LAD: Location Anomaly Detection for Wireless Sensor Networks - PowerPoint PPT Presentation

About This Presentation
Title:

LAD: Location Anomaly Detection for Wireless Sensor Networks

Description:

a'i can be arbitrarily larger than ai (multi-impersonation attacks) ... Prevent impersonation attacks. Authentication. No wormhole attacks. Attackers cannot ... – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 33
Provided by: W865
Learn more at: https://web.ecs.syr.edu
Category:

less

Transcript and Presenter's Notes

Title: LAD: Location Anomaly Detection for Wireless Sensor Networks


1
LAD Location Anomaly Detection for
Wireless Sensor Networks
  • Wenliang (Kevin) Du (Syracuse Univ.)
  • Lei Fang (Syracuse Univ.)
  • Peng Ning (North Carolina State Univ.)

Sponsored by the NSF CyberTrust Program
2
Location Discovery in WSN
  • Sensor nodes need to find their locations
  • Rescue missions
  • Geographic routing protocols.
  • Constraints
  • No GPS
  • Low cost

3
Existing Positioning Schemes
Beacon Nodes
4
Attacks
Beacon Nodes
5
Attacks
Beacon Nodes
6
What is Anomaly
  • Localization error Lestimation Lactual
  • Le Lestimation
  • La Lactual
  • Anomaly Le La gt MTE
  • MTE Maximum Tolerable Error.
  • D-Anomaly Le La gt D

7
The Anomaly Detection Problem
  • Is Le La gt D ?

Find another metric A and a threshold T
8
False Positive and Negative
Ideal Situation A gt T ? Le La gt D
False Positive (FP) A gt T, but Le La lt D
False Negative (FN) A lt T, but Le La gt D
Detection Rate 1 (False Negative Rate)
9
Our Task
  • We assume that the location discovery is already
    finished.
  • Find a good metric A
  • What metric can help a sensor find out whether it
    is in a wrong location?
  • It should be more robust than the location
    discovery itself.

10
A Group-Based Deployment Scheme
11
A Group-Based Deployment Scheme
12
Modeling of The Group-Based Deployment Scheme
Deployment Points Their locations are known.
13
The Observations
A
B
14
Modeling of the Deployment Distribution
  • Using pdf function to model the node
    distribution.
  • Example two-dimensional Gaussian Distribution.

15
The Idea
A
C
La
B
D
16
The Problem Formulation
Location Discovery
Observation a (a1, a2, an)
Z
LAD
Is Z abnormal?
17
The Problem Formulation
Expected Observation e(Z) (e1, e2, en)
Actual Observation a (a1, a2, an)
Estimated Location Z
Are e(Z) and a consistent?
18
Various Metrics
  • Diff Metric
  • A e(Z) a
  • Probability Metric
  • A Pr (a Z)
  • Others

19
How to Find the Threshold?
  • Recall we use A gt T to decide Le La gt? D
  • How to obtain T
  • T is obtained for a non-compromised network.
  • One location discovery scheme is used
  • Derivation preferable but difficult
  • Simulation e.g., Find T, such that
  • Pr(Le La gt D A gt T) 99.99,
  • We use T as the threshold for A.
  • False positive 1 99.99 0.01.

20
Attacks
A
B
21
Attacks
I am actually from group 5, But I am not telling
anybody.
Silence Attack
Range-Change Attack
22
Attacks (continued)
Group 3
I am from group 9
Group 5
I am actually from group 5.
Group 6
Impersonation Attack
Multi-Impersonation Attack and Wormhole Attack
23
Arbitrary Attack
a (1, 2, 8, 10)
Arbitrary Change
a (10, 9, 3, 1)
  • Attackers can arbitrarily change a sensors
    observation (both increasing and decreasing).
  • There is no hope.
  • Observation decreasing is more difficult.

24
Dec-Bounded Attack
a (1, 2, 8, 10)
a (10, 9, 7, 8)
Dec-Bounded Change
  • ai can be arbitrarily larger than ai
    (multi-impersonation attacks).
  • But ai cannot be arbitrarily smaller than ai.
  • Difficult in preventing non-compromised nodes
    from broadcasting their membership.
  • ? (ai ai) lt x, for all ai gt ai

25
Dec-Only Attack
a (1, 2, 5, 7)
Dec-Only Change
a (1, 2, 8, 10)
  • Prevent impersonation attacks
  • Authentication
  • No wormhole attacks.
  • Attackers cannot move sensors.
  • Attackers cannot enlarge the transmission power.

26
Evaluation via Simulation
  • X nodes are compromised
  • Random pick a node at La (actual location) with
    the actual observation a
  • Find a location Le s.t. Le - La D
  • Compute expected observation u from Le
  • Generate a new observation a from a (attacking)
  • Find Le, s.t. a is as close to u as possible

27
The ROC Curves
  • Evaluating Intrusion Detection
  • Detection rate
  • False positive
  • We need to look at them both
  • Receive Operating Characteristic (ROC)
  • Y-axis Detection rate
  • X-axis False positive ratio

28
ROC Curves for Different Metrics
29
ROC Curves for Different Attacks
30
Detection Rate vs. Degree of Damage
False Positive 0.01
31
Detection Rate vs. Node Compromise Ratio
False Positive 0.01
32
Conclusion
  • We have developed an effective anomaly detection
    scheme for location discovery
  • Future Studies
  • How the deployment knowledge model affect our
    scheme
  • How the location discovery schemes affect our
    scheme
  • How to correct the location errors caused by the
    attacks.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "LAD: Location Anomaly Detection for Wireless Sensor Networks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!