a source address of the IP flow packet and a destination address of the IP flow packet to a plurality of flow identifications stored in the database; and create a new entry in the database corresponding to the first flow identification if the first flow identification does not match one of the plurality of flow identifications stored in the database.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeNytell Software LLC (Intellectual Ventures LLC)
-
Original AssigneeTelcordia Licensing Co LLC (Telefonaktiebolaget LM Ericsson)
-
InventorsFarooq, Anjum, Talpade, Rajesh R.
-
Primary Examiner(s)Taylor; Barry W
-
Application NumberUS11/299,570Publication NumberTime in Patent Office1,597 DaysField of Search370/252, 370/254, 370/232, 370/235US Class Current370/252CPC Class CodesH04L 2463/143 Denial of service attacks i...H04L 41/142 using statistical or mathem...H04L 43/067 using time frame reportingH04L 43/0829 Packet lossH04L 43/16 Threshold monitoringH04L 63/1425 Traffic logging, e.g. anoma...H04W 12/122 Counter-measures against at...H04W 40/00 Communication routing or co...H04W 84/18 Self-organising networks, e...
