Intelligent Honeypot Agents for Detection of Blackhole Attack in Wireless Mesh Networks

A Wireless Mesh Network (WMN) is a promising means to provide low-cost broadband Internet access. The routing protocols naively assume all nodes in the network to be non-malicious. The open architecture of WMN, multi-hop nature of communication, different management styles, and wireless communication paves way for malicious attackers. The attackers can exploit hidden loopholes in the multipath mesh routing protocol to conduct a suction attack called a “blackhole attack”. The attacker can falsify routing metric such as hop count, shorten transmission time to reach any destination and thereby suck the network traffic.

We propose a novel strategy by employing mobile honeypot agents that utilize their topological knowledge and detect such spurious route advertisements. They are deployed as roaming software agents that tour the network and lure attackers by sending Route Request (RREQ) advertisements. We first examine the threat of an active Blackhole attack, and then, using our intelligent Honeypot mechanism, we try to control it. We collect valuable information on attacker’s strategy from the intrusion logs gathered at the honeypot. We finally evaluate the effectiveness of proposed architecture using simulation in ns-2 for random topology and grid topology. The performance of the proposed detection approach has shown the encouraging results. The performance of the proposed detection scheme is shown to be increased by 80% for grid topology and 77% for random topology.