Detection
and Localization of Multiple Spoofing Attackers in Wireless Networks
ABSTRACT:
Wireless spoofing attacks are easy to
launch and can significantly impact the performance of networks. Although the
identity of a node can be verified through cryptographic authentication,
conventional security approaches are not always desirable because of their
overhead requirements. In this paper, we propose to use spatial information, a
physical property associated with each node, hard to falsify, and not reliant
on cryptography, as the basis for (1) detecting spoofing attacks; (2)
determining the number of attackers when multiple adversaries masquerading as a
same node identity; and (3) localizing multiple adversaries. We propose to use
the spatial correlation of received signal strength (RSS) inherited from
wireless nodes to detect the spoofing attacks. We then formulate the problem of
determining the number of attackers as a multi-class detection problem.
Cluster-based mechanisms are developed to determine the number of attackers.
When the training data is available, we explore using Support Vector Machines
(SVM) method to further improve the accuracy of determining the number of
attackers. In addition, we developed an integrated detection and localization system
that can localize the positions of multiple attackers. We evaluated our
techniques through two testbeds using both an 802.11 (WiFi) network and an
802.15.4 (ZigBee) network in two real office buildings. Our experimental
results show that our proposed methods can achieve over 90% Hit Rate and
Precision when determining the number of attackers. Our localization results
using a representative set of algorithms provide strong evidence of high
accuracy of localizing multiple adversaries.
EXISTING SYSTEM:
• Ingress / Egress Filtering:
• Ingress – An ISP prohibits
receiving from its stub connected networks packets whose source address does
not belong to the corresponding stub network address space
• Egress – A router or a
firewall which is the gateway of a stub network filters out any packet whose
source address does not belong to the network address space.
DISADVANTAGES OF EXISTING SYSTEM:
• Allows
Spoofing within a stub network
• Not
self defensive
• Effective
only when implemented by large number of networks
• Deployment
is costly
• Incentive
for an ISP is very low
PRPOSED SYSTEM:
• The
proposed System used Inter domain Packet filters (IDPFs) architecture, a system
that can be constructed solely based on the locally exchanged BGP updates.
• Each
node only selects and propagates to neighbors based on two set of routing
policies. They are Import and Export Routing policies.
• The
IDPFs uses a feasible path from source node to the destination node, and a
packet can reach to the destination through one of its upstream neighbors.
• The
training data is available, we explore using Support Vector Machines (SVM)
method to further improve the accuracy of determining the number of attackers.
• In
localization results using a representative set of algorithms provide strong
evidence of high accuracy of localizing multiple adversaries.
• The
Cluster Based wireless Sensor Network data received signal strength (RSS) based
spatial correlation of network Strategy.
• A
physical property associated with each wireless device that is hard to falsify
and not reliant on cryptography as the basis for detecting spoofing attacks in
wireless networks.
ADVANTAGES OF PROPOSED SYSTEM:
• Damage
Reduction under SPM Defense is high
• Client
Traffic
• Comparing
to other methods the benefits of SPM are more.
• SPM
is generic because their only goal is to filter spoofed packets.
MODULES:
• Blind
& Non-Blind Spoofing
• Man
in the Middle Attack
• Constructing
Routing Table
• Finding
Feasible path
• Constructing
Inter-Domain Packet Filters
• Receiving
the valid packets
MODULES DESCRIPTION
Blind
& Non-Blind Spoofing:
·
Spoofing detection is to devise
strategies that use the uniqueness of spatial information.
·
In location directly as the attackers’
positions are unknown network RSS, a property closely correlated with location
in physical space and is readily available in the wireless networks.
·
The RSS readings at the same physical
location are similar, whereas the RSS readings at different locations in
physical space are distinctive.
·
The number of attackers when there are
multiple adversaries masquerading as the same identity.
Man
in the Middle Attack:
·
Localization is based on the assumption
that all measurements gathered received signal strength (RSS) are from a single
station and, based on this assumption, the localization algorithm matches a
point in the measurement space with a point in the physical space.
·
The spoofing attack, the victim and the
attacker are using the same ID to transmit data packets, and the RSS readings
of that ID is the mixture readings measured from each individual node.
·
RSS-based spatial correlation to find
out the distance in signal space and further detect the presence of spoofing
attackers in physical space.
Constructing Routing Table:
·
The channel frequency response is
sensitive to each multipath. An impulse in the time domain is a constant in the
frequency domain, and thus a change to a single path may change the entire
multiple tone link of Network.
·
In wireless networks classes that
provide automatic reconfiguration of APs, adjusting power levels and channel
assignments to optimize coverage while minimizing contention between neighbors.
·
The RSS readings over time from the same
physical location will belong to the same cluster points in the n-dimensional
signal space.
Finding
feasible path (Attack Computation):
·
Converting the large dataset into medium
format for the computation purpose.
·
In this medium the rows consists of http
request and columns consists of time for
a particular user (IP address).
·
Received Signal Strength Indicator Formula,
·
The RSS stream of a node identity may be
mixed with RSS readings of both the original node as well as spoofing nodes
from different physical locations.
Constructing
Inter-Domain Packet Filters:
·
The clustering algorithms cannot tell
the difference between real RSS clusters formed by attackers at different
positions and fake RSS clusters caused by outliers and variations of the signal
strength.
·
The minimum distance between two clusters
is large indicating that the clusters are from different physical locations.
·
The minimum distance between the
returned clusters to make sure the clusters are produced by attackers instead
of RSS variations and outliers.
Receiving
different Transmission Power:
·
The transmission power levels when
performing spoofing attacks so that the localization system cannot estimate its
location accurately.
·
The CDF of localization error of
RADAR-Gridded and ABP when adversaries using different transmission power
levels.
·
In detection mechanisms are highly
effective in both detecting the presence of attacks with detection rates over
98% and determining the number of network.
DATA
FLOW DIAGRAM:
SYSTEM CONFIGURATION:-
HARDWARE REQUIREMENTS:-
ü RAM - 256 MB(min)
ü Hard
Disk - 20 GB
ü Floppy
Drive - 1.44 MB
ü Key
Board - Standard Windows Keyboard
ü Mouse - Two or Three Button Mouse
ü Monitor - SVGA
SOFTWARE REQUIREMENTS:-
v Operating
System : WINDOWS XP
v Front
End : C#.NET
v TOOL : VISUAL STUDIO 2008
v Database : SQL SERVER 2005
REFERENCE:
Jie Yang, Yingying Chen, Wade
Trappe and Jerry Cheng, “Detection and Localization of Multiple Spoofing Attackers
in Wireless Networks”, IEEE TRANSACTIONS
ON PARALLEL AND DISTRIBUTED SYSTEMS, 2012.
