Skip to main content
SpringerLink
Log in

Real-time detection of traffic anomalies in wireless mesh networks

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Anomaly detection is emerging as a necessary component as wireless networks gain popularity. Anomaly detection has been addressed broadly in wired networks and powerful methods have been developed for correct detection of a variety of known attacks and other anomalies. In this paper, we propose a real-time anomaly detection and identification scheme for wireless mesh networks (WMN) using components from previous methods developed for wired networks. Experiments over a WMN testbed show the effectiveness of the proposed scheme in isolating different types of anomalies, such as Denial-of-service attacks, port scan attacks, etc. Our scheme uses Chi-square statistics and it is based on similar ideas as the scheme presented by Lakhina et al. although it has lower computational complexity. The original method by Lakhina et al. was developed for wired networks and used Principal Component Analysis (PCA) for reducing the dimensions of observed data and Hotelling’s t 2 statistics to distinguish between normal and abnormal traffic conditions. However, in our studies we found that dimension reduction is the most computationally intensive process of the scheme. In this paper we propose an alternative way of reducing dimensions using flow variances in a Chi-square test. Experimental results show that the Chi-square test performs similarly well to the PCA-based method at merely a fraction of the computations. Moreover, we propose an automatic identification scheme to pin-point the cause of the detected anomaly and its contribution in terms of additional or lack of traffic. Our results and comparison with other statistical tools show that the Chi-square test and the PCA-based method with identification scheme make powerful tools for real-time detection of various anomalies in an interference prone wireless networking environment.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Caberera, J. B. D., Ravichandran, B., & Mehra, R. K. (2000). Statistical traffic modeling for network intrusion detection. In Proceedings of the IEEE MASCOTS, 2000 (pp. 466–473).

  2. Chen, T., Kuo, G.-S., Li, Z.-P., & Zhu, G.-M. (2007). Intrusion detection in wireless mesh networks. In Security in wireless mesh networks. Boca Raton: CRC Press.

  3. Dickinson, P., Bunke, H., Dadej, A., & Kraetzl, M. (2002). Median graphs and anomalous change detection in communication networks. In Proceedings of the IEEE information, decision and control, 2002 (pp. 59–64).

  4. Feather, F., Siewiorek, D., & Maxion, R. (1993). Fault detection in an ethernet network using anomaly signature matching. In Proceedings of the ACM SIGCOMM 1993 (pp. 279–288).

  5. Frenk, H., Roos, K., Terlaky, T., & Zhang, S. (1999). High performance optimization. New York: Springer.

    Google Scholar 

  6. Fukunaga, K. (1972). Introduction to statistical pattern recognition. New York: Academic Press.

    Google Scholar 

  7. Gupta, D., Chuah, C.-N., & Mohapatra, P. (2008). Efficient monitoring in wireless mesh networks: Overheads and accuracy trade-offs. In Proceedings of the IEEE MASS 2008 (pp. 13–23).

  8. Hakami, S., Zaidi, Z. R., Landfeldt, B., & Moors, T. (2008). Detection and identification of anomalies in wireless mesh networks using Principal Component Analysis (PCA). In Proceedings of the IEEE I-SPAN 2008 (pp. 266–271).

  9. Hohn, N. (2004). Measuring understanding and modelling internet traffic. Ph.D. thesis in Electrical and Electronic Engineering, The University of Melbourne.

  10. Huang, P., Feldmann, A., & Willinger, W. (2001). A non-intrusive, wavelet-based approach to detecting network performance problems. In Proceedings of internet measurement workshop, 2001 (pp. 213–227).

  11. Iftikhar, M., Landfeldt, B., & Caglar, M. (2006). Multiclass G/M/1 Queueing system with self-similar input and non-preemptive priority. In Proceedings of the IEEE ICI-06.

  12. Ishmael, J., Bury, S., Pezaros, D., & Race, N. (2008). Deploying rural community wireless mesh networks. IEEE Internet Computing, 12(4), 22–29.

