ABSTRACT
Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.
- Alix Board 3D2 Wiki. http://goo.gl/fTzhO.Google Scholar
- MDK3 -- Version 7. http://mdk3.no-ip.org/mdk3.Google Scholar
- open80211s project. http://open80211s.org/open80211s.Google Scholar
- The Network Simulator -- Version 3. http://www.nsnam.org.Google Scholar
- IEEE Standard 802.11s. 2011.Google Scholar
- F. Bai and A. Helmy. A survey of mobility models in wireless adhoc networks. In A. Safwat, editor, Wireless Ad Hoc and Sensor Networks. Springer Verlag, Berlin, 2007.Google Scholar
- F. Bai, N. Sadagopan, B. Krishnamachari, and A. Helmy. Modeling path duration distributions in manets and their impact on reactive routing protocols. IEEE Journal on Selected Areas in Communications, 22:1357--1373, 2004. Google ScholarDigital Library
- T. Camp, J. Boleng, and V. Davies. A survey of mobility models for ad hoc network research. Wireless Communications & Mobile Computing (WCMC): Special Issue On Mobile Ad Hoc Networking: Research, Trends And Applications, 2:483--502, 2002.Google Scholar
- J. Cho, A. Swami, and I. Chen. A survey on trust management for mobile ad hoc networks. Communications Surveys Tutorials, IEEE, 13(4):562--583, Fourth Quarter 2011.Google ScholarCross Ref
- O. Drugan, T. Plagemann, and E. Munthe-Kaas. Non-intrusive neighbor prediction in sparse manets. In Proceedings of the 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks (SECON '07), June 2007.Google ScholarCross Ref
- M. Gerharz, C. de Waal, M. Frank, and P. Martini. Link stability in mobile wireless ad hoc networks. In Proceedings of the 27th Annual IEEE Conference on Local Computer Networks (LCN'02), May 2002. Google ScholarDigital Library
- R. Gray, D. Kotz, C. Newport, N. Dubrovsky, A. Fiske, J. Liu, C. Masone, S. McGrath, and Y. Yuan. CRAWDAD data set dartmouth/outdoor (v. 2006-11-06). online, November 2006. http://crawdad.cs.dartmouth.edu/dartmouth/outdoor.Google Scholar
- Y. Hu. and A. Perrig. A survey of secure wireless ad hoc routing. Security and Privacy, IEEE, 2(3):28--39, May-June 2004. Google ScholarDigital Library
- Y. Hu, A. Perrig, and D. Johnson. Packet leashes: a defense against wormhole attacks in wireless networks. In Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications (INFOCOM 2003), March-April 2003.Google ScholarCross Ref
- Y. Hu, A. Perrig, and D. Johnson. Ariadne: a secure on-demand routing protocol for ad hoc networks. Wirel. Netw., 11(1-2):21--38, January 2005. Google ScholarDigital Library
- B. Kannhavong, H. Nakayama, Y. Nemoto, N. Kato, and A. Jamalipour. A survey of routing attacks in mobile ad hoc networks. Wireless Communications, IEEE, 14(5):85--91, October 2007. Google ScholarDigital Library
- R. La and Y. Han. Distribution of path durations in mobile ad hoc networks and path selection. IEEE/ACM Trans. Netw., 15(5):993--1006, October 2007. Google ScholarDigital Library
- H. Miura, K. Hirano, N. Matsuda, H. Taki, N. Abe, and S. Hori. Indoor localization for mobile node based on RSSI. In Proceedings of the 11th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES 2007). Springer-Verlag, September 2007. Google ScholarDigital Library
- H. Nguyen and Y. Shinoda. A node's number of neighbors in wireless mobile ad hoc networks: A statistical view. In Proceedings of the 8th International Conference on Networks (ICN '09), March 2009. Google ScholarDigital Library
- I. Rhee, M. Shin, S. Hong, K. Lee, S. Kim, and S. Chong. On the levy-walk nature of human mobility. IEEE/ACM Transactions on Networking, 19(3):630--643, June 2011. Google ScholarDigital Library
- N. B. Salem and J. Hubaux. Securing wireless mesh networks. Wireless Communications, IEEE, 13(2):50--55, April 2006. Google ScholarDigital Library
- J. Singh and P. Dutta. Temporal modeling of node mobility in mobile ad hoc network. CIT, 18(1):19--29, 2010.Google ScholarCross Ref
- N. Song, L. Qian, and X. Li. Wormhole attacks detection in wireless ad hoc networks: a statistical analysis approach. In Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium, April 2005. Google ScholarDigital Library
- C. Tsao, Y. Wu, W. Liao, and J. Kuo. Link duration of the random way point model in mobile ad hoc networks. In Proceedings of the IEEE 2006 Wireless Communications and Networking Conference, April 2006.Google Scholar
- W. Viriyasitavat, F. Bai, and O. Tonguz. Dynamics of network connectivity in urban vehicular networks. IEEE Journal on Selected Areas in Communications, 29(3):515--533, March 2011. Google ScholarDigital Library
- Y. Wu, W. Liao, C. Tsao, and T. Lin. Impact of node mobility on link duration in multihop mobile networks. IEEE Transactions on Vehicular Technology, 58(5):2435--2442, June 2009.Google ScholarCross Ref
Index Terms
- Signs of a bad neighborhood: a lightweight metric for anomaly detection in mobile ad hoc networks
Recommendations
A weight-based clustering multicast routing protocol for mobile ad hoc networks
In mobile ad hoc networks, the mobile nodes can move arbitrarily without any centralised management mechanism. The topology of these networks can be very dynamic due to the mobility of mobile nodes. Under such changeable network topology, multicasting ...
A New Routing Protocol to Increase Throughput in Mobile Ad Hoc Networks
Mobile ad hoc networks (MANETs) are dynamically configurable wireless networks that have no fixed infrastructures and do not require predefined configurations. In MANETs, the high mobility of mobile nodes is a major cause of link failure. This paper ...
PACMAN: passive autoconfiguration for mobile ad hoc networks
Mobile ad hoc networks (MANETs) enable the communication between mobile nodes via multihop wireless routes without depending on a communication infrastructure. In contrast to infrastructure-based networks, MANET's support autonomous and spontaneous ...
Comments