Presentation is loading. Please wait.

Presentation is loading. Please wait.

LAD: Location Anomaly Detection for Wireless Sensor Networks Wenliang (Kevin) Du (Syracuse Univ.) Lei Fang (Syracuse Univ.) Peng Ning (North Carolina State.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LAD: Location Anomaly Detection for Wireless Sensor Networks Wenliang (Kevin) Du (Syracuse Univ.) Lei Fang (Syracuse Univ.) Peng Ning (North Carolina State."— Presentation transcript:

1 LAD: Location Anomaly Detection for Wireless Sensor Networks Wenliang (Kevin) Du (Syracuse Univ.) Lei Fang (Syracuse Univ.) Peng Ning (North Carolina State Univ.) Sponsored by the NSF CyberTrust Program

2 Location Discovery in WSN Sensor nodes need to find their locations Rescue missions Geographic routing protocols. Constraints No GPS Low cost

3 Existing Positioning Schemes Beacon Nodes

4 Attacks Beacon Nodes

5 Attacks Beacon Nodes

6 What is Anomaly Localization error: | L estimation – L actual | L e = L estimation L a = L actual Anomaly: |L e – L a | > MTE MTE: Maximum Tolerable Error. D-Anomaly: |L e – L a | > D

7 The Anomaly Detection Problem Is |L e – L a | > D ? Find another metric A and a threshold T A > T |L e – L a | > D 

8 False Positive and Negative Ideal Situation: A > T  |L e – L a | > D False Positive (FP): A > T, but |L e – L a | < D False Negative (FN): A D Detection Rate: 1 – (False Negative Rate)

9 Our Task We assume that the location discovery is already finished. Find a good metric A What metric can help a sensor find out whether it is in a “wrong” location? It should be more robust than the location discovery itself.

10 A Group-Based Deployment Scheme

11

12 Modeling of The Group-Based Deployment Scheme Deployment Points: Their locations are known.

13 The Observations A B Actual Observation Expected Observation

14 Modeling of the Deployment Distribution Using pdf function to model the node distribution. Example: two- dimensional Gaussian Distribution.

15 The Idea A B D C LaLa LeLe

16 The Problem Formulation Is Z abnormal? Observation a = (a 1, a 2, … a n ) LAD Location Discovery Z

17 The Problem Formulation Actual Observation a = (a 1, a 2, … a n ) Estimated Location: Z Expected Observation e(Z) = (e 1, e 2, … e n ) Are e(Z) and a consistent?

18 Various Metrics Diff Metric: A = | e(Z) – a | Probability Metric: A = Pr (a | Z) Others

19 How to Find the Threshold? Recall: we use A > T to decide |L e – L a | >? D How to obtain T T is obtained for a non-compromised network. One location discovery scheme is used Derivation: preferable but difficult Simulation: e.g., Find T, such that Pr(|L e – L a | > D | A > T) = 99.99%, We use T as the threshold for A. False positive = 1 – 99.99% = 0.01%.

20 Attacks A B

21 I am actually from group 5, But I am not telling anybody. Silence AttackRange-Change Attack

22 Attacks (continued) I am actually from group 5. Impersonation AttackMulti-Impersonation Attack and Wormhole Attack I am from group 9 Group 3 Group 5 Group 6

23 Arbitrary Attack Attackers can arbitrarily change a sensor’s observation (both increasing and decreasing). There is no hope. Observation: decreasing is more difficult. a = (1, 2, 8, 10) a’ = (10, 9, 3, 1) Arbitrary Change

24 Dec-Bounded Attack a’ i can be arbitrarily larger than a i (multi- impersonation attacks). But a’ i cannot be arbitrarily smaller than a i. Difficult in preventing non-compromised nodes from broadcasting their membership.  (a i – a’ i ) a’ i a = (1, 2, 8, 10)a’ = (10, 9, 7, 8)Dec-Bounded Change

25 Dec-Only Attack Prevent impersonation attacks Authentication No wormhole attacks. Attackers cannot move sensors. Attackers cannot enlarge the transmission power. a = (1, 2, 8, 10) a’ = (1, 2, 5, 7)Dec-Only Change

