[lecture notes in computer science] distributed computing and networking volume 7730 || exploiting...

Exploiting Partial-Packet Information

for Reactive Jamming Detection:Studies in UWSN Environment

Manas Khatua and Sudip Misra, Senior Member, IEEE

SIT, Indian Institute of Technology Kharagpur, India{manask,smisra}@sit.iitkgp.ernet.in

Abstract. Reactive jamming in an underwater sensor network (UWSN)environment is a realistic and very harmful threat. It, typically, affectsonly a small part of a packet (not the entire one), in order to maintaina low detection probability. Prior works on reactive jamming detectionwere focused on terrestrial wireless sensor networks (TWSNs), and arelimited in their ability to (a) detect it correctly, (b) distinguish the smallcorrupted part from the uncorrupted part of a packet, and (c) be adap-tive with dynamic environment. Further, there is currently a need for ageneralized framework for jamming detection that outlines the basic op-erations governing it. In this paper, we address these research lacunae bybroadly designing such a framework for jamming detection, and specif-ically a detection scheme for reactive jamming. A key characteristic ofthis work is introducing the concept of partial-packet (PP) in jammingdetection. The introduction of such an approach is unique – the existingworks rely on holistic packet analysis, which degrades their performance– a fundamental issue that would substantially affect achieving real-timeperformance. We estimate the probability of high deviation in receivedsignal strength (RSS) using a weak estimation learning scheme, whichhelps in absorbing the impact of dynamic environment. Finally, we per-form CUSUM-test for reactive jamming detection. We evaluate the per-formance of our proposed scheme through simulation studies in UWSNenvironment. Results show that, as envisioned, the proposed scheme iscapable of accurately detecting reactive jamming in UWSNs, with anaccuracy of 100% true detection, while the average detection delay issubstantially less.

Keywords: Reactive jamming, partial-packet, weak estimation, CUSUM.

1 Introduction

UWSNs [1] find many time-critical applications in scenarios such as underwatersurveillance, intrusion detection, and seismic monitoring. The real-time deliveryof messages is crucial in these applications. An important class of threats that canseverely affect the successful functioning of such kind of challenged networks isjamming. The unique characteristics of UWSNs, such as low bandwidth, adverse

D. Frey et al. (Eds.): ICDCN 2013, LNCS 7730, pp. 118–132, 2013.c© Springer-Verlag Berlin Heidelberg 2013

Exploiting Partial-Packet Information for Reactive Jamming Detection 119

communication channel, large and variable propagation delay, high bit errorrate, and harsh environment, make these networks more vulnerable to jammingattacks. Additionally, sensor nodes, as such, have limited resources in termsof storage capacity, energy supply, and computational power, which make thedesigning of any jamming attack detection scheme even more challenging.

1.1 Motivation

It is shown in [2] and [3] that reactive jamming, as such, is a realistic and veryharmful threat in any TWSN. The reactive jammer stays quiet untill and unlessit senses any ongoing communication within its transmission range. Upon sens-ing any communication, the reactive jammer transmits a short-duration signalto disrupt the legitimate communication, and then again remains quiet. TheUWSNs, likewise, are also vulnerable to jamming attacks [4]. Our measurement-based experimental studies reveal that reactive jamming can potentially decreasethe throughput of a network, on an average, by 35.7% below normal scenariosin UWSN environments, as shown in Figure 1 (experimental setup is explainedin Section 6). There exists only one work [2] on reactive jamming detection inTWSNs. However, none of the existing works was designed for UWSNs. Alongwith this lacuna, some of the important observations characterizing UWSN envi-ronments and reactive jamming (mentioned below) have motivated us to designan effective scheme for reactive jamming attack detection in UWSN environment.

