International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

Detection of Misbehavior Nodes In Wifi Networks

R.Bratheesha
M.E student,
Ponjesly College of Engineering
Nagercoil
bratheesha@gmail.com

B.BenSujitha
M.Tech,(Ph.D).,
Ponjesly College of Engineering
Nagercoil
bensujitha@gmail.com

Abstract--This paper presents a novel approach for focusing on learning the interference relations and detecting selfish
behavior nodes in the network using Sniffers. The approach requires multiple sniffers across the network for capturing
the wireless traffic traces. These traces are then analyzed using a machine learning approach to infer the carrier-sense
relationship between nodes in the network. This coupled with an estimation of collision probabilities which helps to
deduce the interference relationships. The estimation and detection of misbehaving nodes in networks that are detected
using watch dog algorithm. The misbehavior nodes are detected based on identifying the asymmetry in carrier-sense
behavior between node pairs and finding multiple witnesses to raise confidence.
Index TermsMAC layer misbehavior, Interference, Security, Clear Channel Assessment (CCA).

INTRODUCTION
Wireless networks are computer networks that are
not connected by cables of any kind. The use of a
wireless network enables enterprises to avoid the
costly process of introducing cables into buildings
or as a connection between different equipment
locations. The basis of wireless systems is radio
waves, and the implementation that takes place at
the physical level of network structure. Wireless
networks use radio waves for connecting devices
such as laptops to the Internet, the business network
and applications. Wi-Fi can enable devices to
connect easily with each other without requiring a
wireless access point and to communicate at typical
Wi-Fi speeds for everything from file transfer to
Internet connectivity.When laptops are connected to
Wi-Fi hot spots in public places the connection is
established to that network. One advantage of Wi-Fi
is the ability to connect devices even if they are
from different manufacturers. Only one of the Wi-Fi
devices needs to be compliant with Wi-Fi Direct to
establish a peer-to-peer connection that transfers
data directly between each other with greatly
reduced setup. The pairing of Wi-Fi devices can be
set up to require the proximity of a near field
communication, a Bluetooth signal, or a button press
on one or all the devices.

systems increased, the basic model of a simple router

with smart computers became increasingly strained. At
the same time, the increasing sophistication of the hot
spots presented setup problems for the users. To address
these problems, there have been numerous attempts to
simplify certain aspects of the setup task. Interference
hampers coverage and capacity, and limits the
effectiveness of both new and existing systems. It is an
unavoidable fact that wireless communications systems
must coexist in extremely complicated signal
environments.

Figure: Wi-Fi Networks

When Wi-Fi use the same channel at the same time, an

interference problem appears which causes loss of the
data packets being transmitted. This will result in
retransmission in both Wi-Fi until a successful
transmission is achieved. This in turn causes delay and
mitigation in the delivery ratio for both technologies. As
the number and type of devices attaching to Wi-Fi

