This document discusses a framework for wireless LAN monitoring and its applications. It explores implementing an effective wireless monitoring system to capture detailed physical and MAC layer information. This information is useful for traffic characterization, anomaly detection, and security monitoring. The document identifies challenges of wireless monitoring including limited sniffer capabilities, difficult placement of sniffers, and difficulty collecting and synchronizing data from multiple sniffers. It proposes solutions to address these challenges and demonstrates the effectiveness of wireless monitoring for traffic analysis and network diagnosis.
Interference Revelation in Mobile Ad-hoc Networks and Confrontationirjes
In this paper, we utilize the Several interference revelation techniques proposed for mobile ad hoc
networks rely on each node passively monitoring the data forwarding by its next hop. This paper presents
quantitative evaluations of false positives and their impact on monitoring based interference revelation for ad
hoc networks. Experimental results show that, even for a simple three-node configuration, an actual ad-hoc
network suffers from high false positives; these results are validated by Markov and probabilistic models.
However, this false positive problem cannot be observed by simulating the same network using popular ad hoc
network simulators, such as ns-2, OPNET or Glomosim. To remedy this, a probabilistic noise generator model
is implemented in the Glomosim simulator. With this revised noise model, the simulated network exhibits the
aggregate false positive behavior similar to that of the experimental tested. Simulations of larger (50-node) ad
hoc networks indicate that monitoring-based interference revelation has very high false positives. These false
positives can reduce the network performance or increase the overhead. In a simple monitoring-based system
where no secondary and more accurate methods are used, the false positives impact the network performance in
two ways: reduced throughput in normal networks without attackers and inability to mitigate the effect of
attacks in networks with attackers.
This document discusses wireless micro-sensor network models and classifies them according to communication functions, data delivery models, and network dynamics. It describes four data delivery models for sensor networks: continuous, event-driven, observer-initiated, and hybrid. The continuous model involves sensors communicating data continuously at a pre-specified rate. This taxonomy framework can help network designers choose appropriate communication protocols for different sensor network applications. The classifications are meant to aid in defining communication infrastructure and selecting protocol architectures matched to specific application requirements.
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...IJNSA Journal
The document describes protocols for securing all-optical networks against physical layer security attacks. It proposes:
1. Calculating security indices for network components and storing them in databases at source nodes. This is used to establish secure lightpaths avoiding attacked components.
2. Establishing lightpaths using fiber diversity between nodes for redundancy against fiber attacks.
3. Monitoring components for attacks during data transfer. Attacked components are partially restored on-the-fly to minimize data loss instead of tearing down lightpaths.
This document discusses network management for wireless sensor networks. It begins with an introduction to traditional network management models and then discusses key design issues for network management in WSNs including power efficiency, scalability, and simplicity. It provides MANNA as an example management architecture for WSNs and discusses other related issues like naming, localization, and fault tolerance. The document also outlines applications of WSNs such as habitat monitoring, structural monitoring, and smart roads.
In this thesis firstly we study the effects of Black hole attack in MANET using both Proactive and Reactive routing protocols and then discovering a Secure Path in MANET by Avoiding Black/Gray Holes. The impact of Black Hole attack on the performance of MANET is evaluated finding out which protocol is more vulnerable to the attack and how much is the impact of the attack on both protocols. blackhole route
This document provides a review and analysis of GSM security. It begins with an abstract that surveys security for mobile devices and the different connectivity and applications they provide. The document then outlines topics that will be covered, including security analyses of satellite phones, cellular text messaging services, a self-powered GPS tracking system, and location privacy in mobile networks. It reviews relevant literature on these topics and describes the various connectivity options provided by mobile devices. It discusses how security is important for mobile devices due to malware and attacks. It then covers specific topics like how SMS-based malware infections can be throttled by wireless links, security issues with satellite phone standards, a self-powered GPS tracking system for vehicle security, and maintaining location privacy in mobile
A Study on Access Point Selection Algorithms in Wireless Mesh NetworksEswar Publications
This document discusses access point (AP) selection algorithms in wireless mesh networks (WMNs). It analyzes the limitations of the traditional AP selection method defined by IEEE 802.11, which is based solely on received signal strength. The paper studies AP selection as a key problem in WMNs and identifies important parameters that should be considered, such as link quality, load balancing, cross-layer interactions, and dynamic association. It also provides directions for designing new AP selection metrics that are better suited for WMN environments.
Forestalling Meticulous Jam Attacks Using Packet-Hiding TechniquesEswar Publications
The open nature of the wireless medium leaves it liable to intentional interference attacks, generally said as jam.
This intentional interference with wireless transmissions is used as a launch pad for mounting Denial-of-Service attacks on wireless networks. Typically, jam has been self-addressed beneath associate external threat model.
However, adversaries with internal information of protocol specifications and network secrets will launch loweffort
jam attacks that are troublesome to notice and counter. during this work, we have a tendency to address the matter of jamming attacks in wireless networks. In these attacks, the resister is active just for a brief amount of your time, by selection targeting messages of high importance. In our work two offender nodes (node that creates jamming) and introduce one new node i.e sender node. The new node(jammer node) is at intervals the twenty five nodes. Victimization that new sender node we have to eliminate the offender nodes absolutely. We have a tendency to conclude that however jam happens within the network and approach of elimination of the offender nodes
victimization new sender node. We propose mistrial approach for avoid flooding packets in jammer network. We conclude the performance between the mistrial and damping approach for avoid jamming packets We have a tendency to illustrate the benefits of {selective jam|spot-jamming|jamming|electronic jamming|jam} in terms of network performance degradation and resister effort by to beat the sender in network with the assistance of recent jamming node. We illustrate the benefits of jam|spot-jamming|jamming|electronic-jamming|jam} in terms of network performance degradation and human effort by to beat the sender in network with the assistance of recent
jamming node.
Interference Revelation in Mobile Ad-hoc Networks and Confrontationirjes
In this paper, we utilize the Several interference revelation techniques proposed for mobile ad hoc
networks rely on each node passively monitoring the data forwarding by its next hop. This paper presents
quantitative evaluations of false positives and their impact on monitoring based interference revelation for ad
hoc networks. Experimental results show that, even for a simple three-node configuration, an actual ad-hoc
network suffers from high false positives; these results are validated by Markov and probabilistic models.
However, this false positive problem cannot be observed by simulating the same network using popular ad hoc
network simulators, such as ns-2, OPNET or Glomosim. To remedy this, a probabilistic noise generator model
is implemented in the Glomosim simulator. With this revised noise model, the simulated network exhibits the
aggregate false positive behavior similar to that of the experimental tested. Simulations of larger (50-node) ad
hoc networks indicate that monitoring-based interference revelation has very high false positives. These false
positives can reduce the network performance or increase the overhead. In a simple monitoring-based system
where no secondary and more accurate methods are used, the false positives impact the network performance in
two ways: reduced throughput in normal networks without attackers and inability to mitigate the effect of
attacks in networks with attackers.
This document discusses wireless micro-sensor network models and classifies them according to communication functions, data delivery models, and network dynamics. It describes four data delivery models for sensor networks: continuous, event-driven, observer-initiated, and hybrid. The continuous model involves sensors communicating data continuously at a pre-specified rate. This taxonomy framework can help network designers choose appropriate communication protocols for different sensor network applications. The classifications are meant to aid in defining communication infrastructure and selecting protocol architectures matched to specific application requirements.
REAL TIME SECURING OF ALL-OPTICAL NETWORKS AGAINST SECURITY ATTACKS AT THE PH...IJNSA Journal
The document describes protocols for securing all-optical networks against physical layer security attacks. It proposes:
1. Calculating security indices for network components and storing them in databases at source nodes. This is used to establish secure lightpaths avoiding attacked components.
2. Establishing lightpaths using fiber diversity between nodes for redundancy against fiber attacks.
3. Monitoring components for attacks during data transfer. Attacked components are partially restored on-the-fly to minimize data loss instead of tearing down lightpaths.
This document discusses network management for wireless sensor networks. It begins with an introduction to traditional network management models and then discusses key design issues for network management in WSNs including power efficiency, scalability, and simplicity. It provides MANNA as an example management architecture for WSNs and discusses other related issues like naming, localization, and fault tolerance. The document also outlines applications of WSNs such as habitat monitoring, structural monitoring, and smart roads.
In this thesis firstly we study the effects of Black hole attack in MANET using both Proactive and Reactive routing protocols and then discovering a Secure Path in MANET by Avoiding Black/Gray Holes. The impact of Black Hole attack on the performance of MANET is evaluated finding out which protocol is more vulnerable to the attack and how much is the impact of the attack on both protocols. blackhole route
This document provides a review and analysis of GSM security. It begins with an abstract that surveys security for mobile devices and the different connectivity and applications they provide. The document then outlines topics that will be covered, including security analyses of satellite phones, cellular text messaging services, a self-powered GPS tracking system, and location privacy in mobile networks. It reviews relevant literature on these topics and describes the various connectivity options provided by mobile devices. It discusses how security is important for mobile devices due to malware and attacks. It then covers specific topics like how SMS-based malware infections can be throttled by wireless links, security issues with satellite phone standards, a self-powered GPS tracking system for vehicle security, and maintaining location privacy in mobile
A Study on Access Point Selection Algorithms in Wireless Mesh NetworksEswar Publications
This document discusses access point (AP) selection algorithms in wireless mesh networks (WMNs). It analyzes the limitations of the traditional AP selection method defined by IEEE 802.11, which is based solely on received signal strength. The paper studies AP selection as a key problem in WMNs and identifies important parameters that should be considered, such as link quality, load balancing, cross-layer interactions, and dynamic association. It also provides directions for designing new AP selection metrics that are better suited for WMN environments.
Forestalling Meticulous Jam Attacks Using Packet-Hiding TechniquesEswar Publications
The open nature of the wireless medium leaves it liable to intentional interference attacks, generally said as jam.
This intentional interference with wireless transmissions is used as a launch pad for mounting Denial-of-Service attacks on wireless networks. Typically, jam has been self-addressed beneath associate external threat model.
However, adversaries with internal information of protocol specifications and network secrets will launch loweffort
jam attacks that are troublesome to notice and counter. during this work, we have a tendency to address the matter of jamming attacks in wireless networks. In these attacks, the resister is active just for a brief amount of your time, by selection targeting messages of high importance. In our work two offender nodes (node that creates jamming) and introduce one new node i.e sender node. The new node(jammer node) is at intervals the twenty five nodes. Victimization that new sender node we have to eliminate the offender nodes absolutely. We have a tendency to conclude that however jam happens within the network and approach of elimination of the offender nodes
victimization new sender node. We propose mistrial approach for avoid flooding packets in jammer network. We conclude the performance between the mistrial and damping approach for avoid jamming packets We have a tendency to illustrate the benefits of {selective jam|spot-jamming|jamming|electronic jamming|jam} in terms of network performance degradation and resister effort by to beat the sender in network with the assistance of recent jamming node. We illustrate the benefits of jam|spot-jamming|jamming|electronic-jamming|jam} in terms of network performance degradation and human effort by to beat the sender in network with the assistance of recent
jamming node.
in this paper authors made the study of basic clustering algorithm Leach. A comparison is made between Leach and Leach.wireless sensor network advantages, and wireless sensor network dataset
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document summarizes a study on existing wireless sensor networks that can be used for structural health monitoring. It discusses three main wireless sensor network platforms: Sensor Andrew Architecture, a structural health monitoring system using smart sensors, and Snowfort, a new wireless sensor network platform designed for infrastructure monitoring. The document outlines the key components, advantages, and limitations of each wireless sensor network platform for structural health monitoring applications.
