A mechanism for detecting and responding to misbehaving nodes in wireless networks

Damon McCoy, Doug Sicker, Dirk Grunwald

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses "bad mouthing" and 4) resists collusion.

    Original languageEnglish (US)
    Title of host publication2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON
    Pages678-684
    Number of pages7
    DOIs
    StatePublished - 2007
    Event2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON - San Diego, CA, United States
    Duration: Jun 18 2007Jun 21 2007

    Other

    Other2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON
    CountryUnited States
    CitySan Diego, CA
    Period6/18/076/21/07

    Fingerprint

    Intrusion detection
    Wireless networks
    Radio receivers
    Remediation
    XML
    Engines
    reputation
    functionality
    integrity
    radio
    traffic
    cause
    ability
    performance

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Communication

    Cite this

    McCoy, D., Sicker, D., & Grunwald, D. (2007). A mechanism for detecting and responding to misbehaving nodes in wireless networks. In 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON (pp. 678-684). [4292881] https://doi.org/10.1109/SAHCN.2007.4292881

    A mechanism for detecting and responding to misbehaving nodes in wireless networks. / McCoy, Damon; Sicker, Doug; Grunwald, Dirk.

    2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON. 2007. p. 678-684 4292881.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    McCoy, D, Sicker, D & Grunwald, D 2007, A mechanism for detecting and responding to misbehaving nodes in wireless networks. in 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON., 4292881, pp. 678-684, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON, San Diego, CA, United States, 6/18/07. https://doi.org/10.1109/SAHCN.2007.4292881
    McCoy D, Sicker D, Grunwald D. A mechanism for detecting and responding to misbehaving nodes in wireless networks. In 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON. 2007. p. 678-684. 4292881 https://doi.org/10.1109/SAHCN.2007.4292881
    McCoy, Damon ; Sicker, Doug ; Grunwald, Dirk. / A mechanism for detecting and responding to misbehaving nodes in wireless networks. 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON. 2007. pp. 678-684
    @inproceedings{a8a68bf408cb4f03930877c885b2724b,
    title = "A mechanism for detecting and responding to misbehaving nodes in wireless networks",
    abstract = "While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses {"}bad mouthing{"} and 4) resists collusion.",
    author = "Damon McCoy and Doug Sicker and Dirk Grunwald",
    year = "2007",
    doi = "10.1109/SAHCN.2007.4292881",
    language = "English (US)",
    isbn = "1424412684",
    pages = "678--684",
    booktitle = "2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON",

    }

    TY - GEN

    T1 - A mechanism for detecting and responding to misbehaving nodes in wireless networks

    AU - McCoy, Damon

    AU - Sicker, Doug

    AU - Grunwald, Dirk

    PY - 2007

    Y1 - 2007

    N2 - While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses "bad mouthing" and 4) resists collusion.

    AB - While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses "bad mouthing" and 4) resists collusion.

    UR - http://www.scopus.com/inward/record.url?scp=48049092037&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=48049092037&partnerID=8YFLogxK

    U2 - 10.1109/SAHCN.2007.4292881

    DO - 10.1109/SAHCN.2007.4292881

    M3 - Conference contribution

    AN - SCOPUS:48049092037

    SN - 1424412684

    SN - 9781424412686

    SP - 678

    EP - 684

    BT - 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks, SECON

    ER -