1 s2.0 S0167404823000792 Main
1 s2.0 S0167404823000792 Main
1 s2.0 S0167404823000792 Main
a r t i c l e i n f o a b s t r a c t
Article history: The fourth industrial revolution has resulted in the intelligent Internet of Things being widely used for
Received 30 October 2022 home networking applications and smart infrastructure. Consequently, wireless connectivity has become
Revised 5 January 2023
essential in industrial and daily-life applications. Wireless communication is a continuously evolving tech-
Accepted 27 February 2023
nology that satisfies high-speed and ultra-low latency requirements. However, as multiple users utilize a
Available online 2 March 2023
single channel by sharing frequency and time, the service quality cannot be ensured owing to the in-
Keywords: terference from a congested network. Additionally, malicious attackers can compromise communication
Wi-Fi availability or destroy data integrity through jamming attacks, threatening human life and safety. Con-
Jamming attack ventional jamming attack detection and response technology respond to attacks without detecting the
Jammer classification type of jammer, exhibiting certain limitations in detecting and defending against an intelligent attack.
Jammer defense This study proposes a novel jammer classification and effective defense (JCED) algorithm that can classify
Basic service set coloring
jamming attack types using machine learning (ML) and provide differential responses based on the jam-
Battery draining
ming types. Depending on the jammer type, the JCED algorithm can adaptively select various response
methods, ranging from simple retransmission to active battery-draining attacks. The experimental results
verify that JCED exhibits 24.9% higher effective throughput and 23.4% lower energy consumption than
the countermeasure detection and consistency algorithm (CDCA). Moreover, JCED improves the effective
throughput by an average of approximately three times compared to CDCA in an environment with in-
tegrity violation attacks. Thus, the JCED is an effective defense mechanism against jamming attacks, en-
suring digital information safety and high throughput.
© 2023 Elsevier Ltd. All rights reserved.
1. Introduction ever, the quality of service (QoS) cannot be ensured if the network
density increases and wireless devices use a wider bandwidth
In the Information Age, digital information and communi- (Priya and Malhotra, 2021). Moreover, if an attacker violates the
cation infrastructure have become society’s and the economy’s communication availability between medical devices with jam-
core. As Wi-Fi provides equal information access to anyone using ming attacks, communication between medical devices connected
unlicensed bands, it is essential for industrial and daily life ap- to the target AP may be delayed, resulting in poor QoS or causing
plications. Furthermore, the COVID-19 pandemic has resulted in life and safety problems (Tsiatsis et al., 2019). Furthermore, some
a significant increase in online service usage. This increase in the instances of distributed denial of service attacks on vulnerabilities
number of devices used by individuals has increased the number in military communication and infrastructure networks have been
of Wi-Fi nodes. MarketsandMarkets (2021) predicted that the reported, affecting national security (Vadlamani et al., 2016).
global Wi-Fi market is expected to grow annually by 17.8%, from Conventional jamming attack response techniques are known
$9.4 billion in 2020 to $25.2 billion in 2026. The advantage of to minimize the damage caused by jamming. Representative jam-
Wi-Fi is that the communication services can be used within the ming attack response techniques include characteristic- or machine
range of an access point (AP) signal without any payment. How- learning (ML)-based single jammer detection and response meth-
ods and channel- and frequency-hopping methods. The single-
jammer detection method classifies a suspected attack as a jam-
∗
Corresponding author at: Department of Future Convergence Technology Engi- mer and responds to it regardless of its type. Channel-hopping
neering, Sungshin Women’s University, Seoul 02844, Republic of Korea.
(Djuraev et al., 2017; Liu et al., 2021) and routing (Kim et al, 2021)
E-mail addresses: [email protected] (S.-J. Lee),
[email protected] (Y.-R. Lee), [email protected] (S.-E. Jeon),
technology responds according to the channel and not the jam-
[email protected] (I.-G. Lee). mer attack characteristics. Channel-hopping includes a proactive
https://doi.org/10.1016/j.cose.2023.103169
0167-4048/© 2023 Elsevier Ltd. All rights reserved.
