Detection of selfish manipulation of carrier sensing in 802.11 networks

Recently, tuning the clear channel assessment (CCA) threshold in conjunction with power control has been considered for improving the performance of WLANs. However, we show that, CCA tuning can be exploited by selfish nodes to obtain an unfair share of the available bandwidth. Specifically, a selfish entity can manipulate the CCA threshold to ignore ongoing transmissions; this increases the probability of accessing the medium and provides the entity a higher, unfair share of the bandwidth. We experiment on our 802.11 testbed to characterize the effects of CCA tuning on both isolated links and in 802.11 WLAN configurations. We focus on AP-client(s) configurations, proposing a novel approach to detect this misbehavior. A misbehaving client is unlikely to recognize low power receptions as legitimate packets; by intelligently sending low power probe messages, an AP can efficiently detect a misbehaving node. Our key contributions are: 1) We are the first to quantify the impact of selfish CCA tuning via extensive experimentation on various 802.11 configurations. 2) We propose a lightweight scheme for detecting selfish nodes that inappropriately increase their CCAs. 3) We extensively evaluate our system on our testbed; its accuracy is 95 percent while the false positive rate is less than 5 percent. © 2012 IEEE

Detecting MAC Misbehavior of IEEE 802.11 Devices within Ultra Dense Wi-Fi Networks

The widespread deployment of IEEE 802.11 has made it an attractive target for potential attackers. The latest IEEE 802.11 standard has introduced encryption and authentication protocols that primarily address the issues of confidentiality and access control. However, improving network availability in the presence of misbehaving stations has not been addressed in the standard. Existing research addresses the problem of detecting misbehavior in scenarios without overlapping cells. However, in real scenarios cells overlap, resulting in a challenging environment for detecting misbehavior. The contribution of this paper is the presentation and evaluation of a new method for detecting misbehavior in this environment. This method is based on an objective function that uses a broad range of symptoms. Simulationresultsindicatethatthisnewapproachisverysensitive to misbehaving stations in ultra dense networks

Detecting MAC Misbehavior of IEEE 802.11 Devices within Ultra Dense Wi-Fi Networks

The widespread deployment of IEEE 802.11 has made it an attractive target for potential attackers. The latest IEEE 802.11 standard has introduced encryption and authentication protocols that primarily address the issues of confidentiality and access control. However, improving network availability in the presence of misbehaving stations has not been addressed in the standard. Existing research addresses the problem of detecting misbehavior in scenarios without overlapping cells. However, in real scenarios cells overlap, resulting in a challenging environment for detecting misbehavior. The contribution of this paper is the presentation and evaluation of a new method for detecting misbehavior in this environment. This method is based on an objective function that uses a broad range of symptoms. Simulationresultsindicatethatthisnewapproachisverysensitive to misbehaving stations in ultra dense networks

Protecting 802.11-Based Wireless Networks From SCTS and JACK Attacks

The convenience of IEEE 802.11-based wireless access networks has led to widespread deployment. However, these applications are predicated on the assumption of availability and confidentiality. Error-prone wireless networks afford an attacker considerable flexibility to exploit the vulnerabilities of 802.11-based mechanism. Two of most famous misbehaviors are selfish and malicious attacks. In this thesis we investigate two attacks: Spurious CTS attack (SCTS) and Jamming ACK attack (JACK). In the SCTS, malicious nodes may send periodic Spurious CTS packets to force other nodes to update their NAV values and prevent them from using the channel. In the JACK, an attacker ruins legitimate ACK packets for the intention of disrupting the traffic flow and draining the battery energy of victim nodes quickly. Correspondingly, we propose solutions: termed Carrier Sensing based Discarding (CSD), and Extended Network Allocation Vector (ENAV) scheme. We further demonstrate the performance of our proposed schemes through analysis and NS2 simulations

Protecting 802.11-Based Wireless Networks From SCTS and JACK Attacks

The convenience of IEEE 802.11-based wireless access networks has led to widespread deployment. However, these applications are predicated on the assumption of availability and confidentiality. Error-prone wireless networks afford an attacker considerable flexibility to exploit the vulnerabilities of 802.11-based mechanism. Two of most famous misbehaviors are selfish and malicious attacks. In this thesis we investigate two attacks: Spurious CTS attack (SCTS) and Jamming ACK attack (JACK). In the SCTS, malicious nodes may send periodic Spurious CTS packets to force other nodes to update their NAV values and prevent them from using the channel. In the JACK, an attacker ruins legitimate ACK packets for the intention of disrupting the traffic flow and draining the battery energy of victim nodes quickly. Correspondingly, we propose solutions: termed Carrier Sensing based Discarding (CSD), and Extended Network Allocation Vector (ENAV) scheme. We further demonstrate the performance of our proposed schemes through analysis and NS2 simulations

Detecting MAC Layer Misbehavior in Wifi Networks By Co-ordinated Sampling of Network Monitoring

Abstract-We present an approach to detect a selfish node in a wireless network by passive monitoring. This does not require any access to the network nodes. Our approach requires deploying multiple sniffers across the network to capture wireless traffic traces among multiple channels. IEEE 802.11 networks support multiple channels and a wireless interface can monitor only a single channel at one time. Thus, capturing all frames passing an interface on all channels is an impossible task, and we need strategies to capture the most representative sample. When a large area is to be monitored, several sniffers must be deployed, and these will typically overlap in their area of coverage. The goals of effective wireless monitoring are to capture as many frames as possible, while minimizing the number of those frames that are captured redundantly by more than one sniffer. The above goals May be addressed with a coordinated sampling strategy that directs neighboring sniffer to different channels during any period. These traces are then analyzed using hidden markov model to infer the misbehavior node in wifi networks

Data analytics methods for attack detection and localization in wireless networks

Wireless ad hoc network operates without any fixed infrastructure and centralized administration. It is a group of wirelessly connected nodes having the capability to work as host and router. Due to its features of open communication medium, dynamic changing topology, and cooperative algorithm, security is the primary concern when designing wireless networks. Compared to the traditional wired network, a clean division of layers may be sacrificed for performance in wireless ad hoc networks. As a result, they are vulnerable to various types of attacks at different layers of the protocol stack. In this paper, I present real-time series data analysis solutions to detect various attacks including in- band wormholes attack in the network layer, various MAC layer misbehaviors, and jamming attack in the physical layer. And, I also investigate the problem of node localization in wireless and sensor networks, where a total of n anchor nodes are used to determine the locations of other nodes based on the received signal strengths. A range-based machine learning algorithm is developed to tackle the challenges --Abstract, page iii