Differentiation of Natural and Maliciously Induced Packet Loss in Wireless Network Using Forensic Analysis


  • Karthikeyan N
  • Godwin Ponsam J






Forensic analysis, malicious intent, transmisssion evidence, packet loss


Wireless networks are prone to packet loss making it strenuous to  differentiate if data leakage is due to the physical nature of wireless networks or from malicious packet loss.All previous experiments were made on utilizing nodes which are part of network to monitor packet loss , a method deployed in passive detection.Due to high levels of interference the likelihood of classifying malicious packet loss from wireless induced packet loss is less probable.In this paper using certain transmission parameters like traffic intensity ,node density and transmission evidence we perform forensic analysis. By using an analytical framework we compute the transmission evidence.We validate our analytical framework via both simulation and wireless test-beds.The analytical framework is then used as a basis for a protocol within a forensic analyser to assess the cause of packet loss and determining the likelihood of forwarding misbehaviours.



[1] J.Ning,Forensic Analysis of malicious and inducedpacket loss in wireless networks

[2] S.Marti,T.J.Giuli,K.Lai,andM.Baker,“Mitigatingroutingmisbe- haviorinmobileadhocnetworks,â€inProc.ACMMobiCom,2000,pp. 255–265.

[3] K.P.McGrathandJ.Nelson,“Monitoring&forensicanalysisforwire- less networks,†in Proc. Conf. Internet Surveillance Protection, 2006, pp.1–4.

[4] K. N. Ramach, E. M. Belding-royer, and K. C. Almeroth, “DAMON: Adistributedarchitectureformonitoringmulti-hopmobilenetworks,†in Proc. IEEE SECON, 2004, pp.601–609.

[5] S.Yang,S.Vasudevan,andJ.Kurose,“Witness-baseddetectionoffor- warding misbehaviors in wireless networks,†UMass Computer Sci- ence Technical Report UM-CS-2009-001,2009.

[6] Rice University, Houston, TX, USA, “Wireless open-access research platform,†[Online]. Available:http://warp.rice.edu/

[7] K.P.McGrathandJ.Nelson,“Flux:Aforensictimemachineforwire- less networks,†presented at the IEEE INFOCOM 2006 Poster and Demo Session2006.

[8] A.Adya,P.Bahl,R.Chandra,andL.Qiu,“Architectureandtechniques fordiagnosingfaultsinIEEE802.11infrastructurenetworks,â€inProc. ACM MobiCom, 2004, pp.30–44.

[9] L.Qiu,P.Bahl,A.Rao,andL.Zhou,“Troubleshootingwirelessmesh networks,†Comput. Commun. Rev., vol. 36, no. 5, pp. 17–28,2006.

[10] J.Yeo,M.Youssef,andA.Agrawala,“AframeworkforwirelessLAN monitoringanditsapplications,â€inProc.ACMWorkshoponWireless Security: WiSe, 2004, pp.70–79.

[11] Y.-C. Cheng et al., “Jigsaw: Solving the puzzle of enterprise 802.11 analysis,†in Proc. SIGCOMM, 2006, pp.39–50.

[12] R.Mahajan,M.Rodrig,D.Wetherall,andJ.Zahorjan,“Analyzing the MAC-level behavior of wireless networks in the wild,†in Proc. SIG- COMM, 2006, pp.75–86.

View Full Article: