Determining the Number of Attackers and Localizing Multiple Adversaries in Wireless Spoofing Attacks

Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. In this paper, we propose to use location information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for (1) detecting spoofing attacks; (2) determining the number of attackers when multiple adversaries masquerading as a same node identity; and (3) localizing multiple adversaries. We formulate the problem of determining the number of attackers as a multi-class detection problem. We first propose two cluster-based mechanisms to determine the number of attackers. We then develop SILENCE that employs the minimum distance testing of RSS values in addition to cluster analysis and can achieve better accuracy than other methods under study that merely use cluster analysis alone. We further developed an integrated detection and localization system that can localize the positions of multiple attackers. We evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings. Our experimental results show that SILENCE can achieve over 90% Hit Rate and Precision when determining the number of attackers. Additionally, our localization results using a representative set of algorithms provide strong evidence of high accuracy of localizing multiple adversaries.