Spoofing Attack Detection Using Machine Learning in Cross-Technology Communication

Abstract

Cross-technology communication (CTC) technique can realize direct communication among heterogeneous wireless devices (e.g., WiFi, ZigBee, and Bluetooth in the 2.4 G ISM band) without gateway equipment for forwarding, which makes heterogeneous wireless communication more convenient and greatly reduces communication costs. However, compared with the traditional homogeneous network model, CTC technique also makes it easier to implement spoofing attacks in heterogeneous networks. WiFi devices with long communication distances and sufficient energy supply can directly launch spoofing attacks against ZigBee devices, which brings severe security concerns for heterogeneous wireless communications. In this paper, we focus on the CTC spoofing attack, especially spoofing attacks from WiFi to ZigBee and propose a machine learning-based method to detect spoofing attacks for heterogeneous wireless networks by using physical-layer information. First, we model the received signal strength (RSS) data of legitimate ZigBee devices to construct a one-class support vector machine (OSVM) classifier for detecting CTC spoofing attacks depending on the obtained training samples. Then, we simulated CTC spoofing attacks in a live testbed and evaluated the performance of our detection method. Results show that our approach is highly effective in spoofing detection. Even if the distance between the legitimate ZigBee device and WiFi attacker is near each other (i.e., less than 2 m) and does not require a large number of samples, the detection rate and precision of our method are both over 90%. Finally, we employ the OSVM classifier to obtain samples of spoofing attacks and then explore using SVM to further improve the performance of the classifier.