Meny

Javascript is not activated in your browser. This website needs javascript activated to work properly.
Du är här

Real-time detection of traffic anomalies in wireless mesh networks

Författare:
Publiceringsår: 2010
Språk: Engelska
Sidor: 1675-1689
Publikation/Tidskrift/Serie: Wireless Networks
Volym: 16
Nummer: 6
Dokumenttyp: Artikel
Förlag: Springer

Sammanfattning

Anomaly detection is emerging as a necessary component as wireless networks gain popularity. Anomaly detection has been addressed broadly in wired networks and powerful methods have been developed for correct detection of a variety of known attacks and other anomalies. In this paper, we propose a real-time anomaly detection and identification scheme for wireless mesh networks (WMN) using components from previous methods developed for wired networks. Experiments over a WMN testbed show the effectiveness of the proposed scheme in isolating different types of anomalies, such as Denial-of-service attacks, port scan attacks, etc. Our scheme uses Chi-square statistics and it is based on similar ideas as the scheme presented by Lakhina et al. although it has lower computational complexity. The original method by Lakhina et al. was developed for wired networks and used Principal Component Analysis (PCA) for reducing the dimensions of observed data and Hotelling’s t 2 statistics to distinguish between normal and abnormal traffic conditions. However, in our studies we found that dimension reduction is the most computationally intensive process of the scheme. In this paper we propose an alternative way of reducing dimensions using flow variances in a Chi-square test. Experimental results show that the Chi-square test performs similarly well to the PCA-based method at merely a fraction of the computations. Moreover, we propose an automatic identification scheme to pin-point the cause of the detected anomaly and its contribution in terms of additional or lack of traffic. Our results and comparison with other statistical tools show that the Chi-square test and the PCA-based method with identification scheme make powerful tools for real-time detection of various anomalies in an interference prone wireless networking environment.

Disputation

Nyckelord

  • Technology and Engineering

Övriga

Published
Yes
  • ISSN: 1022-0038

Box 117, 221 00 LUND
Telefon 046-222 00 00 (växel)
Telefax 046-222 47 20
lu [at] lu [dot] se

Fakturaadress: Box 188, 221 00 LUND
Organisationsnummer: 202100-3211
Om webbplatsen