RECOGNIZING AND DISCOVERING SPOOFING ATTACKS FOR MOBILE ADHOC NETWORK

Similar documents
Detection and Localization of Multiple Spoofing Attackers in Wireless Networks Using Data Mining Techniques

Detection and Localization of Multiple Spoofing Attackers in Wireless Network

Spoofing Detection in Wireless Networks

Detection and Localization of Multiple Spoofing using GADE and IDOL in WSN. U.Kavitha 1.

Detection and Localization of Multiple Spoofing Attackers in Wireless Networks

Detecting and localizing multiple spoofing attackers in wireless network

Detecting, Determining and Localizing Multiple Spoofing Attackers in Wireless Networks

Detecting and Identifying the Location of Multiple Spoofing Adversaries in Wireless Network

SURVEY OF IDENTIFICATION TECHNIQUES OF ADVERSARY ATTACKS IN WIRELESS SENSOR NETWORK

Detection of Spoofing Attack and Localization of Multiple Adversaries in WSN

DETECTING, DETERMINING AND LOCALIZING MULTIPLE ATTACKS IN WIRELESS SENSOR NETWORK - MALICIOUS NODE DETECTION AND FAULT NODE RECOVERY SYSTEM

[Manjrekar*, 4(11): November, 2015] ISSN: (I2OR), Publication Impact Factor: 3.785

Detection and Localization of Multiple Spoofing Attackers Using Cluster Analysis in Wireless Network

Detection and Localization of Multiple Spoofing Attackers in Wireless Networks

Spoofing Attacks in wireless Sensor Networks

Multiple Spoofing Identification For Network Level Security

DETECTION AND LOCALIZATION OF MULTIPLE SPOOFING ATTACKERS FOR MOBILE WIRELESS NETWORKS

Detection, Localization And Prevention Of Spoofing Attacks In Wireless Network

Spoofing Attacks Detection and Localizing Multiple Adversaries in Wireless Networks

Cluster-Based Intrusion Detection Technique for Wireless Networks

Detection of Sybil Attack in Wireless Sensor Network

Detection and Prevention of Impersonation Attack in Wireless networks

@IJMTER-2016, All rights Reserved ,2 Department of Computer Science, G.H. Raisoni College of Engineering Nagpur, India

Wireless Network Security Spring 2011

Introduction and Statement of the Problem

REPUTATION BASED ZONE TRUST DETECTION AND SWATT REVOCATION METHOD USING SPRT IN SENSOR NETWORKS

EFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)

A Survey on Detection and Localization of Multiple Spoofing Attackers in Wireless Networks

Detection and Localization of Spoofing in Wireless and Sensor Networks

International Journal of Advanced Engineering Research and Science (IJAERS) [Vol-1, Issue-2, July 2014] ISSN:

Analysis of Black-Hole Attack in MANET using AODV Routing Protocol

Challenges in Mobile Ad Hoc Network

Dynamic Neighbor Positioning In Manet with Protection against Adversarial Attacks

Identifying and locating multiple spoofing attackers using clustering in wireless network

Security in Mobile Ad-hoc Networks. Wormhole Attacks

DETECTION OF NODE CAPTURE ATTACKS IN WIRELESS SENSOR NETWORKS

Detecting Protected Layer-3 Rogue APs

DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN

Mitigating Malicious Activities by Providing New Acknowledgment Approach

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

Enhancing Security in MANET Using CCRVC Scheme

A Study on Issues Associated with Mobile Network

Black Hole Detection Scheme in WSN for Mobile Replica Node Detection and Rejection

A METHOD TO DETECT PACKET DROP ATTACK IN MANET

Blackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine

Securing MANETs using Cluster-based Certificate Revocation Method: An Overview

Enhancing Probabilistic Packet Marking by Integrating Dynamic Probability and Time to Live (TTL) Clustering

Sleep/Wake Aware Local Monitoring (SLAM)

Defending MANET against Blackhole Attackusing Modified AODV

A Pigeon Agents based Analytical Model to Optimize Communication in Delay Tolerant Network

Effective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report

A Composite Trust based Public Key Management in MANETs

Wireless Network Security Spring 2014

A hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage

Determining the Number of Attackers and Localizing Multiple Adversaries in Wireless Spoofing Attacks

