RESEARCH ARTICLE Bloom-filter based IP-CHOCK detection scheme for denial of service attacks in VANET Karan Verma * and Halabi Hasbullah Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Malaysia ABSTRACT Vehicular ad hoc networks (VANETs) have drawn increasing attention in recent years due to their wide range of applications. At the present time, vehicle communication is exposed to many security threats, such as denial of service (DoS) attacks. In these attacks, a malicious node forges a large number of fake identities. Internet Protocol (IP) spoofing addresses is to disrupt the proper functioning of the fair data transfer between two fast moving vehicles. In this paper, IP spoofing addresses of DoS attacks have been detected and defended by using the Bloom-filter based IP-CHOCK detection method, which provides the availability of a service for the legitimate vehicles in the VANET. The IP spoofing addresses in the DoS attacks committed by fraud and malicious nodes have also been investigated. This method provides a secure communication as well as frees the bandwidth. This proposed approach requires fewer resources and is easy to deploy. Simulation results have shown that this method is efficient and effective to detect and defend against DoS attacks in the VANET. Specifically, this method provides faster detec- tion time, lower storage capacity, and computational cost. Copyright © 2014 John Wiley & Sons, Ltd. KEYWORDS Internet Protocol (IP); Bloom-filter (BF); hash function; User Datagram Protocol (UDP); VANET *Correspondence Karan Verma, Dept. of Computer & Information Sciences, Universiti Teknologi PETRONAS, Malaysia. E-mail: karan.verma.phd@gmail.com 1. INTRODUCTION The mass production of internet enabled personal mobile phones, and an unprecedented growth in the number of Internet service providers has made the Internet commonly accessible to everyone. This can enhance the criminal’s ability to perform unlawful or unethical activities including attacks on vehicles and other personal mobile applications. The most common denial of service (DoS) attacks are the User Datagram Protocol (UDP) SYN flood attack and Internet Protocol (IP) spoofing addresses attack [1]. Vehicle drivers have no ability to predict the conditions ahead on the road, such as the speed of other vehicles, traf- fic congestion, and other possible risks. Therefore, vehicles crash on the roads because of traffic congestion and other possible risks [2]. This is an important issue. These risks can be reduced with the aid of sensors, computer equip- ment, wireless communication devices, and other techno- logically equipped devices on the vehicles. By using this equipment and devices, vehicle drivers can foresee the speed of other vehicles, traffic congestion, and other possi- ble risks. So, many researchers have been working in the area of vehicular ad hoc networks (VANET) systems, and they can provide safe, clean, and comfortable traveling on the roads, secure communication between fast moving vehicles and limit the number of fatalities [3,4]. Unique characteristics of VANET systems are the high mobility, rapidly changing network topology caused by the high traveling speed of the nodes, constrained patterns due to the restricted roads, and limitations of bandwidth due to the absence of a central coordinator that controls nodes. Others are the disconnection problems owing to frequent fragmentation in the network and signal fading which is caused by obstacles between the communicating nodes [5–7]. An attempt to make a mobile resource or a service unavailable to its intended users is called DoS attacks [8]. First, the attacker can control a large number of vulnerable hosts on the Internet by compromising them as shown in Figure 1. The attacker can use these vulnerable hosts to send a huge number of packets to the victim vehicles simultaneously. During DoS attacks, massive amounts of traffic arrive at the target of the victim vehicles. The target is either the vehicle’s network service or the vehicles them- selves. The victim services are disrupted because of the huge amount of traffic. The computational overhead is increased because of the lack of infrastructure and difficulties involved in providing comprehensive coverage for all roads because SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks (2014) Published online in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.1043 Copyright © 2014 John Wiley & Sons, Ltd.