Differentiation of Natural and Maliciously Induced Packet Loss in Wireless Network Using Forensic Analysis
Keywords:Forensic analysis, malicious intent, transmisssion evidence, packet loss
Wireless networks are prone to packet loss making it strenuous toÂ differentiate if data leakage is due to the physical nature of wireless networks or from malicious packet loss.All previous experiments were made on utilizing nodes which are part of network to monitor packet loss , a method deployed in passive detection.Due to high levels of interference the likelihood of classifying malicious packet loss from wireless induced packet loss is less probable.In this paper using certain transmission parameters like traffic intensity ,node density and transmission evidence we perform forensic analysis. By using an analytical framework we compute the transmission evidence.We validate our analytical framework via both simulation and wireless test-beds.The analytical framework is then used as a basis for a protocol within a forensic analyser to assess the cause of packet loss and determining the likelihood of forwarding misbehaviours.
 J.Ning,Forensic Analysis of malicious and inducedpacket loss in wireless networks
 S.Marti,T.J.Giuli,K.Lai,andM.Baker,â€œMitigatingroutingmisbe- haviorinmobileadhocnetworks,â€inProc.ACMMobiCom,2000,pp. 255â€“265.
 K.P.McGrathandJ.Nelson,â€œMonitoring&forensicanalysisforwire- less networks,â€ in Proc. Conf. Internet Surveillance Protection, 2006, pp.1â€“4.
 K. N. Ramach, E. M. Belding-royer, and K. C. Almeroth, â€œDAMON: Adistributedarchitectureformonitoringmulti-hopmobilenetworks,â€ in Proc. IEEE SECON, 2004, pp.601â€“609.
 S.Yang,S.Vasudevan,andJ.Kurose,â€œWitness-baseddetectionoffor- warding misbehaviors in wireless networks,â€ UMass Computer Sci- ence Technical Report UM-CS-2009-001,2009.
 Rice University, Houston, TX, USA, â€œWireless open-access research platform,â€ [Online]. Available:http://warp.rice.edu/
 K.P.McGrathandJ.Nelson,â€œFlux:Aforensictimemachineforwire- less networks,â€ presented at the IEEE INFOCOM 2006 Poster and Demo Session2006.
 A.Adya,P.Bahl,R.Chandra,andL.Qiu,â€œArchitectureandtechniques fordiagnosingfaultsinIEEE802.11infrastructurenetworks,â€inProc. ACM MobiCom, 2004, pp.30â€“44.
 L.Qiu,P.Bahl,A.Rao,andL.Zhou,â€œTroubleshootingwirelessmesh networks,â€ Comput. Commun. Rev., vol. 36, no. 5, pp. 17â€“28,2006.
 J.Yeo,M.Youssef,andA.Agrawala,â€œAframeworkforwirelessLAN monitoringanditsapplications,â€inProc.ACMWorkshoponWireless Security: WiSe, 2004, pp.70â€“79.
 Y.-C. Cheng et al., â€œJigsaw: Solving the puzzle of enterprise 802.11 analysis,â€ in Proc. SIGCOMM, 2006, pp.39â€“50.
 R.Mahajan,M.Rodrig,D.Wetherall,andJ.Zahorjan,â€œAnalyzing the MAC-level behavior of wireless networks in the wild,â€ in Proc. SIG- COMM, 2006, pp.75â€“86.