Detection and Localization of Multiple Spoofing Attackers in Wireless Networks

Abstract

Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. The project is proposed to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for 1) detecting spoofing attacks; 2) determining the number of attackers when multiple adversaries masquerading as the same node identity; and 3) localizing multiple adversaries. It is proposed to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. It formulates the problem of determining the number of attackers as a multi-class detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data are available, the project explores using the Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. The localization results use a representative set of algorithms that provide strong evidence of high accuracy of localizing multiple adversaries. In addition, a fast and effective mobile replica node detection scheme is proposed using the Sequential Probability Ratio Test. evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings.