Anomaly Detection and Modeling in 802.11 Wireless Networks

Article
  • 31 Downloads

Abstract

IEEE 802.11 Wireless Networks are getting more and more popular at university campuses, enterprises, shopping centers, airports and in so many other public places, providing Internet access to a large crowd openly and quickly. The wireless users are also getting more dependent on WiFi technology and therefore demanding more reliability and higher performance for this vital technology. However, due to unstable radio conditions, faulty equipment, and dynamic user behavior among other reasons, there are always unpredictable performance problems in a wireless covered area. Detection and prediction of such problems is of great significance to network managers if they are to alleviate the connectivity issues of the mobile users and provide a higher quality wireless service. This paper aims to improve the management of the 802.11 wireless networks by characterizing and modeling wireless usage patterns in a set of anomalous scenarios that can occur in such networks. We apply time-invariant (Gaussian Mixture Models) and time-variant (Hidden Markov Models) modeling approaches to a dataset generated from a large production network and describe how we use these models for anomaly detection. We then generate several common anomalies on a Testbed network and evaluate the proposed anomaly detection methodologies in a controlled environment. The experimental results of the Testbed show that HMM outperforms GMM and yields a higher anomaly detection ratio and a lower false alarm rate.

Keywords

802.11 Access Points Network usage Gaussian Mixture Model Hidden Markov Model RADIUS Anomaly detection 

Notes

Acknowledgements

This work is financed by the ERDF European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation—COMPETE 2020 Programme within Project POCI-01-0145-FEDER-006961, and by National Funds through the FCT Fundao para a Cincia e a Tecnologia (Portuguese Foundation for Science and Technology) as part of Project UID/EEA/50014/2013. The first author is also sponsored by FCT Grant SFRH/BD/99714/2014.

