{"title":"基于关系的Ad Hoc网络中欺骗相关异常流量检测","authors":"Qing Li, W. Trappe","doi":"10.1109/SAHCN.2006.288408","DOIUrl":null,"url":null,"abstract":"Spoofing is a serious threat for both ad hoc and sensor networks, that can cause adverse effects on a network's operations. Although cryptographic authentication can assure the identity of a transmitter, authentication is not always desirable or possible as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional authentication that can detect device spoofing with no dependency on cryptographic material. Towards this objective, we propose using forge-resistant relationships associated with transmitted packets to detect anomalous activity. Our strategy is generic, operates in a 1-hop neighborhood, and thus can locally provide protection in order to defend ad hoc or sensor networks from anomalous intrusions. As two specific constructions, we explore the use of monotonic relationships in the sequence number fields, and the enforcement of statistical characteristics of legitimate traffic. We then provide an example of how these relationships can be used to construct a classifier that provides a multi-level threat assessment. We validate the usefulness of these methods for anomalous traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed","PeriodicalId":58925,"journal":{"name":"Digital Communications and Networks","volume":"40 1","pages":"50-59"},"PeriodicalIF":0.0000,"publicationDate":"2006-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"103","resultStr":"{\"title\":\"Relationship -based Detection of Spoofing -related Anomalous Traffic in Ad Hoc Networks\",\"authors\":\"Qing Li, W. Trappe\",\"doi\":\"10.1109/SAHCN.2006.288408\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Spoofing is a serious threat for both ad hoc and sensor networks, that can cause adverse effects on a network's operations. Although cryptographic authentication can assure the identity of a transmitter, authentication is not always desirable or possible as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional authentication that can detect device spoofing with no dependency on cryptographic material. Towards this objective, we propose using forge-resistant relationships associated with transmitted packets to detect anomalous activity. Our strategy is generic, operates in a 1-hop neighborhood, and thus can locally provide protection in order to defend ad hoc or sensor networks from anomalous intrusions. As two specific constructions, we explore the use of monotonic relationships in the sequence number fields, and the enforcement of statistical characteristics of legitimate traffic. We then provide an example of how these relationships can be used to construct a classifier that provides a multi-level threat assessment. We validate the usefulness of these methods for anomalous traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed\",\"PeriodicalId\":58925,\"journal\":{\"name\":\"Digital Communications and Networks\",\"volume\":\"40 1\",\"pages\":\"50-59\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"103\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Digital Communications and Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAHCN.2006.288408\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Communications and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAHCN.2006.288408","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Relationship -based Detection of Spoofing -related Anomalous Traffic in Ad Hoc Networks
Spoofing is a serious threat for both ad hoc and sensor networks, that can cause adverse effects on a network's operations. Although cryptographic authentication can assure the identity of a transmitter, authentication is not always desirable or possible as it requires key management and more extensive computations. In this paper we argue that it is desirable to have a functionality complementary to traditional authentication that can detect device spoofing with no dependency on cryptographic material. Towards this objective, we propose using forge-resistant relationships associated with transmitted packets to detect anomalous activity. Our strategy is generic, operates in a 1-hop neighborhood, and thus can locally provide protection in order to defend ad hoc or sensor networks from anomalous intrusions. As two specific constructions, we explore the use of monotonic relationships in the sequence number fields, and the enforcement of statistical characteristics of legitimate traffic. We then provide an example of how these relationships can be used to construct a classifier that provides a multi-level threat assessment. We validate the usefulness of these methods for anomalous traffic scenarios involving multiple sources sharing the same MAC address through experiments conducted on the ORBIT wireless testbed
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
