Detection of side-channel communication in a mobile ad-hoc network environment using the Hamming distance metric

Date

2015-06-01

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

Side-Channel communication is a form of traffic in which malicious parties communicate secretly over a wireless network. This is often established through the modification of Ethernet frame header fields, such as the Frame Check Sequence (FCS). The FCS is responsible for determining whether or not a frame has been corrupted in transmission, and contains a value calculated through the use of a predetermined polynomial. A malicious party may send messages that appear as nothing more than naturally corrupted noise on a network to those who are not the intended recipient. A Hamming Distance (HD) difference between the FCS values of purposely corrupted and naturally corrupted frames is proposed as a metric for the detection of side channel communication. In theory, it should be possible to recognize purposely corrupted frames based on how high this HD value is, as it signifies how many bits are different between the expected and the received FCS values. It is hypothesized that a range of threshold values based on this metric exists, which may allow for the detection of Side-Channel communication across all scenarios. In order to achieve this threshold range, a calculation known as F-Score has been used. Several approaches to verifying the F-Score thresholds have been presented to verify this range, as well as the validity of F-Score itself such as: Receiver Operating Characteristic (ROC) curves, and Support Vector Machines.

Description

Keywords

Side-channel, MANETs, Hamming distance, Detection

Citation