TU Darmstadt / ULB / TUbiblio

Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks

Carmo, R. do ; Werner, M. ; Hollick, Matthias (2012)
Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks.
Conference or Workshop Item, Bibliographie

Abstract

Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Carmo, R. do ; Werner, M. ; Hollick, Matthias
Type of entry: Bibliographie
Title: Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks
Language: German
Date: October 2012
Book Title: Proceedings of the 8th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (ACM Q2SWinet)
Abstract:

Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.

Uncontrolled Keywords: Mobile Networking;Security;Secure Things;anomaly detection, metric, mobile ad hoc networks
Identification Number: TUD-CS-2012-0170
Divisions: 18 Department of Electrical Engineering and Information Technology
18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering
18 Department of Electrical Engineering and Information Technology > Institute of Computer Engineering > Multimedia Communications
20 Department of Computer Science
20 Department of Computer Science > Sichere Mobile Netze
20 Department of Computer Science > System Security Lab
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 31 Dec 2016 11:08
Last Modified: 05 Aug 2021 09:12
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details