SPECTRAL MONITORING OF WIRELESS SYSTEMS TO DETECT ANOMALIES
Machine Learning based approach
THE ARGUMENT
An overview of current techniques and the proposed algorithm
With the penetration of Information and Communication Technology (ICT) into our everyday lives, cyber attacks are increasing in their volume, frequency, and intensity. Although preventive mechanisms in standards such as cryptography and authentication help in minimizing such attacks, they are not sufficient. Adversaries can exploit vulnerabilities to launch cyber attacks.
In order to recover from these attacks, the first step is to identify presence of malicious activities in the system. This functionality is performed by Intrusion detection systems (IDS), which are designed to autonomously collect and analyze system's information to identify malicious activities in them. Based on the reference data used, IDS can be broadly classified into two categories—Signature-based detectors and Anomaly detectors.
-
Misuse or Signature-based detection: These systems have the knowledge (or signature) of certain attack patterns and when they detect such patterns in the measured data, they report attack's presence.
-
Anomaly detection: These techniques contain the knowledge of the “normal” behavior of the system and whenever they observe a significant deviation from that reference, an intrusion is reported.
Both these schemes have their share of advantages and disadvantages. Signature-based schemes are very good at detecting known attacks however, they cannot identify a new attack whose signature is not known. This property does not fit well with the current cyber environment, where new attack schemes are developed everyday. Anomaly detection schemes overcome this drawback of signature-based schemes, but at the cost of higher false alarm rate and increased complexity.
In order to detect anomalies in wireless networks, there are a number of approaches in the literature. One such work is done in [1], which proposes an unsupervised approach for signal anomaly detection of spectrum in wireless communication based on two-layered autoencoder. They consider a one-state classification problem to recognize a signal with high SNR. This approach is limited to a specific kind of anomaly and does not address wide class of anomalies. In [2], authors propose a data-mining based approach to identify anomalies in a temporal-spectral data. In their method, they create historical models from the previously recorded data and compare real-time measurements with these models. Our method follows a similar approach, but instead of saving the entire past data, we just train the machine learning module with these datasets. Thus, our method will be faster as compared to this data mining approach.
TECHNICAL APPROACH
The general approach for the project is derived from the work of Lotter et al. [3]. Their model for unsupervised learning is based on the prediction of future image frames. These frames are predicted using the ‘PredNet’ neural network architecture. PredNet is based on a deep RNN with bottom-up and top-down connections, allowing the propagation of predictions as well as the error signals generated upon comparison. The general structure of PredNet is shown in the flow diagrams above. Each layer consists of representation neurons (R), which output a layer-specific prediction at each time step (represented by A hat), which is compared against a target (represented by A) to produce an error term (represented by E), which is then propagated laterally and vertically in the network. The problem specific sequence of operations is shown in the flow diagram on the right.
We adopted this prediction module to detect anomalies in a wireless spectrum. We trained this algorithm with an image sequence which corresponds to the normal behaviour of our system. For testing the effectiveness of our approach, we designed anomalies for the wireless system under consideration. Spectral data from these anomalous events were then given to the trained module to evaluate their detection capability.
CHECKING THE PERFORMANCE
A video presentation
The experimental anomalous scenarios and their corresponding algorithmic responses have been explained and demonstrated in the video above.
​
VULNERABILITY OF WIRELESS SYSTEMS
Wireless technology enables many services and applications, including public safety, national security, industrial control, autonomous vehicles, smart healthcare, the smart grid, commercial and mission-critical systems. For this reason ensuring the security and availability of wireless networks is of paramount importance. However, the broadcast nature of wireless channel makes it one of the most vulnerable components of a system. Adversaries exploit vulnerabilities like this and come up with new attacks every day.
To detect such security breaches, Intrusion Detection systems (IDS) have become an integral component of the security infrastructure. In the current scenario, most of the intrusion detection techniques work at the higher layers of the protocol stack which are ineffective against attacks such as spoofing and jamming. Thus a strong physical layer based IDS is required for wireless systems.
In this project, we adopted a video prediction machine learning technique to detect unforeseen anomalies in wireless spectrum. We trained our algorithm with the normal behavior of a network, and it reports an anomaly whenever it is unable to predict next few states of the spectrum. We tested our approach for a two-node network with anomalous events such as spectral hijacking, jamming, and network failure. As part of the future work, we would like to improvise this algorithm to cater the needs of more practical wireless networks such as the Internet of Things and LTE.
CONCLUSION
REFERENCES
[1] Feng, Qingsong, Zheng Dou, Chunmei Li, and Guangzhen Si. "Anomaly Detection of Spectrum in Wireless Communication via Deep Autoencoder." In International Conference on Computer Science and its Applications, pp. 259-265. Springer Singapore, 2016.
[2] Yin, Sixing, Shufang Li, and Jixin Yin. "Temporal-spectral data mining in anomaly detection for spectrum monitoring." Wireless Communications, Networking and Mobile Computing, 2009. WiCom'09. 5th International Conference on. IEEE, 2009.
​
[3] Lotter, William, Gabriel Kreiman, and David Cox. "Deep predictive coding networks for video prediction and unsupervised learning." arXiv preprint arXiv:1605.08104(2016).
EXPERIMENTAL SETUP
Our test setup initially consisted of USRP X310s (Software Defined Radios), connected to Ubuntu 14.04 machines. The host PCs were running the GNURadio Open-Source toolbox, which were interfaced with the SDRs to perform DSP operations. We used this setup to extract waterfall plots of the spectrum. For the final experiment, we simulated the required plots using the GNURadio toolbox. This allowed us to have greater flexibility in terms of simulating the required anomalous scenarios. The setup to generate these plots has been shown in the figure below.
Using these plots, we obtain videos of the RF spectrum, from which we obtain frames for our dataset. These are fed to the algorithm for anomaly detection. The components of our setup are -
-
GNU Radio Setup
-
System Model
-
Software Implementation based on the work of Lotter et al.
EXPERIMENTAL SETUP
Our test setup consists of Software Defined Radios (SDRs) connected to Ubuntu 14.04 machines. The host PCs are running the GNURadio Open-Source toolbox, which can simulate SDRs and perform DSP operations. We use this setup to extract waterfall plots of the spectrum. The design of our wireless system is illustrated in the figure below.