naa a22 4500 510796559 CHVBK 20180411083338.0 cr unu---uuuuu 180411e20131101xx s 000 0 eng 10.1007/s11277-013-1297-3 doi (NATIONALLICENCE)springer-10.1007/s11277-013-1297-3 Capability-Based Defenses Against DoS Attacks in Multi-path MANET Communications [Elektronische Daten] [Quan Jia, Kun Sun, Angelos Stavrou] We present the design, implementation, and evaluation of CapMan, a capability-based security mechanism that prevents denial-of-service (DoS) attacks against mobile ad-hoc networks (MANETs). In particular, our approach is designed to mitigate insider attacks that exploit multi-path routing to flood with packets on other participating nodes in the network. CapMan is instantiated on every node and enforces capability limits that effectively regulate the traffic for all end-to-end network flows. Each capability is issued and advertised by the capability distribution module, and is globally maintained via the capability enforcement logic. By periodically exchanging small usage summaries, all cooperating nodes are informed of the global network state in a scalable and consistent manner. The distribution of summaries empowers individual nodes to make informed decisions and regulate traffic as dictated by the per-flow capabilities across multiple dynamic routing paths. We implemented a prototype of CapMan as a module of the NS2 simulator. We conducted extensive simulations with the prototype using AOMDV as the underlying multi-path routing protocol. Both theoretical analysis and experimental results validate that our mechanism can effectively curtail sophisticated DoS attacks that target multi-path routing in MANETs. We can protect the overall network health even when both the initiator and the responder are malicious insiders and collude in an attempt to deprive the network of valuable resources. Finally, our results show that CapMan introduces relatively small and configurable network overhead and imposes minimal impact on non-attacking traffic flows. Springer Science+Business Media New York, 2013 MANETs nationallicence DoS attacks nationallicence Multi-path nationallicence Capability nationallicence Jia Quan Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut Sun Kun Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut Stavrou Angelos Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut Wireless Personal Communications Springer US; http://www.springer-ny.com 73/1(2013-11-01), 127-148 0929-6212 73:1<127 2013 73 11277 https://doi.org/10.1007/s11277-013-1297-3 text/html Onlinezugriff via DOI 1 research-article jats NATIONALLICENCE 856 40 https://doi.org/10.1007/s11277-013-1297-3 text/html Onlinezugriff via DOI NATIONALLICENCE 700 1- Jia Quan Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut NATIONALLICENCE 700 1- Sun Kun Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut NATIONALLICENCE 700 1- Stavrou Angelos Center for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA aut NATIONALLICENCE 773 0- Wireless Personal Communications Springer US; http://www.springer-ny.com 73/1(2013-11-01), 127-148 0929-6212 73:1<127 2013 73 11277 Metadata rights reserved Springer special CC-BY-NC licence nationallicence BK010053 XK010053 XK010000 NATIONALLICENCE NATIONALLICENCE NL-springer