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
method, wherein all nodes in the network move channels, and intelligent jamming attacks that bypass jammer detection are in-
a reactive method, where channel hopping occurs only when the creasing. Therefore, detecting these attacks and corresponding re-
channel state changes (Kim, 2015). This was investigated until re- sponses has been increasingly studied. Table 1 summarizes the ex-
cently because a simple response was possible regardless of the isting studies on jammer detection and response. Here, the defense
jammer type. However, as jamming attacks have gradually evolved capability refers to the ability of the method to respond after jam-
into intelligent attacks, specific limitations exist in determining the ming is detected. The defense capability is considered strong if the
type of jammers using only a single-jammer detection and re- method responds to the entire jammer and weak if the method
sponse method (Lee and Kim, 2016; Park et al., 2022). Addition- classifies only some jammers and responds to only specific jam-
ally, as the channel resources used for channel-hopping are limited, mers. It is represented as inability if there is no response to any
they are ineffective against jamming attacks. Moreover, if a uni- jammer.
form defense method is applied to several types of jammers, the As indicated in Table 1, jammer detection techniques can
communication quality cannot be significantly improved. There- be divided into feature- and ML-based detection techniques.
fore, we developed a jammer classification and effective defense Fadele et al. (2019) proposed a countermeasure detection and con-
(JCED) algorithm that can filter unintentional interference while sistency algorithm (CDCA) for detecting reactive jammers. CDCA
ensuring security through the basic service set (BSS) secure color- detected attacks by controlling the threshold parameter and de-
ing technique and improve QoS through retransmission and active termining the node locations’ consistency through location-based
attacks. authentication. According to their experimental results, the CDCA
The primary contributions of this study can be summarized as throughput exhibited 86% performance, a 10% improvement from
follows: the conventional reactive jammer response method. Additionally,
energy consumption was reduced to 3%. However, as CDCA de-
• First, the proposed JCED technique accurately classifies the jam- fended only against reactive jammers, it did not respond to other
ming attack types using an ML model to generate differential types of jamming attacks. Ibrahim et al. (2022) proposed a trap-
responses to each jamming attack. type response that created a dummy or pseudo-secondary user
• Second, the effective throughput, delay, and energy consump- (PSU) for jamming propagation detection to lure and trap attackers.
tion are improved by applying differential response techniques, Their experimental results verified that the bandwidth efficiency of
such as jamming pattern avoidance, BSS secure coloring, and the model with PSU was 1.7 times higher than that of the conven-
battery consumption attacks depending on the type of jamming tional model. However, they reported a limitation: the method de-
attack. tected and responded to only certain types of jammers and failed
• Lastly, a network simulation framework is developed to eval- to respond to bypass attacks from intelligent jammers. Su et al.
uate the jamming attack’s performance and the corresponding (2021) evaluated the jamming counter measurement algorithm us-
countermeasures using a network attack traffic dataset. ing the Stackelberg game theory to suppress the communication of
smart jammers. However, the drawback of this method was that it
The remainder of this paper is organized as follows.
used only consistent response techniques rather than customized
Section 2 analyzes the existing studies on jammer counter-
responses to jammers.
measures. The proposed JCED technique is explained in Section 3.
Hachimi et al. (2020) evaluated the multi-classification perfor-
The experimental conditions are described in Section 4, and the
mance in ML using a wireless sensor network dataset (WSN-DS).
JCED performance evaluation is presented in Section 5. Finally,
As the evaluation was performed using the multi-layer percep-
Section 6 summarizes the conclusions of the study.
tron (MLP) and kernelized support vector machine (SVM) mod-
els, random, constant, reactive, deceptive, and standard jammers
2. Background and literature review were classified with an accuracy of approximately 94%. However,
the physical network was not modeled, and the response after
Jamming attacks can be divided into constant, random, de- the attack was not considered. Kasturi et al. (2020) constructed
ceptive, reactive, and frequency-sweeping attacks (Pirayesh and a jamming attack environment using a network simulator-3 (NS-
Zeng, 2022). Constant jamming attacks paralyze the bandwidth 3) to propose a jammer classification in an ad hoc network and
by transmitting a continuous signal regardless of the carrier-sense created a training dataset. Herein, constant, reactive, and random
multiple access (CSMA) protocol. Although the implementation of jammers were classified using MLP, k-nearest neighbor, decision
a constant jammer is simple, it is energy inefficient and easy to tree, and random forest (RF) models. Although a dataset was con-
detect as the signal is continuously transmitted (Lall et al., 2016). structed in the study, no countermeasures were suggested, and de-
Conversely, a random jamming attack transmits communication in- ceptive jammers were not detected. Arjoune et al. (2020) also de-
terruption bits only during a random period and saves power dur- veloped a dataset, evaluated the classification model, and classi-
ing the remaining time. Additionally, a random jammer is cost- fied smart jammers with an accuracy of 96.6% in the RF model.
effective as it requires less energy than a constant jammer. How- However, countermeasures were not considered, and the types of
ever, it is inefficient in attack success because the attack level de- jammers were not classified. Liu et al. (2019) proposed an in-
creases with the power-saving time. Deceptive jamming attacks telligent jammer response method based on pattern recognition
disguise regular communication by continuously transmitting stan- that could respond to an attack despite the changes in the at-
dard packets. Although deceptive jammers are energy inefficient, tack method. However, prior information on the jammer was re-
their detection is challenging because they use standard packets. quired to respond to a jamming attack. After identifying and tag-
By contrast, a reactive jamming attack transmits a signal when ac- ging various radio interference patterns considering the external
tive packet communication is detected by checking the channel environment changes, the model was trained using reinforcement
status. A reactive jammer requires a sensing circuit to check the learning. According to their experimental results, the processing
network status in real time. However, as attacks are generated only rate in the random switching environment was lower than that
when the data transmission process is detected, the possibility of of single learning at the experiment’s beginning, but the process-
attack detection can be reduced, resulting in an energy-efficient at- ing performance gradually improved. Nevertheless, although this
tack (Grover et al., 2014). study classified jammer patterns, the response remained consis-
Recently, attacks that attempt to occupy channels using decep- tent. Xu et al. (2020) designed a double deep Q-network (DQN), a
tive and reactive jammers, which are challenging to detect, and Markov decision process model that uses raw spectral data to de-
2
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Table 1
Analysis of existing studies on jammer detection and response methods.
Defense
Existing studies Methods Limitations capability
Feature- • Signal strength and node position consistency analysis • Responds to only reactive jammers Weak
based Fadele et al. to identify jamming attacks • Difficult to detect in intelligent jamming attacks
detection (2019) • Monitor when the channel is idle and consider it as an
attack if it differs from standard traffic time
• Making dummy users of the network a honeypot for • Responds when intelligent jamming propagation Weak
Ibrahim et al. jamming propagation learns this pattern is not considered
(2022) • Leverage the fake mechanism to trap attackers and • Only a few jammers can detect and respond
increase bandwidth efficiency by up to 1.7 times
Su et al. • Using Stackelberg game theory to evaluate the power • No response depending on the type of jammer Weak
(2021) control performance in environments with smart
jammers
• Defend attacks using the jamming counter
measurement iteration algorithm
ML-based • Cloud radio access network (C-RAN) detects and • A communication environment is not designed; Inability
detection Hachimi et al. classifies four types of jamming attacks only datasets are used
(2020) • Only detection; no response technology
• ML-based classification method for constant, reactive, • No response technology in real-world Inability
Kasturi et al. and random jammers communication environments
(2020) • No response to deceptive jammers
• Investigate the types of jamming signals and use • Only detects jamming attacks; no response Inability
Arjoune et al. parameters to generate large datasets technology
(2020) • Evaluate performance by applying random forest (RF), Unable to classify jammer types
support vector machine (SVM), and neural network
(NN) methods
Liu et al. • Intelligent jamming detection and response to pattern • Although patterns are considered, the responses are Weak
(2019) recognition consistent
• Real-time raw spectrum information is obtained to • Uses only channel switching
generate datasets and respond by reinforcing learning
Xu. et al. • Anti-jamming technology based on a double deep Q • Consistent response with channel switching Weak
(2020) network (double DQN) • No performance evaluation for other types of
• Method responds to sweep, random, and sensing-based jammers
jamming attacks
tect and defend against typical channel jamming attacks, such as rupt network availability through resource consumption attacks,
sweeping and random sensing-based jamming. Additionally, they and data forgery attacks can destroy data integrity. In a network
proposed an anti-jamming method. They determined that a double resource consumption attack, the attacker can access and commu-
DQN was more effective in preventing jamming attacks than the nicate with the network just like a regular user. Unlike normal
existing convolutional neural network-type Q-network. Although users, the attacker continuously accesses the victim’s system for
several countermeasures were proposed in this study, the detection malicious purposes, depriving normal users of communication op-
and response methods for reactive and deceptive jammers were portunities, paralyzing the victim’s system, and causing burnout.
