Skip to Main Content
While mechanisms exist to instantiate common security functionality such as confidentiality and integrity, little has been done to define a mechanism for identification and remediation of devices engaging in behavior deemed inappropriate. This ability is particularly relevant as devices become increasingly adaptive through the development of software- defined and frequency agile radios. Adaptive devices can alter their behavior in a way that is noncompliant to a given set of standards and thus cause problems for other compliant devices. We address this deficiency by developing and assessing a mechanism for detecting misbehaving nodes in wireless systems. While we developed our system on an 802.11 network, the same approach could readily be applied to other wireless networks. Our mechanism is based on a reputation-enabled intrusion detection system, in which a centralized trust authority monitors traffic and collects secondhand information on potentially misbehaving nodes. The system integrates a mixture of alarms and reports to calculate a reputation vector of all nodes in the system. An XML based policy engine is used to detect policy violations. These mechanisms are built to be flexible and extensible in order to deal with the issues arising out of software programmable devices. In extending beyond traditional intrusion detection, our approach will incorporate physical layer information, such as power and frequency use, in determining improper behavior. In evaluating the system, we consider how our mechanism, (1) impacts system performance, (2) correctly identifies misbehaving nodes, (3) addresses "bad mouthing" and (4) resists collusion.