26 Evaluation via Simulation X nodes are compromised Random pick a node at L a (actual location) with the actual observation a Find a location L e s.t. |L e - L a | = D Compute expected observation u from L e Generate a new observation a ’ from a (attacking) Find L e, s.t. a ’ is as close to u as possible

27 The ROC Curves Evaluating Intrusion Detection Detection rate False positive We need to look at them both Receive Operating Characteristic (ROC) Y-axis: Detection rate X-axis: False positive ratio

28 ROC Curves for Different Metrics

29 ROC Curves for Different Attacks

30 Detection Rate vs. Degree of Damage False Positive = 0.01

31 Detection Rate vs. Node Compromise Ratio False Positive = 0.01

32 Conclusion We have developed an effective anomaly detection scheme for location discovery Future Studies How the deployment knowledge model affect our scheme How the location discovery schemes affect our scheme How to correct the location errors caused by the attacks.

Download ppt "LAD: Location Anomaly Detection for Wireless Sensor Networks Wenliang (Kevin) Du (Syracuse Univ.) Lei Fang (Syracuse Univ.) Peng Ning (North Carolina State."

Similar presentations

Tests of Hypotheses Based on a Single Sample

Tests of Hypotheses Based on a Single Sample
Chris Karlof and David Wagner

Chris Karlof and David Wagner
Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,

Mitigating Routing Misbehavior in Mobile Ad-Hoc Networks Reference: Mitigating Routing Misbehavior in Mobile Ad Hoc Networks, Sergio Marti, T.J. Giuli,
Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.

Secure Location Verification with Hidden and Mobile Base Stations -TMC Apr, 2008 Srdjan Capkun, Kasper Bonne Rasmussen, Mario Cagalj, Mani Srivastava.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
© Tan,Steinbach, Kumar Introduction to Data Mining 4/18/2004 1 Other Classification Techniques 1.Nearest Neighbor Classifiers 2.Support Vector Machines.

© Tan,Steinbach, Kumar Introduction to Data Mining 4/18/ Other Classification Techniques 1.Nearest Neighbor Classifiers 2.Support Vector Machines.
Fault-Tolerant Target Detection in Sensor Networks Min Ding +, Dechang Chen *, Andrew Thaeler +, and Xiuzhen Cheng + + Department of Computer Science,

Fault-Tolerant Target Detection in Sensor Networks Min Ding +, Dechang Chen *, Andrew Thaeler +, and Xiuzhen Cheng + + Department of Computer Science,
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.

An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington.

Robust Range-Independent Localization for Wireless Sensor Networks Radha Poovendran Joint work with Loukas Lazos Network Security Lab University of Washington.
“Location-Aided Routing (LAR) in Mobile Ad Hoc Network” by Young-bae ko Nitin H. Validya presented by Mark Miyashita.

“Location-Aided Routing (LAR) in Mobile Ad Hoc Network” by Young-bae ko Nitin H. Validya presented by Mark Miyashita.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.

Introduction to Sensor Networks Rabie A. Ramadan, PhD Cairo University 4.
Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.

Securing Wireless Sensor Networks Wenliang (Kevin) Du Department of Electrical Engineering and Computer Science Syracuse University.
Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1

Edith C. H. Ngai1, Jiangchuan Liu2, and Michael R. Lyu1
1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.

1 Security in Wireless Sensor Networks Group Meeting Fall 2004 Presented by Edith Ngai.
Assessing and Comparing Classification Algorithms Introduction Resampling and Cross Validation Measuring Error Interval Estimation and Hypothesis Testing.

Assessing and Comparing Classification Algorithms Introduction Resampling and Cross Validation Measuring Error Interval Estimation and Hypothesis Testing.
A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)

A Beacon-Less Location Discovery Scheme for Wireless Sensor Networks Lei Fang (Syracuse) Wenliang (Kevin) Du (Syracuse) Peng Ning (North Carolina State)
Model Evaluation Metrics for Performance Evaluation

Model Evaluation Metrics for Performance Evaluation
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.
Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Murat Demirbas Youngwhan Song University at Buffalo, SUNY

Similar presentations

Ads by Google