Mobi-watchdog: you can steal, but you can't run!

Recent years have witnessed widespread use of mobile devices such as cell phones, laptops, and PDAs. In this paper, we propose an architecture called Mobi-Watchdog to detect mobility anomalies of mobile devices in wireless networks that track their locations regularly. Given the past mobility records of a mobile device, Mobi-Watchdog uses clustering techniques to identify the high-level structure of its mobility and then trains a HHMM (hierarchical hidden Markov model). Mobi-Watchdog raises an alert by requesting the device holder to reauthenticate himself when it finds an observed mobility trace significantly deviates from the trained model. The time complexity of the original generalized Baum-Welch algorithm, which is used for HHMM parameter reestimation, scales linearly with T3, where T is the number of locations in an observed sequence. Such a high computational cost can significantly impede deployment of Mobi-Watchdog in large-scale wireless networks in practice. To achieve better scalability, we modify this algorithm to make it scale linearly with T instead. Experimental results with realistic mobility traces demonstrate that Mobi-Watchdog detects mobility anomalies with high probability and reasonably low false alarm rates. We also show that Mobi-Watchdog has very low computational overhead, which makes it a viable candidate for mobility anomaly detection in large wireless networks.

[1]  Henry A. Kautz,et al.  Extracting Places and Activities from GPS Traces Using Hierarchical Conditional Random Fields , 2007, Int. J. Robotics Res..

[2]  Yang Xiao,et al.  Detection of Fraudulent Usage in Wireless Networks , 2007, IEEE Transactions on Vehicular Technology.

[3]  Qun Liu,et al.  HHMM-based Chinese Lexical Analyzer ICTCLAS , 2003, SIGHAN.

[4]  Stefan Schönfelder Some notes on space, location and travel behaviour , 2001 .

[5]  Ivan Stojmenovic,et al.  Handbook of Wireless Networks and Mobile Computing , 2002 .

[6]  Albert-László Barabási,et al.  Understanding individual human mobility patterns , 2008, Nature.

[7]  Kyandoghere Kyamakya,et al.  On the user profiles and the prediction of user movements in wireless networks , 2002, The 13th IEEE International Symposium on Personal, Indoor and Mobile Radio Communications.

[8]  S. vanDongen Graph Clustering by Flow Simulation , 2000 .

[9]  Kevin P. Murphy,et al.  Linear-time inference in Hierarchical HMMs , 2001, NIPS.

[10]  Thomas Kunz,et al.  An activity-based mobility model and location management simulation framework , 1999, MSWiM '99.

[11]  Cecilia Mascolo,et al.  An ad hoc mobility model founded on social network theory , 2004, MSWiM '04.

[12]  Kevin C. Almeroth,et al.  Towards realistic mobility models for mobile ad hoc networks , 2003, MobiCom '03.

[13]  Yoram Singer,et al.  The Hierarchical Hidden Markov Model: Analysis and Applications , 1998, Machine Learning.

[14]  Victor C. M. Leung,et al.  Enhancing security using mobility-based anomaly detection in cellular mobile networks , 2006, IEEE Trans. Veh. Technol..

[15]  Anton J. Enright,et al.  An efficient algorithm for large-scale detection of protein families. , 2002, Nucleic acids research.

[16]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.