In this talk, I will present intruder identification in AODV protocol for establishing routes. By monitoring the routing information, attacks such as false destination sequence numbers are detected. A protocol called RLR (Reverse Labeling Restriction) is presented to identify and isolate the malicious hosts in ad hoc networks. RLR traces back the propagation paths of false routing information through reverse labeling. Model of trust management can be employed in RLR. The mobile hosts reach consistent conclusions on malicious hosts by combining local decisions with knowledge from other hosts. We simulate RLR using ns2. The simulation results show that up to 95% of the normal hosts can successfully identify all attackers. Isolating the malicious hosts through rejecting routing information from them causes a 30% increase in the data delivery ratio. Two parameters, namely, host mobility and the number of independent malicious hosts, are selected to study the effectiveness, accuracy, and overhead of RLR in different network environments. The robustness analysis shows that RLR does not introduce additional vulnerabilities. We believe that RLR can be easily ported to other ad hoc network routing protocols.

We are extending this research to deal with collaborative attacks. Congestion avoidance, wormhole attacks, authentication, and privacy are being studied for routing protocols.