ISBN 978-93-80609-17-1
599

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

protocol layers has been studied extensively using

either simulations or analytical methods.They
propose algorithms for distinguishing congestion
from wireless network losses. The algorithms which
provide a basis for optimizing TCP parameters such
as back-off intervals and congestion window sizes.
By adjusting frame sizes in high bit-rate
environments or varying the protocol contention
window they analyze problems with multirate
adaptation in the 802.11b protocol. They suggest that
because frames transmitted at low data rates occupy
more time in the channel compared to frames
transmitted at high data rates.To increase the
probability of successful delivery of frames, wireless
card vendors utilize a multirate adaptation algorithm
that dynamically adapts the rates at which frames are
transmitted. The fact is at low rates, frames are more
flexible to bit errors and are successfully received.
The disadvantage, is that low data rates result in poor
throughput performance. The IEEE 802.11 standards
do not specify any rate adaptation scheme. This
results, 802.11 chipset manufacturers can implement
any suitable rate adaptation scheme. The popular
technique is based on the auto rate feedback (ARF)
scheme. The generic ARF implementation reduce the
transmission rate whenever packet drops occur and
increases the rate upon successful delivery of a large
packets [1].
In this paper, they show how the DAIR framework is
suited for solving many wireless management
problems that includes detection of unauthorized
access points, handling malfunctioning APs, and
performance monitoring. In each case, they show
how the DAIR framework takes advantage of the key
attributes of the desktop infrastructure, dense
deployment, stationary, wired connectivity, spare
CPU and disk resources. Our solution is based on two
observations. First,in most enterprise environments,
there were plenty of desktop machines with good
wired connectivity, spare CPU, and disk resources.
Second, inexpensive USB-based wireless adapters
are used. The advantage of DAIR framework are
Light Monitoring Load, Secure, Low Cost of
Deployment, Remote Management, Scalability. The
problem of detecting and diagnosing faults in
wireless networks has received less attention from the
networking research community. Now-a-days, the
problems associated with securing and managing
wireless networks have become more prominent.
They either rely on APs for monitoring, or to use
dedicated and expensive custom hardware sensors for
RF monitoring. Some commercial products rely on
APs for monitoring wireless networks. This approach
is cost effective, and it has several limitations. The
key of our work is the approach to deployment. In
mobile clients they were expected to perform the

Fig: Working of Wireless Network

The present paper investigates the analysis of these
interference in the network by using multiple sniffers
across the network. Sniffer is a program or device
that monitors data travelling over a network. Sniffers
can be used both for legitimate network management
functions and for stealing information off a network.
Unauthorized sniffers can be extremely dangerous to
a network's security. This makes a favorite weapon in
the hacker's arsenal. Also, some nodes do not
cooperate with other nodes. Such selfish nodes
doesnot consume any energy such as CPU power,
battery and also bandwidth for retransmitting the data
of other nodes and they reserve this only for
themselves. This behavior is referred as the Selfish
behaviors. These selfish behavior nodes are detected
using the watchdog technique for improving the
network performance and to avoid traffic,delay in
network. In this paper, the existing techniques as well
as proposed techniques to detect Selfish Nodes for
Wi-Fi networks were surveyed.
LITERATURE SURVEY
EXISTING SYSTEM
There are various techniques involved on evaluating
the interference characteristics in an 802.11
networks.
In this paper, they focus on how congestion occur in
the network and also how channels are utilized in
wireless medium. The behavior are analyzed by
studying factors such as the channel busy-time,
effectiveness of the RTS,CTS mechanism, frame
transmission and reception, and acceptance delays.
The use of RTS,CTS by a few nodes in a heavily
congested environment that prevents the nodes from
gaining fair access to the channel. The number of
frame transmissions at 1 Mbps and 11 Mbps are high
for all the congestion levels. The Current rateadaptation implementations make use of 2 Mbps and
5.5 Mbps data rates of the level of congestion. At
high congestion level, the time to successfully
transmit a large frame can sent at 11 Mbps is lower
than for a small frame sent at 1 Mbps. The effect of
congestion on the performance of the various