This document summarizes a wireless sensor network system implemented by the authors. The system uses 4 sensor nodes to sense temperature and a control node interfaced with a base station PC. It implements a modified version of the TOPDISC topology discovery algorithm using DHCP for dynamic addressing. The routing algorithm uses a mixture of spanning tree and N-link state protocols. Future enhancements include implementing fail safes and fully configuring the wireless sensor network system.
Data Flow in Wireless Sensor Network Protocol Stack by using Bellman-Ford Rou...journalBEEI
Wireless sensor network consists various sensor nodes that are used to monitor any target area like forest fire detection by our army person and monitoring any industrial activity by industry manager. Wireless sensor networks have been deployed in several cities to monitor the concentration of dangerous gases for citizens. In wireless sensor network when sensor nodes communicate from each other then routing protocol are used for communication between protocol layers. Wireless sensor network protocol stack consist five layers such as Application layer, Transport layer, Network layer, MAC Layer, Physical layer. In this paper we study and analysis Bellman-Ford routing algorithm and check the flow of data between these protocol layers. For simulation purpose we are using Qualnet 5.0.2 simulator tool.
Requisite Trust Based Routing Protocol for WSNAM Publications
This document summarizes a research paper on using a trust-based routing protocol (RTSR) for wireless sensor networks (WSNs). The summary is:
1) The RTSR protocol uses a cluster-based approach and calculates trust values between nodes to securely discover routes while reducing message and route redundancy.
2) Trust values from neighboring nodes are used to calculate a single trust value for each node. Route discovery and trust information is stored at fixed cluster heads.
3) The protocol aims to improve on previous approaches that did not consider security during route discovery. It analyzes performance metrics like energy consumption, number of hops, and delay compared to the LEEACH routing algorithm for WSNs.
Sensor Networks Introduction and ArchitecturePeriyanayagiS
This document provides an overview of sensor networks and wireless sensor network architectures. It begins with an introduction to wireless sensor networks and their components. It then discusses the topics, challenges, and enabling technologies for WSNs. The document outlines the architecture of a sensor node and its goals. It provides examples of WSN applications and discusses sensor network deployment considerations. Finally, it addresses the design challenges, operational challenges, and required mechanisms for WSNs to meet their requirements.
Advanced Software Engineering course - Guest Lecture
A4WSN- Architecture 4 Wireless Sensor Networks
Here you can find the research paper presenting the concepts described in this lecture: http://goo.gl/XBB4k
This presentation has been developed in the context of the Advanced Software Engineering course at the DISIM Department of the University of L’Aquila (Italy).
http://www.di.univaq.it/malavolta
In this thesis work, firstly an attempt have been made to evaluate the performance of DSR and OLSR routing protocol in mobile and static environments using Random Waypoint model, and also investigate how well these selected protocols performs on WSNs. energy efficient routing in wireless sensor networks thesis
Security in Wireless Sensor Networks Using BroadcastingIJMER
This document summarizes an efficient broadcast authentication scheme for wireless sensor networks. It discusses how broadcast is an important communication method in WSNs due to the large number of sensor nodes. However, traditional MACs are not suitable for broadcast without modification because any receiver could impersonate the sender. The document proposes using a cryptographic hash function to construct a HORS (Hash to Obtain Random Subset) scheme involving key generation, signing and verification phases to authenticate broadcast messages while reducing storage requirements compared to previous schemes. This provides an efficient security mechanism for broadcast in WSNs.
Enhancing Data Transmission and Protection in Wireless Sensor Node- A ReviewIRJET Journal
The document discusses enhancing data transmission and protection in wireless sensor networks. It first provides background on wireless sensor networks and discusses some of the key challenges, including limited energy resources of sensor nodes. It then reviews existing techniques that have been proposed to improve energy efficiency of nodes and provide secure data transmission. These include reducing communication costs, cooperative behavior between nodes, and using cryptographic techniques like DES encryption. Finally, the document proposes using the LEACH protocol to increase node efficiency by implementing clustered routing, and the RC-6 encryption algorithm to securely transmit data in the wireless sensor network.
The International Journal of Engineering and Science (The IJES)theijes
The document summarizes a study on the Enhanced Adaptive Acknowledge (EAACK) scheme for detecting misbehaving nodes in mobile ad hoc networks (MANETs). It discusses the limitations of existing acknowledgment-based intrusion detection systems like Watchdog, TWOACK, and AACK in handling receiver collisions. The key issues related to acknowledgment-based schemes for detecting misbehavior in MANETs are addressed. The focus is on analyzing the limitations of acknowledgment approaches like AACK and studying EAACK as an improved approach for addressing receiver collisions in MANETs.
wireless sensor networks using zigbee and wifisunil raj kumar
the ppt presents a brief view of how we can transmit zigbee collected data to wifi transceiver and flow chart ,block diagram gives you a clear idea of how data are transmitting
The performance of wireless sensor network (WSN)
can be effect by interference. The many devices in network
capable of causing interference and this can cause dropping
packets or block the transmission channel. In this paper we study
how manage the interference in WSN. This managing can be
done by flow control and power level control. We used
heterogeneous collaborative network nodes like PIC
microcontroller, ARM microcontroller and Personal Computer
(PC) to build our network. Also we assign priority level for each
node to allow the node with high priority to manage the flow and
power level of other node within same network and same used
channel. The time synchronization required due to different
nodes used. The protocol used for time synchronization is
Timing-sync Protocol for Sensor Networks (TPSN).
Robust wireless reprogramming method using differential approach for wireless...IAEME Publication
This document summarizes a research paper that proposes a new robust wireless reprogramming method for wireless sensor networks using a differential approach. The proposed method aims to improve energy efficiency and reduce reprogramming delay. It uses a differential reprogramming mechanism that retains maximum similarity between old and new software to reduce the amount of data transferred. It also organizes global variables in a novel way to eliminate the effects of variable shifting. The paper provides background on wireless sensor network reprogramming and reviews existing reprogramming protocols before describing the proposed method and presenting initial simulation results.
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Darwin Nesakumar
This document provides an overview of sensor network security. It begins with objectives to learn about ad hoc and sensor network security aspects, attacks, and transport layer security issues. It then covers topics like security requirements, challenges in provisioning security, network security attacks categorized by layer (physical, data link, network, transport, application), and possible solutions for jamming, tampering, black hole attacks, and flooding attacks. The document also discusses key distribution, management techniques and procedures, and secure routing protocols like SPINS.
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...IRJET Journal
1) The document proposes a technique to detect and prevent rogue relay node attacks in 4G multihop wireless networks using a QoS-aware distributed security architecture based on Elliptic Curve Diffie-Hellman (ECDH) algorithm.
2) It generates a 4G multihop WiMAX network and implements ECDH for secure initial connection setup and authentication. It then generates a rogue node attack and uses ECDH's hop-by-hop authentication to detect the rogue node.
3) The architecture prevents the detected rogue node and forwards messages securely to the destination node. It evaluates the scheme's performance on QoS metrics like latency, jitter and packet loss rate.
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...ijceronline
Mobile Ad hoc networks (MANETs) consist of a set of mobile nodes which can move about freely and are very sensitive to security threats due to their nature of deployment such as open wireless system. MANETs have self-configuring ability of nodes and infrastructure less nature hence they are preferred in significant applications. This itself emphasizes the importance of security and the need for an efficient intrusion detection system in MANETs. Many IDS have been proposed for detecting malicious nodes. On such different IDS, Enhanced Adaptive Acknowledgment (EAACK) has overcome the drawbacks of Watchdog, ACK and TWOACK. In our proposed work we have identified the inadequate nature of EAACK in scenarios of link breakage, source maliciousness. High mobility of MANET nodes contributes to frequent link breakages in the network which leads to path failures and route discovery processes difficult. Route discovery is initialized through broadcast mechanism usually. In this paper a new intrusion detection system is proposed named Advance EAACK particularly designed for MANETs. Compared to modern approaches, advance EAACK demonstrates higher malicious behavior detection rates in certain conditions while does not affect the network performance greatly. Due to this mechanism data transformation between mobile nodes are done with improved or high security .Parameters going to measure network performance are packet delivery ratio and delay.
A Framework for Wireless LAN Monitoring and Its Applications 2012engg
1) The document presents a framework for wireless LAN monitoring and discusses its applications for traffic characterization and network diagnosis.
2) It identifies pitfalls in wireless monitoring like limited sniffer capabilities, placement challenges, and data collection difficulties. Solutions to address these pitfalls are proposed and implemented.
3) The monitoring system is applied to a real computer science department WLAN, capturing PHY/MAC information over two weeks. This reveals traffic patterns and identifies protocol and security anomalies.
in this paper authors made the study of basic clustering algorithm Leach. A comparison is made between Leach and Leach.wireless sensor network advantages, and wireless sensor network dataset
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document summarizes a study on existing wireless sensor networks that can be used for structural health monitoring. It discusses three main wireless sensor network platforms: Sensor Andrew Architecture, a structural health monitoring system using smart sensors, and Snowfort, a new wireless sensor network platform designed for infrastructure monitoring. The document outlines the key components, advantages, and limitations of each wireless sensor network platform for structural health monitoring applications.
This document summarizes a wireless sensor network system implemented by the authors. The system uses 4 sensor nodes to sense temperature and a control node interfaced with a base station PC. It implements a modified version of the TOPDISC topology discovery algorithm using DHCP for dynamic addressing. The routing algorithm uses a mixture of spanning tree and N-link state protocols. Future enhancements include implementing fail safes and fully configuring the wireless sensor network system.
Data Flow in Wireless Sensor Network Protocol Stack by using Bellman-Ford Rou...journalBEEI
Wireless sensor network consists various sensor nodes that are used to monitor any target area like forest fire detection by our army person and monitoring any industrial activity by industry manager. Wireless sensor networks have been deployed in several cities to monitor the concentration of dangerous gases for citizens. In wireless sensor network when sensor nodes communicate from each other then routing protocol are used for communication between protocol layers. Wireless sensor network protocol stack consist five layers such as Application layer, Transport layer, Network layer, MAC Layer, Physical layer. In this paper we study and analysis Bellman-Ford routing algorithm and check the flow of data between these protocol layers. For simulation purpose we are using Qualnet 5.0.2 simulator tool.
