Page 1 |
Save page Remove page | Previous | 1 of 151 | Next |
|
small (250x250 max)
medium (500x500 max)
Large (1000x1000 max)
Extra Large
large ( > 500x500)
Full Resolution
All (PDF)
|
This page
All
|
A PROTOCOL FRAMEWORK FOR ATTACKER TRACEBACK IN
WIRELESS MULTI-HOP NETWORKS
by
Yongjin Kim
A Dissertation Presented to the
FACULTY OF THE GRADUATE SCHOOL
UNIVERSITY OF SOUTHERN CALIFORNIA
In Partial Fulfillment of the
Requirements for the Degree
DOCTOR OF PHILOSOPHY
(COMPUTER ENGINEERING)
December 2006
Copyright 2006 Yongjin Kim
Object Description
| Title | A protocol framework for attacker traceback in wireless multi-hop networks |
| Author | Kim, Yongjin |
| Author email | v2yjkim@gmail.com |
| Degree | Doctor of Philosophy |
| Document type | Dissertation |
| Degree program | Computer Engineering |
| School | Viterbi School of Engineering |
| Date defended/completed | 2006-07-24 |
| Restricted until | Unrestricted |
| Date published | 2006-09-27 |
| Advisor (committee chair) | Helmy, Ahmed |
| Advisor (committee member) |
Govindan, Ramesh Krishnamachari, Bhaskar |
| Abstract | Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problem in wireless networks due to its limited network/host resources. Attacker traceback is a promising solution to take a proper countermeasure near the attack origin, for forensics and to discourage attacker from launching attacks. However, attacker traceback in wireless multi-hop networks is a challenging problem and existing IP traceback schemes developed for the Internet cannot be directly applied to wireless multi-hop networks due to the peculiar characteristics of wireless multi-hop networks, i.e., dynamic network topology, limited network resources, and mobility. We introduce a protocol framework for attacker traceback that is geared towards wireless multi-hop networks, robust against address spoofing and node compromise, and node mobility. The basic building block of our protocol framework consists of abnormality characterization, abnormality searching, and abnormality matching. Abnormality characterization is further divided into network-layer abnormality monitoring, MAC-layer abnormality monitoring, and hybrid abnormality monitoring. For efficient abnormality searching, we propose directional searching that is based on small-world model. We use correlation coefficient, least-square method, and K-S fitness test for abnormality matching. In addition, our protocol framework includes spatio-temporal fusion architecture to detect mobile attack. Traceback of mobile attack is a challenging problem that we identified and solved in this dissertation. In mobile wireless multi-hop networks, it is important to detect and track down mobile attackers to prevent false traceabck result and find current location of attacker. It is especially challenging in the context of mobile DDoS attack. Lastly, we analyze how mobility model affects the traceback performance. We find that traceback performance drastically varies depending on the mobility model.; We show that our hybrid protocol successfully tracks down attacker under diverse network environment (e.g., high background traffic, DDoS attack, and partial node compromise) with low communication, computation, and memory overhead. |
| Keyword | network security; attacker traceback; denial of service |
| Language | English |
| Part of collection | University of Southern California dissertations and theses |
| Publisher (of the original version) | University of Southern California |
| Place of publication (of the original version) | Los Angeles, California |
| Publisher (of the digital version) | University of Southern California. Libraries |
| Type | texts |
| Legacy record ID | usctheses-m44 |
| Contributing entity | University of Southern California |
| Rights | Kim, Yongjin |
| Repository name | Libraries, University of Southern California |
| Repository address | Los Angeles, California |
| Repository email | cisadmin@dots.usc.edu |
| Filename | etd-Kim-20060927 |
| Archival file | uscthesesreloadpub_Volume11/etd-Kim-20060927-0.pdf |
Description
| Title | Page 1 |
| Contributing entity | University of Southern California |
| Repository email | cisadmin@dots.usc.edu |
| Full text | A PROTOCOL FRAMEWORK FOR ATTACKER TRACEBACK IN WIRELESS MULTI-HOP NETWORKS by Yongjin Kim A Dissertation Presented to the FACULTY OF THE GRADUATE SCHOOL UNIVERSITY OF SOUTHERN CALIFORNIA In Partial Fulfillment of the Requirements for the Degree DOCTOR OF PHILOSOPHY (COMPUTER ENGINEERING) December 2006 Copyright 2006 Yongjin Kim |
