Spoofing detection in IEEE 802.15.4 networks based on received signal strength

摘要

The shared medium used in wireless networks makes them vulnerable to spoofing attacks, in which an adversary masquerades as one or more legitimate nodes to disturb normal operation of the network. In this paper we present a novel spoofing detection method for static IEEE 802.15.4 networks based on spatial correlation property of received signal strength (RSS). While most existing RSS based techniques directly process RSS values of the received frames and rely on multiple traffic air monitors (AMs) to provide an acceptable detection performance, we extract features of RSS streams to reduce data redundancy and provide a more distinguishable representation of the data. Our algorithm employs two features of RSS streams, summation of detailed coefficients (SDCs) in discrete Haar wavelet transform (DHWT) of the RSS streams and the ratio of out-of-bound frames. We show that in a typical scenario, a single AM with SDC as detection parameter, can theoretically outperform a system with 12 AMs which directly applies RSS values as detection parameter. Using ratio of out-of-bound frames facilitates detection of high rate attacks. In addition, we suggest adaptive learning of legitimate RSS values which enhances the robustness of the attack detector against environmental changes. Using both magnitude and frequency related features, we achieved high detection performance with a single AM; this enables development of preventive measures for spoofing attacks. The performance of our approach was evaluated through an IEEE 802.15.4 testbed in an office environment. Experimental results along with theoretical analysis show that the proposed method outperforms the existing RSS-based spoofing detection solutions. Using a single AM, we were able to attain 94.75% detection rate (DR) with 0.56% false positive rate (FPR). For 4 AMs, the results improved to 99% DR and 0% FPR.