Requisite Trust Based Routing Protocol for WSNAM Publications
This document summarizes a research paper on using a trust-based routing protocol (RTSR) for wireless sensor networks (WSNs). The summary is:
1) The RTSR protocol uses a cluster-based approach and calculates trust values between nodes to securely discover routes while reducing message and route redundancy.
2) Trust values from neighboring nodes are used to calculate a single trust value for each node. Route discovery and trust information is stored at fixed cluster heads.
3) The protocol aims to improve on previous approaches that did not consider security during route discovery. It analyzes performance metrics like energy consumption, number of hops, and delay compared to the LEEACH routing algorithm for WSNs.
Sensor Networks Introduction and ArchitecturePeriyanayagiS
This document provides an overview of sensor networks and wireless sensor network architectures. It begins with an introduction to wireless sensor networks and their components. It then discusses the topics, challenges, and enabling technologies for WSNs. The document outlines the architecture of a sensor node and its goals. It provides examples of WSN applications and discusses sensor network deployment considerations. Finally, it addresses the design challenges, operational challenges, and required mechanisms for WSNs to meet their requirements.
Advanced Software Engineering course - Guest Lecture
A4WSN- Architecture 4 Wireless Sensor Networks
Here you can find the research paper presenting the concepts described in this lecture: http://goo.gl/XBB4k
This presentation has been developed in the context of the Advanced Software Engineering course at the DISIM Department of the University of L’Aquila (Italy).
http://www.di.univaq.it/malavolta
In this thesis work, firstly an attempt have been made to evaluate the performance of DSR and OLSR routing protocol in mobile and static environments using Random Waypoint model, and also investigate how well these selected protocols performs on WSNs. energy efficient routing in wireless sensor networks thesis
Security in Wireless Sensor Networks Using BroadcastingIJMER
This document summarizes an efficient broadcast authentication scheme for wireless sensor networks. It discusses how broadcast is an important communication method in WSNs due to the large number of sensor nodes. However, traditional MACs are not suitable for broadcast without modification because any receiver could impersonate the sender. The document proposes using a cryptographic hash function to construct a HORS (Hash to Obtain Random Subset) scheme involving key generation, signing and verification phases to authenticate broadcast messages while reducing storage requirements compared to previous schemes. This provides an efficient security mechanism for broadcast in WSNs.
Enhancing Data Transmission and Protection in Wireless Sensor Node- A ReviewIRJET Journal
The document discusses enhancing data transmission and protection in wireless sensor networks. It first provides background on wireless sensor networks and discusses some of the key challenges, including limited energy resources of sensor nodes. It then reviews existing techniques that have been proposed to improve energy efficiency of nodes and provide secure data transmission. These include reducing communication costs, cooperative behavior between nodes, and using cryptographic techniques like DES encryption. Finally, the document proposes using the LEACH protocol to increase node efficiency by implementing clustered routing, and the RC-6 encryption algorithm to securely transmit data in the wireless sensor network.
The International Journal of Engineering and Science (The IJES)theijes
The document summarizes a study on the Enhanced Adaptive Acknowledge (EAACK) scheme for detecting misbehaving nodes in mobile ad hoc networks (MANETs). It discusses the limitations of existing acknowledgment-based intrusion detection systems like Watchdog, TWOACK, and AACK in handling receiver collisions. The key issues related to acknowledgment-based schemes for detecting misbehavior in MANETs are addressed. The focus is on analyzing the limitations of acknowledgment approaches like AACK and studying EAACK as an improved approach for addressing receiver collisions in MANETs.
wireless sensor networks using zigbee and wifisunil raj kumar
the ppt presents a brief view of how we can transmit zigbee collected data to wifi transceiver and flow chart ,block diagram gives you a clear idea of how data are transmitting
The performance of wireless sensor network (WSN)
can be effect by interference. The many devices in network
capable of causing interference and this can cause dropping
packets or block the transmission channel. In this paper we study
how manage the interference in WSN. This managing can be
done by flow control and power level control. We used
heterogeneous collaborative network nodes like PIC
microcontroller, ARM microcontroller and Personal Computer
(PC) to build our network. Also we assign priority level for each
node to allow the node with high priority to manage the flow and
power level of other node within same network and same used
channel. The time synchronization required due to different
nodes used. The protocol used for time synchronization is
Timing-sync Protocol for Sensor Networks (TPSN).
Robust wireless reprogramming method using differential approach for wireless...IAEME Publication
This document summarizes a research paper that proposes a new robust wireless reprogramming method for wireless sensor networks using a differential approach. The proposed method aims to improve energy efficiency and reduce reprogramming delay. It uses a differential reprogramming mechanism that retains maximum similarity between old and new software to reduce the amount of data transferred. It also organizes global variables in a novel way to eliminate the effects of variable shifting. The paper provides background on wireless sensor network reprogramming and reviews existing reprogramming protocols before describing the proposed method and presenting initial simulation results.
Unit 4 ec8702 - ad hoc and wireless sensor networks unit -4 mr.darwin nesaku...Darwin Nesakumar
This document provides an overview of sensor network security. It begins with objectives to learn about ad hoc and sensor network security aspects, attacks, and transport layer security issues. It then covers topics like security requirements, challenges in provisioning security, network security attacks categorized by layer (physical, data link, network, transport, application), and possible solutions for jamming, tampering, black hole attacks, and flooding attacks. The document also discusses key distribution, management techniques and procedures, and secure routing protocols like SPINS.
A Rouge Relay Node Attack Detection and Prevention in 4G Multihop Wireless N...IRJET Journal
1) The document proposes a technique to detect and prevent rogue relay node attacks in 4G multihop wireless networks using a QoS-aware distributed security architecture based on Elliptic Curve Diffie-Hellman (ECDH) algorithm.
2) It generates a 4G multihop WiMAX network and implements ECDH for secure initial connection setup and authentication. It then generates a rogue node attack and uses ECDH's hop-by-hop authentication to detect the rogue node.
3) The architecture prevents the detected rogue node and forwards messages securely to the destination node. It evaluates the scheme's performance on QoS metrics like latency, jitter and packet loss rate.
Performance Enhancement of Intrusion Detection System Using Advance Adaptive ...ijceronline
Mobile Ad hoc networks (MANETs) consist of a set of mobile nodes which can move about freely and are very sensitive to security threats due to their nature of deployment such as open wireless system. MANETs have self-configuring ability of nodes and infrastructure less nature hence they are preferred in significant applications. This itself emphasizes the importance of security and the need for an efficient intrusion detection system in MANETs. Many IDS have been proposed for detecting malicious nodes. On such different IDS, Enhanced Adaptive Acknowledgment (EAACK) has overcome the drawbacks of Watchdog, ACK and TWOACK. In our proposed work we have identified the inadequate nature of EAACK in scenarios of link breakage, source maliciousness. High mobility of MANET nodes contributes to frequent link breakages in the network which leads to path failures and route discovery processes difficult. Route discovery is initialized through broadcast mechanism usually. In this paper a new intrusion detection system is proposed named Advance EAACK particularly designed for MANETs. Compared to modern approaches, advance EAACK demonstrates higher malicious behavior detection rates in certain conditions while does not affect the network performance greatly. Due to this mechanism data transformation between mobile nodes are done with improved or high security .Parameters going to measure network performance are packet delivery ratio and delay.
A Framework for Wireless LAN Monitoring and Its Applications 2012engg
1) The document presents a framework for wireless LAN monitoring and discusses its applications for traffic characterization and network diagnosis.
2) It identifies pitfalls in wireless monitoring like limited sniffer capabilities, placement challenges, and data collection difficulties. Solutions to address these pitfalls are proposed and implemented.
3) The monitoring system is applied to a real computer science department WLAN, capturing PHY/MAC information over two weeks. This reveals traffic patterns and identifies protocol and security anomalies.
This document provides an introduction to time management. It discusses the benefits of better time management, defines what time management is, and outlines 3 key principles of time management. The principles are: 1) being effective versus efficient, 2) distinguishing between what is important versus urgent, and 3) applying the 80/20 rule to focus on the most important 20% of tasks. The document suggests that properly managing one's time in accordance with these principles can help avoid feelings of guilt and improve overall effectiveness.
The document contains a list of grammar topics and examples for each topic, including articles, prepositions, indirect speech, changing voice, modal auxiliaries, question tags, and more. It appears to be teaching materials for an English grammar class at the secondary school level in India.
An overview to to the services available at Cambridge Business Lounge (http://www.cambridgebusinesslounge.com). For more information, email info@cambridgebusinesslounge.com
This document analyzes the performance of Wi-Fi networks under three conditions: no fading, flat fading, and dispersive fading. It simulates these conditions using an IEEE 802.11a WLAN physical layer model in Matlab. The simulation measures packet error rate and bit rate as the signal-to-noise ratio and maximum Doppler shift are varied. With no fading, there is no packet error and bit rate increases with SNR. Under flat and dispersive fading, packet error and bit rates are affected differently based on the maximum Doppler shift. The best performance occurs under flat fading with a lower maximum Doppler shift of 100Hz.
This document summarizes research on vertical handoff performance in wireless local area networks (WLANs). It examines the data traffic received by different access points as mobile stations move between them. Graphs show how throughput and delay are impacted during handoffs. It also evaluates the performance of file transfer between wireless clients and servers connected by a WLAN backbone network comprising two routers. The document analyzes the effects of station mobility on metrics like traffic, delay, and throughput. In conclusion, it demonstrates vertical handoff triggering between a WiMAX and WLAN network as mobile nodes roam between the base stations.
Due to an explosion of demand for high speed wireless
services such as wireless internet,email,stock quotes and cellular
video conferencing wireless communication has become one of the
important field in modern engineering.Wireless networks are broadly
classified into four different kinds such as wireless lans,satellite
networks,cellular networks and personal networks. In most of the
scenarios WLAN’s systems are based on single hop operation but in
now a day’s significant study has been done on WLAN’s with multihop
operation.In this research article we have studied the various
security issues of wlan especially with respect to bluetooth.wireless
local area networks are different from Wired networks in terms of
cost,security,high reliability,resource
sharing,scalability,communication media etc. One of the important
problem for wireless network is limited frequency spectrum. In now
a day’s wireless local area network consists of multiple stations that
coexist with in a limited geographic jurisdiction and share a common
wireless channel to communicate with each other.This research work
proposes a mathematical model based security issues of wlan by
investigating,design,implementation and performance analysis using
Digital Signal Processing(DSP) Space Time Processing.Space time
processing technology which uses more than one antennas
with an appropriate signaling and receiver methodology
provides a powerful tool for improving the performance of
WLAN’s.
Secure Data Aggregation Of Wireless Sensor NetworksAmy Moore
Wireless sensor networks are used to monitor environmental conditions like temperature and humidity under controlled environments for seed germination experiments. A wireless remote monitoring system using sensors can precisely monitor temperature, humidity, and water content of seeds in closed containers. ZigBee wireless sensor networks are effective for real-time monitoring of the conditions necessary for seed germination and growth. Researchers aim to design a wireless sensor network integrated with sensors to remotely manage and monitor the environmental parameters for seed germination experiments under controlled conditions.
