Analysis of area-congestion-based DDoS attacks in ad hoc networks

Increased instances of distributed denial of service (DDoS) attacks on the Internet have raised questions on whether and how ad hoc networks are vulnerable to such attacks. This paper studies the special properties of such attacks in ad hoc networks. We examine two types of area-congestion-based DDoS attacks – remote and local attacks – and present in-depth analysis on various factors and attack constraints that an attacker may use and face. We find that (1) there are two types of congestion – self congestion and cross congestion – that need to be carefully monitored; (2) the normal traffic itself causes significant packet loss in addition to the attack impacts in both remote and local attacks; (3) the number of flooding nodes has major impacts on remote attacks while, the load of normal traffic and the position of flooding nodes are critical to local attacks; and (4) given the same number of flooding nodes and attack loads, a remote DDoS attack can cause more damage to the network than a local DDoS attack.