not considered because only one type of jammer was classified Therefore, in network resource consumption attacks, the system
and operated as a single countermeasure in the communication must ensure that normal users can use communication services
process. Thus, conventional research on jammer detection focused and control how resources are handled to minimize network re-
on detecting a single jammer. Moreover, existing methods failed source consumption. An attacker can forge packets to imperson-
to consider all jammers owing to their fragmentary responses. Al- ate a regular user in a data forgery attack. If the system does not
though jammer types were classified, no study directly used the recognize the packet’s integrity, it recognizes it as a regular user
type information for defense. and accepts the attacker. This enables the attacker to take over
the system and leak system resources. Therefore, in the case of
data falsification attacks, the system must constantly check the in-
3. JCED mechanism tegrity of packets to prevent and respond to attackers in advance.
The JCED mechanism protects against availability violation attacks
The proposed JCED mechanism classifies jamming attack types by responding to each type of jammer. Additionally, it prevents in-
using an ML model and adaptively responds when a jamming at- tegrity violation attacks through BSS secure coloring. Fig. 1 depicts
tack occurs in a Wi-Fi communication environment. the network configuration of the JCED.
The RF model among ML algorithms was used for jammer clas- An overlapping BSS (OBSS) area exists in a dense network envi-
sification. RF is an ensemble learning method that generates and ronment where the AP coverage overlaps (Joshi et al., 2022). The
learns multiple decision trees and is a model that randomly selects station (STA) in the OBSS received a packet from a neighboring
characteristics used in decision making. RF is used for classification BSS in addition to the packet transmitted by the STA located in
and regression problems and is easy to process extensive data. In its BSS. Wireless local-area network (WLAN) devices using CSMA
addition, essential features can be selected to optimize classifica- with collision avoidance (CSMA/CA) prevented collisions by check-
tion performance. In this experiment, n_estimator and max_depth ing whether the wireless medium was empty. If the transmitted
values were set among RF parameters. n_estimator, the number packet collided, it waited as long as a random backoff. If a colli-
of trees in the forest is set to 50, and the maximum depth of the sion reoccurred, the waiting backoff time increased, and data were
tree max_depth is set to 0. In addition, the ratio of training data transmitted when the medium was not used. This increased the
and testing data was divided by 7:3. density of STAs and the probability of collision in a dense net-
The threat model used in this study includes network resource work, which deteriorated QoS. In general, Wi-Fi 6 (802.11ax) sup-
consumption and data forgery attacks. Generally, attackers can dis-
3
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Fig. 1. Network configuration of the jammer classification and effective defense (JCED) algorithm.
ports efficient spectrum use in dense networks by applying the BSS signal, service, length, and cyclic redundancy code (CRC), whereas
coloring technique (Commscope, 2018). Therefore, the transmitting PSDU includes a media access control (MAC) header, data, frame
STA filtered the unintentional interference from neighboring BSSs check sequence (FCS), and an end delimiter. The receiver detects
by loading the BSS coloring information that determined its BSS in the channel by calculating the expected duration of the frame
the frame. The data throughput was improved using this process. based on the PLCP preamble and header values. This is referred
However, as the conventional BSS coloring was information added to as the clear channel assessment. In 802.11ax, BSS coloring is in-
to the header, an attacker could effortlessly falsify the header and put into the header in PLCP, wherein BSS coloring comprises the
increase the effect of a jamming attack. The JCED algorithm filtered BSS color, partial BSS color, and disabled BSS color (Extreme Net-
unintentional interference in advance by checking the BSS coloring works, 2021). In the proposed JCED, the plaintext BSS coloring
(STA 5) when the STA received a packet. Additionally, BSS secure was entered in the header, and the encrypted BSS secure color-
coloring was inserted into the frame body and encrypted to pre- ing value was also inserted in the PSDU. The advanced encryption
vent data forgery attacks from deceptive jammers. It also classified standard (AES) algorithm guaranteeing high stability and speed is
the jammer types using ML models. If an attack node generated a used for encryption. AES is a representative symmetric algorithm
continuous signal, such as a constant or random jammer, the STA and supports 128-bit encryption blocks and 128, 192, and 256-bit
identified the attack pattern of the jammer. When the attack was key lengths. When an encryption algorithm is applied in a device
terminated, the retransmission of the unprocessed normal packet with limited computational resources, resource consumption can
was requested and processed (STA 4). Furthermore, when a reac- be minimized by changing AES to lightweight encryption. After the
tive jammer that attacked intelligently was detected, the STA trans- first verification using BSS coloring, the BSS secure coloring is de-
mitted the jammer identification information to the AP (STA 3) and crypted. The second verification process contrasting with the BSS
requested the AP to attack. The AP performed an active battery- coloring, confirms the correct BSS coloring and verifies the packet’s
draining attack to neutralize the attack from the reactive jammer. integrity. BSS secure coloring included only partial BSS color, and
Fig. 2 depicts the proposed JCED mechanism flowchart. When the integrity of BSS coloring was verified using only a few data
one STA transmitted a packet to another, the receiver checked the points. Thus, only the packet to be processed was rapidly deter-
BSS secure coloring to filter the unnecessary signals generated in mined through the BSS coloring value in the frame header to in-
the OBSS. If the BSS coloring did not match, the STA classified the crease the processing efficiency. The BSS secure coloring value en-
packet as interference and did not process it. As this process fil- crypted in the PSDU was cross-verified to counter the tampering
tered packets sent by an attacker, it served as a preventive tech- with the BSS coloring.