Experimental analysis of channel interference in ad hoc networkijcsa
In recent times, the use of ad hoc networks is a common research area among a researcher. Designing an
efficient and reliable network is not easy task. Network engineer faces many problems at the time of
deploying a network such as interference; Signal coverage, proper location of access point etc. channel
interference in one of them which must be considered at the time of deploying WLAN indoor environments
because channel interference impacts the network throughput and degrade the network performance.
In this experiment, we design a two WLAN BSS1 and BSS2 and investigate the impact of interference on
nodes. BSS1 contains three FTP clients and BSS2 contains two FTP client and their jobs is to upload data
to FTP Server Initially, they are far from each other. BSS1 moves toward BSS2 and after some time at
particular position both BSSs overlaps to each other. When BSSs overlaps to each other interference is
high and decrease network performance and increase upload time.
This document provides a brief review of recent works on various wireless networks and their integration. It first discusses different types of wireless networks including WLAN, WiMAX, satellites, and ad hoc networks. It then reviews recent studies on improving aspects of these individual networks such as MAC layer protocols, security, and frequency synthesizers. Finally, it summarizes research on integrating combinations of wireless networks like WLAN and WiMAX to improve quality of service, as well as integrating satellite networks to provide emergency communication or solve line of sight problems.
The document discusses challenges and security issues related to the Internet of Things (IoT). It notes that while IoT provides many benefits across various industries like healthcare, transportation, and more, it also faces challenges. Key challenges include the large number of devices and sensors requiring unique identification, and the need for proper data storage, management, and processing. Regarding security issues, the document states that IoT devices are vulnerable to attacks due to limited computing resources. It proposes using cloud computing and other techniques to help build a more secure IoT infrastructure.
Data Rates Performance Analysis of Point to Multi-Point Wireless Link in Univ...IRJET Journal
This document analyzes the data rate performance of a point-to-multipoint wireless link in the University of Ilorin campus network. It describes using Ubiquiti Rocket M5 Titanium wireless devices located at the Network Operations Center to connect to five access points across campus. Monitoring software recorded transmission rates, reception rates, signal strength, noise, latency, and throughput between the access points. The analyses aimed to evaluate the impact of impairments like interference on network performance and compute regression coefficients to show how packet loss varies between access points.
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is an open access international journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document summarizes a research paper on medium access control (MAC) protocols for wireless sensor networks. It discusses how MAC protocols are needed to manage shared access to communication channels in wireless sensor networks and outlines some key characteristics and requirements for efficient MAC protocols, including energy efficiency, scalability, and supporting variable traffic loads. It then reviews some traditional MAC protocols, including time division multiple access (TDMA), frequency division multiple access (FDMA), and code division multiple access (CDMA). The full paper provides a more in-depth survey and comparison of schedule-based and contention-based MAC protocols designed specifically for wireless sensor networks.
This document summarizes a research paper that evaluates the performance of wired and wireless local area networks using simulation. It describes simulating Ethernet and IEEE 802.11 wireless LANs in OPNET with varying numbers of users. Key performance metrics for wired networks like collision count, throughput, and delay were analyzed. For wireless, metrics like data dropped, throughput, and access delay were studied. As the number of users increased, throughput decreased more for wireless than wired due to transmission limitations in wireless. The paper concludes wireless performs better than wired for small user numbers but degrades more with increasing loads.
This document summarizes research on data collection protocols for wireless sensor networks. It begins by introducing wireless sensor networks and their basic structure and applications. It then discusses the research status of data collection protocols, including routing protocols like flooding protocols. It describes how newer protocols aim to improve energy efficiency by reducing redundant data transmission through techniques like data fusion, compression, and sampling. Finally, it discusses future research opportunities like improving scalability, security, and cross-layer cooperation between network layers.
an overview of wireless local area networks and security systemIJAEMSJORNAL
Wireless Communication is one of the fastest growing technologies in the world which is an application of technology and science in the modern life. Radio and telephone to current devices such as mobile phone, laptops, television broadcasting are the most essential part of our life. Wireless LAN, Cellular Telephony and Satellite based communication networks are the several parts of the wireless communication industry. In this paper, we have emphasized on a study of Wireless LAN technologies and its concerned issues: Wireless Networking, What WLANs are, History of WLAN, Need of WLAN, Types of WLAN, Advantages of WLAN, IEEE 802.11 Standards, Network Security.
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
Analyze and Detect Packet Loss for Data Transmission in WSNIJERA Editor
An emerging technology is Wireless Sensor Network where sensors are deployed at extreme geographical
locations where human intervention is not possible. The data transferred through the sensor nodes are majorly
used in crucial decision making process. Since WSN is a wireless infrastructure it tempts the attackers to
tamper/misuse the data. Privacy-preserving routing is important for some ad hoc networks that require stronger
privacy protection. Hence a routing protocol to achieve total unobservability by anonymous key establishment
using secret session keys and group signature is used. The unobservable routing protocol is divided into two
main phases. First phases define an anonymous key establishment process to construct secret session keys.
Second phase consist of unobservable route discovery process to find appropriate as well as secure route to the
destination. A node establishes a key with its direct neighbour and uses the same key to encrypt the packet
before transferring.
Zigbee Based Wireless Sensor Networks for Smart CampusIJMER
The document discusses simulations of Zigbee-based wireless sensor networks using different topologies with static and dynamic positioning of the Zigbee coordinator node. The simulations analyzed the effect on throughput and end-to-end delay. Results showed that a tree topology with a mobile coordinator had the highest throughput. A mesh topology, whether with static or dynamic coordinator, produced the lowest end-to-end delay. The document concludes that making the coordinator node mobile generally provides better network performance than a static coordinator configuration.
SECURING IEEE 802.11G WLAN USING OPENVPN AND ITS IMPACT ANALYSISIJNSA Journal
Like most advances, wireless LAN poses both opportunities and risks. The evolution of wireless networking in recent years has raised many serious security issues. These security issues are of great concern for this technology as it is being subjected to numerous attacks. Because of the free-space radio transmission in wireless networks, eavesdropping becomes easy and consequently a security breach may result in unauthorized access, information theft, interference and service degradation. Virtual Private Networks (VPNs) have emerged as an important solution to security threats surrounding the use of public networks for private communications. While VPNs for wired line networks have matured in both research and commercial environments, the design and deployment of VPNs for WLAN is still an evolving field. This paper presents an approach to secure IEEE 802.11g WLAN using OpenVPN, a transport layer VPN solution and its impact on performance of IEEE 802.11g WLAN.
COMPREHENSIVE SURVEY OF POSSIBLE SECURITY ISSUES ON 4G NETWORKSIJNSA Journal
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
The document discusses security issues with 4G networks. It first provides an overview of 4G network architecture, including the IP Multimedia Subsystem security architecture and next generation network security architecture. It then discusses eight security dimensions for 4G networks: access control, authentication, non-repudiation, data confidentiality, communication security, data integrity, availability, and privacy. Finally, it outlines some specific security issues with 4G, including physical layer issues, WiMAX MAC layer issues, denial of service attacks, and Wi-Fi security issues.
Similar to A framework for wireless lan monitoring and its applications (20)
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...TechSoup
Whether you're new to SEO or looking to refine your existing strategies, this webinar will provide you with actionable insights and practical tips to elevate your nonprofit's online presence.
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...indexPub
The recent surge in pro-Palestine student activism has prompted significant responses from universities, ranging from negotiations and divestment commitments to increased transparency about investments in companies supporting the war on Gaza. This activism has led to the cessation of student encampments but also highlighted the substantial sacrifices made by students, including academic disruptions and personal risks. The primary drivers of these protests are poor university administration, lack of transparency, and inadequate communication between officials and students. This study examines the profound emotional, psychological, and professional impacts on students engaged in pro-Palestine protests, focusing on Generation Z's (Gen-Z) activism dynamics. This paper explores the significant sacrifices made by these students and even the professors supporting the pro-Palestine movement, with a focus on recent global movements. Through an in-depth analysis of printed and electronic media, the study examines the impacts of these sacrifices on the academic and personal lives of those involved. The paper highlights examples from various universities, demonstrating student activism's long-term and short-term effects, including disciplinary actions, social backlash, and career implications. The researchers also explore the broader implications of student sacrifices. The findings reveal that these sacrifices are driven by a profound commitment to justice and human rights, and are influenced by the increasing availability of information, peer interactions, and personal convictions. The study also discusses the broader implications of this activism, comparing it to historical precedents and assessing its potential to influence policy and public opinion. The emotional and psychological toll on student activists is significant, but their sense of purpose and community support mitigates some of these challenges. However, the researchers call for acknowledging the broader Impact of these sacrifices on the future global movement of FreePalestine.
🔥🔥🔥🔥🔥🔥🔥🔥🔥
إضغ بين إيديكم من أقوى الملازم التي صممتها
ملزمة تشريح الجهاز الهيكلي (نظري 3)
💀💀💀💀💀💀💀💀💀💀
تتميز هذهِ الملزمة بعِدة مُميزات :
1- مُترجمة ترجمة تُناسب جميع المستويات
2- تحتوي على 78 رسم توضيحي لكل كلمة موجودة بالملزمة (لكل كلمة !!!!)
#فهم_ماكو_درخ
3- دقة الكتابة والصور عالية جداً جداً جداً
4- هُنالك بعض المعلومات تم توضيحها بشكل تفصيلي جداً (تُعتبر لدى الطالب أو الطالبة بإنها معلومات مُبهمة ومع ذلك تم توضيح هذهِ المعلومات المُبهمة بشكل تفصيلي جداً
5- الملزمة تشرح نفسها ب نفسها بس تكلك تعال اقراني
6- تحتوي الملزمة في اول سلايد على خارطة تتضمن جميع تفرُعات معلومات الجهاز الهيكلي المذكورة في هذهِ الملزمة
واخيراً هذهِ الملزمة حلالٌ عليكم وإتمنى منكم إن تدعولي بالخير والصحة والعافية فقط
كل التوفيق زملائي وزميلاتي ، زميلكم محمد الذهبي 💊💊
🔥🔥🔥🔥🔥🔥🔥🔥🔥
A framework for wireless lan monitoring and its applications
1. A Framework for Wireless LAN Monitoring and Its
Applications ∗
Jihwang Yeo, Moustafa Youssef, Ashok Agrawala
Department of Computer Science, University of Maryland
College Park, MD 20742
{jyeo, moustafa, agrawala}@cs.umd.edu
ABSTRACT
Many studies on measurement and characterization of wireless LANs
(WLANs) have been performed recently. Most of these measure-
WAN
ments have been conducted from the wired portion of the network
based on wired monitoring (e.g. sniffer at some wired point) or Wireless Access
SNMP statistics. More recently, wireless monitoring, the traffic Monitoring Point
LAN
Ethernet
measurement from a wireless vantage point, is also widely adopted
in both wireless research and commercial WLAN management prod-
uct development. Wireless monitoring technique can provide de- Access
tailed PHY/MAC information on wireless medium. For the net- Point
work diagnosis purpose (e.g. anomaly detection and security mon-
itoring) such detailed wireless information is more useful than the
information provided by SNMP or wired monitoring. In this pa- SNMP
per we have explored various issues in implementing the wireless Query
monitoring system for an IEEE 802.11 based wireless network.
