TU Darmstadt / ULB / TUbiblio

Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks

Carmo, R. do ; Werner, M. ; Hollick, Matthias (2012)
Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks.
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2012
Autor(en): Carmo, R. do ; Werner, M. ; Hollick, Matthias
Art des Eintrags: Bibliographie
Titel: Signs of a Bad Neighborhood: A Lightweight Metric for Anomaly Detection in Mobile Ad Hoc Networks
Sprache: Deutsch
Publikationsjahr: Oktober 2012
Buchtitel: Proceedings of the 8th ACM International Symposium on QoS and Security for Wireless and Mobile Networks (ACM Q2SWinet)
Kurzbeschreibung (Abstract):

Anomaly detection in wireless multihop networks is notoriously difficult: the wireless channel causes random errors in transmission and node mobility leads to constantly changing node neighborhoods. The Neighbor Variation Rate (NVR) introduced in this paper is a metric that quantitatively describes how the topology of the neighborhood of a node in a wireless multihop network evolves over time. We analyze the expressiveness of this metric under different speeds of nodes and measuring intervals and we employ it to detect anomalies in the network caused by malicious node activity. We validate our detection model and investigate its parameterization by means of simulation. We build a proof-of-concept and deploy it in a real-world IEEE 802.11s wireless mesh network composed of several static nodes and some mobile nodes. In real-world experiments, we mount attacks against the mesh network and analyze the expressiveness of NVR to characterize these attacks. In addition, we analyze the behavior of NVR when applied to an external dataset obtained from measurements of a real-world dynamic AODV-based mobile ad hoc network. Our results show that our metric is lightweight yet effective for anomaly detection in both stationary and mobile wireless multihop networks.

Freie Schlagworte: Mobile Networking;Security;Secure Things;anomaly detection, metric, mobile ad hoc networks
ID-Nummer: TUD-CS-2012-0170
Fachbereich(e)/-gebiet(e): 18 Fachbereich Elektrotechnik und Informationstechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik
18 Fachbereich Elektrotechnik und Informationstechnik > Institut für Datentechnik > Multimedia Kommunikation
20 Fachbereich Informatik
20 Fachbereich Informatik > Sichere Mobile Netze
20 Fachbereich Informatik > Systemsicherheit
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Hinterlegungsdatum: 31 Dez 2016 11:08
Letzte Änderung: 05 Aug 2021 09:12
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen