Dimension Increased Random Matrix Method for Anomaly Detection in Wireless Networks

The broadcast nature of wireless networks and the mobility features created new kinds of intrusions and anomalies taking profit of wireless vulnerabilities. Because of the radio links and the mobile equipment features of wireless networks, wireless intrusions are more complex because they add to the intrusions developed for wired networks, a large spectrum of complex attacks targeting wireless environment. These intrusions include rogue or unauthorized access point (AP), AP MAC spoofing, and wireless denial of service and require adding new techniques and mechanisms to those approaches detecting intrusions targeting wired networks. To face this challenge, some researchers focused on extending the deployed approaches for wired networks while others worked to develop techniques suitable for detecting wireless intrusions. The efforts have mainly addressed: (1) the development of theories to allow reasoning about detection, wireless cooperation, and response to incidents; and (2) the development of wireless intrusion and anomaly detection systems that incorporate wireless detection, preventive mechanisms and tolerance functions. This chapter aims at discussing the major theories, models, and mechanisms developed for the protection of wireless networks/systems against threats, intrusions, and anomalous behaviors. The objectives of this chapter are to: (1) discuss security problems in a wireless environment; (2) present the current research activities; (3) study the important results already developed by researchers; and (4) discuss the validation methods proposed for the protection of wireless networks against attacks.

Download Full-text

Anomaly Detection in Wireless Networks

Advances in Wireless Technologies and Telecommunication - Big Data Applications in the Telecommunications Industry ◽

10.4018/978-1-5225-1750-4.ch008 ◽

2016 ◽

pp. 108-118

Author(s):

Yirui Hu

Keyword(s):

Wireless Networks ◽

Anomaly Detection ◽

Initial Step ◽

Training Data ◽

Data Set ◽

Detection Systems ◽

Detection Analysis ◽

Anomaly Score ◽

Unsupervised Algorithms ◽

Traffic Behavior

This chapter is an introduction to multi-cluster based anomaly detection analysis. Various anomalies present different behaviors in wireless networks. Not all anomalies are known to networks. Unsupervised algorithms are desirable to automatically characterize the nature of traffic behavior and detect anomalies from normal behaviors. Essentially all anomaly detection systems first learn a model of the normal patterns in training data set, and then determine the anomaly score of a given testing data point based on the deviations from the learned patterns. The initial step of learning a good model is the most crucial part in anomaly detection. Multi-cluster based analysis are valuable because they can obtain the insights of human behaviors and learn similar patterns in temporal traffic data. The anomaly threshold can be determined by quantitative analysis based on the trained model. A novel quantitative “Donut” algorithm of anomaly detection on the basis of model log-likelihood is proposed in this chapter.

Download Full-text

Deep Predictive Coding Neural Network for RF Anomaly Detection in Wireless Networks

2018 IEEE International Conference on Communications Workshops (ICC Workshops) ◽

10.1109/iccw.2018.8403654 ◽

2018 ◽

Cited By ~ 10

Author(s):

Nistha Tandiya ◽

Ahmad Jauhar ◽

Vuk Marojevic ◽

Jeffrey H. Reed

Keyword(s):

Neural Network ◽

Wireless Networks ◽

Anomaly Detection ◽

Predictive Coding

Download Full-text

LC-IDS: Loci-Constellation-Based Intrusion Detection for Reconfigurable Wireless Networks

Electronics ◽

10.3390/electronics10243053 ◽

2021 ◽

Vol 10 (24) ◽

pp. 3053

Author(s):

Jaime Zuniga-Mejia ◽

Rafaela Villalpando-Hernandez ◽

Cesar Vargas-Rosales ◽

Mahdi Zareei

Keyword(s):

Wireless Networks ◽

Intrusion Detection ◽

Anomaly Detection ◽

Dimensional Space ◽

Temporal Structure ◽

Detection Performance ◽

Detection Accuracy ◽

Routing Attacks ◽

Network Intrusion ◽

Wide Range

Detection accuracy of current machine-learning approaches to intrusion detection depends heavily on feature engineering and dimensionality-reduction techniques (e.g., variational autoencoder) applied to large datasets. For many use cases, a tradeoff between detection performance and resource requirements must be considered. In this paper, we propose Loci-Constellation-based Intrusion Detection System (LC-IDS), a general framework for network intrusion detection (detection of already known and previously unknown routing attacks) for reconfigurable wireless networks (e.g., vehicular ad hoc networks, unmanned aerial vehicle networks). We introduce the concept of ‘attack-constellation’, which allows us to represent all the relevant information for intrusion detection (misuse detection and anomaly detection) on a latent 2-dimensional space that arises naturally by considering the temporal structure of the input data. The attack/anomaly-detection performance of LC-IDS is analyzed through simulations in a wide range of network conditions. We show that for all the analyzed network scenarios, we can detect known attacks, with a good detection accuracy, and anomalies with low false positive rates. We show the flexibility and scalability of LC-IDS that allow us to consider a dynamic number of neighboring nodes and routing attacks in the ‘attack-constellation’ in a distributed fashion and with low computational requirements.

Download Full-text