We identify the pitfalls that such system needs to be aware of,
and then provide feasible solutions to avoid those pitfalls. We im- Collecting Wired
plement an actual wireless monitoring system and demonstrate its SNMP Data Monitoring
effectiveness by characterizing a typical computer science depart-
ment WLAN traffic. Our characterization reveals rich information Figure 1: Monitoring Wireless Traffic: from a wired vantage
about the PHY/MAC layers of the IEEE 802.11 protocol such as point, a wireless vantage point, and SNMP statistics.
the typical traffic mix of different frame types, their temporal char-
acteristics and correlation with the user activities. Moreover, we
identify various anomalies in protocol and security of the IEEE
802.11 MAC. Regarding the security, we identify malicious usages Keywords: Wireless LAN, Wireless Monitoring, Security, Anomaly,
of WLAN, such as email worm and network scanning. Our results Traffic Characterization
also show excessive retransmissions of some management frame
types reducing the useful throughput of the wireless network. 1. INTRODUCTION
Categories and Subject Descriptors: C.2.0 [Computer-Commu- With the popularity of the IEEE 802.11 [11] based wireless net-
nications Networks]: Security and protection; C.2.3 [Computer- works, it has become increasingly important to understand the char-
Communications Networks]: Network monitoring acteristics of the wireless traffic and the wireless medium itself.
General Terms: Security, Measurement, Experimentation A number of measurement studies [1, 4, 7, 14, 19, 21] have exam-
ined traffic characteristics in wireless networks. In these studies,
∗
This work was supported in part by the Maryland Information and the measurements have been conducted on the wired portion of the
Network Dynamics (MIND) Laboratory, its founding partner Fu- network and/or combined with SNMP logs [1].
jitsu Laboratories of America, and by the Department of Defense The measurements at such wired vantage points can provide ac-
through a University of Maryland Institute for Advanced Computer
Studies (UMIACS) contract. curate traffic statistics as seen in that portion of the network. How-
ever, practically they do not effectively expose the instantaneous
wireless medium characteristics (PHY/MAC in the IEEE 802.11).
The reasons are that SNMP exploits the summary data polled pe-
Permission to make digital or hard copies of all or part of this work for riodically (typically every 1 - 5 minutes)1 and wired monitoring
personal or classroom use is granted without fee provided that copies are completely relies on the information observed at the wired portion.
not made or distributed for profit or commercial advantage and that copies 1
bear this notice and the full citation on the first page. To copy otherwise, to Such detailed wireless PHY/MAC information can be available
republish, to post on servers or to redistribute to lists, requires prior specific with properly defined MIB (Management Information Base) and
permission and/or a fee. sufficiently small polling interval. However, most existing SNMP
WiSE’11, IEEE October 1, 2011, Philadelphia, Pennsylvania, USA. MIBs for APs [12,16,17] provide very limited visibility into MAC-
Copyright 2011 ACM 1-58113-925-X/04/0010 ...$5.00. level behaviors.
2. Instantaneous wireless PHY/MAC information is very important level and data rate for individual packets. Similarly it also enables
for security monitoring in the IEEE 802.11 wireless network. It is examination of the link layer headers, which include IEEE 802.11
well known that the IEEE 802.11 WLAN has security vulnerabil- type and control fields [11].
ity due to the flaws in the MAC protocol [3, 18] and basic features Physical layer information can be used to examine error rates
of wireless networks, such as open medium and mobility [26]. To and throughput. This is useful for developing accurate error models
correctly diagnose such security problems we need to monitor both for the IEEE 802.11 WLANs and in site planning to determine the
MAC operations and mobile user activities instantaneously. There- minimum signal strength required to achieve a certain throughput
fore, with such instantaneous wireless PHY/MAC information, se- or error rate.
curity monitoring and surveillance can be effectively performed. By analyzing the MAC layer data, we can characterize traffic
To capture such detailed PHY/MAC information, wireless mon- according to different frame types, namely: data, control, and man-
itoring technique can be used. Fig. 1 illustrates wired monitoring, a agement frames. The collected data, combined with timestamps,
measurement from a wired vantage point, and wireless monitoring, can be used as accurate traces of the IEEE 802.11 link-level opera-
a measurement from a wireless vantage point, and SNMP statistics. tions. Such traces are useful when we want to emulate the protocol
Recently, wireless monitoring is widely adopted in both wireless or diagnose the problems of wireless networks.
research, e.g. [20], and commercial WLAN management product
development, e.g. [8, 22]. 1.2 Challenges of Wireless Monitoring
In this paper, we focus on implementing an effective wireless Despite the numerous advantages described above, wireless mon-
monitoring system and demonstrating its effectiveness in traffic itoring has the following challenges:
characterization and network diagnosis (e.g. anomaly detection
and security monitoring). Specifically, we examine the following 1. Limited capability of each sniffer: each sniffer has the limi-
questions: (i) In spite of the advantages for instantaneous wire- tations, e.g. on signal receiving range, disk space, processing
less PHY/MAC information, what are the pitfalls that a wireless power, etc.
monitoring system needs to be aware of? (ii) How can we avoid
2. Placement: finding the best location for each sniffer is diffi-
such pitfalls to improve the capabilities of the wireless monitoring
cult.
technique? (iii) How can we leverage the information that wire-
less monitoring provides, for WLAN traffic characterization and 3. Data collection: it is difficult to collect and synchronize a
network diagnosis? large volume of data from multiple sniffers.
To answer those questions, we first conduct a number of con-
trolled experiments to identify the pitfalls of wireless monitoring. In this paper, we address all the above problems and propose
For the identified pitfalls, we propose feasible solutions and imple- a framework for wireless monitoring technique. However, wire-
ment them to provide a wireless monitoring system. After showing less monitoring has another big challenge: scalability, i.e. that
the effectiveness of the solutions, we apply our wireless monitor- the cost and management overhead can be significant for the de-
ing system to a real WLAN traffic in computer science department ployment and management of a large number of sniffers. In this
in a university, over a period of two weeks. Then, we show how work, we limit our work to the fixed number of sniffers for rela-
the monitored information can be effectively used for both WLAN tively small coverage area (e.g. WLAN in a single floor with less
traffic characterization and network diagnosis. than 10 APs). Based on the promising results of this work, we
The contributions of this paper are as follows: (i) Our study can are currently working towards addressing the scalability problem
give the insights on how to apply the wireless monitoring technique in more general WLAN environment.
(e.g. configuration, deployment, and data collection) for traffic
characterization and network diagnosis. (ii) The characterization 1.3 Organization
results can present a basis for building models and simulation tools The rest of the paper is organized as follows. In Section 2 we
of the 802.11 wireless networks. (iii) The anomalies identified in discuss previous works in the area of traffic characterization, net-
our study would help protocol designers to refine the protocol to work diagnosis, and security in the IEEE 802.11 WLAN. Section 3
remove the anomalies identified. describes the controlled experiment, the pitfalls of wireless mon-
In the following sections, we discuss the advantages and chal- itoring, and the techniques to overcome them. In Section 4, we
lenges of wireless monitoring for the purpose of traffic characteri- describe the results of our two-week long experiment and discuss
zation and network diagnosis. the anomalies we discovered. Finally, we conclude the paper in
Section 5 and highlight our ongoing work.
1.1 Advantages of Wireless Monitoring
The wireless monitoring system consists of a set of devices which 2. RELATED WORK
we call sniffers, to observe traffic characteristics on the wireless Several measurement and analysis studies [1, 14, 19, 21, 24] have
medium. Wireless monitoring is useful for understanding the traf- examined traffic or error characteristics in the IEEE 802.11 WLAN.
fic characteristics or detecting the anomaly in wireless network for Most of the measurements have been performed on university WLAN
the following reasons. [14, 19, 21, 24], while the work in [1] examined WLAN traffic in a
A wireless monitoring system can be set up and put into oper- conference environment.
ation without any interference to existing infrastructure, e.g. end- The study of Tang and Baker [21] in the Computer Science De-
hosts and network routers. In fact wireless monitoring can be per- partment building of Stanford University was one of the early stud-
formed without any interaction with the existing network, and hence ies. They examined wired monitoring traces, and SNMP logs to
is completely independent of the operational network. analyze a twelve-week trace of a local-area wireless network. In a
More importantly, wireless monitoring exposes the characteris- public-area wireless network, the traces collected in well-attended
tics on the wireless medium itself so that we can infer the PHY/MAC ACM conference were successfully analyzed by Balachandran et
characteristics. Thus wireless monitoring allows us to examine al. [1]. They used SNMP logs and wired monitoring to character-
physical layer header information including signal strength, noise ize not only the patterns of WLAN usage, but also the workloads of
3. NetDyn
user arrivals and session durations with parameterized models. A
Ethernet LAN
Source
significantly larger scale experiment covering a much longer dura-
Sink
tion and coverage area has been presented in the Dartmouth campus
by Kotz and Essien [14]. Their analysis was based on using system
logs in APs, SNMP logs and wired monitoring traces to character- Sniffer
ize the typical usage and traffic patterns in a university WLAN. In a NetDyn
Sniffer
similar recent study, Schwab and Bunt [19] used wired monitoring Source
and the Cisco proprietary LEAP authentication logs to character- Sink
NetDyn
ize one-week usage and traffic patterns in a campus-wide WLAN Echo
environment.
Similar to the previous studies, our measurements are performed Src SeqNum
Sniffer
20000 UDP packets
on typical university WLAN environment in a department network. Access
Point Src SeqNum Echo SeqNum
We are interested in showing the traffic characteristics and anoma-
lies for a typical access point in this environment. Our uniqueness
comes from analyzing the wireless media using the wireless mon-
itoring technique which gives a full view of the network spanning 20000 UDP packets
all the layers of the protocol stack.
In a more general wireless environment, the authors in [4,7] per- Figure 2: Controlled Experiment using NetDyn: Source in a
formed wireless monitoring to measure packet loss and Bit Error wireless station sends 20000 UDP packets to wired Echo ma-
Rate. Their experiments were fully controlled between two wire- chine which sends them back to Sink in the same wireless sta-
less stations and performed on non-802.11 networks. Our work is tion.
different in being in the context of 802.11 WLANs and in perform-
ing the experiment in an actual environment with different goals.