0

10

20

30

40

50

60

70

80

1 1.25 1.5 1.75 2 2.25 2.5 2.75 3 3.25 3.5 3.75 4 4.25 4.5 4.75 5 5.2 5.4 5.6

Thro

ughp

ut (b

ps)

Simulation Time (×100 sec)

Without Jamming With Jamming

Fig. 1. Effect of reactive jamming in UWSNs

UWSNs suffer from long and variable propagation delay. The propagationspeed of acoustic signal is five orders of magnitude less than the radio frequencypropagation speed [4]. Therefore, ACK-based detection metrics, such as packetdelivery ratio (PDR), takes much longer time for jamming detection. Moreover,accurate calculation of PDR is not feasible for on-demand reactive forward-ing schemes [2]. Hence, PDR is not a suitable metric for jamming detection

120 M. Khatua and S. Misra

in UWSNs. Underwater channels are highly influenced by artificially triggerednoise sources such as pumps, gears, ships, and ambient noise sources such astides, rain drops, fishes, and seismic activities. All these unavoidable and unpre-dictable noise sources make the average signal strength unpredictable in normalscenarios too, and, thus, invalidate the use of signal-to-noise (SNR) ratio for jam-ming detection. Global Positioning System (GPS) uses 1.5 GHz radio frequencyband, and these waves do not propagate long distance in water [1]. This issuerestricts the use of node-position-based jamming detection schemes in UWSNs.The underwater medium is highly dynamic in nature. Parameters such as tem-perature, pressure, salinity, and noise significantly vary with depth in the watercolumn. It is inappropriate to use schemes (e.g. [5], and [6]), which rely on a pre-defined threshold of a metric that depends on any of these varying parameters.Rather, we argue that it is required to design suitable metrics that can reducethe impact of the dynamic nature of the medium.

Reactive jamming, typically, corrupts only a few bits of a packet [2]. In gen-eral, the Forward Error Correction (FEC) based schemes are not suitable forerror correction in TWSNs due to high resource consumption [7]. Additionally,FEC-based schemes can be used for jamming mitigation, but not for jammingdetection [2]. The corruption of only a few bits does not increase the signalstrength corresponding to a packet noticeably [2], as the RSS corresponding toa packet may “dilute” the RSS changes corresponding to a few corrupted bits.So, the average RSS based schemes (e.g. [5], and [6]) are not suitable for reactivejamming detection. Furthermore, all existing schemes (e.g. [2], [5], and [6]) relyon retransmitting the whole affected packet. Such an approach leads to the re-transmission of highly redundant bits, and consequently, consuming additionalenergy. The fact of the matter is that the algorithms used in these existing ap-proaches cannot be used to distinguish between the corrupted and uncorruptedbits. Finally, it is observed that, the underline stream of all existing jammingdetection schemes are same, even though, they followed different approaches forjamming detection in TWSNs. Hence, we tried to expose such underline streamthrough a well-designed framework.

1.2 Contributions

This paper addresses some of the research lacunae identified in Section 1.1, by de-signing a generalized jamming detection framework, and then, using it for reactivejamming detection studies in UWSN environments. We use the logical concept ofpartial-packet (PP) [8], [9] to monitor short-duration packet dynamics, which isa key feature of our work. We estimate the probability of high deviation in RSSusing a weak estimation learning [10] scheme, and perform CUSUM-test [11] forreactive jamming detection. Additionally, the proposed scheme provides an op-portunity of partial-packet recovery [8], [9] by acknowledging the sender aboutthe corrupted PPs. In sum, our contributions in this work are as follows:

(a) Studies on Reactive Jamming in UWSN Environment : To the best ofour knowledge, no work on reactive jamming detection in UWSN exists. Wehave specifically considered UWSN environments to perform a study on the


effectiveness of reactive jamming and its detection, as the UWSNs are morechallenging networks [1].

(b) Channel Observation Metrics : We propose two new metrics for short-duration channel monitoring, Bad Partial-Packet Ratio and Partial-Packet RSS,which quantify the observed statistics with respect to PP.We define another met-ric, Deviation of PPRSS, to capture the deviation of RSS in corrupted bits. Thismetric correctly distinguishes the effect of poor channel from packet collision,and addresses the problem of considering signal strength decrease due to destruc-tive interference (an important contribution, as the existing works assumed onlyconstructive interference). It also absorbs the impact of dynamic environment inUWSNs by avoiding the use of static threshold for RSS.

(c) Reactive Jamming Detection Scheme: We propose a CUSUM-based dis-tributed reactive jamming detection scheme, which can detect reactive jammingcorrectly (i.e. very less false detection) and in short interval of time. On thecontrary, the existing schemes are limited in their fundamental ability to detectit simply correctly in different scenarios (as explained in Section 2).

