Open Access

ZSBT: A Novel Algorithm for Tracing DoS Attackers in MANETs

EURASIP Journal on Wireless Communications and Networking20062006:096157

Received: 24 August 2005

Accepted: 3 April 2006

Published: 6 June 2006


Denial of service (DoS) attack is a major class of security threats today. They consume resources of remote hosts or network and make them deny or degrade services for legitimate users. Compared with traditional Internet, the resources, such as bandwidth, memory, and battery power, of each node are more limited in mobile ad hoc networks (MANETs). Therefore, nodes in MANETs are more vulnerable to DoS attacks. Moreover, attackers in MANETs cannot only use IP spoofing to conceal their real identities but also move arbitrarily, which makes it a challenging task to trace a remote attacker in MANETs. In this paper, we proposed a zone sampling-based traceback (ZSBT) algorithm for tracing DoS attackers in MANETs. In our algorithm, when a node forwards a packet, the node writes its zone ID into the packet with a probability. After receiving these packets, the victim can reconstruct the path between the attacker and itself. Simulations were carried out to illustrate the validity of the algorithm; even with a little communication overhead.


Authors’ Affiliations

Department of Computer Science and Technology, Tsinghua University
Department of Computer Science, Georgia State University, University Plaza


  1. Wrona K: Distributed security: ad hoc networks & beyond. Proceedings of Ad Hoc Networks Security Pampas Workshop, September 2002, Rhul, London, UKGoogle Scholar
  2. Stone R: CenterTrack: an IP overlay network for tracking DoS floods. Proceedings of 9th USENIX Security Symposium, August 2000, Denver, Colo, USA 199-212.Google Scholar
  3. Ferguson P, Senie DNetwork Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing. RFC 2267, 1998Google Scholar
  4. Savage S, Wetherall D, Karlin A, Anderson T: Practical network support for IP traceback. Proceedings of the ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication (SIGCOMM '00), September 2000, Stockholm, Sweden 295-306.View ArticleGoogle Scholar
  5. Bellovin S, Leech M, Taylor T: ICMP Traceback Messages. IETF Internet Draft, Version 4, February 2003Google Scholar
  6. Zeng X, Bagrodia R, Gerla M: GloMoSim: a library for parallel simulation of large-scale wireless networks. Proceedings of 12th Workshop on Parallel and Distributed Simulation (PADS '98), May 1998, Banff, Alberta, Canada 154-161.Google Scholar
  7. Lee HCJ, Thing VLL, Xu Y, Ma M: ICMP traceback with cumulative path, an efficient solution for IP traceback. Proceedings of 5th International Conference on Information and Communications Security (ICICS '03), October 2003, Huhehaote, China 124-135.Google Scholar
  8. Thing VLL, Lee HCJ, Sloman M, Zhou J: Enhanced ICMP traceback with cumulative path. Proceedings of 61st IEEE Vehicular Technology Conference (VTC '05), May-June 2005, Stockholm, Sweden 4: 2415-2419.Google Scholar
  9. Kim Y, Helmy A: SWAT: small world-based attacker traceback in Ad-hoc networks. Proceedings of IEEE Infocom Poster/Demo Session (INFOCOM '05), March 2005, Miami, Fla, USAGoogle Scholar
  10. Helmy A: Contact-extended zone-based transactions routing for energy-constrained wireless ad hoc networks. IEEE Transactions on Vehicular Technology 2005,54(1):307-319. 10.1109/TVT.2004.839671View ArticleGoogle Scholar


© Xin Jin et al. 2006

This article is published under license to BioMed Central Ltd. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.