Data analytics methods for attack detection and localization in wireless networks

Wireless ad hoc network operates without any fixed infrastructure and centralized administration. It is a group of wirelessly connected nodes having the capability to work as host and router. Due to its features of open communication medium, dynamic changing topology, and cooperative algorithm, security is the primary concern when designing wireless networks. Compared to the traditional wired network, a clean division of layers may be sacrificed for performance in wireless ad hoc networks. As a result, they are vulnerable to various types of attacks at different layers of the protocol stack. In this paper, I present real-time series data analysis solutions to detect various attacks including in- band wormholes attack in the network layer, various MAC layer misbehaviors, and jamming attack in the physical layer. And, I also investigate the problem of node localization in wireless and sensor networks, where a total of n anchor nodes are used to determine the locations of other nodes based on the received signal strengths. A range-based machine learning algorithm is developed to tackle the challenges --Abstract, page iii

MAC Layer Misbehavior Effectiveness and Collective Aggressive Reaction Approach

Abstract-Current wireless MAC protocols are designed to provide an equal share of throughput to all nodes in the network. However, the presence of misbehaving nodes (selfish nodes which deviate from standard protocol behavior in order to get higher bandwidth) poses severe threats to the fairness aspects of MAC protocols. In this paper, we investigate various types of MAC layer misbehaviors, and evaluate their effectiveness in terms of their impact on important performance aspects including throughput, and fairness to other users. We observe that the effects of misbehavior are prominent only when the network traffic is sufficiently large and the extent of misbehavior is reasonably aggressive. In addition, we find that performance gains achieved using misbehavior exhibit diminishing returns with respect to its aggressiveness, for all types of misbehaviors considered. We identify crucial common characteristics among such misbehaviors, and employ our learning to design an effective measure to react towards such misbehaviors. Employing two of the most effective misbehaviors, we study the effect of collective aggressiveness of non-selfish nodes as a possible strategy to react towards selfish misbehavior. Particularly, we demonstrate that a collective aggressive reaction approach is able to ensure fairness in the network, however at the expense of overall network throughput degradation

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Detection of selfish manipulation of carrier sensing in 802.11 networks

Recently, tuning the clear channel assessment (CCA) threshold in conjunction with power control has been considered for improving the performance of WLANs. However, we show that, CCA tuning can be exploited by selfish nodes to obtain an unfair share of the available bandwidth. Specifically, a selfish entity can manipulate the CCA threshold to ignore ongoing transmissions; this increases the probability of accessing the medium and provides the entity a higher, unfair share of the bandwidth. We experiment on our 802.11 testbed to characterize the effects of CCA tuning on both isolated links and in 802.11 WLAN configurations. We focus on AP-client(s) configurations, proposing a novel approach to detect this misbehavior. A misbehaving client is unlikely to recognize low power receptions as legitimate packets; by intelligently sending low power probe messages, an AP can efficiently detect a misbehaving node. Our key contributions are: 1) We are the first to quantify the impact of selfish CCA tuning via extensive experimentation on various 802.11 configurations. 2) We propose a lightweight scheme for detecting selfish nodes that inappropriately increase their CCAs. 3) We extensively evaluate our system on our testbed; its accuracy is 95 percent while the false positive rate is less than 5 percent. © 2012 IEEE

Collaboration Enforcement In Mobile Ad Hoc Networks

Mobile Ad hoc NETworks (MANETs) have attracted great research interest in recent years. Among many issues, lack of motivation for participating nodes to collaborate forms a major obstacle to the adoption of MANETs. Many contemporary collaboration enforcement techniques employ reputation mechanisms for nodes to avoid and penalize malicious participants. Reputation information is propagated among participants and updated based on complicated trust relationships to thwart false accusation of benign nodes. The aforementioned strategy suffers from low scalability and is likely to be exploited by adversaries. To address these problems, we first propose a finite state model. With this technique, no reputation information is propagated in the network and malicious nodes cannot cause false penalty to benign hosts. Misbehaving node detection is performed on-demand; and malicious node punishment and avoidance are accomplished by only maintaining reputation information within neighboring nodes. This scheme, however, requires that each node equip with a tamper-proof hardware. In the second technique, no such restriction applies. Participating nodes classify their one-hop neighbors through direct observation and misbehaving nodes are penalized within their localities. Data packets are dynamically rerouted to circumvent selfish nodes. In both schemes, overall network performance is greatly enhanced. Our approach significantly simplifies the collaboration enforcement process, incurs low overhead, and is robust against various malicious behaviors. Simulation results based on different system configurations indicate that the proposed technique can significantly improve network performance with very low communication cost

Protecting 802.11-Based Wireless Networks From SCTS and JACK Attacks

The convenience of IEEE 802.11-based wireless access networks has led to widespread deployment. However, these applications are predicated on the assumption of availability and confidentiality. Error-prone wireless networks afford an attacker considerable flexibility to exploit the vulnerabilities of 802.11-based mechanism. Two of most famous misbehaviors are selfish and malicious attacks. In this thesis we investigate two attacks: Spurious CTS attack (SCTS) and Jamming ACK attack (JACK). In the SCTS, malicious nodes may send periodic Spurious CTS packets to force other nodes to update their NAV values and prevent them from using the channel. In the JACK, an attacker ruins legitimate ACK packets for the intention of disrupting the traffic flow and draining the battery energy of victim nodes quickly. Correspondingly, we propose solutions: termed Carrier Sensing based Discarding (CSD), and Extended Network Allocation Vector (ENAV) scheme. We further demonstrate the performance of our proposed schemes through analysis and NS2 simulations