Detection and Localization of Multiple Spoofing Attackers in Wireless Networks
Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. In this paper, we propose to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for 1) detecting spoofing attacks; 2) determining the number of attackers when multiple adversaries masquerading as the same node identity; and 3) localizing multiple adversaries. We propose to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. We then formulate the problem of determining the number of attackers as a multiclass detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data are available, we explore using the Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. In addition, we developed an integrated detection and localization system that can localize the positions of multiple attackers. We evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings. Our experimental results show that our proposed methods can achieve over 90 percent Hit Rate and Precision when determining the number of attackers. Our localization results using a representative set of algorithms provide strong evidence of high accuracy of localizing multiple adversaries.
The traditional approach to address spoofing attacks is to apply cryptographic authentication.
Authentication requires additional infrastructural overhead and computational power associated with distributing, and maintaining cryptographic keys.
Due to the limited power and resources available to the wireless devices and sensor nodes, it is not always possible to deploy authentication.
Key management often incurs significant human management costs on the network.
Spoofing detection system which can both detect the spoofing attacks, as well as localize the adversaries in wireless and sensor networks.
A different approach is handled by using the physical properties associated with wireless transmissions to detect spoofing. A scheme for both detecting spoofing attacks, as well as localizing the positions of the adversaries performing the attacks is proposed. This method utilizes the Received Signal Strength (RSS) measured across a set of access points to perform spoofing detection and localization. This scheme does not add any overhead to the wireless devices and sensor nodes. By analyzing the RSS from each MAC address using K-means cluster algorithm, we have found that the distance between the centroids in signal space is a good test statistic for effective attack detection. We then describe how we integrated our K-means spoofing detector into a real-time indoor localization system. Our K-means approach is general in that it can be applied to almost all RSS-based localization algorithms. For two sample algorithms, we show that using the centroids of the clusters in signal space as the input to the localization system, the positions of the attackers can be localized with the same relative estimation errors as under normal conditions.
Detect the presence of spoofing attacks
Determine the number of attackers
Localize multiple adversaries and eliminate them
Will not require any additional cost or modification to the wireless devices themselves.