Isolation of Multiple Anonymous Attackers in Mobile Networks

Many mobile wireless networks unintentionally provide opportunity for attackers to launch anonymous attacks or spoof other users, often without fear of being caught. It’s often ideal for network carriers to block all traffic from an attacker, not just the attack traffic, for example to stop any concurrent attacks which cannot be detected by the carrier. We present an approach to detect common attacks at the access point, and leverage this with packet clustering to block all traffic originating from attackers during an attack. To achieve packet clustering, we utilize received signal strength at the access point to properly cluster attack packets according to each unique attacker, and further classify all other packets according to these clusters. Our approach is designed with attacker and legitimate user mobility in mind, low memory overhead, and is scalable to many simultaneous attackers. Our experimental results show very high classification accuracy, sensitivity and specificity.

[1]  Ole J. Mengshoel,et al.  CROSSMobile: A Cross-Layer Architecture for Next-Generation Wireless Systems , 2014 .

[2]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[3]  Rudolf Hornig,et al.  An overview of the OMNeT++ simulation environment , 2008, Simutools 2008.

[4]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  Guiyi Wei,et al.  Detect SYN Flooding Attack in Edge Routers , 2009 .

[6]  Mark Handley,et al.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics , 2001, USENIX Security Symposium.

[7]  Masayuki Murata,et al.  Indoor Localization System using RSSI Measurement of Wireless Sensor Network based on ZigBee Standard , 2006, Wireless and Optical Communications.

[8]  Jie Yang,et al.  Detecting Spoofing Attacks in Mobile Wireless Environments , 2009, 2009 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[9]  Yin Chen,et al.  On the Mechanisms and Effects of Calibrating RSSI Measurements for 802.15.4 Radios , 2010, EWSN.

[10]  Alexander Wessels,et al.  Dynamic indoor localization using multilateration with RSSI in wireless sensor networks for transport logistics , 2010 .

[11]  Andrew G. Dempster,et al.  Differences in RSSI readings made by different Wi-Fi chipsets: A limitation of WLAN localization , 2011, 2011 International Conference on Localization and GNSS (ICL-GNSS).

[12]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.

[13]  David R. Cheriton,et al.  Detecting identity-based attacks in wireless networks using signalprints , 2006, WiSe '06.

[14]  Wei Chen,et al.  An active detecting method against SYN flooding attack , 2005, 11th International Conference on Parallel and Distributed Systems (ICPADS'05).