ISBN 978-93-80609-17-1
600

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

majority of the management tasks. In APs they are

expected to perform additional monitoring functions
to detect greedy or malicious behavior in hotspots.
Complete coverage of wireless spectrum using
single-radio APs is not feasible because the APs
mostly use their wireless interface for the task of
serving associated mobile clients. This was the
drawback here .To overcome this they use Multi
radio APs. But Multi-radio APs can overcome this
limitation to some extent. Still, the DAIR approach
can provide much higher density of RF sensors [2].
In this paper, they show the attacks on Wi-Fi
networks. Wi-Fi network consists of about 5,000
access points (APs) supporting 25,000 users each day
in 277 buildings, covering more than 17 million
square feet. Recently, the researchers have uncovered
security vulnerabilities in Wi-Fi networks .They
showed that Wired Equivalency Protocol (WEP), the
popular 802.11 security mechanism were using at the
time, was basically flawed. There was several
research conducted earlier on detecting greedy and
malicious behavior in IEEE 802.11 networks. An
unauthorized AP can be connected to the corporate
Ethernet, which allow unauthorized clients to connect
to the corporate network. The rogue AP may be
connected by a malicious person or by an employee
who innocently connects an AP in his office without
realizing that he is compromising the corporate
network. A rogue AP can avoid the complex security
measures that the IT department may have put in
place to protect the companys intellectual property.
Beyond rogue APs and rogue ad-hoc networks, there
are a number of ways to attack corporate 802.11
networks. Example: Eavesdropping, where the
attacker passively listens to the traffic on the wireless
network and gleans useful information, Denial of
Service, where an attacker exploits flaws in the
802.11 protocol to disable the wireless link and
disrupt communication. Phishing where the attacker
impersonates a legitimate AP and lures unsuspecting
clients to connect to it. Intrusion, where any attack
that allows a user to gain unauthorized access to the
network is called an Intrusion attack. Intrusion
attacks are active attacks. The main drawback of the
techniques that they proposed was to detect rogue
wireless devices is that they can never guarantee a
suspect device is harmless. If one of the tests
succeeds, then they can conclude that the device is
connected to the corporate network. If all the tests
fail, then they cannot say with absolute confidence
that the suspect device is not connected to the
corporate network. In other words, if the person
deploying the rogue device has malicious intent and
has some technical complexity, then each of our
sequence of tests can be defeated [3].

PROPOSED SYSTEM
CSMA/CA TECHNIQUE
The proposed system uses the technique
known as Carrier Sense Multiple Access with
Collision Avoidance (CSMA/CA).This is for
analyzing the channel status whether it is busy or
idle. According to this technique, when a node wants
to transmit a frame, the station is required to sense if
the communication medium is busy. If it is, the
station waits for a period of time known as the
Backoff Interval (BO) and then it tries to sense the
medium again. If the channel is not busy, the station
transmits the frame to the intended destination. The
RTS,CTS mechanism is used for communication. A
sender transmits an RTS with information about the
size of the data frame and the channel time to be
consumed by the data frame. If the receive is free to
receive the data frame, it sends a CTS to the sender.
At the same time, other stations in the neighborhood
of the sender-receiver pair record the estimated time
for data transmission and backoff until the channel
becomes free again.
ANALYSING INTERFERENCE
When interference problem appears then it
may cause loss of the data, delay in transmitting
packets. Interference impacts the sender by reducing
its maximum sending rate as determined by the
CSMA based 802.11 MAC layer connections.
Interference impacts the receiver by reducing the
probability of successful packet reception by causing
collisions at the receiver. There are two types of
interference in the proposed system. That includes
1) Sender Side Interference.
2) Receiver Side Interference.
To ensure this model that are applicable to real
networks, it rely on only received signal strength
indicator (RSSI) values and pair-wise delivery
counts. Both are easily obtained by wireless cards.
They record this information when there are a singlesender as experimental at all receivers, which
requires N trials to obtain N2 parameters for an N
node network. Then they formulate low-level models
for packet reception and carrier-sense by relating the
traditional notion of SINR (signal to interference plus
noise ratio) to our measurements. Investigate 802.11
characteristics, both in a controlled setting with
attenuators and on a building network, to provide a
foundation for the models. These models in turn fed
into a higher-layer system model that predicts packet
delivery and interference for the same node

ISBN 978-93-80609-17-1
601

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

placements but having different sets of transmitters.

They view this as the foundation for exploring other
higher-level design choices, that are RTS/CTS
exchanges, routing and channel assignments.

transmitting, the sender defers, waiting for some time

after the end of the superseding transmission. After
that the sender repeats the same carrier sense-defer
process. Carrier sense is a part of the medium access
control (MAC) layer of the radio heap. Wellinformed MAC decisions are crucial to maximize the
capacity of a broadcast radio medium. Failed
transmissions not only waste energy, but also the
potential to corrupt other transmissions in the
network reducing the total capacity.
DETECTION OF SELFISH NODES

SNIFFERS
Sniffer machines are used to capture the
wireless frames on the network. This wireless sniffer
captures 256 bytes of each receiving 802.11
frame.This records the complete view of the frame,
i.e., PHY/MAC/LLC/IP/Above-IP information. The
header that includes the useful PHY information such
as MAC Time, RSSI (Received Signal Strength
Indication), SQ (Signal Quality), Signal strength,
Noise, Signal Noise Ratio (SNR) and Data rate (in
Mbps).All signal and noise information are in special
units.They can be used for relative comparison. Here
the sniffer can capture the IEEE 802.11 MAC frame
structure which incorporates the following fields:
protocol version, frame type (management, data and
control), Duration for Network Allocation Vector
(NAV) calculation, BSS Id, Source and Destination
MAC addresses,fragment, sequence number among
others. The location of one or more sniffers which
affects the quantity and quality of frames that can be
captured from the network. With a prior information
about the AP topology and the expected number of
frames transmitted to and from the APs, sniffers can
be purposefully and conveniently placed in the
neighborhood of those APs. The tests shows that the
placement of sniffers in different area for a short
period of time for capturing the snapshot of the
activity of the APs in that area. These tests allowed to
estimate the behavior of network traffic, number of
users, per-AP traffic, and per-channel traffic. The
information obtained from the tests and the
assumption that users of the wireless network were
spread out in different areas, then place six sniffers in
different locations at a particular range differences.
This placement of sniffer allowed us to capture
critical data sets from APs and user devices in and
around the area. The located sniffers can monitor
majority of the traffic transmitted by the users and
APs could be captured.

The main concept of end-to-end packet

acknowledgment shows that every time a source node
sends a packet to a destination node, it waits for a
certain time period for an acknowledgement of the
packet. If one arrives within the time period, the
source node has reason to state that all nodes on the
path are cooperative (none is selfish). If there are no
other indication of faults on the path the source node
knows that there are selfish nodes on the path.
Whenever an acknowledgment does or does not
arrive in time, a recommended message is sent out to
inform the other nodes about the detected situation.
The watch dog algorithm uses the received
recommended messages to evaluate the selfishness of
each node. Generally, each network node X must be
evaluated for
selfish behavior. But by default, every other node Y
acts as a witness and the above metric of asymmetry
is evaluated for the pair (X,Y).For each network node
X, take the average of the metric of asymmetry
(X,Y) over all the witnesses Y that provide a
positive value and the negative values are discounted
as they will be accounted when Y is evaluated with X
as the witness.
WATCH DOG ALGORITHM
Interference and selfish nodes are important
problems that have been studied in Wi-Fi networks.
The technique that identifies the misbehaving node
by eavesdropping on the transmission of the next
hop. When a node forwards the packets, Watchdog
algorithm verifies whether the next node in the route
forwards the packets or not.If the next node refused
to forward the packets, then it is known as
misbehavior. The main advantage of this Watchdog
mechanism is that it can identify the misbehaving
nodes not in forwarding level but also in the level of
connection. Additionally , it identifies the nodes not
only in the link layer, but also in the network layer.
Implementation of Watchdog is relatively very easy.
In earlier algorithms there are some disadvantages.
Due to lack of cooperation in nodes, there may be
unable to identify misbehaving nodes in conditions
such as 1) ambiguous collision 2) receiver collision

MISBEHAVING NODES
Carrier sense is a mechanism common to all
modern
wireless
communication
system.
Understanding of the strengths and weaknesses of
carrier sense in the real world has implications for
many wireless systems. The basic idea of carrier
sense are before transmitting, a sender listens to the
channel and assesses whether a nearby node is
transmitting. If no nearby node is transmitting, the
sender transmits without delay. If a nearby node is

ISBN 978-93-80609-17-1
602

International Conference on Recent Advances in Mechanical Engineering and Interdisciplinary Developments [ICRAMID - 2014]