nique for deceptive jammers. Subsequently, JCED used an ML model to determine whether a
Additionally, when intelligent jammers forged BSS coloring, packet was attacked and the type of attack. Attacks were classi-
JCED verified the data integrity using BSS secure coloring en- fied into constant, random, deceptive, and reactive jamming types.
crypted in the frame body. Fig. 3 illustrates the Wi-Fi packet frame When a constant jamming attack occurred, the STA identified the
structure, including the BSS coloring and secure coloring. duration when the attack was not in progress and attempted to re-
Typically, the physical protocol data unit (PPDU) comprises the process the packet in that period to prevent the attack. An attack
physical layer convergence protocol (PLCP) and PLCP service data pattern is checked if the attack packet type is classified as random
unit (PSDU) (ShareTechnote, 2022). Additionally, PLCP includes the jamming. Time-series data is collected, and patterns are learned by
4
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Fig. 2. Flowchart of the jammer classification and effective defense (JCED) mechanism.
inputting it into the ML model operating in the background. Packet Fig. 4 depicts a block diagram of the proposed JCED mechanism.
reprocessing avoids the attack by predicting the point at which the The STA comprised a sender, receiver, BSS coloring checker,
attack is stopped. If a specific pattern was not identified, retrans- jammer-type classifier, a data processing module, and a correspon-
mission was randomly attempted considering the energy efficiency dence module. The BSS coloring checker included header and body
of the STA. checkers that checked for BSS coloring and secure coloring in the
When a reactive jamming attack occurred, the STA performed a packet frame. After checking the BSS coloring, ML model-based
battery-draining attack on the jammer, following which the reac- multi-classification was performed using a jammer-type classifier.
tive jammer could not transmit more packets. Typically, a battery- If the packet was classified as a standard packet, it was processed.
draining attack consumes the available resources of the STA by The defense module was used to respond if it was not a nor-
transmitting numerous packets to ensure that the STA does not mal packet. The correspondence module used a retransmission re-
switch to the power-saving mode (Lee et al., 2020). In general, quester to request retransmission to a normal node considering the
battery-draining techniques are used by attackers to destroy tar- jammer pattern. Furthermore, battery-draining control information
get node availability. However, the developed JCED attacked reac- was transmitted to the AP to handle the jammers actively. The
tive jammers with battery-draining to proactively respond to nodes AP also comprised a sender and receiver. The AP transmitted the
that generated intelligent attacks. If the STA detects a reactive jam- BSS coloring to the STA, received the battery-draining control in-
mer with an ML model, the STA requests a battery-draining attack formation from the STA, and generated an attack signal through
to the AP to which power is connected. The AP generates a signal the signal generator. Subsequently, a battery-draining attack was
capable of draining the reactive jammer and transmits the signal performed on the target node.
continuously until regular communication with the reactive jam- Algorithm 1 is the pseudo-code of JCED. The algorithm consists
mer becomes impossible. This method enabled the STA to reduce of 5 steps. Step 1 is the node setting step which defines the pa-
the time required to process abnormal packets from the reactive rameters of the attacking node and the jamming node. BSS col-
jammer and process normal packets during the saved time. oring checking is performed in step 2 to counter deceptive jam-
5
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Algorithm 1
Pseudo-code for JCED
6
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
7
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Table 3
Comparison of time complexity for jammer detection steps.
Time
Fig. 5. Detection accuracies of the countermeasure detection and consistency algo- Fig. 6. Performance evaluation results of effective throughput.
rithm (CDCA) and jammer classification and effective defense (JCED) algorithm.
