DISA: Detection and isolation of sneaky attackers in locally monitored multi-hop wireless networks

Issa Khalil, Saurabh Bagchi, Najah Abuali, M. Hayajneh

    Research output: Contribution to journalArticlepeer-review

    1 Citation (Scopus)


    Local monitoring has been demonstrated as a powerful technique for mitigating security attacks in multi-hop ad hoc networks. In local monitoring, nodes overhear partial neighborhood communication to detect misbehavior such as packet drop or delay. However, local monitoring as presented in the literature is vulnerable to a class of attacks that we introduce here called stealthy packet dropping. Stealthy packet dropping disrupts the packet from reaching the destination by malicious behavior at an intermediate node. However, the malicious node gives the impression to its neighbors that it performed the legitimate forwarding action. Moreover, a legitimate node comes under suspicion. We introduce four ways of achieving stealthy packet dropping, none of which is currently detectable. We provide a protocol called DISA, based on local monitoring, to remedy each attack. DISA incorporates two techniques-having the neighbors maintain additional information about the routing path, and adding some checking responsibility to each neighbor. We show through analysis and simulation that basic local monitoring (BLM) fails to efficiently mitigate any of the presented attacks while DISA successfully mitigates them.

    Original languageEnglish
    Pages (from-to)1524-1538
    Number of pages15
    JournalSecurity and Communication Networks
    Issue number12
    Publication statusPublished - Dec 2013


    • Local monitoring
    • Malicious collusion
    • Misrouting
    • Multi-hop wireless networks
    • Packet dropping
    • Transmission power control

    ASJC Scopus subject areas

    • Information Systems
    • Computer Networks and Communications


    Dive into the research topics of 'DISA: Detection and isolation of sneaky attackers in locally monitored multi-hop wireless networks'. Together they form a unique fingerprint.

    Cite this