TOWARD PRIVACY PRESERVING AND COLLUSION RESISTANCE IN A LOCATION PROOF UPDATING SYSTEM

Detecting Spam Zombies By Monitoring Outgoing Messages

On Demand secure routing protocol resilient to Byzantine failures

BUSNet: Model and Usage of Regular Traffic Patterns in Mobile Ad Hoc Networks for Inter-Vehicular Communications

An Authentication Service Based on Trust and Clustering in Mobile Ad Hoc Networks

Clustering Based Certificate Revocation Scheme for Malicious Nodes in MANET

Packet Estimation with CBDS Approach to secure MANET

WSN Routing Protocols

Detecting Identity Spoofs in IEEE e Wireless Networks

TO DETECT AND RECOVER THE AUTHORIZED CLI- ENT BY USING ADAPTIVE ALGORITHM

Detecting Identity Spoofs in IEEE e Wireless Networks

Wireless Network Security Fundamentals and Technologies

Impact of Black Hole and Sink Hole Attacks on Routing Protocols for WSN

DDOS Attack Prevention Technique in Cloud

Index terms Wireless Mesh networks, Selective forwarding attacks, Route Reply Packet, Fuzzy Logic, Detection threshold.

Security Challenges Facing the Future Wireless World (aka.. Alice and Bob in the Wireless Wonderland) Wade Trappe

DESIGN DETECTION OF MULTIPLE SPOOFING ATTACKERS USING ARP J.Deny* 1, J.Densi 2, J. Darwin 3

An Industrial Employee Development Application Protocol Using Wireless Sensor Networks

Multivariate Correlation Analysis based detection of DOS with Tracebacking

Firewalls, Tunnels, and Network Intrusion Detection

A Comparative Analysis of Pro-active Routing Protocols in MANET

Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs

Intrusion Detection System For Denial Of Service Flooding Attacks In Sip Communication Networks

Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.

EXPEDITE MESSAGE AUTHENTICATION PROTOCOL FOR VANETs USING DATA AGGREGATION

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

Eradication of Vulnerable host from N2N communication Networks using probabilistic models on historical data

SECURE AND EFFICIENT HANDOVER AUTHENTICATION AND DETECTION OF SPOOFING ATTACK

Impact of Node Velocity and Density on Probabilistic Flooding and its Effectiveness in MANET

Catching BlackHole Attacks in Wireless Sensor Networks

Wireless Network Security Spring 2015

Performance evaluation of Cooperative MAC and ZRP in Cooperative Communication Networking Environment

Sybil Attack Detection in Mobile Adhoc Network

CASER Protocol Using DCFN Mechanism in Wireless Sensor Network

Detection of Wormhole Attacks in Wireless Sensor Networks

ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS

Deepti Jaglan. Keywords - WSN, Criticalities, Issues, Architecture, Communication.

6367(Print), ISSN (Online) Volume 4, Issue 2, March April (2013), IAEME & TECHNOLOGY (IJCET)

A CONFIDENCE MODEL BASED ROUTING PRACTICE FOR SECURE ADHOC NETWORKS

Performance Analysis of AODV Routing Protocol with and without Malicious Attack in Mobile Adhoc Networks

CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS

Performance Analysis of Mobile Ad Hoc Network in the Presence of Wormhole Attack

Contending Against Energy Debilitating Attacks in Wireless Ad Hoc Sensor Networks

IJRIM Volume 1, Issue 4 (August, 2011) (ISSN ) A SURVEY ON BEHAVIOUR OF BLACKHOLE IN MANETS ABSTRACT

Detecting & Eliminating Rogue Access Point in IEEE WLAN

Transcription:

Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014, pg.230 239 RESEARCH ARTICLE ISSN 2320 088X RECOGNIZING AND DISCOVERING SPOOFING ATTACKS FOR MOBILE ADHOC NETWORK T.Navaneethan 1, M.Lalli 2 1 School of Computer Science and Engineering, Bharathidasan University, Tiruchirappalli- 620023, India 2 School of Computer Science and Engineering, Bharathidasan University, Tiruchirappalli- 620023, India 1 navaneethanvel@gmail.com, 2 lalli_gss@yahoo.co.in Abstract - Wireless networks are exposed to many attacks which of one is spoofing attack. The networks performance will be affected more when the attackers are present. We propose to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. K means clustering is used to determine the number of attackers. In this paper we proposed to use Enhanced Sequential Probability Ratio test (ESPRT) technique. This is the fast and effective technique to detect the mobile replica nodes. The network is divided into set of zones, and then trust level is established for each zone to detect untrustworthy zones. The entire zone is considered as untrustworthy if trust level goes below trust threshold. The base station will revoke the zone if it considers the zone as untrustworthy. The main benefit of this zone-based detection approach lies in achieving fast node compromise detection and revocation while saving the large amount of time and effort. Keywords: MANET, Spoofing, Security, Zone based, Mobile Replica Node I. Introduction MANET is the new emerging technology which enables users to communicate without any physical infrastructure regardless of their geographical location, that s why it is sometimes referred to as an infrastructure less network. The proliferation of cheaper, small and more powerful devices make MANET a fastest growing network. An ad hoc network is self organizing and adaptive. Device in mobile ad hoc network should be able to detect the presence of other devices and perform necessary set up to facilitate communication and sharing of data and service. The set of 2014, IJCSMC All Rights Reserved 230

