Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information
<p>Sybil attack models. (<b>a</b>) Attack for different angles; (<b>b</b>) attack for the same angles; (<b>c</b>) a large number of Sybil nodes.</p> "> Figure 2
<p>Different methods of measuring the angle of arrival. (<b>a</b>) Traditional MUSIC Algorithm; (<b>b</b>) self-Adaptive MUSIC Algorithm.</p> "> Figure 3
<p>Overview of the Sybil attack detection system. CSI, Channel State Information.</p> "> Figure 4
<p>Sybil attack detection system of multiple detection APs.</p> "> Figure 5
<p>Different data processing methods. (<b>a</b>) Low pass filter; (<b>b</b>) PCA; (<b>c</b>) Savitzky–Golay (SG) filter.</p> "> Figure 6
<p>Motion detection of different packets. (<b>a</b>) Client from static to moving; (<b>b</b>) variance; (<b>c</b>) variance rate of changes.</p> "> Figure 7
<p>Amplitude and RSSI of different distances. (<b>a</b>) RSSI of different distances; (<b>b</b>) amplitude of different distances.</p> "> Figure 8
<p>Different activities in the environment.</p> "> Figure 9
<p>AoA Error bar of different clients. (<b>a</b>) Error bar of access points; (<b>b</b>) error bar of mobile devices.</p> "> Figure 10
<p>AoA Estimation error. (<b>a</b>) CDF of access points; (<b>b</b>) CDF of access points of different packets.</p> "> Figure 11
<p>Different attacks’ Sybil node detection rate. (<b>a</b>) Sybil attacks’ Sybil node detection rate; (<b>b</b>) spoofing attacks’ Sybil node detection rate.</p> "> Figure 12
<p>Different mobile clients in the environment.</p> "> Figure 13
<p>Dynamic Sybil attack detection rates for different mobile clients.</p> ">
Abstract
:1. Introduction
- We propose a novel Sybil attack detection based on WLAN physical layer information. It can detect the static and dynamic attackers without any dedicated infrastructure.
- We develop a novel self-adaptive MUSIC algorithm to calculate the phase offset between the antennas. It can estimate the angle of wireless devices more accurately than traditional MUSIC algorithms.
- We realize a Sybil attack detection system on a common commercial platform. Extensive experiments prove that the performance of the Sybil detection is good.
2. Related Work
3. Preliminaries
3.1. Channel State Information
3.2. Sybil Attack Models
3.3. Angle of Arrival Measurement
4. Sybil Attack Detection System
4.1. Overview of the System
- (1)
- Denoising: The denoising module eliminates the noise in the CSI stream.
- (2)
- Motion detection: The motion detection module detects the presence or absence of motion.
- (3)
- Static detection: If all the nodes remain still, the AoA measurement is performed by the self-adaptive MUSIC algorithm. The static detection algorithm, combined with AoA, RSSI and CSI amplitude, determines whether an attack exists; because CSI amplitude and RSSI are positively related to distance.
- (4)
- Dynamic detection: However, what if there is movement in the environment? We found that different motions correspond to different amplitude characteristics. Therefore, once there is a client movement in the environment, the dynamic detection algorithm uses the DBSCAN clustering algorithm to determine the attack after feature extraction. Only one central AP is needed to detect attack nodes by the phase and amplitude features.
4.2. Denoising
4.3. Motion Detection
5. Static Detection Algorithm
5.1. Self-Adaptive MUSIC Algorithm
- When the peak of the dummy spectrum is equal to the measured AoA value, the combination has the greatest probability of being the best calibration.
- When the peak of the dummy spectrum is close to the measured AoA value, the combination also has a larger probability of becoming the best calibration combination.
- Find a normalizing constant k such that is one, and set .
- Construct a Gaussian mask with an expected value and a variance according to the desired level of error tolerance. Set
- Calculate .