8
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Fig. 7. Performance evaluation results regarding (a) delay and (b) energy consumption.
Table 4
Detection and defense capability of countermeasure cases.
Constant X O X X X O
jammer
Random X X O X X O
jammer
Deceptive X X X O X O
jammer
Reactive O X X X O O
jammer
ing in considerable total energy consumption. Notably, energy con- and responded differently to each type. Fig. 8 depicts the results of
sumption was high in the JSR(Low) environment, which involved the measured effective throughput and energy consumption when
several retransmissions. In the case of JCED, overhead was ob- the number of STAs increases in each case.
served when BSS coloring was checked. Additionally, as the re- As CDCA detected and defended against only reactive jam-
active jammer consumed up to 10 0 0 mAh of energy during the mers (Fig. 8(a)), the effective throughput converged to a specific
draining of each battery, the energy consumption rate was higher value with increased STAs. Additionally, the effective throughput
than that observed in CDCA in specific environments. However, of JCED, which included all response strategies, was the highest.
as JCED filtered abnormal packets, the RX consumption was re- By contrast, in the case of models with only individual response
duced; therefore, the overall energy consumption was lower than strategies, the effective throughput values of JCED(Constant)
that of the conventional model. Furthermore, CDCA and JCED ex- and JCED(Random) were the highest. Furthermore, the effective
hibited minor energy consumption in the JSR(High) environment throughput was higher in the order of the JCED(Deceptive) and
because the higher the JSR, the lower the proportion of normal JCED(Reactive), filtered with BSS secure coloring and attacked by
nodes. Thus the performance of JCED was improved compared to battery draining. As indicated in Fig. 8(b), CDCA showed low en-
CDCA for effective throughput, delay, and energy consumption in ergy consumption as no BSS coloring was observed in the frame
all JSR environments. It was possible to achieve a 24.9% higher header and body. In the case of JCED(Deceptive), the energy con-
effective throughput with 23.4% lower energy consumption than sumption was relatively low because packet filtering was possible
CDCA. with BSS coloring. In contrast, JCED(Constant) and JCED(Random)
could not filter through BSS coloring and consumed additional
5.2. Effectiveness of countermeasures for different jamming types energy during the retransmission process; therefore, the energy
consumption was considerably high. JCED(Reactive) also consumed
JCED used different countermeasures for different types of jam- more energy than the other models when performing a battery-
mers. Table 4 summarizes the countermeasure cases used to eval- draining attack. In other words, JCED improved the effective
uate the single-type response method performance. throughput and energy consumption compared to the single-type
CDCA detected only reactive jammers and filtered the corre- response methods of the proposed model and CDCA. Therefore, it
sponding packets. JCED(Constant), JCED(Random), JCED(Deceptive), is recommended to apply all of JCED’s countermeasures in combi-
and JCED(Reactive) detected the jammer types based on ML. How- nation. However, if all of JCED’s countermeasures cannot be applied
ever, they responded only to specific types of jammers. The pro- in some countries or regions, some can be selected by referring to
posed model JCED(All) detected all jammer types using ML models this experiment’s results.
9
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Fig. 8. Performance evaluation results in terms of (a) effective throughput and (b) energy consumption.
Fig. 9. Performance evaluation results regarding (a) effective throughput and (b) energy consumption.
5.3. Effectiveness of classification and defense sumption were reduced. Conversely, in the BSS secure coloring
scheme, BSS coloring existed in the frame header, and BSS se-
Effective throughput and energy consumption were measured cure coloring was observed in the body. As BSS coloring and se-
according to the changes in AAR in a network consisting of 10 STAs cure coloring were cross-checked, they exhibited strong charac-
to measure the performance of JCED against jamming attacks that teristics against threats. Therefore, the effective throughput did
falsify BSS color. The AAR varied from 0% to 90%. When AAR was not decrease with the increase in AAR. Furthermore, energy con-
0%, intentional interference did not occur; when it was 90%, the sumption was not flexible because most normal packets could
interference was the highest. The maximum data generation rate be processed. JCED exhibited an average effective throughput of
when no error existed during communication between the STAs 3.05 times higher than the non-BSS coloring scheme. Addition-
was set at 32 Mbps. If a packet was damaged owing to an in- ally, energy consumption increased by only 13.77%. Also, the ef-
tegrity attack during communication, it was neither processed nor fective throughput of JCED was improved by 72.79% compared to
reflected in the effective throughput despite being determined as a the BSS coloring scheme. Therefore, when JCED was applied, effec-
normal packet. tive throughput was higher than that of non-BSS and BSS coloring
Fig. 9 depicts the three models’ effective throughput and en- schemes, improving the QoS.
