A Robust Kolmogorov–Smirnov Detector for Misbehavior in IEEE …alberto/publications/Lopez Toledo... · 2007. 6. 27. · Kolmogorov-Smirnov Test. 12 The Kolmogorov-Smirnov statistic

A Robust Kolmogorov–Smirnov

Detector for

Misbehavior in IEEE 802.11

DCF

Alberto Lopez Toledo and Xiaodong Wang

Columbia University

ICC 2007 Glasgow, UK

June 27, 2007

2

The CSMA/CA Protocol uses random deferment of

packet transmission for content resolution.

Random backoff timer is chosen in the interval [0,v), with

Two modes of transmission: basic and RTS/CTS access.

CSMA/CA Protocol

3

CSMA/CA Protocol Misbehavior

The operation of the protocol assumes that all

nodes will abide by the protocol rules.

Nowadays devices are easily programmable,

and hence can easily change their behavior and

affect other users: misbehavior.

Two types of misbehavior

Malicious: disrupting the operation of the network,

even in their own determent.

Selfish: users willing to increase their share of the

network.

4

Selfish Misbehavior

Selfish misbehavior is more dangerous:

It is very easy to implement: users can simply change

the value of the contention window.

Every user has an incentive to implement it.

Misbehavior is difficult to detect:

CSMA/CA operation is random.

The medium is random: channel impairments and

interference are different for different users

5

Misbehavior Technique: Modify

Backoff

Source: Levente Buttyan and Jean-Pierre Hubaux, Security and Cooperation in Wireless Networks, http://secowinet.epfl.ch.

6

Misbehavior Effect is Catastrophic

DoS Bandwidth

theft

A misbehaving node

can starve other

nodes

Current situation:

anyone can steal

bandwidth today.

Targets

Municipal networks.

Wireless Mesh

Networks.

Serious threat to

open networks

revenue model.

7

Problem Formulation

Let x1,…,xK be a sequence of observations related

to the operation of a CSMA/CA terminal. Then

we define the problem as

where f0 and f1 are the probability distributions of

the observations when a node is not

misbehaving and misbehaving respectively.

We want to design a decision rule to

discriminate between the two hypotheses.

8

Characterizing a Legitimate Terminal

The observations x1,…,xK are the number of idle slots

between successful transmissions of the observed

terminal. Then f0 is given by

9

0 50 100 150 2000

0.005

0.01

0.015

0.02

0.025

Number of idle slots between successful transmissions

pdf

Analyticalns−2

The strategy f0 of a saturating legitimate terminal

Characterizing a Legitimate Terminal

10

Intuitively, a misbehaving terminal would access the

network more than a saturating legitimate terminal.

Characterizing a Misbehaving Terminal

11

We use the one-sided Kolmogorov-Smirnov test given by

Where F1 is the empirical cdf of f1, given by

and F0 is the estimated cdf of f0, with is the empirical cdf

of f1, given by

Kolmogorov-Smirnov Test

12

The Kolmogorov-Smirnov statistic is given by

The Hypothesis H0 is rejected at significance level if

where

Kolmogorov-Smirnov Test

13

Detection Algorithm

14

1Mbps IEEE 802.11b in ns-2 2.28.

Legitimate terminal uses CWmin=32, CWmax=1024.

Misbehaving terminals use CWmax=25CWmin, andCWmin {1,2,…,32}.

For comparison: SPRT test with perfect knowledge of f1with = 0.05.

Legitimate terminal

Simulation Setup

15

Performance of K-S vs. Optimum SPRT

10 competing terminals

16

Number of Samples to Detect with

PD=0.95

10 competing terminals

17

Number of Samples to Detect a Shift

in Collision Probability with PD=0.95

10 competing terminals

18

The K-S detector is robust, and can be appliedunder any network scenario and any IEEE802.11 DCF flavor, in basic access or RTS/CTSaccess.

The performance is close to that of the optimumdetectors that assume perfect knowledge aboutthe misbehavior strategy.

Can operate as a ‘black box’, without modifyingthe protocol implementation.

The detector is extremely fast, detecting anymisbehavior of CWmin < 29 in less than asecond in IEEE 802.11g.

Conclusions