applications for MANETs is diverse, ranging from large scale, mobile, highly dynamic networks, to small, static networks that are constrained by power sources. Besides the legacy applications that move from traditional infrastructure environment into the ad hoc context, a great deal of new services can and will be generated for the new environment. Security solutions are important issues for MANET, especially for those selecting sensitive applications, have to meet the following design goals while addressing the above challenges. MANET is more vulnerable than wired network due to mobile nodes, threats from compromised nodes inside the network, limited physical security, dynamic topology, scalability and lack of centralized management. Because of these vulnerabilities, MANET is more prone to security attacks. II. Related Work Detection and Localization of Multiple Spoofing Attackers in Wireless Networks In this study [1], use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. Then it formulates the problem of determining the number of attackers as a multiclass detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data are available, it explores using the Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. In addition, it developed an integrated detection and localization system that can localize the positions of multiple attackers. Access Points Vulnerabilities to Dos Attacks in 802.11 Networks In this paper [2], it describes possible denial of service attacks to infrastructure wireless 802.11 networks. To carry out such attacks only commodity hardware and software components are required. The results show that serious vulnerabilities exist in different access points and that a single malicious station can easily hinder any legitimate communication within basic service set. The peculiar features of wireless networks suggest a greater exposure to Denial of Service (DoS) attacks than wired networks. Since the wireless medium does not have well defined physical bounds, a malicious station can appear in the range of such a network and launch an attack in order to stop any legitimate communication. The aim of this paper is to investigate how these kinds of attacks can be carried out. In particular it tried to identify some simple attack schemes that might lead to a DoS effect and then observed the reactions of various types of infrastructure networks to these attacks. Detecting Identity Based Attacks in Wireless Networks Using Signalprints In this paper [3], wireless networks are vulnerable to many identity-based attacks in which a malicious device uses forged MAC addresses to masquerade as a specific client or to create multiple illegitimate identities. We can see that, different from MAC addresses or other packet contents, attackers do not have as much control regarding the signal prints they produce. Moreover, using measurements in a test bed network, we demonstrate that 2014, IJCSMC All Rights Reserved 231

signal prints are strongly correlated with the physical location of clients, with similar values found mostly in close proximity. By tagging suspicious packets with their corresponding signalprints, the network is able to robustly identify each transmitter independently of packet contents, allowing detection of a large class of identity-based attacks with high probability. After a client authenticates successfully and session keys are used to encrypt and authenticate packets sent over wireless links, the network can securely verify if the source MAC address in a packet is correct. Without this mechanism, however, wireless installations have to rely solely on MAC addresses for client identification: two devices in a network using the same address are treated as a single client, even if they generate conflicting or inconsistent requests. Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength In this paper [4] assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed by several researchers. By analyzing the RSS pattern of typical 802.11 transmitters in a 3-floor building covered by 20 air monitors, we observed that the RSS readings followed a mixture of multiple Gaussian distributions. They are discovered that this phenomenon was mainly due to antenna diversity, a widely-adopted technique to improve the stability and robustness of wireless connectivity. This observation renders existing approaches ineffective because they assume a single RSS source. We propose an approach based on Gaussian mixture models, building RSS profiles for spoofing detection. Experiments on the same tested show that our method is robust against antenna diversity and significantly outperforms existing approaches. At a 3% false positive rate, we detect 73.4%, 89.6% and 97.8% of attacks using the three proposed algorithms, based on local statistics of a single AM, combining local results from AMS and global multi-am detection, respectively. Sequence Number-Based Mac Addresses Spoof Detection In this paper [5], the exponential growth in the deployment of IEEE 802.11-based wireless LAN (WLAN) in enterprises and homes makes WLAN an attractive target for attackers. Attacks that exploit vulnerabilities at the IP layer or above can b e readily addressed by intrusion detection systems designed for wired networks. However, attacks exploiting link-layer protocol vulnerabilities require different set of intrusion detection mechanism. Most link-layer attacks in WLANs are denial of service at-tacks and work by spoofing either access points (APs) or wireless stations. Spoofing is possible because the IEEE 802.11 standard does not provide per frame source authentication, but can b e effectively prevented if a proper authentication is added into the standard. Unfortunately, it is unlikely that commercial WLANs will supp ort link-layer source authentication that covers both management and control frames in the near future. Even if it is available in next-generation WLANs equipments, it cannot protect the large installed base of legacy WLAN devices. 2014, IJCSMC All Rights Reserved 232

