do Carmo, R. and Werner, M. and Hollick, Matthias (2012):
Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks.
In: Proceedings of the 8th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (ACM Q2SWinet), [Conference or Workshop Item]
Abstract
Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2012 |
| Creators: | do Carmo, R. and Werner, M. and Hollick, Matthias |
| Title: | Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks |
| Language: | German |
| Abstract: | Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks. |
| Title of Book: | Proceedings of the 8th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (ACM Q2SWinet) |
| Uncontrolled Keywords: | Mobile Networking;Security;Secure Things;anomaly detection, metric, mobile ad hoc networks |
| Divisions: | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Department of Computer Science > Sichere Mobile Netze 18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering > Multimedia Communications 20 Department of Computer Science > System Security Lab 18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering LOEWE > LOEWE-Zentren 18 Department of Electrical Engineering and Information Technology 20 Department of Computer Science LOEWE |
| Date Deposited: | 31 Dec 2016 11:08 |
| Identification Number: | TUD-CS-2012-0170 |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Send an inquiry |
Options (only for editors)
 |
Show editorial Details |
Drucken
Impressum