Detection and Localization of Multiple Spoofing Attackers in Wireless Networks

Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. The project is proposed to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for 1) detecting spoofing attacks; 2) determining the number of attackers when multiple adversaries masquerading as the same node identity; and 3) localizing multiple adversaries. It is proposed to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. It formulates the problem of determining the number of attackers as a multi-class detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data are available, the project explores using the Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. The localization results use a representative set of algorithms that provide strong evidence of high accuracy of localizing multiple adversaries. In addition, a fast and effective mobile replica node detection scheme is proposed using the Sequential Probability Ratio Test. evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings.

[1]  Eylem Ekici,et al.  A Localization-Based Anti-Sensor Network System , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[2]  M. Kayton,et al.  Global positioning system: signals, measurements, and performance [Book Review] , 2002, IEEE Aerospace and Electronic Systems Magazine.

[3]  Richard P. Martin,et al.  The Robustness of Localization Algorithms to Signal Strength Attacks: A Comparative Study , 2006, DCOSS.

[4]  Richard P. Martin,et al.  The limits of localization using signal strength: a comparative study , 2004, 2004 First Annual IEEE Communications Society Conference on Sensor and Ad Hoc Communications and Networks, 2004. IEEE SECON 2004..

[5]  Anish Arora,et al.  Spatial Signatures for Lightweight Security in Wireless Sensor Networks , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[6]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[7]  Wenyuan Xu,et al.  Relationship-based Detection of Spoofing-related Anomalous Traffic , 2009 .

[8]  Richard P. Martin,et al.  A Practical Approach to Landmark Deployment for Indoor Localization , 2006, 2006 3rd Annual IEEE Communications Society on Sensor and Ad Hoc Communications and Networks.

[9]  Avishai Wool,et al.  Lightweight Key Management for IEEE 802.11 Wireless LANs with Key Refresh and Host Revocation , 2005, Wirel. Networks.

[10]  Larry J. Greenstein,et al.  Fingerprints in the Ether: Using the Physical Layer for Wireless Authentication , 2007, 2007 IEEE International Conference on Communications.

[11]  Massimo Bernaschi,et al.  Access points vulnerabilities to DoS attacks in 802.11 networks , 2008, Wirel. Networks.

[12]  Václav Hlavác,et al.  Multi-class support vector machine , 2002, Object recognition supported by user interaction for service robots.

[13]  Jie Zheng,et al.  Estimating the Number of Clusters via System Evolution for Cluster Analysis of Gene Expression Data , 2009, IEEE Transactions on Information Technology in Biomedicine.

[14]  Wade Trappe,et al.  Relationship -based Detection of Spoofing -related Anomalous Traffic in Ad Hoc Networks , 2006, 2006 3rd Annual IEEE Communications Society on Sensor and Ad Hoc Communications and Networks.

[15]  Paramvir Bahl,et al.  RADAR: an in-building RF-based user location and tracking system , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[16]  Wade Trappe,et al.  An authentication framework for hierarchical ad hoc sensor networks , 2003, WiSe '03.

[17]  Richard P. Martin,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[18]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[19]  David R. Cheriton,et al.  Detecting identity-based attacks in wireless networks using signalprints , 2006, WiSe '06.

[20]  Jie Wu,et al.  Secure and efficient key management in mobile ad hoc networks , 2005, 19th IEEE International Parallel and Distributed Processing Symposium.

[21]  Jie Yang,et al.  A theoretical analysis of wireless localization using RF-based fingerprint matching , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[22]  Marco Gruteser,et al.  Wireless device identification with radiometric signatures , 2008, MobiCom '08.

[23]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.