Masquerading Attacks Detection in Mobile Ad Hoc Networks

Due to the lack of centralized identity management and the broadcast nature, wireless ad hoc networks are always a palatable target for masquerading attacks. The attackers can spoof identities of privileged legitimate users for various malicious reasons, such as to launch DoS or DDoS attacks, to access unauthorized information, and to evade the detection and accountability. In the current and limited literature, masquerading attacks are mostly counteracted by signal-strength-based detection systems. However, these schemes are mostly proposed to work for infrastructure-based IEEE 802.11 wireless networks using fixed access points, air monitors, or fixed anchor nodes, which are not suitable for the ad hoc architecture. In this paper, we propose a detection system for masquerading attacks without using fixed anchor nodes or air monitors. We develop an anomaly detection model based on the statistical significant testing for our masquerading detection system that takes into consideration the signal strength fluctuation. We conduct a test bed of Samsung Galaxy-based smartphones in order to analyze the real-world signal strength variation. We also plug the real-world signal strength variation in our model for the evaluation of the detection accuracy. We propose the received signal-strength-based masquerading attack detection scheme, which is carried out first by each node in its one-hop vicinity and then extended to five-hop proximity for broader detection scope and improved accuracy. The proposed scheme is evaluated using an NS-2 network simulator for detection accuracy in different environments. The results obtained indicate that our proposed scheme produces more than 90% true positives.