TY - GEN
T1 - A mechanism for detecting and responding to misbehaving nodes in wireless networks
AU - McCoy, Damon
AU - Sicker, Doug
AU - Grunwald, Dirk
PY - 2007
Y1 - 2007
N2 - While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses "bad mouthing" and 4) resists collusion.
AB - While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software-defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, 1) impacts system performance, 2) correctly identifies misbehaving nodes, 3) addresses "bad mouthing" and 4) resists collusion.
UR - http://www.scopus.com/inward/record.url?scp=47749122920&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=47749122920&partnerID=8YFLogxK
U2 - 10.1109/SDRN.2007.4348973
DO - 10.1109/SDRN.2007.4348973
M3 - Conference contribution
AN - SCOPUS:47749122920
SN - 1424413168
SN - 9781424413164
T3 - 2007 2nd IEEE Workshop on Networking Technologies for Software Defined Radio Networks, SDR
SP - 48
EP - 54
BT - 2007 2nd IEEE Workshop on Networking Technologies for Software Defined Radio Networks, SDR
T2 - 2nd IEEE Workshop on Networking Technologies for Software Defined Radio Networks, SDR 2007
Y2 - 18 June 2007 through 21 June 2007
ER -