Lightweight packet-drop detection for ad hoc networks
First Claim
Patent Images
1. A method for determining nodes suspected of dropping packets, the method comprising:
- creating statistics at a network node in a network, wherein the statistics correspond to a flow of Internet Protocol (IP) packets received at or transmitted from the network node, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of IP packets transmitted from the network node to the neighboring node during a first time period; and
transmitting the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets, wherein the coordination node maintains a suspect-counter entry for each of a plurality of network nodes, and wherein the suspect-counter entry indicates a likelihood that a respective network node is dropping packets, wherein the coordination node is configured to compare a first number of IP packets received by the respective network node and a second number of IP packets transmitted by the respective network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and increment a first suspect-counter entry for the respective network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the respective network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node.
4 Assignments
0 Petitions
Accused Products
Abstract
In packet-drop attacks in ad hoc networks, a malicious network node chooses to selectively drop packets that are supposed to be forwarded, which results in adverse impact on application good-put and network stability. A method and system for detection of packet-drop attacks in ad hoc networks requires network nodes to report statistics on IP flow packets originated, received, or forwarded to neighbors. These statistics are analyzed and correlated to determine nodes suspected of dropping packets.
-
Citations
31 Claims
-
1. A method for determining nodes suspected of dropping packets, the method comprising:
-
creating statistics at a network node in a network, wherein the statistics correspond to a flow of Internet Protocol (IP) packets received at or transmitted from the network node, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of IP packets transmitted from the network node to the neighboring node during a first time period; and transmitting the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets, wherein the coordination node maintains a suspect-counter entry for each of a plurality of network nodes, and wherein the suspect-counter entry indicates a likelihood that a respective network node is dropping packets, wherein the coordination node is configured to compare a first number of IP packets received by the respective network node and a second number of IP packets transmitted by the respective network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and increment a first suspect-counter entry for the respective network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the respective network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network node comprising:
-
a processor configured to create statistics corresponding to a flow of Internet Protocol (IP) packets received at or transmitted from the network node, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of IP packets transmitted from the network node to the neighboring node during a first time period; and a transmitter configured to transmit the statistics from the network node to a coordination node for determining network nodes suspected of dropping packets, wherein the coordination node maintains a suspect-counter entry for each of a plurality of network nodes, and wherein the suspect-counter entry indicates a likelihood that a respective network node is dropping packets, wherein the coordination node is configured to compare a first number of IP packets received by the respective network node and a second number of IP packets transmitted by the respective network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and increment a first suspect-counter entry for the respective network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the respective network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method comprising:
-
receiving statistics at a coordination node from a network node in a network, wherein the statistics correspond to a flow of Internet Protocol (IP) packets received at or transmitted from the network node, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of IP packets transmitted from the network node to the neighboring node during a time period; and analyzing the statistics to determine network nodes suspected of dropping packets, wherein the coordination node maintains a suspect-counter entry for each of a plurality of network nodes, and wherein the suspect-counter entry indicates a likelihood that a respective network node is dropping packets, wherein the analyzing the statistics comprises comparing a first number of IP packets received by the respective network node and a second number of IP packets transmitted by the respective network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and incrementing a first suspect-counter entry for the respective network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the respective network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node. - View Dependent Claims (22, 23, 24)
-
-
25. A coordination node comprising:
-
a receiver configured to receive statistics from a network node, wherein the statistics correspond to a flow of Internet Protocol (IP) packets received at or transmitted from the network node, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of flow packets transmitted from the network node to the neighboring node during a time period; and a processor configured to analyze the statistics to determine network nodes suspected of dropping packets, wherein the processor is configured to maintain a suspect-counter entry for each of a plurality of network nodes at a database, and wherein the suspect-counter entry indicates a likelihood that a respective network node is dropping packets, wherein the processor is configured to compare a first number of IP packets received by the respective network node and a second number of IP packets transmitted by the respective network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and increment a first suspect-counter entry for the respective network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the respective network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node. - View Dependent Claims (26, 27, 28)
-
-
29. A system for determining nodes suspected of dropping packets in a network, the system comprising:
-
a plurality of network nodes configured to report statistics corresponding to a flow of Internet Protocol (IP) packets received at or transmitted from each of the plurality of network nodes, and wherein the statistics include information related to neighboring nodes, the information comprising an IP address of a neighboring node and a number of IP packets transmitted from each of the plurality of network nodes to the neighboring node during a time period; and a coordination node configured to receive the statistics from each of the plurality of network nodes and analyze the statistics to determine network nodes suspected of dropping packets, wherein the coordination node is configured to compare a first number of IP packets received by a first network node of the plurality of network nodes and a second number of IP packets transmitted by the first network node to a third number of IP packets received by a first neighboring node and a fourth number of IP packets transmitted by a second neighboring node, and increment a first suspect-counter entry for a first network node and a second suspect-counter entry for the neighboring node if the number of IP packets transmitted from the first network node to the neighboring node is not equal to a statistic received from the neighboring node indicating a number of IP packets received at the neighboring node. - View Dependent Claims (30, 31)
-
Specification