    Article  Google Scholar 

  13. Jackson, J. E. (1991). A user’s guide to principal components. New York, NY: Wiley.

    Book  Google Scholar 

  14. Karamcheti, V., Geiger, D., Kedem, Z., & Muthukrishnan, S. (2005). Detecting malicious network traffic using inverse distributions of packet contents. In Proceedings of the ACM SIGCOMM workshop MineNet 2005 (pp. 165–170).

  15. Lakhina, A., Crovella, M., & Diot, C. (2004). Characterization of network-wide anomalies in traffic flows—Technical report BUCS-2004-020, Boston University.

  16. Lakhina, A., Crovella, M., & Diot, C. (2004). Diagnosing network-wide traffic anomalies. In ACM SIGCOMM 2004 (pp. 219–230).

  17. Lakhina, A., Papagiannaki, K., Crovella, M., Diot, C., Kolaczyk, E., & Taft, N. (2004). Structural analysis of network traffic flows. In Proceedings of the ACM SIGMETRICS 2004 (pp. 61–72).

  18. Lan, K., Wang, Z., Berriman, R., Moors, T., Hassan, M., Libman, L., et al. (2007). Implementation of a wireless mesh network testbed for traffic control. In Proceedings of the IEEE WiMAN 2007 (pp. 1022–1027).

  19. Li, N., Chen, G., & Zhao, M. (2008). Autonomic fault management for wireless mesh networks—UMass Lowell technical report 2008–04.

  20. Marti, S., Giuli, T. J., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of MOBICOM ’00 (pp. 255–265).

  21. MIT Roofnet. URL- http://www.pdos.csail.mit.edu/roofnet/doku.ph.

  22. Qiu, L., Bahl, P., Rao, A., Zhou, L. (2006). Troubleshooting wireless mesh networks. SIGCOMM Computer Communication Review, 36(5), 17–28

    Article  Google Scholar 

  23. Ridoux, J., Nucci, A., & Veitch, D. (2006). Seeing the difference in IP traffic: Wireless versus wireline. In Proceedings of IEEE INFOCOM ’06 (pp. 1–12).

  24. Salem, N. B., & Hubaux, J.-P. (2006) Securing wireless mesh networks. IEEE Wireless Communications, 13(2), 50–55.

    Article  Google Scholar 

  25. Sarafijanovic, S., & Boudec, J. Y. L. (2005). An artificial immune system approach with secondary response for misbehavior detection in mobile ad hoc networks. IEEE Trans. on Neural Networks, 16(5), 1076–1087.

    Article  Google Scholar 

  26. Siddiqui, M. S., & Hong, C. S. (2007). Security issues in wireless mesh networks. In Proceedings of IEEE international conference on multimedia and ubiquitous engineering (MUE) 2007 (pp.717–722).

  27. Ye, N., & Chen, Q. (2001). An anomaly detection technique based on a chi-square statistic for detecting intrusions into information systems. Wiley Quality and Reliability Engineering International, 17, 105–112.

    Google Scholar 

  28. Zaidi, Z. R., Landfeldt, B., & Zomaya, A. (2007). Fault management in wireless mesh networks. In Handbook on ad hoc and mobile computing. Valencia, CA, USA: American Scientific Publishers.

Download references

Acknowledgments

The authors want to acknowledge the help of Mr. Rodney Berriman and Dr. Mohsin Iftikhar in setting up experiments.

Author information

Authors and Affiliations

  1. Networked Systems Group, NICTA, Locked Bag 9013, Alexandria, NSW, 1435, Australia

    Zainab R. Zaidi

  2. School of EE&T, UNSW, Sydney, NSW, 2052, Australia

    Sara Hakami & Tim Moors

  3. School of IT, USyd, Sydney, NSW, 2006, Australia

    Bjorn Landfeldt

  4. NICTA, Alexandria, Australia

    Sara Hakami & Bjorn Landfeldt

Authors
  1. Zainab R. Zaidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sara Hakami
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bjorn Landfeldt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tim Moors
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zainab R. Zaidi.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Zaidi, Z.R., Hakami, S., Landfeldt, B. et al. Real-time detection of traffic anomalies in wireless mesh networks. Wireless Netw 16, 1675–1689 (2010). https://doi.org/10.1007/s11276-009-0221-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-009-0221-y

Keywords

Search

Navigation