(d) Jamming Detection Framework : We design a component-based general-ized framework to provide a structural view of common operations required forjamming detection. It reduces the complexity of designing a specific scheme byidentifying those task and organizing them in separate modules such that itallows implementing different algorithms for each module independently.

1.3 Organization of the Paper

The remaining paper is organized as follows. In Section 2, we briefly discussthe related works reported in some literature with respect to their suitabilityand correctness in UWSNs. The network model and the jamming model, usedin this paper for simulation, are discussed in Section 3. In Section 4, we discussabout different packet formats and three newly defined metrics for short-durationpacket monitoring. We discuss about the proposed generalized framework andCUSUM-based reactive jamming detection scheme in Section 5. The simulationresults and their analysis is shown in Section 6 followed by the conclusion andfuture direction of work for extending it further in Section 7.

2 Related Work: Challenging Their Suitablity andCorrectness for Use in UWSNs

There exist many important pieces of research works on jamming attack detec-tion and countermeasures in TWSNs, as discussed in [7] and [12]. We noticedthat the existing reactive jamming detection schemes in TWSNs use differentcombinations of jamming detection metrics, such as RSS, PDR, and SNR. There-fore, at first we study the effectiveness of each metric in UWSN environment asdescribed in Section 1.1. In this section, we draw discussion on each schemeseparately. Xu et al. [6,13] reported extensive studies of different jamming at-tack models and their effectiveness in the physical layer of wireless networks.


They proposed few jamming attack detection techniques using RSS, PDR, andcarrier sensing time (CST). To improve the detection accuracy, they proposedconsistency check of signal strength and node location coupled with the PDRobservation. Finally, they concluded that PDR is an important metric for jam-ming detection, even though, any individual metric is not sufficient to detectjamming correctly. It is already mentioned in Section 1.1 that, the use of theposition of the nodes, PDR, RSS, and SNR metrics are not suitable in UWSNenvironments. This issue invalidates the use of the above mentioned schemesand few others proposed in the existing pieces of literature (e.g., [5], [14], [15],and [16]), for reactive jamming detection in UWSN environments.

All the works, mentioned above, are general jamming attack detection schemesdesigned for TWSNs. There exist only one work [2] on reactive jamming detec-tion in TWSNs (none for UWSNs). In that scheme, bit error is calculated ase[i] := m1[i]⊕m2[i], where m1 and m2 are two independently received packetsby two nodes of “n-tuple wired chained nodes”. We argue that the equationmay result in an erroneous value for “passive monitoring”, if both the packetsare equally corrupted. In case of “active monitoring”, periodical probe messageexchange increases the overhead of the network. Further, the authors assumedfor both the types of monitoring that wired communication is error free, and atleast one node of n-tuple nodes must be within the jammed area. Along withthese assumptions, few other limitations are as follows: (a) To implement the“limited wiring” in practice, we need either hardware support or special kind ofnodes in the network. (b) By default, all signal strength based detection schemesconsider that interference always increases the signal strength. However, signalstrength decreases if destructive interference occurs. Hence, we argue that de-tection schemes based on threshold value comparison of RSS and SNR metricsare not capable of discriminating channel fading and destructive interference. Allthese discrepancies strike the correctness of the scheme.

3 Network and Jamming Model

In this Section, we briefly specify the network model and the jamming modelthat we use in this work.

3.1 Network Model

We consider security- and safety-critical applications in which timely delivery ofalarm messages is crucial. Let us assume that a UWSN is deployed to provide theapplication requirements within a specified 3D space in an aquatic environment.The underwater sensor nodes are floated at different depths as per their hard-ware arrangements, such as bladder apparatus and presure gauge. Each node isassumed to have an omnidirectional antenna with equal communication ranges.They are considered not to have active mobility, although they are mobile due tothe underwater current. It is further assumed that the nodes are aware of theirown location coordinates, but do not know others’ locations. They can localizethemselves using any localization technique, as explained [17] and [18].


3.2 Jamming Model

The main objective of jamming-style denial-of-service (DoS) attacks is to block ordelay the delivery of legitimate messages. In this work, we assume that only onereactive jammer exists in the network. The jammer can only send random signalsto corrupt the transmission, but cannot destroy or deactivate normal nodes. Thejammer cannot restrict the nodes from observing the environment or events too.The reactive jammer senses the channel for identifying any ongoing transmission.Once the data transmission is sensed, the reactive jammer sends random signalsof short-duration that are capable enough of corrupting the legitimate packets.Except this intensional transmission, the reactive jammer remains quiet at alltimes. Thus, the reactive jammer does not need any extra information aboutlegitimate nodes and communication protocols for jamming the network, exceptfor channel sensing. We consider that the jammer can choose its transmissionpower within a finite range. The main objective of the reactive jammer is to infectthe network as much as possible while it maintains the probability of detectionlow. The reactive jammer also has no active mobility, although it moves underthe water due to underwater currents.

4 Partial-Packet Measurement

In this Section, we describe the packet formats and three new metrics designedfor reactive jamming detection in UWSNs.

4.1 Message Formats

A packet of length x bytes is logically divided into n PPs. Each PP is augmentedwith one byte cyclic redundancy check (CRC) code for error detection. The sizeof each PP, except the last one, equals �x/n� + 1. We assume that the maxi-mum possible value for n is 256. A traditional network layer packet is similar toa modified packet, except the CRCs augmented with it. This augmentation in-creases the packet size by n bytes in our design, as we use 1 byte for representingeach CRC. It may be less or more depending on the type of CRC used for errordetection. Note that if the maximum deliverable packet length for a network isspecified, then the maximum data size of each packet is reduced by n bytes toaccomodate the CRCs of n PPs. Therefore, a tradeoff is created between thenetwork overhead and the number of PPs. We left the experimental discussionon this tradeoff as our future work.

The formats of a traditional network layer packet, partial-packet, and recov-ery packet are shown in Figure 2(a), 2(b), and 2(c), respectively. The PktType,Src, and Dest fields indicate the type, source and destination of the packet, re-spectively. The PPMap field is a bit-map indicating which PPs of the packethave been received correctly. We can use the same PPMap array for the nextpacket as well, thereby avoiding additional storage overhead. The CRC field inthe recovery packet is used to identify the error in it.


Net Hdr(h byte)

DATA & CRC(x-h) byte

Packet (x byte)

PPk

DATA CRC(1 byte)

(a)

(b)

Pkt Type(1 byte)

Recovery Packet

(c)

PPn

Src(1 byte)

Dest(1 byte)

CRC(1 byte)

PP Map (1..n)(n bits)

PP1

Fig. 2. Packet formats (a) Network layer packet (b) Partial-packet (c) Recovery packet

4.2 Metrics for Short-Duration Channel Monitoring

In this paper, we define three new metrics to observe the short duration packetstatistics, i.e., traffic status. These metrics can help in detecting and characteriz-ing jamming attacks in UWSN environments. Simultaneously, these metrics arecarefully designed so that they do not suffer from the disadvantages mentionedin Section 1.1. The following metrics are proposed in this work.

– Bad Partial-Packet Ratio (BPPR): BPPR is defined as the ratio of the num-ber of corrupted PPs received to the total number of PPs received in aninterval. Hence, the value of BPPR can be within the interval [0, 1].

BPPR =number of corrupted PPs

total number of PPs received(1)

– Partial-Packet RSS (PPRSS): PPRSS is defined as the average RSS corre-sponding to each PP.

PPRSS =1

d

d∑

i=1

RSS[i] (2)

where, d is the size of a PP in bits and RSS[i] is the received signal strengthof ith bit in the PP.

– Deviation of PPRSS (DevPPRSS): DevPPRSS is defined as the differencebetween the average PPRSS of corrupted PPs and correctly received PPs.

DevPPRSS =

n∑

i=1

PPRSS[i]× PPMap[i]

−n∑

i=1

PPRSS[i]× (1 − PPMap[i]) (3)

where, the value of PPMap[i] is either 0 or 1 depending on whether the ith

PP is erronious or not, respectively.


5 Reactive Jamming Detection

In this Section, we initially describe the proposed generalized framework for jam-ming detection, and then use it for designing a CUSUM-based reactive jammingdetection scheme which can be executed by any node in the network.

5.1 Generalized Architecture

A well-designed architecture reduces the complexity for designing schemes. Theexisting works on jamming detection did not provide any common sequence offunctionalities needed for the execution of any jamming detection exercise. Toaddress this problem, in this paper, we try to expose the common sequence ofsteps through a well-designed component-based framework. The proposed ar-chitecture, shown in Figure 3, carries multiple advantages. For instance, usingit one can design different algorithms for individual components, and any algo-rithm can be modified independently to improve its performance. The designedframework consists of three components:

Fig. 3. A generalized framework for jamming detection

(a) Error Notification Component (ENC): The basic functionality of this com-ponent is to detect any error introduced within a packet, and to notify it to thenext component. This component also monitors necessary information when apacket arrives at the receiver. In the proposed scheme, we use the concept ofCRC for error detection in each PP. If any PP is detected as erroneous, it in-vokes the algorithm written in the next component; otherwise, it skips all theremaining steps. The receiver records the corresponding RSS value for each bitwhile it receives any packet.

(b)DeviationEstimationComponent (DEC):This component helps to computethe values of different metrics used in any jamming detection scheme. In the pro-posed scheme, initially, we compute the values of metrics defined in Section 4.2.


The value of the BPPRmetric varies from 0 to 1, as the number of corrupted PPsare within 0 and n. If all the PPs are received correctly, then BPPR is 0, and itsvalue approaches unity, if the number of corrupted PPs approaches n. We, then,compute the PPRSS of each PP, and estimate the probability of high deviation inPPRSS using a weak estimation learning [10] scheme. Let us assume that the mea-sured deviation is represented asΠ , whereΠ is the absolute value of DevPPRSS.We determine a threshold value τ to differentiate between the high and the lowvalues ofΠ . Clearly, this threshold value represents theΠ parameter as a binomi-ally distributed random variable, and its value must be either ≥ τ or < τ . Let usconsider thatΠ obeys the following distribution:

Π =

⎧⎨

⎩

≥ τ with probability φ0

< τ with probability φ1(4)

such that φ0 + φ1 = 1, where Φ = [φ0, φ1]T . At any iteration i, let us assumethat Π takes the value πi. The weak estimator maintains a running estimateΨ = [ψ0

i , ψ1i ]

T of Φ to estimate φj , where ψji is the estimate of φj at time i, for

j = 0, 1. In this setting, the value of ψ0i is updated as follows.

ψ0i =

⎧⎨

⎩

λ× ψ0i−1, if πi−1 < τ

1− λ× ψ1i−1, if πi−1 ≥ τ

(5)

where λ is a learning constant (0 < λ < 1), and ψ1i = 1− ψ0

i . We then move tothe next component to identify the cause of this packet error.

(c) Jamming Detection Component (JDC): This component executes an al-gorithm designed for jamming detection. In the proposed scheme, we design aCUSUM-based detection mechanism which is described in detail in Section 5.2.This scheme can detect the occurrence of reactive jamming quickly without pos-sessing any a priori knowledge about the jammer’s strategy and the time ofoccurrence of jamming.

5.2 CUSUM-Based Detection Scheme Design

In this Section, we present the CUSUM-based reactive jamming detection scheme(CURD) considering the following philosophy. As stated earlier, a reactive jam-mer, typically, corrupts only a few bits of a packet. Except this type of jammers,all others corrupt large number of bits almost equalling the number of bitspresent in a packet. If a packet is corrupted due to poor link or high channelfading, then the average PPRSS of both the corrupted as well as the uncorruptedPPs will be reduced and this reduction can be correctly identified by DevPPRSS.Thus, we utilize the BPPR of a packet having n PPs as the primary measuringparameter in the proposed detection scheme. We consider the reception of n PPsas an observation interval, due to its effectiveness in capturing small-durationpacket statistics. As the value of n is constant during an experiment, a node


running the CURD scheme, called the tagged node, can easily compute the se-quences of its measurement parameter. Let us consider that a node q is taggedwith the CURD scheme. Our observation measure is the BPPR of the node q,denoted as Ht, in every n PP reception.

Let {Ht, t = 1, 2, ..., n} be the sequence of BPPR of the tagged node. Here,Ht is a random variable, as its value varies from ( 1

n ) to (nn ). We consider adefault probability distribution of Ht, and calculate its expectation, μ. Let usassume that μh is the upper bound of μ. We, then, have a modified CUSUM-teststatistic, which is as follows:

γi = [γi−1 + (μh −Ht)]+ (6)

where,

γ0 = 0 (7)

[γi]+ =

⎧⎨

⎩

γi, if γi ≥ 0

γi−1, otherwise(8)

The CUSUM-test statistic indicates that, if the number of corrupted PPs con-tinuously remains low, γi will quickly accumulate to a large positive value. Oth-erwise, γi maintains the previous value γi−1 to overlook long- or mid-durationpacket corruption. To distinguish the short-duration packet corruptions due toreactive jamming and any other network event, the indicator function consultswith the estimated probability, ψ0

i . Finally, the decision rule for ith step of thisCUSUM-test is defined as:

δi =

⎧⎨

⎩

1, if γi ≥ α and ψ0i ≥ β

0, otherwise(9)

where, δi is an indicator function about the occurrence of reactive jamming, andα and β are the identification thresholds of γi and ψ

0i , respectively. As soon as

the detectors γi and ψ0i cross their respective thresholds, they are reset to the

default values 0 and 0.5, respectively.

6 Simulation and Evaluation

To evaluate the effectiveness of the proposed scheme, we used Aqua-Sim [19], aNS-2 based simulator for UWSNs. In the simulation, we randomly deployed 30underwater sensor nodes in a 3D network space of 250 m3 in an aquatic environ-ment. One of these nodes was considered to behave like a reactive jammer. Thedetails of the other input parameters used are listed in Table 1. We executedeach simulation 20 times and computed the average value of the specified metricsfor comparison. At first, we examined the usefulness of the partial-packet schemeused for detecting the small changes in signal strength corresponding to a fewbits. Then, we studied the effectiveness of the proposed reactive jamming detec-tion scheme using three fundamental metrics: average detection delay, averagemissed detection ratio, and average residual energy.


Table 1. Parameters and their corresponding values used in the simulation

Parameter UWSN Jammer

Frequency (f) 25 KHz 25 KHz

Transmitted Power (Pt) 0.2818 W Variable (≤ 0.2818 W)

Transmission Range 100 m 100 m

Propagation Model Thorp Model [20] Thorp Model [20]

Packet Size (x) 100 bytes none

Routing Protocol VBF [21] None

MAC Protocol BroadcastMac [19] BroadcastMac [19]

Initial Node Energy 1000 Joules 1000 Joules

Bit Rate 10 Kbps 10 Kbps

Mobility Model Random Random

Node Movement 0.3 m/s 0.3 m/s

Jamming Duration (Jd) none 20-80 bits

6.1 Effectiveness of the PPRSS Metric

In this experiment, the tagged node was configured to capture the values ofRSS and PPRSS metrics corresponding to the received packets and the partial-packets, respectively. We categorized all the received packets into three types– normal packets (NP), jammed packets (JP), and collided packets (CP). Weobserved that the average RSS corresponding to the JP does not significantlyincreased, as compared to that of the NP, as the RSS corresponding to a packetmay “dilute” the RSS changes corresponding to a few corrupted bits in thepacket. Thus, RSS is not an effective metric for distinguishing the NP and the JP,as shown in Figure 4(a). On the contrary, Figure 4(b) shows that the proposedPP-based metric, PPRSS, can effectively distinguish the NP from the JP.

(a) (b)

Fig. 4. Effectiveness of PPRSS. Average (a) RSS and (b) PPRSS for NP, CP, and JP


6.2 Average Detection Delay

We performed a set of experiments with different settings of each parameterto analyze the average detection delay, E[D], of the CURD scheme. We definedE[D] as the average number of packets received by the tagged node for successfuldetection of reactive jamming, after the reactive jammer initiates its operation.Initially, we captured the distribution of γ observed by the tagged node withμh = 3/n and τ = 0.1 mW, when n = 50 and Jd = 20 bits. We chose theweak estimation learning constant, λ = 0.9, throughout the simulation. In thisexperiment, if we ignore the channel condition, i.e. β = 0, the threshold valueof γi alone indicates the jamming. On the contrary, even though the number ofcorrupted PPs is high enough, the identification parameter remains 0 until theprobability of high deviation in RSS of those corrupted bits crosses the threshold,which is shown in Table 2. Thus, the CURD scheme can effectively distinguishthe packet error due to poor channel and jamming. Similar effect was observedwhen we captured the distribution of ψ0

i with respect to the variation of β, whileγi equals a constant value.

Table 2. Distribution of γ for different values of α and β

Figure 5 shows the average detection delay under the different sets of valuesof μh and τ . The observations reveal that, irrespective of the values of α, theaverage detection delay is observed high, when the threshold values of ψ0

i is setto a high value. On the other hand, for lower values of β, the average detectiondelay is varied slowly with the variation of α. In conclusion, the CURD schemeprovides lower detection delay, if the threshold values of both the identificationparameters γi and ψ

0i are maintained at low values.

6.3 Average Missed Detection Ratio

The average missed detection ratio, Rmd, is the ratio of the sum of the falsepositives and the false negatives detected by the scheme to the total number ofnodes present in the network. We observed in Figure 5 that the CURD schemewaits for less duration of time for successful detection of reactive jamming, when


0 2 4 6 8

10 12 14 16 18 20

0.03 0.04 0.05 0.06 0.07 0.08 0.09

E[D

]

α

β=0.3 β=0.5

β=0.7 β=0.9

0

5

10

15

20

25

30

35

0.03 0.04 0.05 0.06 0.07 0.08 0.09

E[D

]

α

β=0.3 β=0.5

β=0.7 β=0.9

(a) (b)

Fig. 5. Average detection delay (a) μh = 3n, τ = 0.1 mW (b) μh = 6

n, τ = 0.125 mW

the values of α and β are set to 0.04 and 0.5, respectively. Therefore, in thisexperiment, we assumed constant values of α, β, and τ , which are 0.04, 0.5, and0.1 mW, respectively. As the value of n has high impact on false detection (bothfalse positive and false negative), we captured the results for different valuesof n to evaluate its impact. Figure 6(a) and 6(b) depict the missed detectionratio of the proposed CURD scheme with different values of μh, for 20 and 80bits of reactive jamming duration, respectively. From this experiment, we inferthat, irrespective of the values of μh, the CURD scheme provides zero misseddetection ratio, i.e., 100% true detection, if we select n = 40 for the experimentalsetup whose parameters are listed in Table 1.

(a) (b)

Fig. 6. Average missed detection ratio (a) Jd = 20 bits (b) Jd = 80 bits

6.4 Average Residual Energy

We measured the energy consumption rate of a tagged node in UWSN environ-ment. Figures 7 (a) and 7 (b) show the average residual energy (E

′r) of the tagged

node for each successful detection of reactive jamming. The residual energy is de-fined as the ratio of the remaining energy to the initial energy of a node. The ver-tical axis in Figure 7 represents energy ratio, Er, where Er = (E

′r−0.99)×1000.


(a) (b)

Fig. 7. Average residual energy of a tagged node (a) β = 0.5 (b) α = 0.04

As the performance of the CURD scheme depends on the selected threshold val-ues α and β, we measured Er with respect to the true detection count (Ctd), fordifferent values of α and β.

7 Conclusion

In this paper, we established that correct detection of reactive jamming inUWSN environment is possible. We developed a short-duration packet observa-tion scheme using the concept of partial-packet, which helps to capture changesin a few bits too, and is capable of distinguishing the corrupted bits from theuncorrupted bits. The proposed metrics were designed in such a way that theyabsorb the effect of dynamic environment. We used a weak estimation learn-ing scheme and a non-parametric CUSUM detector for detecting reactive jam-ming correctly. To show the common tasks of jamming detection in UWSNs, westacked them up in a generalized framework for any reactive jamming detection.Finally, our validation study through simulations show that the partial-packetbased reactive jamming detection scheme provides exactly 100% true detection,while the average detection delay equalling the equivalent of 3 packets reception.

In our future work, we will attempt to analytically evaluate the behaviour ofthe detection scheme, as the distribution of Ht follows the discrete time Markovmodel. We will endeavour to determine the optimal value of n, which influ-ences detection accuracy greatly. We will try to implement the partial-packetARQ with this detection mechanism to measure the improvement in networkthroughput and lifetime.

Acknowledgment. This work has been partially supported by a grant fromthe DIT, Govt. of India, Grant No. 13(10)/2009-CC-BT, which the authorsgratefully acknowledge.


References1. Akyildiz, I.F., Pompili, D., Melodia, T.: Underwater acoustic sensor networks: Re-

search challenges. Ad Hoc Networks 3, 257–279 (2005)2. Strasser, M., Danev, B., Capkun, S.: Detection of reactive jamming in sensor net-

works. ACM Transactions on Sensor Networks 7, 1–29 (2010)3. Wilhelm, M., Martinovic, I., Schmitt, J.B., Lenders, V.: Short paper: Reactive

jamming in wireless networks - how realistic is the threat? In: Proceedings ofWiSec, Hamburg, Germany, pp. 47–52 (2011)

4. Domingo, M.: Securing underwater wireless communication networks. IEEE Wire-less Communications 18, 22–28 (2011)

5. Misra, S., Singh, R., Mohan, S.V.R.: Information warfare-worthy jamming attackdetection mechanism for wireless sensor networks using a fuzzy inference system.Sensors 10, 3444–3479 (2010)

6. Xu,W., Trappe,W., Zhang, Y.,Wood, T.: The feasibility of launching and detectingjamming attacks in wireless networks. In: Proc. of MobiHoc, pp. 46–57 (2005)

7. Pelechrinis, K., Iliofotou, M., Krishnamurthy, S.V.: Denial of service attacks inwireless networks: The case of jammers. IEEE Communications Surveys & Tuto-rials 13, 245–257 (2011)

8. Ganti, R.K., Jayachandran, P., Luo, H., Abdelzaher, T.F.: Datalink streaming inwireless sensor networks. In: Proceedings of SenSys, pp. 209–222 (2006)

9. Jamieson, K., Balakrishnan, H.: PPR: Partial packet recovery for wireless networks.In: Proceedings of SIGCOMM (2007)

10. Oommen, B.J., Rueda, L.: Stochastic learning-based weak estimation of multino-mial random variables and its applications to pattern recognition in non-stationaryenvironments. Pattern Recognition 39, 328–341 (2006)

11. Poor, H., Hadjiliadis, O.: Quickest Detection. Cambridge University Press (2008)12. Mpitziopoulos, A., Gavalas, D., Konstantopoulos, C., Pantziou, G.: A survey on

jamming attacks and countermeasures in wireless sensor networks. IEEE Commu-nications Surveys & Tutorials 11, 42–56 (2009)

13. Xu, W., Ma, K., Trappe, W., Zhang, Y.: Jamming sensor networks: Attacks anddefense strategies. IEEE Network 20, 41–47 (2006)

14. Cagalj, M., Capkun, S., Hubaux, J.P.: Wormhole -based anti-jamming techniquesin sensor networks. IEEE Transactions on Mobile Computing 6, 100–114 (2007)

15. Cakiroglu, M., Ozcerit, A.T.: Jamming detection mechanisms for wireless sensornetworks. In: Proceedings of InfoScale, Vico Equense, Italy, pp. 1–8 (2008)

16. Li, M., Koutsopoulos, I., Poovendran, R.: Optimal jamming attack strategies andnetwork defense policies in wireless sensor networks. IEEE Transactions on MobileComputing 9, 1119–1133 (2010)

17. Tan, H.P., Diamant, R., Seah, W.K.G., Waldmeyer, M.: A survey of techniques andchallenges in underwater localization. Ocean Engineering 38, 1663–1676 (2011)

18. Erol-Kantarci, M., Mouftah, H.T., Oktug, S.: A survey of architectures and local-ization techniques for underwater acoustic sensor networks. IEEE CommunicationsSurveys & Tutorials 13, 487–502 (2011)

19. Xie, P., Zhou, Z., Peng, Z., Yan, H., Hu, T., Cui, J., Shi, Z., Pei, Y., Zhou, S.: Aqua-Sim: an NS-2 based simulator for underwater sensor networks. In: Proceedings ofOCEANS, Mississippi, USA, pp. 1–7 (2009)

20. Berkhovskikh, L., Lysanov, Y.: Fundamentals of Ocean Acoustics. Springer (1982)21. Xie, P., Cui, J.-H., Lao, L.: VBF: Vector-Based Forwarding Protocol for Underwa-

ter Sensor Networks. In: Boavida, F., Plagemann, T., Stiller, B., Westphal, C., Mon-teiro, E. (eds.) NETWORKING 2006. LNCS, vol. 3976, pp. 1216–1221. Springer,Heidelberg (2006)

[lecture notes in computer science] distributed computing and networking volume 7730 || exploiting...

Documents