ergy consumption measured according to the increase in AAR. As
the non-BSS coloring scheme processed unintentional interference 6. Conclusions
packets, the number of normal packets that could be processed de-
creased gradually. When only BSS coloring was applied, uninten- Among the various sophisticated cyber-attacks, jamming attacks
tional interference was filtered out. However, packets whose in- are considered the most hazardous because they interfere with
tegrity was destroyed by the changes in AAR could not be pro- users’ communication and manipulate users’ systems via intelli-
cessed. Consequently, both effective throughput and energy con- gent attacks. Typically, detecting and responding to intelligent at-
10
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
tacks using conventional methods is challenging. Therefore, we Extreme Networks, Learn About BSS Color in 802.11ax: Background, Defini-
propose a novel JCED algorithm that uses an ML model to classify tion, Set-up, https://www.extremenetworks.com/extreme-networks-blog/
what- is- bss- color- in- 802- 11ax, 2021. (Accessed 1 September 2022).
the types of jammers and adaptively apply different countermea- Fadele, A.A., Othman, M., Hashem, I.A., Yaqoob, I., Imran, M., Shoaib, M.,
sures based on the jammer types. The JCED responds using BSS 2019. A novel countermeasure technique for reactive jamming attack in
secure coloring and battery-draining attacks in addition to avoid- internet of things. Multimed. Tools Appl. 78, 29899–29920. doi:10.1007/
s11042- 018- 6684- z.
ance, a general countermeasure. Therefore, an active defense tech- Grover, K., Lim, A., Yang, Q., 2014. Jamming and anti-jamming techniques in wireless
nique can be applied, unlike conventional methods, which begin networks: a survey. Int. J. Ad Hoc Ubiquitous Comput. 17, 197–215. doi:10.1504/
to respond only when a jamming signal is an input. The perfor- IJAHUC.2014.066419.
Hachimi, M., Kaddoum, G., Gagnon, G., Illy, P., 2020. Multi-stage jamming at-
mance evaluation results verified that JCED performed better than
tacks detection using deep learning combined with kernelized support vec-
CDCA in effective throughput, delay, and energy consumption. Fur- tor machine in 5G cloud radio access networks. In: International Symposium
thermore, BSS secure coloring effectively reduced the impact of se- on Networks, Computers and Communications (ISNCC), pp. 1–5. doi:10.1109/
ISNCC49221.2020.9297290.
lective jamming attacks and prevented frame forgery attacks. JCED
Ibrahim, K., Alnajim, A.M., Naveed Malik, A., Waseem, A., Alyahya, S., Islam, M.,
can respond more optimally than conventional models that only Khan, S., 2022. Entice to trap: enhanced protection against a rate-aware intel-
detect and respond to jammers. Nevertheless, as the proposed al- ligent jammer in cognitive radio networks. Sustainability 14, 2957. doi:10.3390/
gorithm was tested in a simulation environment, the analysis was su14052957.
Joshi, S., Roy, R., Bhat, R.V., Hathi, P., Akhtar, N., 2022. Dynamic distributed thresh-
limited to jamming attacks imposed by the WSN-DS datasets. In old control for spatial reuse in IEEE 802.11 ax. In: 2022 National Conference on
the future, we plan to establish a network communication test bed Communications (NCC), pp. 373–378. doi:10.1109/NCC55593.2022.9806744.
to measure the JCED performance and study algorithms to improve Kasturi, G.S., Jain, A., Singh, J., 2020. Detection and classification of radio frequency
jamming attacks using machine learning. J. Wirel. Mob. Netw. Ubiquitous Com-
response performance in an intelligent jamming environment. In put. Depend. Appl. 11, 49–62. doi:10.22667/JOWUA.2020.12.31.049.
addition, the JCED model performance will be evaluated in a com- Kim, Y., 2015. Channel-hopping scheme for enhancing fairness performance under
munication environment other than Wi-Fi. smart jammer attacks in tactical WLANs. J. Kor. Inst. Commun. Inf. Sci. 40, 2188–
2195. doi:10.7840/kics.2015.40.11.2188.