Diagnosis for WLAN has been actively studied these days. MAC
misbehaviors, such as greedy user behavior on backoff time, were We perform our experiments in the A. V. Williams building, at
examined in [10, 15]. They detected and identified the problem University of Maryland (where the Department of Computer Sci-
by either defining a new mechanism in the MAC protocol [15] ence is located). The building has 58 access points installed, which
or installing a detection software module in the AP [10]. Even belong to three different wireless networks. Each wireless network
though they did not exploit the external monitoring devices as in is identified with its ESSID. The ESSIDs of the three networks are
our work, their methodologies commonly relied on wireless mon- umd, cswireless and nist respectively. umd network consists of 29
itoring technique: in [15], each wireless station (STA) performed Cisco Aironet A-340 APs, and is the most widely used wireless
wireless monitoring, while [10] exploited periodic wireless moni- network in the university. cswireless (12 Lucent APs) and nist
toring in the AP. Intrusion detection for mobile wireless network (17 Prism2-based APs) networks are built by individual research
was addressed in [26]. They exploited an agent-based, local and groups in the department3 .
cooperative intrusion detection mechanism. Wireless monitoring We performed our controlled experiment on a separate network
was also used in their work for monitoring communication activi- that we set up specifically for this purpose with its own ESSID. Our
ties within the radio range of each agent. clients were configured to associate with this AP.
Security flaws in the IEEE 802.11 MAC have been identified
and demonstrated in many literatures (e.g. [3, 5, 9, 18]). The flaws 3.1.2 NetDyn
in encryption mechanisms [5, 9] and, access control and authenti- To estimate the exact measurement loss, we need to use reliable
cation [18] have been demonstrated. In [3], they identified and application generated sequence numbers. We conducted a two-way
demonstrated two MAC vulnerabilities - namely identity vulner- UDP packet exchange experiments using an end-to-end traffic mea-
ability (i.e. no mechanism for verifying the correct identity) and surement tool, called NetDyn [2].
media access vulnerability (i.e. no protection for arbitrary modi- As shown in Fig. 2, NetDyn consists of three different processes,
fication of NAV2 ). These flaws in current MAC protocol indicate Source, Echo and Sink. Source puts a sequence number in the pay-
that monitoring MAC operations and user activities is crucial for load, sends the packet to Echo, which also adds a sequence number
effectively diagnosing WLAN. before forwarding it to Sink. In our setup, Source and Sink pro-
cesses run on a wireless station, while the Echo process runs on
a server wired to the LAN. Using the sequence numbers generated
3. CONTROLLED EXPERIMENT by the Source and Echo processes, we can determine which packets
In this section, we present our controlled experiment. The pur- were lost in the path from the Source machine to the Echo machine
pose of this experiment is (i) to analyze the wireless monitoring and vice versa.
technique in terms of its effectiveness in capturing wireless traf- In the experiment, Source sends 20000 packets with the full UDP
fic and presenting precise statistics for wireless medium and (ii) to payloads (1472 bytes) to Echo, with 10 ms inter-packet duration
identify the pitfalls that the monitoring system needs to be aware of. (hence, at 100 packets/second). We made sure that no fragmen-
Our metric for effective monitoring is the percentage of captured fr- tation occur on either side of the AP. Therefore, for each NetDyn
ames out of the frames generated by a reference application. frame on the wireless side, there is a corresponding frame on the
wired side and vice versa. We use the NetDyn statistics as the base-
3.1 Methodology line for comparison with the number of the frames captured by snif-
fers.
3.1.1 Network Infrastructure
3
All networks mentioned in the paper are based on the 802.11b
2
Network Allocation Vector protocol.
4. 3.1.3 Monitoring Hardware/Software
We set up three sniffer machines to capture the wireless frames
on the air. All sniffing devices use the Linux operating system with
kernel version 2.4.19. We used Ethereal (version 0.9.6) and libp-
cap library (version 0.7) with the orinoco cs driver (version 0.11b),
patched to enable monitoring mode, as our sniffing software. We
made use of the ‘monitor mode’ of the card to capture 802.11 frame
information including the IEEE 802.11 header as well as physical
layer header (called the Prism2 monitor header), and higher layer
protocols’ information.
3.1.4 Captured Wireless Data
The wireless sniffer captures the first 256 bytes of each receiv-
ing 802.11 frame, records the complete view of the frame, i.e.
PHY/MAC/LLC/IP/Above-IP information.
Figure 3: SNR Contour Map for controlled experiment: SNR
Prism2 monitor header is not a part of IEEE 802.11 frame header,
Contour lines for 40,30,20 and 15 dB are obtained from SNR
but is generated by the firmware of the receiving card. The header
measurements. Based on the contour map, we place the wire-
includes useful PHY information, such as MAC Time, RSSI (Re-
less clients at locations G and B and place the sniffers at loca-
ceived Signal Strength Indication), SQ (Signal Quality), Signal st-
tions T, U, and V.
rength, Noise, Signal Noise Ratio (SNR) and Data rate (in Mbps).
All signal and noise information are in manufacture-specific units.
However, they can be used for relative comparison.
We also capture the IEEE 802.11 MAC frame structure which in- NetDyn frames correctly received by the application (out of 20000
corporates the following fields: protocol version, frame type (man- packets). The next three columns represent the number of the fr-
agement, data and control), Duration for Network Allocation Vec- ames captured by the sniffers T, U, and V respectively. Those
tor (NAV) calculation, BSS Id, Source and Destination MAC ad- numbers are normalized with the corresponding NetDyn number
dresses, fragment, sequence number among others [11]. According as 100%. We define the measurement loss to be the percentage of
to the 802.11 MAC frame type of the captured frame, we extract the frames unobserved by the sniffer. We can make the following
different information. For example, for Beacon frames, captured observation from those four columns in the table:
information include 64-bit Beacon timestamp which we use for
time synchronization among multiple sniffers (Section 3.3). For • Different sniffers have different viewpoints of the wireless
Association/Disassociate and Authentication/Deauthentication fr- medium.
ames, the information includes the reason code for such actions. • The percentage of measurement loss for From-AP traffic is
We also capture higher layer protocol information, mainly for Net- much less than the percentage of measurement loss for To-
Dyn frames. AP traffic. On the average, one sniffer can see 99.4% for
From-AP traffic and 80.1% for To-AP traffic. The reason for
3.1.5 Experiment Setup that is that the AP has better hardware compared to clients,
We tried different scenarios for the traffic between the wireless therefore the signal seen at a sniffer from an AP is stronger
clients and the wired server. In the rest of this section we show the than the signal seen from a client. Moreover, we can always
results of one experiment whose configuration is shown in Fig.2. place a sniffer adjacent to an AP, whose position is fixed,
Other configurations gave comparable results. We have two wire- while we cannot do that for wireless clients as their position
less clients at two different locations corresponding to two different is not known in advance.
signal conditions. The “Good” client lies in an area of good AP
coverage, in terms of SNR, while the “Bad” client lies in an area • Each sniffer has a significant percentage of unobserved fr-
of bad AP coverage. We also have three wireless sniffers (T, U and ames compared to NetDyn data. Even sniffer T, which was
V) capturing the wireless traffics between Source, Sink and the AP. placed adjacent to the AP, encountered a severe measurement
Sniffer T is placed adjacent to the AP while the other two sniffers loss to observe only 73% of the total To-AP traffic.
are placed as shown in Fig.34 . Note that the purpose of placing the • The absolute physical location of the client or the sniffer does
sniffers in the controlled experiment was not to maximize the cap- not affect the ability of a particular sniffer to capture data
ture performance, but rather to study the different factors affecting from a particular wireless client. Rather, the relative posi-
the wireless monitoring performance. tion between the wireless client and the sniffer is the factor
that affects the ability of a sniffer to capture the data from
3.2 Single Sniffer Statistics that client. For example, for the traffic originating from Bad
We define a “From-AP” frame, as a frame transmitted by the client, sniffers U and V capture more traffic than sniffer T,
AP to a wireless station. Similarly, we refer to a frame from the because U and V are closer to Bad client than sniffer T.
wireless station to the AP as a “To-AP” frame.
Table 1 shows the number of received packets for the NetDyn ap- • In Bad client case, the sniffers captured some frames that
plication and the percentage of MAC frames captured by the three was not received by the NetDyn application (capture per-
wireless sniffers. The entries for the wireless sniffers were obtained centage > 100%). This is because all sniffers are closer to
by counting all frames with unique sequence numbers. In Table 1, the AP than Bad client which means that a frame sent by the
the leftmost data column (named NetDyn) indicates the number of AP will have a better SNR at the sniffer compared to Bad
client. Therefore, the sniffers can capture frames that Bad
4
We discuss sniffers placement in Section 3.4. client cannot capture.
5. Table 1: Increasing captured frames by merging multiple sniffers: Merging two or three sniffers among T, U and V significantly
increases the number of observed frames.
To-AP Wireless Traffic
NetDyn T U V T+U T+V U+V T+U+V
Good 19905 (100%) 76.76% 69.00% 68.34% 76.83% 70.00% 76.84% 98.61%
Bad 18490 (100%) 69.48% 99.58% 99.73% 99.05% 100.05% 99.97% 100.13%
Total 38395 (100%) 73.25% 83.73% 83.46% 87.54% 84.47% 87.98% 99.34%
From-AP Wireless Traffic
Good 19247 (100%) 98.41% 97.31% 95.24% 99.37% 98.06% 99.32% 99.38%
Bad 17858 (100%) 102.04% 101.85% 102.2% 102.56% 102.43% 102.52% 102.56%
Total 37105 (100%) 100.15% 99.5% 98.59% 100.91% 100.16% 100.86% 100.91%
From these observations we can see two important pitfalls that ence point and use linear regression to fit the other sniffers’ times-
wireless monitoring system needs to avoid for achieving a good tamps6 to the reference sniffer.
capture percentage, i.e. a low measurement loss. Fig. 4 shows the fitting error (difference between the fitted times-
tamp and the reference timestamp) for the common Beacon frames
1. The capturing capability of a single sniffer is fairly limited over a 12.5 minutes interval. During this period, there were 5658
both in terms of measurement loss and hearing (receiving) Beacon frames that were common to all the sniffers out of the total
range. of the 7500 total Beacons frame that are sent at the 100 ms rate.
Sniffer T was taken as the reference sniffer in this experiment. We
2. Carefully selecting the sniffers’ relative locations is impor- can see that the maximum error is below 40 microseconds, well
tant for acceptable capturing performance. below the 106 (= 212/2) microseconds limit.
We provide the solutions for these identified pitfalls in the next sec- 3.3.2 Merging Procedures
tions. Using the obtained linear equation, we can convert the times-
tamp of each frame captured by each sniffer, to the reference time.