5.2. Static Sybil Attack Detection
6. Dynamic Detection Algorithm
6.1. Feature Extraction
6.2. Density-Based Spatial Clustering of Applications with Noise
Algorithm 1: Density-based spatial clustering of applications with noise. |
Algorithm 2: Calculate all density-reachable points of core points. |
7. Experimental Evaluation
7.1. Angle of Arrival Estimation Accuracy of Different Clients
7.2. Detection of Sybil Nodes in the Static Scenario
7.3. Accuracy of DBSCAN Clustering Algorithm
7.4. Detection of Sybil Nodes in the Dynamic Scenario
8. Conclusions
Acknowledgments
Author Contributions
Conflicts of Interest
References
- Mitchell, C. Security Analysis and Improvements for IEEE 802.11 i. In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS’05), San Diego, CA, USA, 3–4 February 2005; Stanford University: Stanford, CA, USA, 2005; pp. 90–110. [Google Scholar]
- Douceur, J.R. The Sybil attack. In Proceedings of the International Workshop on Peer-to-Peer Systems, Cambridge, MA, USA, 7–8 March 2002; Springer: New York, NY, USA, 2002; pp. 251–260. [Google Scholar]
- Zhang, H.; Cheng, P.; Shi, L.; Chen, J. Optimal DoS attack scheduling in wireless networked control system. IEEE Trans. Control Syst. Technol. 2016, 24, 843–852. [Google Scholar] [CrossRef]
- Demirbas, M.; Song, Y. An RSSI-based scheme for Sybil attack detection in wireless sensor networks. In Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, Buffalo NY, USA, 26–29 June 2006; IEEE Computer Society: Washington, DC, USA, 2006; pp. 564–570. [Google Scholar]
- Wang, J.; Yang, G.; Sun, Y.; Chen, S. Sybil attack detection based on RSSI for wireless sensor network. In Proceedings of the IEEE International Conference on Wireless Communications, Networking and Mobile Computing, WiCom 2007, Shanghai, China, 21–25 September 2007; pp. 2684–2687. [Google Scholar]
- Jan, M.A.; Nanda, P.; He, X.; Liu, R.P. A Sybil Attack Detection Scheme for a Centralized Clustering-based Hierarchical Network. In Proceedings of the IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 20–22 August 2015; Volume 1, pp. 318–325. [Google Scholar]
- Garip, M.T.; Kim, P.H.; Reiher, P.; Gerla, M. INTERLOC: An interference-aware RSSI-based localization and Sybil attack detection mechanism for vehicular ad hoc networks. In Proceedings of the IEEE 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2017; pp. 1–6. [Google Scholar]
- Deak, G.; Curran, K.; Condell, J. Filters for RSSI-based measurements in a Device-free Passive Localisation Scenario. Image Process. Commun. 2010, 15, 23–34. [Google Scholar]
- Vasisht, D.; Kumar, S.; Katabi, D. Decimeter-Level Localization with a Single WiFi Access Point. In Proceedings of the NSDI, Santa Clara, CA, USA, 16–18 March 2016; pp. 165–178. [Google Scholar]
- Kotaru, M.; Joshi, K.; Bharadia, D.; Katti, S. Spotfi: Decimeter level localization using wifi. In Proceedings of the ACM SIGCOMM Computer Communication Review, London, UK, 17–21 August 2015; ACM: New York, NY, USA, 2015; Volume 45, pp. 269–282. [Google Scholar]
- Wang, C.; Zhu, L.; Gong, L.; Zhao, Z.; Yang, L.; Liu, Z.; Cheng, X. Channel State Information-Based Detection of Sybil Attacks in Wireless Networks. J. Internet Serv. Inf. Secur. 2018, 8, 2–17. [Google Scholar]
- Sen, S.; Radunovic, B.; Choudhury, R.R.; Minka, T. You are facing the Mona Lisa: Spot localization using PHY layer information. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services, Lake District, UK, 25–29 June 2012; ACM: New York, NY, USA, 2012; pp. 183–196. [Google Scholar]
- Zhang, W.; Hoorfar, A.; Li, L. Through-the-wall target localization with time reversal music method. Prog. Electromagn. Res. 2010, 106, 75–89. [Google Scholar] [CrossRef]
- Gjengset, J.; Xiong, J.; McPhillips, G.; Jamieson, K. Phaser: Enabling phased array signal processing on commodity WiFi access points. In Proceedings of the 20th Annual International Conference on Mobile Computing and Networking, Maui, HI, USA, 7–11 September 2014; ACM: New York, NY, USA, 2014; pp. 153–164. [Google Scholar]