References

  1. 1.
    Nicholson, A.J., Chawathe, Y., Chen, M.Y., Noble, B.D., Wetherall, D.: Improved access point selection. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services, pp. 233–245. MobiSys ’06. ACM, Uppsala (2006). ISBN: 159593-195-3.  https://doi.org/10.1145/1134680.1134705
  2. 2.
    Heusse, M., Rousseau, F., Berger-Sabbatel, G., Duda, A.: Performance anomaly of 802.11b. In: INFOCOM 2003. Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, vol. 2, pp. 836–843. IEEE Societies (2003).  https://doi.org/10.1109/INFCOM.2003.1208921
  3. 3.
    Dujovne, D., Turletti, T., Filali, F.: A taxonomy of IEEE 802.11 wireless parameters and open source measurement tools. In: Communications Surveys Tutorials, IEEE 12.2, pp. 249–262 (2010). ISSN: 1553-877X.  https://doi.org/10.1109/SURV.2010.021110.00020
  4. 4.
    Adya, A., Bahl, P., Chandra, R., Qiu, L.: Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks. In: Proceedings of the 10th Annual International Conference on Mobile Computing and Networking, pp. 30–44. MobiCom ’04. ACM, Philadelphia, PA (2004). ISBN: 1-58113-868-7.  https://doi.org/10.1145/1023720.1023724
  5. 5.
    Cheng, Y.-C., Bellardo, J., Benkoö, P., Snoeren, A.C., Voelker, G.M., Savage, S.: Jigsaw: solving the puzzle of enterprise 802.11 analysis. In: Proceedings of the 2006 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, pp. 39–50. SIGCOMM ’06. ACM, Pisa (2006). ISBN: 1-59593-308-5.  https://doi.org/10.1145/1159913.1159920
  6. 6.
    Paul, U., Kashyap, A., Maheshwari, R., Das, S.R.: Passive measurement of interference in WiFi networks with application in misbehavior detection. In: IEEE Transactions on Mobile Computing, vol. 12, no. 3, pp. 434–446 (2013). ISSN: 1536-1233.  https://doi.org/10.1109/TMC.2011.259
  7. 7.
    Allahdadi, A., Morla, R., Aguiar, A., Cardoso, J.S.: Predicting short 802.11 sessions from RADIUS usage data. In: 2013 IEEE 38th Conference on Local Computer Networks Workshops (LCN Workshops), pp. 1–8. IEEE (2013)Google Scholar
  8. 8.
    Allahdadi, A., Morla, R., Cardoso, J.S.: Outlier detection in 802.11 wireless access points using Hidden Markov Models. In: 2014 7th IFIP on Wireless and Mobile Networking Conference (WMNC), pp. 1–8. IEEE (2014)Google Scholar
  9. 9.
    Shrivastava, V., Rayanchu, S.K., Banerjee, S., Papagiannaki, K.: PIE in the sky: online passive interference estimation for enterprise WLANs. NSDI 11, 25–25 (2011)Google Scholar
  10. 10.
    Sheth, A., Doerr, C., Grunwald, D., Han, R., Sicker, D.: MOJO: a distributed physical layer anomaly detection system for 802.11 WLANs. In: Proceedings of the 4th International Conference on Mobile Systems, Applications and Services, pp. 191–204. ACM (2006)Google Scholar
  11. 11.
    Lakshminarayanan, K., Seshan, S., Steenkiste, P.: Understanding 802.11 performance in heterogeneous environments. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Home Networks, pp. 43–48. ACM (2011)Google Scholar
  12. 12.
    Mahajan, R., Rodrig, M., Wetherall, D., Zahorjan, J.: Analyzing the MAC-level behavior of wireless networks in the wild. In: ACM SIGCOMM Computer Communication Review, vol. 36, no. 4, pp. 75–86. ACM (2006)Google Scholar
  13. 13.
    Massa, D., Morla, R.: Modeling 802.11 AP usage through daily keep-alive event counts. Wirel. Netw. 19(5), 1005–1022 (2013)CrossRefGoogle Scholar
  14. 14.
    Massa, D., Morla, R.: Abrupt ending of 802.11 ap connections. In: 2013 IEEE Symposium on Computers and Communications (ISCC), pp. 000348–000353. IEEE (2013)Google Scholar
  15. 15.
    Khayam, S.A., Radha, H.: Markovbased modeling of wireless local area networks. In: Proceedings of the 6th ACM International Workshop on Modeling Analysis and Simulation of Wireless and Mobile Systems, pp. 100–107. ACM (2003)Google Scholar
  16. 16.
    Kamthe, A., Carreira-Perpinán, M.A., Cerpa, A.E.: M&M: multi-level Markov model for wireless link simulations. In: Proceedings of the 7th ACM Conference on Embedded Networked Sensor Systems, pp. 57–70. ACM (2009)Google Scholar
  17. 17.
    Bednarczyk, W., Gajewski, P.: Hidden Markov models based channel status prediction for cognitive radio networks. In: Session 4P6 RF and Wireless Communication, p. 2088 (2015)Google Scholar
  18. 18.
    Akbar, I., Tranter, W.H., et al.: Dynamic spectrum allocation in cognitive radio using hidden Markov models: Poisson distributed case. In: IEEE on SoutheastCon, 2007. Proceedings, pp. 196–201. IEEE (2007)Google Scholar
  19. 19.
    Ghosh, C., Cordeiro, C., Agrawal, D.P., Bhaskara, M.B.: Markov chain existence and hidden Markov models in spectrum sensing. In: IEEE International Conference on Pervasive Computing and Communications, 2009. PerCom 2009, pp. 1–6. IEEE (2009)Google Scholar
  20. 20.
    Tumuluru, V.K., Wang, P., Niyato, D.: Channel status prediction for cognitive radio networks. Wirel. Commun. Mob. Comput. 12(10), 862–874 (2012)CrossRefGoogle Scholar
  21. 21.
    Prasad, P.S., Agrawal, P.: Movement prediction in wireless networks using mobility traces. In: 2010 7th IEEE on Consumer Communications and Networking Conference (CCNC), pp. 1–5. IEEE (2010)Google Scholar
  22. 22.
    The Internet Engineering Task Force (IETF). https://www.ietf.org/. Accessed in Jan 2016
  23. 23.
    RFC 2865 radius authentication. http://tools.ietf.org/html/rfc2865. Accessed in Jan 2016
  24. 24.
    RFC 2866 radius authentication. http://tools.ietf.org/html/rfc2866. Accessed in Jan 2016
  25. 25.
    Reynolds, D.: Gaussian mixture models. In: Encyclopedia of Biometrics, pp. 827–832. Springer (2015)Google Scholar
  26. 26.
    Rabiner, L., Juang, B.-H.: An introduction to hidden Markov models. IEEE ASSP Mag. 3(1), 4–16 (1986)CrossRefGoogle Scholar
  27. 27.
    Fraley, C., Raftery, A.E.: Model-based clustering, discriminant analysis, and density estimation. J. Am. Stat. Assoc. 97(458), 611–631 (2002)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Fraley, C., Raftery, A.E., Murphy, T.B., Scrucca, L.: mclust version 5.1 for R: normal mixture modeling for model-based clustering, classification, and density estimation, vol. 597. Technical report (2015)Google Scholar
  29. 29.
    Schliep, A., Costa, I.G., Georgi, B., Hafemeister, C., Schonhuth, A., Mahmud, M.P.: GHMM Library. http://ghmm.org. Accessed in Mar 2016
  30. 30.
    The FreeRADIUS Project. http://freeradius.org/. Accessed in Feb 2016
  31. 31.
    Wifijammer. https://github.com/DanMcInerney/wifijammer. Accessed in Feb 2016
  32. 32.

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.INESC TECFaculty of Engineering, University of PortoPortoPortugal

Personalised recommendations