CapMan: Capability-Based Defense Against Multi-Path Denial of Service (DoS) Attacks in MANET
This paper presents a capability-based security mechanism called CapMan. The authors' approach is designed to prevent Denial-of-Service (DoS) attacks on wireless communications, particularly against multi-path communication in Mobile Adhoc NETworks (MANETs). CapMan offers a mechanism for a per flow, distributed bandwidth control by all the participating nodes along multiple communication paths. By exchanging summary capability messages, each node can maintain a global view of the overall throughput of flows in the network, and then dynamically adjust local constraints to prevent potential DoS attacks against a specific node or the network.