3.3 Merging Multiple Sniffer Data To identify the duplicate frames that multiple sniffers commonly
Our key idea for the first problem is to merge the data collected observed, we compare the header information of the frames, which
from different sniffers. Using multiple sniffers is justified not only are from different sniffer traces and whose converted timestamps
in that it can reduce the measurement loss significantly, but also in differ by less than half the minimum gap Gmin . After removing the
that it can aggregate each sniffer’s local view to provide a overall duplicates, we can generate a single correctly-ordered trace from
picture of WLAN traffic. Even if each sniffer’s hardware was as multiple sniffer traces.
good as the AP’s, there is still a need for multiple sniffers in order
to catch the messages that the AP missed. The main problem for 3.3.3 The Effect of Merging
merging the data from different sniffers is how to synchronize the Table 1 shows the effect of using the merged sniffers’ traces.
traces when each of them is time-stamped according to the local We can see from the table that increasing the number of merged
clock of the sniffer. In this section, we describe our method for sniffers’ traces from one to two to three increases the percentage of
time synchronization, merging procedures and the effect of merg- captured frames significantly from 73.25% to 84.47% to 99.34%
ing respectively. respectively for the To-AP traffic. Notice also that the effect of
merging is more significant in the case of To-AP traffic while a
3.3.1 Time Synchronization between Multiple Traces single sniffer near the AP (sniffer T) can almost capture all the
From-AP traffic (improvement from T only to T+U+V is 0.7%).
To correctly merge multiple sniffers’ data without reordering we
require the time synchronization error (the difference between two 3.4 Sniffers Placement
timestamps of different sniffers for the same frame) to be less than As noted in Section 3.2, carefully selecting the sniffers location
half the minimum gap between two valid IEEE 802.11 frames. In is important to obtain an acceptable capturing performance. In this
the IEEE 802.11b protocol, the minimum gap, Gmin , can be cal- section, we describe our sniffer placement strategy in the coverage
culated as the 192 microsecond preamble delay plus 10 microsec- area of an AP. We make use of the observations presented in Section
ond SIFS (Short Inter-Frame Space) plus 10 microsecond minimum 3.2.
transmission time for a MAC frame5 , to be a total of 212 microsec- Since in the infrastructure mode of the 802.11 protocol all traffic
ond. goes through the AP, one may think that placing all sniffers near
Our approach is to use the IEEE 802.11 Beacon frames, which the AP should maximize the capture performance. However, our
are generated by the AP, to be the common frames to all the snif- experiments showed that the capture performance of To-AP traffic
fers. Beacon frames contain their own 64-bit absolute timestamps is worse than that of the From-AP traffic, even for the sniffer T
as measured by the AP, therefore we can uniquely identify such which was adjacent to the AP. This is due to the weak signal that
common beacon frames in different sniffer traces. With such n reaches the sniffer from the clients compared to the strong signal
common beacon frames, we then take one of the sniffers as a refer-
6
We use the MAC time of the received frame, which is available in
5
For the case of Acknowledgement frame (14 bytes) transmitted at Prism2 header in the captured frame, as the local timestamp at each
11 Mbps. machine.
6. 60 of an AP is the area at which a client will favor this AP for associa-
Sniffer T tion compared with other APs in the area. Note that the Association
Sniffer U
40 Sniffer V Area is a sub-area of the coverage area and that most of the traffic
an AP receives comes from the associated clients (i.e. from the
Fitting Error (µsec)
20 Association Area). Therefore, we should use the association area
of an AP rather than its coverage area. Fig. 5 shows the Associ-
0 ation Areas for different access points in the area of interest. The
figure also shows the difference between the coverage area and the
-20 association area for AP1
Another factor that needs to be taken into account is the signal
-40 condition at the sniffer location. We define an SNR wall as an area
where the SNR contour lines are close to each other (Fig. 3). Our
-60 experiments shows that placing a sniffer near an SNR wall leads to
0 1 2 3 4 5 6 7 8 9 10 11 12 worse capture performance compared to placing the sniffer at other
Elapsed Time(minutes) places. Therefore, SNR walls should be avoided.
Figure 4: Fitting error with 5658 common Beacon frames 4. APPLICATIONS: TRAFFIC CHARACTER-
(timestamp of sniffer T is the reference time).
IZATION AND NETWORK DIAGNOSIS
We apply the wireless monitoring technique to measure and char-
acterize actual wireless LAN traffics of a typical AP in a computer
science department network. We have performed passive measure-
AP5 ments over a period of two weeks from Monday, February 9 to Sun-
day, February 22 to observe the wireless PHY/MAC characteristics
AP2 in the fourth floor of the A.V. Williams building of Computer Sci-
ence Department on the campus of University of Maryland. In this
AP4 experiment, we aim (i) to examine typical characteristics of MAC
AP1 traffic in academic research environment and (ii) to diagnose var-
AP3 ious anomalies in protocol and security of the IEEE 802.11 MAC
Border for the coverage
AP7 using wireless monitoring technique.
area for AP1
4.1 Methodology
Border between association AP6
areas for different APs
4.1.1 Target Traffic
In the fourth floor of A.V. Williams building, we have three
Figure 5: The Association Area for different access points. The channel-6 APs, three channel-1 APs and one channel-1 AP. Chan-
figure also shows the coverage area for the first access point. nel 6 is the most widely used in the fourth floor, therefore we
choose channel 6 as our target channel. We choose one of the
channel-6 APs in the fourth floor as our target AP.
that reaches the same sniffer from the AP. The AP can capture the 4.1.2 Setup and Placement
weak signal due to its better hardware and specialized processing The setups for H/W and S/W in three sniffers are exactly the
(compared to the sniffer configuration). same as in controlled experiment in Section 3. We also followed
Therefore, for placing the wireless sniffers, we should only place our strategy for sniffer placement as discussed in the Section 3.4.
one sniffer adjacent to the AP to be responsible for capturing the Sniffer T is the sniffer placed adjacent to the target AP.
From-AP traffic and the traffic of clients near the AP. Other sniffers
should be placed as close as possible to the wireless clients. 4.2 Results
If we assume that clients are going to be uniformly distributed We will present our results under three categories: MAC Traf-
over the coverage area, this translates to placing the sniffers so that fic, MAC Frame Types, and User Activity. We also summarize the
they cover as much as possible from the AP coverage area. There- anomalies we discovered and discuss the related security issues in
fore, if we have n sniffers to place, we can split the AP coverage the last section.
area into n equal areas and place the sniffers in the center of mass
of these areas. The key challenge here is to determine the AP cov- 4.2.1 MAC Traffic
erage area. Our scheme is that at as many locations as possible we Fig. 6 shows the daily traffic over the two weeks. We obtain
measure the SNR of Beacon frames from the target AP to draw the MAC type and size information from each frame’s MAC header in
contour line as shown in Fig. 3. Therefore we can determine the the traces. We separately present traffic for IEEE 802.11 Data fr-
AP coverage area as the 15-dB line7 in the figure. ames and that for the IEEE 802.11 Management frames (e.g. Bea-
We can refine this strategy by noting that, in an environment con frames).8
where multiple APs are installed, the coverage area of an AP may We notice that there was almost no user activity on the weekend
be reduced to the Association Area of the AP. The Association Area of Feb. 14 and Feb. 15. This weekend represents the weekend for
7 8
We can determine this threshold (in dB) by considering the rea- Since the IEEE 802.11 control frames (e.g. Acknowledgement)
sonable percentage of captured Beacons out of normal Beacon rate, have no BSSID, i.e. MAC address of AP, we do not present the
e.g. 10 per second. results for the control frames in this section.
7. Table 2: Abbreviation for the IEEE 802.11 Types
Abb. 802.11 Types
ProbeReq Probe Request
ProbeRes Probe Response
45
All PowerSave Power Save Poll
Data
40 Mgmt
AsscReq Association Request
AsscRes Association Response
35 ReAsscReq Reassociation Request
Number of Frames per Second
ReAsscRes Reassociation Response
30
25
20
AsscRes
15
ReAsscRes
10
Data
5 PowerSave
0 Beacon
M9 T10 W11 T12 F13 S14 S15 M16 T17 W18 T19 F20 S21 S22
Days
ProbeRes
Figure 6: [MAC Traffic] Number of MAC frames per seconds, ReAsscReq
averaged daily, over two weeks: All traffic of the target AP is
the sum of MAC Data traffic and Mgmt (Management) traffic. AsscReq
1 2 5.5 11
Average Data Rate
Figure 8: [MAC Frame Types] Average data rate per MAC
Type.
Valentine’s Day. February 16 was the holiday for President’s Day.
However, the university was open on that day.
4
x 10 Typically traffic for the IEEE 802.11 Management frames is con-
2
All stant over the two weeks period. On Friday, February 20, disk space
Data
1.8
Mgmt
had been full for 8 hours therefore we have smaller number of fr-
ames than normal days (losing about one third of the normal man-
1.6
agement traffic volume).
1.4 We observe a sudden spike of traffic on Wednesday, February 18,
which is three times larger than normal days. Carefully examined,
Bytes per Second
1.2
we found that 40% of MAC Data traffic consists of IMAP (Internet
1 Message Access Protocol) frames. IMAP protocol is used when
0.8
client STA accesses electronic mail or bulletin board messages that
are kept on a (possibly shared) mail server [13]. This abnormal
0.6 spike of email traffic is due to email worm W32.Netsky.B@mm that
0.4
was spreading on the web on Feb. 18 [6].
0.2 4.2.2 MAC Frame Types
0
In this section we show the results of per frame-type statistics
M9 T10 W11 T12 F13 S14 S15 M16 T17 W18 T19 F20 S21 S22
Days
over two weeks. For each type of frames we observed, we show the
average data rates per frame and average retransmissions per frame,
respectively. We obtain this information from the 256 byte MAC
Figure 7: [MAC Traffic] Traffic volume per seconds. Daily av-
header of the IEEE 802.11 frames and the Prism2 header which is
eraged values are shown over two weeks: All traffic of the tar-
generated per frame by the sniffer device driver (PHY information).
get AP is the sum of MAC Data traffic and Mgmt (Management)
We use the abbreviation in Table 2 to denote the long type names.
traffic.
In Fig. 8, we have two observations:
1. AsscRes and ReAsscRes are usually transmitted using the
highest data rate, i.e. 11 Mbps, while the corresponding Re-
quest frames use the lowest data rate, i.e. 1 Mbps. This is
not expected as the AP should respond with a data rate close
8. 350
ProbeRes 64.6 % SRC
DST
300
ReAsscReq 25.0 %
PowerSave 12.7 % 250
Number/Duration(=5min)
MAC Types
Data 4.3 %
200
AsscReq 0.0 %
150
AsscRes 0.0 %
ReAsscRes 0.0 % 100
Beacon 0.0 %
50
0 10 20 30 40 50 60 70 80 90 100
Average Percentage of Retransmissions per Frame (%)
0
0 2 4 6 8 10 12 14 16 18 20 22 24
Hours
Figure 9: [MAC Frame Types] Average number of retransmis-
sions per MAC Type.
Figure 10: [User Activity] Number of Unique MAC Addresses
per 5 minute interval in From-AP Traffic on Feb. 10.
to the data rate of the request to enhance the SNR at the re-
questing client. busy, so it cannot respond to the poll message. Therefore, the
2. The average data rate for Data frames is 5.1 Mbps. This station does not get a reply and retransmits the Power-Save
strongly indicates that multiple data rates are used. Poll.
We believe that these high average retransmission for this frame
Fig. 9 shows the average number of retransmissions per frame.
We calculate the numbers by dividing the number of retransmitted types represents anomalies in either the protocol design or imple-
frames (whose MAC Retry bit is set to 1) by the number of non- mentation.
retransmitted frames (whose MAC Retry bit is set to 0). Therefore, 4.2.3 User Activity
an average number of retransmissions of one indicates that each
For monitoring instantaneous user activity, we compare the num-
frame is retransmitted one time on the average.
ber of unique source MAC addresses and the number of unique des-
We find that unexpectedly, ProbeRes, ReAsscReq and Power-
tination MAC addresses during each 5 minutes, as shown in Fig. 10.
Save frames have a very high number of retransmissions on the
We obtained the MAC addresses information from MAC header of
average.
each frame.
We give the following possible explanations for each case:
We can observe that around at 19:00 on February 10 the num-
• ProbeRes: Due to the overlap between different channels in ber of unique destination MAC addresses sharply increased while
An 802.11 WLAN, an AP can hear on up to 8 other channels the number of unique source MAC addresses did not change much.
than its assigned channel [25]. For example, suppose that Careful examination of the trace reveals that during that 5 minute
a client sends a ProbeReq frame on channel 2. An AP on period a source station on the wired network sent ICMP ping mes-
channel 6 can hear this ProbeReq (due to the channel over- sages to 55 unique (wireless) destination MAC addresses which are
lap) and responds to the sender. When the client receives the sequentially generated. This network scanning technique, namely
ProbeRes frame, it knows that this is an incorrect response ping sweep, is known to be potentially malicious.
(since the ProbeRes frame contains the channel number it
was sent on) and drops the frame. As a result, the AP on 4.3 802.11 Anomaly and Security Monitoring
channel 6 will not receive an Acknowledgement frame and With the instantaneous PHY/MAC information available through
will retransmit the ProbeRes frame. wireless monitoring, we discovered several anomalies in protocol
and security of the IEEE 802.11 MAC:
• ReAsscReq: Although the client sends a request with a low
data rate (indicating a poor signal condition), the standard 1. Some management frames, e.g. association response and re-
does not force the implementation to respond with a specific association response frames, are transmitted at the highest
data rate. The AP sees from the ReAsscReq that the client data rate which does not correspond to the client SNR con-
can support up to 11 Mbps and sends the ReAsscRes with ditions (Fig. 8). This leads to excessive retransmissions of
that rate9 . Unfortunately, this message does not reach the these management frames.
client due to the poor signal conditions at the client side. This 2. We observe significant number of retransmissions of the IEEE
can be confirmed in the average data rate per frame types in 802.11 Management frames. Those frames include Probe
Fig. 8. Response (64%), Reassociation Request (25%) and Power-
• Power-Save Poll: When a STA wakes up, it sends a Power- Save Poll (13%). These retransmissions lead to the unnec-
Save Poll message to the AP asking for the buffered frames. essary waste of the scarce wireless capacity. We believe the
The AP may have its NAV set indicating that the medium is reason for such retransmissions to be the incomplete specifi-
cation of current MAC protocol. To prevent such anomalies,
9
The ReAsscRes frame acts as the Acknowledgement in this case. MAC protocol standards need to specify in more detail the
9. frame exchange sequences and need to consider various con- Public Wireless LAN In Proc. ACM SIGMETRICS 2002,
ditions on PHY layer, e.g. data rate, signal strength, etc. Marina Del Rey, CA, June 2002.
[2] S. Banerjee and A. Agrawala. Estimating Available Capacity
3. By monitoring the traffic and user activity, we observe some
of a Network Connection. In Proceedings of IEEE
malicious usages of WLAN, such as email worm and net-
International Conference on Networks, September 2001.
work scanning technique.
[3] J. Bellardo and S. Savage. 802.11 Denial-of-Service Attacks:
The anomalies in MAC protocol, e.g. severe retransmission of Real Vulnerabilities and Practical Solutions. In Proceedings
management frames, can be exploited by malicious users for se- of the USENIX Security Symposium, Washington D.C.,
curity attack. For example, we observed up to 5000 Probe Re- August 2003.
sponse frames (from only one AP, including retransmissions) dur- [4] B.J. Bennington and C.R. Bartel. Wireless Andrew:
ing 5 minutes, which is equivalent to about 6.6 kbps. This indicates Experience building a high speed, campus-wide wireless data
that Probe Request flooding attack can have more significant im- network. In Proceedings of MOBICOM, September 1997.
pacts on WLAN’s bandwidth than are intended, due to the retrans- [5] N. Borisov, I. Goldberg and D. Wagner. Intercepting Mobile
mission of Probe Responses. Communications: The Insecurity of 802.11. In Annual
We showed monitoring user activity with MAC addresses in Sec- International Conference on Mobile Computing And
tion 4.2.3. Other MAC information, such as MAC sequence num- Networking, Rome, Italy, July 2001.
bers and ESSID, can also be used for monitoring suspicious user [6] Computer Associates. Virus Information Center
activity. In [23], they analyzed MAC sequence numbers to detect (Win32.Netsky.B Virus)
so-called fake AP and MAC address spoofing. Using multiple snif- http://www3.ca.com/virusinfo/virus.aspx?ID=38332
fers, our wireless monitoring framework provides accurate MAC [7] D. Eckardt and P. Steenkiste. Measurement and Analysis of
information instantaneously on the whole MAC traffic over one or the Error Characteristics of an In-Building Wireless
multiple BSS. Therefore, various techniques using MAC informa- Network. In Proceedings of SIGCOMM, August 1996.
tion for security monitoring can be effectively applied in our frame-
[8] Enterprise Wireless LAN Security and WLAN Monitoring.
work.
http://www.airdefense.net/
[9] S. Fluhrer, I. Mantin and A. Shamir. Weaknesses in the Key
5. CONCLUSIONS Scheduling Algorithm of RC4. In Lecture Notes in Computer
In this paper, we address two problems: wireless monitoring Science, 2259, 2001.
technique and its applications in MAC traffic characterization and [10] M. Raya, J-P. Hubaux and I. Aad. DOMINO A System to
network diagnosis. We first identify the pitfalls of wireless moni- Detect Greedy Behavior in IEEE 802.11 Hotspots. In
toring and provide two feasible solutions, namely merging multiple Proceedings of the 2nd international conference on Mobile
sniffers and their placement. Then, we apply those techniques to systems, applications, and services, Boston, MA, June 2004.
academic research WLAN over two week for MAC traffic charac- [11] IEEE Computer Society LAN MAN Standards Committee.
terization and network diagnosis. Wireless LAN Medium Access Control (MAC) and Physical
Our experimental results reveal not only typical WLAN traffic Layer (PHY) Specifications. In IEEE Std 802.11-1999, 1999.
characteristics but also the anomalies in the MAC protocol (e.g. [12] IEEE Computer Society LAN MAN Standards Committee.
severe retransmission of some Management frames) and security IEEE 802.11 Management Information Base In IEEE Std
(e.g. internet worm and ping sweep). 802.11-1999, 1999.
We expect that the techniques and experiences in this paper can
[13] THE IMAP Connection. http://www.imap.org/
be well applied to security monitoring in the IEEE 802.11 WLAN.
[14] D. Kotz and K. Essien. Analysis of a Campus-wide Wireless
Because the IEEE 802.11 MAC protocol is highly vulnerable to
Network. In Proc. the Eighth Annual International
security threats, wireless monitoring on MAC operations and user
Conference on Mobile Computing and Networking
activity and the diagnosis based on such data are crucial for secur-
(MOBICOM 2002), Atlanta, GA, September 2002.
ing WLAN. In Section 4.2.3, we show an example of detecting a
malicious WLAN usage based on the monitored user activity. [15] P. Kyasanur and N. Vaidya. Selfish MAC Layer Misbehavior
Our on-going work is centered on automating the diagnosis pro- in Wireless Networks. In IEEE Transactions on Mobile
cesses for detecting various anomalies (e.g. in terms of perfor- Computing, April, 2004.
mance, security, and availability). We are applying multivariate [16] K. McCloghrie and M. Rose. RFC 1066 - Management
anomaly detection technique to different measurement sets (e.g. Information Base for Network Management of TCP/IP-based
SNMP and wireless monitoring) for automatic diagnosis of vari- Internets. TWG, August 1988.
ous anomalies. [17] K. McCloghrie and M. Rose. RFC 1213 - Management
Information Base for Network Management of TCP/IP-based
Acknowledgement Internets: MIB-II. TWG, March 1991.
[18] A. Mishra and W.A. Arbaugh. An Initial Security Analysis
We are specially grateful to Bao Trinh for the helps in carrying out of the IEEE 802.1X Standard. CS-TR 4328, Department of
most of the experiments in this work. We also want to thank Nikhil Computer Science, University of Maryland, College Park,
Purushe for the helps in SNR measurement in Section 3.4. Finally, December 2002.
we thank the anonymous reviewers for their valuable comments [19] D. Schwab and R Bunt. Characterising the Use of a Campus
and suggestions. Wireless Network In Proc. INFOCOM 2004, Hong Kong,
China, March 2004.
6. REFERENCES [20] M. Shin, A. Mishra, and W. Arbaugh. Improving the Latency
[1] A. Balachandran, G.M. Voelker, P. Bahl and V. Rangan. of 802.11 Hand-offs using Neighbor Graphs. In Proc.
Characterizing User Behavior and Network Performance in a INFOCOM 2004, Hong Kong, China, March 2004.
10. [21] D. Tang and M. Baker. Analysis of a Local-Area Wireless Department of Computer Science, University of Maryland,
Network In Proc. the Sixth Annual International Conference College Park, December 2002.
on Mobile Computing and Networking (MOBICOM 2000), [25] M. Youssef, L. Shahamatdar, and A. Agrawala. The IEEE
Boston, MA, August 2000. 802.11 Active Probing Mechanism: Analysis and
[22] Wireless Security Auditor (WSA). Enhancements. CS-TR-4613, Department of Computer
http://www.research.ibm.com/gsal/wsa/ Science, University of Maryland, College Park, August 2004.
[23] J. Wright. Detecting Wireless LAN MAC Address Spoofing. [26] Y. Zhang, W. Lee and Y. Huang. Intrusion Detection
http://home.jwu.edu/jwright/papers/wlan-mac-spoof.pdf Techniques for Mobile Wireless Networks. In Wireless
[24] J. Yeo, S. Banerjee and A. Agrawala. Measuring traffic on Networks, Vol. 9(5), pp. 545-556, 2003.
the wireless medium: experience and pitfalls. CS-TR 4421,