This paper proposes an algorithm to detect spoofing by leveraging the sequence number field in the linklayer header of IEEE 802.11 frames, and demonstrates how it can detect various spoofing without modifying the APs or wireless stations. The false positive rate of the proposed algorithm is zero, and the false negative rate is close to zero. In the worst case, the proposed algorithm can detect a spoofing activity, even though it can only detect some but not all spoofed frames. III. PROPOSED WORK The proposed system work is motivated from mitigating the limitations of previous schemes. In particular, the new system proposes a method in which the nodes are fixed as well as in movement. A reputation-based trust management scheme is designed to facilitate fast detection of compromised nodes. The key idea of the scheme is to detect untrustworthy zones and perform software attestation against nodes in these zones to detect and revoke the ones that are compromised. Specifically, first divides the network into a set of zones, establish trust levels for each zone, and detect untrustworthy zones by using the Sequential Probability Ratio Test (ESPRT). The ESPRT decides a zone to be untrustworthy if the zone s trust is continuously maintained at low level or is quite often changed from high level to low level. Once a zone is determined to be untrustworthy, the base station or the network operator performs software attestation against all nodes in the untrustworthy zone, detects compromised nodes with subverted software modules, and physically revokes them. In addition, a novel mobile replica detection scheme is proposed based on the Sequential Probability Ratio Test (ESPRT). The new system uses the fact that an uncompromised mobile node should never move at speeds in excess of the system-configured maximum speed. As a result, a benign mobile sensor node s measured speed will nearly always be less than the system-configured maximum speed as long as it employs a speed measurement system with a low error rate. On the other hand, replica nodes are in two or more places at the same time. This makes it appear as if the replicated node is moving much faster than any of the benign nodes, and thus the replica nodes measured speeds will often be over the system-configured maximum speed. Enhanced Sequential Probability Ratio Test The Enhanced Sequential Probability Ratio Test (ESPRT) which is a statistical hypothesis testing. ESPRT has been proven to be the best mechanism in terms of the average number of observations that are required to reach a decision among all sequential and non-sequential test processes. ESPRT can be thought of as one dimensional random walk with lower and upper limits. Before the random walk starts, null and alternate hypotheses are defined in such a way that the null one is associated with the lower limit and the alternate one is associated with the upper limit. A random walk starts from a point between two limits and moves toward the lower or upper limit in accordance with each observation. 2014, IJCSMC All Rights Reserved 233

The main idea of the proposed scheme is to use sequential hypothesis testing to detect suspect regions in which compromised nodes are likely placed. In these suspect regions, nodes perform software attestation, leading to the detection and revocation of the compromised nodes. Through analysis and simulation, it is shown that the proposed scheme provides effective and robust compromised sensor node detection capability with little overhead. A reputation-based trust management scheme is designed to facilitate fast detection and revocation of compromised nodes. The key idea of the scheme is to detect untrustworthy zones and perform software attestation against nodes in these zones to detect and revoke the ones that are compromised. In addition, a fast and effective mobile replica node detection scheme is proposed using the Sequential Probability Ratio Test. To the best of the knowledge, this is the first work to tackle the problem of replica node attacks in mobile sensor networks. Specifically, it first divide the network into a set of zones; establish trust levels for each zone, and detect untrust worthy zones by using the Sequential Probability Ratio Test (ESPRT). The ESPRT decides a zone to be untrustworthy if the zones trust is continuously maintained at low level or is quite often changed from high level to low level. Once a zone is determined to be untrustworthy, the network operator performs software attestation against all nodes in the untrustworthy zone, detects compromised nodes with subverted software modules, and physically revokes them. A straight forward approach for untrustworthy zone detection is to decide a zone as untrustworthy by observing single evidence that its trust value is less than a trust threshold. However, this approach does not consider the zone trust measurement error. Due to the errors in the zone trust measurement, a trustworthy zone could be detected a sun trustworthy. To minimize the false positives and false negatives, it needs to make a decision with multiple pieces of evidence rather than single evidence. To satisfy this requirement, it applies the ESPRT to node compromise detection and revocation problem. It believe that the ESPRT is well-suited for tackling untrustworthy zone detection problem in the sense that can construct a random walk with two limits in such a way that each walk is determined by the trust value of a zone. Indeed, the lower and upper limits are properly configured to be associated with the excess and short fall of a trust threshold, respectively. Specifically, every sensor node in a zone acts as trust aggregator in a round-robin manner. In each timeslot, the trust aggregator computes a trust level for its zone and reports the zone s trust level to the base station. The base station performs the ESPRT with zone trust information. Each time a zone s trust is below a trust threshold, it will expedite the test process to accept the alternate hypothesis that a zone is untrustworthy. Once the base station decides that a zone is untrustworthy, the network operator performs software attestations against all sensor nodes to detect and revoke the compromised nodes in the zone. The main benefit of this zone-based detection approach lies in achieving fast node compromise detection and revocation while saving the large amount of time and effort that would be incurred from using periodic software attestation. By detecting an entire zone at once, the 2014, IJCSMC All Rights Reserved 234

system can identify the approximate source of bad behavior and react quickly, rather than waiting for a specific node to be identified. Also, when multiple nodes are compromised in one zone, they can all be detected and revoked at one time. Generally compromise occurs once an attacker has found a node, and then directly connects the node to their computer via a wired connection of some sort. Once connected the attacker controls the node by extracting the data and/or putting new data or controls on that node. Algorithm process for enhanced ESPRT: DECLARATION: n=0,w n =0 INPUT: location information L and time information T OUTPUT: accept the hypothesis H 0 or H 1 curr_loc=l curr_time=t if n>0 then compute T 0 (n) and T 1 (n) compute speed 0 from curr_loc and prev_loc, curr_time and prev_time if 0>V max then w n =w n +1 end if if w n >=T 1 (n) then Accepts the hypothesis h 1 and terminate the test end if if w n <=T 0 (n) then initialize n and w n to 0 and accepts the hypothesis H 0 return; end if end if n=n+1 prev_loc=curr_loc prev_time=curr_time ALGORITHM STEPS 1) Create a network of n nodes and save the information in the database table. 2) Draw the network with the available node information. 3) Random walk procedure is worked out so that the nodes mobility is carried out by just moving its location with n pixels below (the given speed) in both x and y direction. For example, if the speed is given as 10 units, then a random value below 10 is chosen, and the node is moved in x or y direction. 2014, IJCSMC All Rights Reserved 235

This is carried out for all nodes. For simulation, the timer is set to 5 seconds. So once each 5 seconds, all the nodes are moved within the given speed horizontally or vertically. 4) The nodes are sending their location to their neighbor nodes. The node is treated as neighbor to one, if it is within the given pixel units. For example, the unit is given as 50, then a node with left position in the space with 150 x value and another node with 180 x value is treated as neighbor nodes. This is applicable to y axis also. So in the rectangular area of 50 units (side), when the two nodes fall inside, then they are treated as neighbor nodes. 5) The nodes are updating their location information once in 10 seconds. The arrow lines are drawn during the animation such that from all nodes, the line is drawn to the base station. The area located at left bottom corner of the drawing space in the form. 6) Replica Attack: When a button is clicked, a node is chosen randomly which behaves as attacker node; a node is chosen randomly which behaves as affected node. The attacker node through sends the current location information, it sends its id as the affected node. So the base station receives updates with two ids at single update. Now, the base station needs to identify which node is correct and which is attacker. 7) If two nodes send same id, then the base station, collects the previous location information of the same id. Any one of the entry will have wrong previous location. At the same time, the neighbor nodes location data is also used such that, the affected nodes neighbors update correct location of suspected id whether the attacker nodes neighbor nodes update wrong location and the attacker node will be identified. 8) Then the node is revoked from the network. IV. IMPLEMENTATION The following Table 1describes experimental result for existing system error rate analysis. The table contains zone id, time interval (per sec), node id, affect number of node id details and error rate percentage details are shown Zone ID Times (sec) Node ID Total No. of. Attacker Node Error Rate (%) 1 60 N0 45 75.00 1 120 N4 43 71.66 1 180 N18 26 43.33 1 240 N1 22 36.66 1 300 N7 20 33.33 1 360 N19 18 30.00 2014, IJCSMC All Rights Reserved 236