- Gan, J.; Tao, Y. DBSCAN Revisited. In Proceedings of the ACM SIGMOD International Conference, Melbourne, Australia, 31 May–4 June 2015; pp. 519–530. [Google Scholar]
- Karlof, C.; Wagner, D. Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Netw. 2003, 1, 293–315. [Google Scholar] [CrossRef]
- Newsome, J.; Shi, E.; Song, D.; Perrig, A. The Sybil attack in sensor networks: Analysis & defences. In Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks, Berkeley, CA, USA, 26–27 April 2004; ACM: New York, NY, USA, 2004; pp. 259–268. [Google Scholar]
- Zhang, Y.; Liu, W.; Lou, W.; Fang, Y. Location-based compromise-tolerant security mechanisms for wireless sensor networks. IEEE J. Sel. Areas Commun. 2006, 24, 247–260. [Google Scholar] [CrossRef]
- Dhamodharan, U.S.R.K.; Vayanaperumal, R. Detecting and preventing Sybil attacks in wireless sensor networks using message authentication and passing method. Sci. World J. 2015, 2015. [Google Scholar] [CrossRef] [PubMed]
- Pecori, R.; Veltri, L. 3AKEP: Triple-Authenticated Key Exchange Protocol for Peer-to-Peer VoIP Applications. Comput. Commun. 2016, 85, 28–40. [Google Scholar] [CrossRef]
- Pecori, R. S-Kademlia: A trust and reputation method to mitigate a Sybil attack in Kademlia. Comput. Netw. 2016, 94, 205–218. [Google Scholar] [CrossRef]
- Ishida, T.; Hirohara, Y.; Uchida, N.; Shibata, Y. Implementation of an Integrated Disaster Information Cloud System for Disaster Control. J. Internet Serv. Inf. Secur. 2017, 7, 1–20. [Google Scholar]
- Cui, B.; Liu, Z.; Wang, L. Key-aggregate searchable encryption (KASE) for group data sharing via cloud storage. IEEE Trans. Comput. 2016, 65, 2374–2385. [Google Scholar] [CrossRef]
- Liu, Z.; Chen, X.; Yang, J.; Jia, C.; You, I. New order preserving encryption model for outsourced databases in cloud environments. J. Netw. Comput. Appl. 2016, 59, 198–207. [Google Scholar] [CrossRef]
- Liu, Z.; Li, T.; Li, P.; Jia, C.; Li, J. Verifiable searchable encryption with aggregate keys for data sharing system. Future Gener. Comput. Syst. 2018, 78, 778–788. [Google Scholar] [CrossRef]
- Liu, Z.; Huang, Y.; Li, J.; Cheng, X.; Shen, C. DivORAM: Towards a Practical Oblivious RAM with Variable Block Size. Information Sciences. Inf. Sci. 2018, 447. [Google Scholar] [CrossRef]
- Xu, Q.; Zheng, R.; Saad, W.; Han, Z. Device fingerprinting in wireless networks: Challenges and opportunities. IEEE Commun. Surv. Tutor. 2016, 18, 94–104. [Google Scholar] [CrossRef]
- Park, S.; Aslam, B.; Turgut, D.; Zou, C.C. Defense against Sybil attack in the initial deployment stage of vehicular ad hoc network based on roadside unit support. Secur. Commun. Netw. 2013, 6, 523–538. [Google Scholar] [CrossRef]
- Shen, J.; Chang, S.; Shen, J.; Liu, Q.; Sun, X. A lightweight multi-layer authentication protocol for wireless body area networks. Future Gener. Comput. Syst. 2016, 78, 956–963. [Google Scholar] [CrossRef]
- Shi, W.; Liu, S.; Zhang, Z. A Lightweight Detection Mechanism against Sybil Attack in Wireless Sensor Network. KSII Trans. Internet Inf. Syst. 2015, 9. [Google Scholar] [CrossRef]
- Gu, P.; Khatoun, R.; Begriche, Y.; Serhrouchni, A. k-Nearest Neighbours classification based Sybil attack detection in Vehicular networks. In Proceedings of the IEEE 2017 Third International Conference on Mobile and Secure Services (MobiSecServ), Miami Beach, FL, USA, 11–12 February 2017; pp. 1–6. [Google Scholar]
- Gu, P.; Khatoun, R.; Begriche, Y.; Serhrouchni, A. Support Vector Machine (SVM) Based Sybil Attack Detection in Vehicular Networks. In Proceedings of the 2017 IEEE Wireless Communications and Networking Conference (WCNC), San Francisco, CA, USA, 19–22 March 2017; pp. 1–6. [Google Scholar]
