CATCH: A protocol framework for cross-layer attacker traceback in mobile multi-hop networks

Flooding-type Denial-of-Service (DoS) and Distributed DoS (DDoS) attacks can cause serious problems in mobile multi-hop networks due to its limited network/host resources. Attacker traceback is a promising solution to take a proper countermeasure near attack origins, for forensics and to discourage attackers from launching the attacks. However, attacker traceback in mobile multi-hop networks is a challenging problem. Existing IP traceback schemes developed for the fixed networks cannot be directly applied to mobile multi-hop networks due to the peculiar characteristics of the mobile multi-hop networks (e.g., dynamic/autonomous network topology, limited network/host resources such as memory, bandwidth and battery life). We introduce a protocol framework for attacker traceback, CATCH, geared towards mobile multi-hop networks utilizing MAC and network cross-layer approach. We also perform systematic risk analysis on mobile multi-hop networks. Based on the risk analysis, we extend CATCH for a mobile attacker traceback scheme. We show that CATCH successfully tracks down attacker under diverse mobile multi-hop network environment with low communication, computation, and memory overhead. We provide comprehensive evaluation of our proposed protocols through extensive simulations.