3) limited transmission power 4) false misbehaving

5) collision 6) minor dropping.
The watchdog method allows detecting the
misbehaving nodes. When a node forward the
packets, the watchdog set in the node ensure that the
next node in the path also forwards the packets. The
watchdog does this by listening to all nodes within
transmission range randomly. If the next node does
not forward the packet then it is detected as
misbehaved. If both the sending and receiving
packets are same, then the packet has been
successfully forwarded, causing the neighbor's
trustworthiness to be increased. If a packet is not
forwarded within the time period, then a failure for
the node occur. Due to the effectiveness of the
watchdog and its relative easy implementation, the
proposed system are based on watchdog method. The
advantage of watchdog is to over a node the
possibility of detecting an attacker only using local
information.It avoids the malicious node which
affects the decisions made by the mechanism. In
general, the watchdog has a well known
vulnerability. Also, it is vulnerable to the attack of
two consecutive malicious nodes, where the
watchdog can only monitor the first one while the
second malicious node performs an attack.
CONCLUSIONS AND DISCUSSIONS
As the use of Wi-Fi Networks has increased,
the network security has become more important
accordingly. At the same time interference is also
important. There are many research has been
conducted for this wireless interference in a
theoretical manner but in real there is no solution for
this problem. In this survey research, the analysis of
interference and selfish nodes detection techniques
has discussed because these are the real problem in
the networks. It can also affect the network
throughput.
FUTURE WORK
In future, to propose a new efficient
technique to detect selfish nodes in Wi-Fi networks
will be studied.

3.

P. Bahl et al., Enhancing the Security of

Corporate Wi-Fi Networks Using DAIR,
Proc.
ACM/USENIX
Mobile
Systems,Applications, and Services (MobiSys),
2006.
4. A. Kashyap, S. Ganguly, and S.R. Das, A
Measurement-Based Approach to Modeling
Link Capacity in 802.11-Based Wireless
Networks, Proc. ACM MobiCom, 2007.
5. L. Qiu, Y. Zhang, F. Wang, M.K. Han, and R.
Mahajan, A General Model of Wireless
Interference, Proc. ACM MobiCom, 2007.
6. K. Jamieson, B. Hull, A.K. Miu, and H.
Balakrishnan, Understanding the Real-World
Performance of Carrier Sense, Proc. ACM
SIGCOMM
Workshop
Experimental
Approaches to Wireless Network Design and
Analysis (E-WIND), Aug. 2005.
7. S. Das, D. Koutsonikolas, Y. Hu, and D.
Peroulis,
Characterizing
Multi-Way
Interference in Wireless Mesh Networks,
Proc. First Intl Workshop Wireless Network
Testbeds, Experimental Evaluation and
Characterization (WINTECH), 2005.
8. W.R. Heinzelman, A. Chandrakasan, H.
Balakrishnan,Energy-efficient communication
protocol for wireless microsensor networks,
proc. IEEE Hawaii International Conference on
System Sciences, 2000.
9. I.F.
Akyildiz,
Weilian
Su,
Sankarasubramaniam, E. Cayirci, A survey on
sensor
networks,
proc.
IEEE
Communications, Aug 2002.
10. C. Intanagonwiwat and R. Govindan and D.
Estrin, Directed Diffusion: A Scalable and
Robust
Communication,
Proc.
ACM
MobiCom, 2000.
11. D. Braginsky, D. Estrin, Rumor routing
algorithm for sensor networks, proc.
International Workshop on Wireless Sensor
Networks and Applications,WSNA 2002.
12. A. Kashyap, S. Ganguly, and S.R. Das, A
Measurement-Based Approach to Modeling
Link Capacity in 802.11-Based Wireless
Networks, Proc. ACM MobiCom, 2007.

REFERENCES
1.

2.

A.P. Jardosh, K.N. Ramachandran, K.C.

Almeroth,
and
E.M.
Belding-Royer,
Understanding Congestion in IEEE 802.11b
Wireless Networks, Proc. ACM SIGCOMM,
2005.
P. Bahl et al., DAIR: A Framework for
Managing Enterprise Wireless Networks Using
Desktop Infrastructure, Proc. ACM HotNetsIV, 2005.

ISBN 978-93-80609-17-1
603