1 420 N15 11 18.33 1 480 N9 5 8.33 1 520 N20 4 6.66 1 580 N11 3 5.00 Table 1 Performances Result for Existing System The following Table 2 describes experimental result for proposed system error rate analysis. The table contains zone id, time interval (per sec), node id, affect number of node id details and error rate percentage details are shown Number of Times Node ID Total No. of. Error Rate Zone ID (sec) Attacker Node (%) 1 60 N0 52 86.66 1 120 N4 51 85.00 2 180 N18 32 53.33 1 240 N1 28 46.66 1 300 N7 25 41.66 2 360 N19 24 40.00 5 420 N15 13 21.66 5 480 N9 8 13.33 5 520 N20 6 10.00 1 580 N11 5 8.33 Table 2 Performances Result for Proposed System The following Figure 1 describes experimental result for proposed system affect zone wise attacker node count analysis. The figure contains affect number of node id details and affect zone id count details are shown 2014, IJCSMC All Rights Reserved 237

Figure 1 Experimental Zone wise Attacker count in Proposed System The following graph Figure 2 show the hit rate comparison for the existing work and for the proposed work. 90 80 70 60 50 40 30 Hit Rate % Hit Rate Existing System Hit Rate Proposed System 20 10 0 1 2 3 4 5 6 Figure 2 Hit rate Comparisons 2014, IJCSMC All Rights Reserved 238

V. CONCLUSION This paper uses received signal strength-based spatial correlation, a physical property associated with each wireless device that is hard to falsify and not reliant on cryptography as the basis for detecting spoofing attacks in wireless networks. It provided theoretical analysis of using the spatial correlation of RSS inherited from wireless nodes for attack detection. It derived the test statistic based on the cluster analysis of RSS readings. The approach can both detects the presence of attacks as well as determine the number of adversaries, spoofing the same node identity, so that we can localize any number of attackers and eliminate them. In addition, a zone-based node compromise detection scheme is proposed using the Enhanced Sequential Probability Ratio Test (ESPRT). Furthermore, several possible attacks are described against the proposed scheme and proposed counter-measures against these attacks. The scheme is evaluated in simulation under various scenarios. The experimental results show that the scheme quickly detects untrustworthy zones with a small number of zone-trust reports. REFERENCES [1] Jie Yang,Yingying chen, Wade Trappe and Jerry Cheng Detection and Localization of Multiple Spoofing Attackers in Wireless Networks (January-2013). [2] F. Ferreri, M. Bernaschi, and L. Valcamonici, Access Points Vulnerabilities to Dos Attacks in 802.11 Networks, Proc. IEEE Wireless Comm. and Networking Conf., 2004. [3] D. Faria and D. Cheriton, Detecting Identity-Based Attacks in Wireless Networks Using Signalprints, Proc. ACM Workshop Wireless Security (WiSe), Sept. 2006. [4] J. Sheng, K. Tan, G.Chen, D.Kotz and A. Campbell Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Proc of Google. Inc at Dartmouth ISTS. [5] Y. Chen, W. Trappe, and R.P. Martin, Detecting and Localizing Wireless Spoofing Attacks, Proc. Ann. IEEE Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON), May 2007. [6] Marco Conti, Body, Personal and Local Ad Hoc Wireless Networks, in Book The Handbook of Ad Hoc Wireless Networks (chapter 1) CRC Press LLC, 2003. [7] Amitabh Mishra and Ketan M. Nadkarni, Security in Wireless Ad Hoc Networks, in Book The Handbook of Ad Hoc Wireless Networks,(chapter 30) CRC Press LLC, 2003. [8] J. Bellardo and S. Savage, 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, Proc. USENIX Security Symp., pp. 15-28, 2003. [9] J. Yang, Y. Chen, and W. Trappe, Detecting Spoofing Attacks in Mobile Wireless Environments, Proc. Ann. IEEE Comm. Soc. Conf. Sensor, Mesh and Ad Hoc Comm. and Networks (SECON), 2009. [10] M. Bohge and W. Trappe, An Authentication Framework for Hierarchical Ad Hoc Sensor Networks, Proc. ACM Workshop Wireless Security (WiSe). 2014, IJCSMC All Rights Reserved 239

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback