International Journal of Advanced Engineering Research and Technology (IJAERT) 331

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

Spatial Correlation of RSS for Detecting and Finding Malicious

Adversaries in Wireless Networks
Tulasi Veera Prasad Nadupuri*, S.Ravi Kumar**
*Department of CSE, Gokul Institute of Technology and Sciences, Piridi village.
Bobbili mandalam ,Vizianagaram dt, Jntu kakinada university A.P, India
**Assistant Professor, Department of CSE, Gokul Institute of Technology and Sciences, Piridi village.
Bobbili mandalam ,Vizianagaram dt, Jntu kakinada university A.P, India

ABSTRACT
Unlike wired networks, wireless networks are resource
constrained and thus vulnerable to different kinds of
attacks. On such attack is known as spoofing attack. The
traditional security approaches cannot solve the problem
of spoofing attacks in wireless networks. They generally
use
cryptographic
solutions
for
securing
communications over networks. They are not directly fit
into wireless environment as they cause lot of overhead.
Recently Yang et al. proposed a solution that that does
not use cryptography. Moreover the solution finds
spoofing attacks and localizes the adversaries. This is
achieved by using SVM and clustering mechanisms in
order to detect attackers accurately and localize them. In
this paper, we demonstrate the proof of concept by
building a network application that shows how spoofing
attacks can be prevented and ensure secure
communications over network. The empirical study
revealed that the application is capable of detecting
spoofing attackers and localizing them. The results are
encouraging.
Index Terms Wireless networks, spoofing attacks,
localization, and attack detection

I.

INTRODUCTION

Wireless networks are widely used in the real world as

they provide simple and easy solutions to
communications. However, they are vulnerable to
various kinds of attacks due to the open medium and
mobility. Adversaries can launch attacks on such
networks using low cost devices with less effort. Among
the attacks launched by them, identity based attacks are
easier to launch and such attacks cause problems to
wireless networks. Masquerade with another device is
possible with MAC address change in 802.11 networks.
The protocols like WEP, WPA and WPA 2 are used to

protect wireless networks. The security methodologies

of these protocols also cause problems and they are
vulnerable to spoofing attacks. Other attacks possible
include traffic injection attacks DoS attacks and rogue
access point attacks. In this context, it is essential to
have mechanisms to detect the spoofing attacks, find out
the number of attackers involved and localize those
attackers or adversaries and get rid of them.
Traditionally cryptographic schemes were used to
secure communications in networks. However, they
cause heavy overhead on the network. Key distribution
mechanisms are costly and the security mechanisms
used for conventional networks do not work directly
with wireless networks. For this reason it is important to
understand the feasibility of traditional cryptographic
solutions with respect to their computational and
infrastructural overhead. Node compromises another
serious problem with cryptographic methods.
To overcome these issues, Yang et al. [50] proposed a
solution based on the received signal strength and spatial
correlation. When a physical property which is
associated with each node is used for security, it is not
easy to falsify it. This approach does not depend on
cryptographic primitives. With respect to spoofing
attacks, it is essential that identifying the number of
attacks and their location. In this paper we design and
implement a network application that simulates wireless
nodes that have communication among them. We also
demonstrate spoofing attacks launched and their
prevention mechanisms without using cryptographic
primitives. Received signal strength is used in order to
find the attacks, know the number of attackers involved
and the location of all the adversaries. The remainder of
the paper is structured as follows. Section II provides
review of literature on prior works. Section III provides
the proposed approach towards handling spoofing
attacks. Section IV presents prototype application and
experimental results while section V concludes the
paper.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 332

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

II.

RELATED WORKS

Security has been a major concern in all wireless

networks. The traditional cryptographic solutions [10],
[6], [5] were not able to solve security problems in
wireless networks as they cause overhead. A framework
was introduced in [5] named SEKM with public key
infrastructure. In [6] a key management scheme was
implemented in which key is refreshed periodically to
protect communication network. In [10] a hierarchical
network is used for experiments and an authentication
framework was proposed for security. Recently some
approaches came into existence that focused on the
physical properties of the underlying networks. One such
work is in [11] which take care of spoofing attacks in
wireless networks. Later on in [12] biometrics such as
fingerprints is used for protecting WLAN. In [4] a forge
resistant solution was given to detect spoofing attacks. In
[13] MAC sequence number is used in order to perform
spoofing detection. However, traffic pattern approaches
and sequence numbers can be manipulated by
adversaries.
The work which is close to the work of this paper
includes the works based on RSS for detecting spoofing
attacks [14], [7], [3]. Matching rules concept was used in
[3] while Gaussian mixture model for RSS was used in
[7]. Spatial signature concept was introduced in [14].
With respect to localization, RSS has been performing
well and many researches came into existence [17], [16],
and [15]. The Time of Arrival concept is used in [19].
Matching strategies are used in [15] with pre-defined
values in order to detect spoofing attack. Direction of
arrival concept is used in [20] along with received signal
strength to detect spoofing attack. Localization of
adversaries was explored in [22]. In this paper we
focused on RSS and other techniques for detecting and
localization of spoofing attackers.

III.

details about the solution can be found in [50]. In this

paper we built a prototype application that demonstrates
the concept of detection and localization of multiple
spoofing attackers. The application was built using Java
platform. The nodes are built as graphical programs that
simulate the functionality of wireless nodes. The
application runs in networking environment. The
application is basically a network application where
multiple wireless nodes can run and there are common
communication scenarios among the nodes. However,
we built an attack model as well to demonstrate the
detection and localization of multiple spoofing attackers.
With attack model, the application is able to demonstrate
the proof of concept.

IV.

EXPERIMENTAL RESULTS

The environment used for experiments is multiple PCs

with 2 GB RAM and core 2 dual processor running in a
network. In each PC a graphical program runs which
simulates as a wireless node. The nodes running
different machines can communicate with each other.
The general communication characteristics are provided
in the network application besides the simulation of
attack model. The application supports the selection of
number of nodes in the network and generates the nodes
as follows besides having a graphical program for each
node.

PROPOSED SOLUTION

In this section we describe our approach in solving the

problem of detection and localization of multiple
spoofing attacks. Received signal strength is widely used
for finding or estimating the location of a node from
which signals are received. Based on the signal strength
it is achieved. However, it might not be as accurate as
expected. To overcome this problem in [50] RSS is used
along with spatial correlation. The RSS readings provide
details about spatial correlations. This will help in
finding exact location of the mobile device. The
detection and localization of spooling attackers is
achieved using RSS and its spatial correlations. More

Figure 1 Simulation of wireless nodes

As can be seen in Figure 1, it is evident that the selected
number of nodes is created. However, each node has its
graphical window as well that simulates the node
functionality. Afterwards, it is possible to calculate
Euclidian distance as shown in Figure 2.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 333

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

Figure 4 RSS vector

Figure 2 Euclidian distance calculation
As can be seen in Figure 2, it is evident that the
Euclidian distance is computed and the nodes
information is presented.

As seen in Figure 4, RSS vector is generated and it is

used for computing the required values in order to
perform detection and localization of attackers.

Figure 5 Cluster analysis

Figure 3 Packet transmission

As can be seen in Figure 3, the packet transmission
process in the normal scenario is demonstrated.

As can be seen in Figure 5, the cluster analysis is made

for understanding the nodes, their positions and the
cluster to which they belong. These cluster dynamics are
further used later for detection and localization.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 334

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

Figure 8 Attacker localization

Figure 6 Spoofing attack detection
As can be seen in Figure 6, the application is able to
demonstrates multiple spoofing attacks and able to
detect spoofing attacks.

As can be seen in Figure 8, the attackers are localized.

The number of attackers involved in spoofing attack and
their location is found.

Figure 7 - Finding number of attackers

Figure 9 Node localization dynamics

As can be seen in Figure 7, the application is able to

detect the number of attackers. The attackers and other
details are computed.

As can be seen in Figure 9, it is evident that the node

localization dynamics are visualized. The horizontal axis
takes nodes, x and y dimensions while the vertical access
presents accuracy.

V.

CONCLUSION AND FUTURE WORK

In this paper, we studied the problem of detection

and localization of multiple spoofing attackers in
wireless networks. It is a challenging problem to detect
and localize multiple spoofing attackers. Recently Yang
et al. [50] proposed a solution for this. They used
www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 335

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

received signal strength along with spatial correlation

and physical property of mobile device. This approach is
hard to falsify. They provided theoretical analysis and
also simulated analysis to prove the solution. Their
solution is able to protect wireless networks from
spoofing attacks. It detects multiple spoofing attackers
and localizes them. In this paper we built a networking
application, a prototype that demonstrates the concept of
detection and localization of multiple spoofing attackers.
The application was built using Java programming
language with SWING and networking API in order to
demonstrate the proof of concept. The experimental
results reveal that the application is useful to understand
how detection and localization of multiple spoofing
attackers can be made. In our future work, we intend to
implement such solution in real networks.

REFERENCES
[1] J. Bellardo and S. Savage, 802.11 Denial-of-Service
Attacks: Real Vulnerabilities and Practical Solutions,
Proc. USENIX Security Symp., pp. 15-28, 2003.
[2] F. Ferreri, M. Bernaschi, and L. Valcamonici,
Access Points Vulnerabilities to Dos Attacks in 802.11
Networks, Proc. IEEE Wireless Comm. and
Networking Conf., 2004.
[3] D. Faria and D. Cheriton, Detecting Identity-Based
Attacks in Wireless Networks Using Signalprints,
Proc. ACM Workshop Wireless Security (WiSe), Sept.
2006.
[4] Q. Li and W. Trappe, Relationship-Based Detection
of Spoofing Related Anomalous Traffic in Ad Hoc
Networks, Proc. Ann. IEEE Comm. Soc. on IEEE and
Sensor and Ad Hoc Comm. and Networks (SECON),
2006.
[5] B. Wu, J. Wu, E. Fernandez, and S. Magliveras,
Secure and Efficient Key Management in Mobile Ad
Hoc Networks, Proc. IEEE Intl Parallel and
Distributed Processing Symp. (IPDPS), 2005.
[6] A. Wool, Lightweight Key Management for IEEE
802.11 Wireless Lans With Key Refresh and Host
Revocation, ACM/Springer Wireless Networks, vol.
11, no. 6, pp. 677-686, 2005.
[7] Y. Sheng, K. Tan, G. Chen, D. Kotz, and A.
Campbell, Detecting 802.11 MAC Layer Spoofing
Using Received Signal Strength, Proc. IEEE
INFOCOM, Apr. 2008.
[8] J. Yang, Y. Chen, and W. Trappe, Detecting
Spoofing Attacks in Mobile Wireless Environments,
Proc. Ann. IEEE Comm. Soc. Conf. Sensor, Mesh and
Ad Hoc Comm. and Networks (SECON), 2009.
[9] Y. Chen, W. Trappe, and R.P. Martin, Detecting
and Localizing Wireless Spoofing Attacks, Proc. Ann.

IEEE Comm. Soc. Conf. Sensor, Mesh and Ad Hoc

Comm. and Networks (SECON), May 2007.
[10] M. Bohge and W. Trappe, An Authentication
Framework for Hierarchical Ad Hoc Sensor Networks,
Proc. ACM Workshop Wireless Security (WiSe), pp. 7987, 2003.
[11] L. Xiao, L.J. Greenstein, N.B. Mandayam, and W.
Trappe, Fingerprints in the Ether: Using the Physical
Layer for Wireless Authentication, Proc. IEEE Intl
Conf. Comm. (ICC), pp. 4646-4651,June 2007.
[12] V. Brik, S. Banerjee, M. Gruteser, and S. Oh,
Wireless Device Identification with Radiometric
Signatures, Proc. 14th ACM Intl Conf. Mobile
Computing and Networking, pp. 116-127, 2008.
[13] F. Guo and T. Chiueh, Sequence Number-Based
MAC Address Spoof Detection, Proc. Eighth Intl
Conf. Recent Advances in Intrusion Detection, pp. 309329, 2006.
[14] L. Sang and A. Arora, Spatial Signatures for
Lightweight Security in Wireless Sensor Networks,
Proc. IEEE INFOCOM, pp. 21372145, 2008.
[15] P. Bahl and V.N. Padmanabhan, RADAR: An inBuilding RFBased User Location and Tracking System,
Proc. IEEE INFOCOM, 2000.
[16] E. Elnahrawy, X. Li, and R.P. Martin, The Limits
of Localization Using Signal Strength: A Comparative
Study, Proc. IEEE Int Conf. Sensor and Ad Hoc
Comm. and Networks (SECON), Oct. 2004.
[17] Y. Chen, J. Francisco, W. Trappe, and R.P. Martin,
A Practical Approach to Landmark Deployment for
Indoor Localization, Proc. IEEE Intl Conf. Sensor and
Ad Hoc Comm. and Networks (SECON), Sept. 2006.
[18] J. Yang and Y. Chen, A Theoretical Analysis of
Wireless Localization Using RF-Based Fingerprint
Matching, Proc. Fourth Intl Workshop System
Management Techniques, Processes, andServices
(SMTPS), Apr. 2008.
[19] P. Enge and P. Misra, Global Positioning System:
Signals, Measurements and Performance. Ganga-Jamuna
Press, 2001.
[20] Z. Yang, E. Ekici, and D. Xuan, A LocalizationBased Anti-Sensor Network System, Proc. IEEE
INFOCOM, pp. 2396-2400, 2007.
[21] T. He, C. Huang, B. Blum, J.A. Stankovic, and T.
Abdelzaher, Range-Free Localization Schemes in Large
Scale Sensor Networks, Proc. MobiCom 03, 2003.
[22] Y. Chen, W. Trappe, and R. Martin, Attack
Detection in Wireless Localization, Proc. IEEE
INFOCOM, Apr. 2007.
[23] A. Goldsmith, Wireless Communications:
Principles and Practice. Cambridge Univ. Press, 2005.

www.ijaert.org

International Journal of Advanced Engineering Research and Technology (IJAERT) 336

Volume 2 Issue 9, December 2014, ISSN No.: 2348 8190

[24] T. Sarkar, Z. Ji, K. Kim, A. Medouri, and M.

Salazar-Palma, A Survey of Various Propagation
Models for Mobile Communication, IEEE Antennas
and Propagation Magazine, vol. 45, no. 3,pp. 51-82,
June 2003.
[25] M. Abramowitz and I.A. Stegun, Handbook of
Mathematical Functions with Formulas, Graphs, and
Mathematical Tables. CourierDover, 1965.
[26] L. Kaufman and P.J. Rousseeuw, Finding Groups in
Data: An Introduction to Cluster Analysis. Wiley Series
in Probability and Statistics, 1990.
[27] G. Zhou, T. He, S. Krishnamurthy, and J.A.
Stankovic, Models and Solutions for Radio Irregularity
in Wireless Sensor Networks, ACM Trans. Sensor
Networks, vol. 2, pp. 221-262, 2006.
[28] Y. Chen, K. Kleisouris, X. Li, W. Trappe, and R.P.
Martin, The Robustness of Localization Algorithms to
Signal Strength Attacks: A Comparative Study, Proc.
Intl Conf. Distributed Computing in Sensor Systems
(DCOSS), pp. 546-563, June 2006.
[29] C. van Rijsbergen, Information Retrieval, second
ed. Butterworths,
1979.
[30] T. Fawcett, An Introduction to ROC Analysis,
Pattern Recognition Letters, vol. 27, pp. 861-874, 2006.
[31] P. Rousseeuw, Silhouettes: A Graphical Aid to the
Interpretation and Validation of Cluster Analysis, J.
Computational and Applied Math., vol. 20, no. 1, pp. 5365, Nov. 1987.
[32] K. Wang, Estimating the Number of Clusters via
System Evolution for Cluster Analysis of Gene
Expression Data,
[33] N. Cristianini and J. Shawe-Taylor, An
Introduction to Support
Vector Machines and Other Kernel-Based Learning
Methods. Cambridge
Univ. Press, 2000.
[34] C.-C. Chang and C.-J. Lin, LIBSVM: A Library for
Support
Vector
Machines,
Software,
http://www.csie.ntu.edu.tw/cjlin/libsvm, 2001.
[35] V. Franc and V. Hlavac, Multi-Class Support
Vector Machine, Proc. Intl Conf. Pattern Recognition
(ICPR), vol. 16, pp. 236-239,2002.
[36] C. Hsu and C. Lin, A Comparison of Methods for
Multiclass Support Vector Machines, IEEE Trans.
Neural Networks, vol. 13, no. 2, pp. 415-425, Mar. 2002.
[37] D. Madigan, E. Elnahrawy, R. Martin, W. Ju, P.
Krishnan, and A.S. Krishnakumar, Bayesian Indoor
Positioning Systems, Proc. IEEE INFOCOM, pp. 324331, Mar. 2005.

AUTHORS

Tulasi Veera Prasad Nadupuri is currently working

towards his M.Tech degree in Gokul Institute of
Technology and Sciences, Piridi village, Bobbili
mandalam ,Vizianagaram dt, A.P, India. His research
interests include networking and cloud computing.

S.Ravi Kumar is working as an Assistant professor

Gokul Institute of Technology and Sciences, Piridi
village, Bobbili mandalam ,Vizianagaram dt, A.P,India.
His main research interests are data mining and big data
mining.

www.ijaert.org