Lee, I.G., Kim, M., 2016. Persistent jamming in wireless local area networks: attack
7. Funding and defense. Comput. Netw. 109, 67–83. doi:10.1016/j.comnet.2016.06.024.
Lee, I.G., Go, K., Lee, G.H., 2020. Battery draining attack and defense against power
saving wireless lan devices. Sensors 20, 2043. doi:10.3390/s20072043.
This work was partially supported by the National Research Liu, S., Xu, Y., Chen, X., Wang, X., Wang, M., Li, W., Li, Y., Xu, Y., 2019. Pattern-
Foundation of Korea (NRF) grant funded by the Ministry of Sci- aware intelligent anti-jamming communication: a sequential deep reinforce-
ence and ICT (MSIT) [grant number 2020R1F1A1061107], the Ko- ment learning approach. IEEE Access 7, 169204–169216. doi:10.1109/ACCESS.
2019.2954531.
rea Institute for Advancement of Technology (KIAT) grant funded Liu, Y., Zeng, Q., Zhao, Y., Wu, K., Hao, Y., 2021. Novel channel-hopping pattern-
by the Korean Government (MOTIE) [grant number P0 0 08703, The based wireless IoT networks in smart cities for reducing multi-access inter-
Competency Development Program for Industry Specialist], and the ference and jamming attacks. EURASIP J. Wirel. Com. Netw. 152. doi:10.1186/
s13638- 021- 02029- 8, 2021.
MSIT under the ICAN (ICT Challenge and Advanced Network of MarketsandMarkets, Wi-Fi Market by Component (Hardware, Solution, and Ser-
HRD) program [grant number IITP-2022-RS-2022-00156310], su- vices), Density (High-density Wi-Fi and Enterprise-class Wi-Fi), Location Type
pervised by the Institute of Information & Communication Tech- (Indoor and Outdoor), Organization Size, Vertical (Education, Retail and eCom-
merce), and Region (2022 - 2026), 2021. https://www.marketsandmarkets.com/
nology Planning and Evaluation (IITP).
Market- Reports/global- wi- fi- market- 994.html (Accessed 31 August 2022).
Park, S.H., Joo, S., Lee, I.G., 2022. Secure visible light communication system via
Declaration of Competing Interest cooperative attack detection techniques. IEEE Access 10, 20473–20485. doi:10.
1109/ACCESS.2022.3151627.
Pirayesh, H., Zeng, H., 2022. Jamming attacks and anti-jamming strategies in wire-
The authors declare that they have no known competing finan- less networks: a comprehensive survey. IEEE Commun. Surv. Tutor. 24, 767–809.
cial interests or personal relationships that could have appeared to doi:10.1109/COMST.2022.3159185.
Priya, B., Malhotra, J., 2021. QAAs: QoS provisioned artificial intelligence framework
influence the work reported in this paper. for AP selection in next-generation wireless networks. Telecommun. Syst. 76,
233–249. doi:10.1007/s11235- 020- 00710- 9.
CRediT authorship contribution statement ShareTechnote, Wi-Fi, Frame Structure, http://sharetechnote.com/html/WLAN_
FrameStructure.html (Accessed 31 August 2022).
Su, Z., Qi, N., Yan, Y., Du, Z., Chen, J., Feng, Z., Wu, Q., 2021. Guarding legal commu-
Sun-Jin Lee: Conceptualization, Methodology, Software, Valida- nication with smart jammer: Stackelberg game based power control analysis.
tion, Writing – original draft. Yu-Rim Lee: Resources, Validation, China Commun. 18, 126–136. doi:10.23919/JCC.2021.04.010.
Tabbaa, H., Ifzarne, S., Imad, H. An online ensemble learning model for detecting
Writing – review & editing. So-Eun Jeon: Formal analysis, Visual- attacks in wireless sensor networks. Arxiv. doi:10.48550/arXiv.2204.13814.
ization, Writing – review & editing. Il-Gu Lee: Conceptualization, Tsiatsis, V., Karnouskos, S., Höller, J., Boyle, D., Mulligan, C., 2019. Chapter 6-Security,
Validation, Writing – review & editing, Supervision, Project admin- in: Internet of Things (Second Edition). Academic Press, pp. 127–142. doi:10.
1016/B978- 0- 12- 814435- 0.0 0 018-3.
istration, Funding acquisition. Vadlamani, S., Eksioglu, B., Medal, H, Nandi, A., 2016. Jamming attacks on wireless
networks: a taxonomic survey. Int. J. Prod. Econ. 172, 76–94. doi:10.1016/j.ijpe.
Data availability 2015.11.008.
Xu, J., