Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions
Network forensics refers to monitoring and analysis of network traffic for the purpose of information gathering, legal evidence, or intrusion detection. Wireless sniffers are usually deployed to collect PHY/MAC-layer information to trace abnormal wireless traffic. For multi-channel wireless networks...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Other Authors: | |
| Format: | Article |
| Language: | English |
| Published: |
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/154193 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-154193 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1541932021-12-31T13:56:11Z Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions Xu, J. Gong, S. Zou, Y. Liu, W. Zeng, K. Niyato, Dusit School of Computer Science and Engineering Engineering::Computer science and engineering Passive Monitoring Redundant Sniffer Deployment Network forensics refers to monitoring and analysis of network traffic for the purpose of information gathering, legal evidence, or intrusion detection. Wireless sniffers are usually deployed to collect PHY/MAC-layer information to trace abnormal wireless traffic. For multi-channel wireless networks, it becomes problematic to allocate each sniffer an appropriate monitoring channel due to the limited number of sniffers. This leads to the sniffer-channel assignment (SCA) problem that has been mostly studied assuming error-free channel conditions or known behavior of wireless users. In this paper, we study the SCA problem with more general settings. In particular, we introduce redundant sniffer deployment to combat against the unreliable channel conditions. This can be formulated as a non-linear integer program with the aim of maximizing the number of captured data packets. We propose both centralized and distributed algorithms to determine an optimal strategy. For unknown user behaviors, we formulate the redundant SCA problem as a multi-armed bandit problem and develop an online learning policy to find a balance between the exploitation, i.e., accuracy, and exploration, i.e., coverage, in channel monitoring. Simulation results reveal that the redundant sniffer deployment, though sacrificing the exploration opportunities in the learning process, is robust against the uncertainty of user activities and provides the optimal performance in terms of sensing accuracy and monitoring coverage. 2021-12-16T01:55:12Z 2021-12-16T01:55:12Z 2020 Journal Article Xu, J., Gong, S., Zou, Y., Liu, W., Zeng, K. & Niyato, D. (2020). Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions. IEEE Transactions On Cognitive Communications and Networking, 6(1), 394-407. https://dx.doi.org/10.1109/TCCN.2019.2937487 2332-7731 https://hdl.handle.net/10356/154193 10.1109/TCCN.2019.2937487 2-s2.0-85071668014 1 6 394 407 en IEEE Transactions on Cognitive Communications and Networking © 2019 IEEE. All rights reserved. |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering Passive Monitoring Redundant Sniffer Deployment |
| spellingShingle |
Engineering::Computer science and engineering Passive Monitoring Redundant Sniffer Deployment Xu, J. Gong, S. Zou, Y. Liu, W. Zeng, K. Niyato, Dusit Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| description |
Network forensics refers to monitoring and analysis of network traffic for the purpose of information gathering, legal evidence, or intrusion detection. Wireless sniffers are usually deployed to collect PHY/MAC-layer information to trace abnormal wireless traffic. For multi-channel wireless networks, it becomes problematic to allocate each sniffer an appropriate monitoring channel due to the limited number of sniffers. This leads to the sniffer-channel assignment (SCA) problem that has been mostly studied assuming error-free channel conditions or known behavior of wireless users. In this paper, we study the SCA problem with more general settings. In particular, we introduce redundant sniffer deployment to combat against the unreliable channel conditions. This can be formulated as a non-linear integer program with the aim of maximizing the number of captured data packets. We propose both centralized and distributed algorithms to determine an optimal strategy. For unknown user behaviors, we formulate the redundant SCA problem as a multi-armed bandit problem and develop an online learning policy to find a balance between the exploitation, i.e., accuracy, and exploration, i.e., coverage, in channel monitoring. Simulation results reveal that the redundant sniffer deployment, though sacrificing the exploration opportunities in the learning process, is robust against the uncertainty of user activities and provides the optimal performance in terms of sensing accuracy and monitoring coverage. |
| author2 |
School of Computer Science and Engineering |
| author_facet |
School of Computer Science and Engineering Xu, J. Gong, S. Zou, Y. Liu, W. Zeng, K. Niyato, Dusit |
| format |
Article |
| author |
Xu, J. Gong, S. Zou, Y. Liu, W. Zeng, K. Niyato, Dusit |
| author_sort |
Xu, J. |
| title |
Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| title_short |
Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| title_full |
Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| title_fullStr |
Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| title_full_unstemmed |
Redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| title_sort |
redundant sniffer deployment for multi-channel wireless network forensics with unreliable conditions |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/154193 |
| _version_ |
1722355302183993344 |