- Wen, M.; Li, H.; Zheng, Y.F.; Chen, K.F. TDOA-based Sybil attack detection scheme for wireless sensor networks. J. Shanghai Univ. 2008, 12, 66–70. [Google Scholar] [CrossRef]
- Zhang, Y.; Fan, K.; Zhang, S.; Mo, W. AOA based trust evaluation scheme for Sybil attack detection in WSN. Appl. Res. Comput. 2010, 27, 1847–1849. [Google Scholar]
- Yu, B.; Xu, C.Z.; Xiao, B. Detecting Sybil attacks in VANETs. J. Parallel Distrib. Comput. 2013, 73, 746–756. [Google Scholar] [CrossRef]
- Liu, Y.; Bild, D.R.; Dick, R.P.; Mao, Z.M.; Wallach, D.S. The Mason test: A defence against Sybil attacks in wireless networks without trusted authorities. IEEE Trans. Mob. Comput. 2015, 14, 2376–2391. [Google Scholar] [CrossRef]
- Feng, X.; Li, C.Y.; Chen, D.X.; Tang, J. EBRS: Event Based Reputation System for Defensing Multi-Source Sybil Attacks in VANET; Springer International Publishing: New York, NY, USA, 2015; pp. 145–154. [Google Scholar]
- Liu, R.; Wang, Y. A New Sybil Attack Detection for Wireless Body Sensor Network. In Proceedings of the Tenth International Conference on Computational Intelligence and Security, Kunming, China, 15–16 November 2014; pp. 367–370. [Google Scholar]
- Xiao, L.; Greenstein, L.J.; Mandayam, N.B.; Trappe, W. Channel-based detection of Sybil attacks in wireless networks. IEEE Trans. Inf. Forensics Secur. 2009, 4, 492–503. [Google Scholar] [CrossRef]
- Zhang, J.; Tang, J.; Wang, T.; Chen, F. Energy-efficient data-gathering rendezvous algorithms with mobile sinks for wireless sensor networks. Int. J. Sens. Netw. 2017, 23, 248–257. [Google Scholar] [CrossRef]
- Zhang, Y.; Sun, X.; Wang, B. Efficient algorithm for k-barrier coverage based on integer linear programming. China Commun. 2016, 13, 16–23. [Google Scholar] [CrossRef]
- Jamshidi, M.; Zangeneh, E.; Esnaashari, M.; Meybodi, M.R. A lightweight algorithm for detecting mobile Sybil nodes in mobile wireless sensor networks. Comput. Electr. Eng. 2016, 64, 220–232. [Google Scholar] [CrossRef]
- Schmidt, R. Multiple emitter location and signal parameter estimation. IEEE Trans. Antennas Propag. 1986, 34, 276–280. [Google Scholar] [CrossRef]
- Xiong, J.; Jamieson, K. Arraytrack: A Fine-Grained Indoor Location System; USENIX: Berkeley, CA, USA, 2013. [Google Scholar]
- Wang, W.; Liu, A.X.; Shahzad, M.; Ling, K.; Lu, S. Device-Free Human Activity Recognition Using Commercial WiFi Devices. IEEE J. Sel. Areas Commun. 2017, 35, 1118–1131. [Google Scholar] [CrossRef]
- Halperin, D.; Hu, W.; Sheth, A.; Wetherall, D. Tool release: Gathering 802.11 n traces with channel state information. ACM SIGCOMM Comput. Commun. Rev. 2011, 41, 53. [Google Scholar] [CrossRef]
Normal State | |||||||||
Features | Min | Max | Var | Range | MCR | Std | Area | NPV | |
Schemes | |||||||||
I | 0.040 | 0.039 | 0.059 | 0.082 | 0.129 | 0.186 | 0.246 | 0.048 | |
IG | 0.019 | 0.021 | 0.042 | 0.045 | 0.085 | 0.106 | 0.190 | 0.039 | |
PCA | 3.350 | −1.530 | 1.712 | 4.880 | 3 | 1.311 | 1.215 | 4 | |
Attack State | |||||||||
I | 0.051 | 0.038 | 0.085 | 0.143 | 0.135 | 0.193 | 0.208 | 0.151 | |
IG | 0.045 | 0.029 | 0.027 | 0.054 | 0.126 | 0.087 | 0.115 | 0.040 | |
PCA | 3.490 | −1.340 | 2.132 | 4.830 | 4 | 1.462 | 0.700 | 4 |
© 2018 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
Share and Cite
Wang, C.; Zhu, L.; Gong, L.; Zhao, Z.; Yang, L.; Liu, Z.; Cheng, X. Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information. Sensors 2018, 18, 878. https://doi.org/10.3390/s18030878
Wang C, Zhu L, Gong L, Zhao Z, Yang L, Liu Z, Cheng X. Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information. Sensors. 2018; 18(3):878. https://doi.org/10.3390/s18030878
Chicago/Turabian StyleWang, Chundong, Likun Zhu, Liangyi Gong, Zhentang Zhao, Lei Yang, Zheli Liu, and Xiaochun Cheng. 2018. "Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information" Sensors 18, no. 3: 878. https://doi.org/10.3390/s18030878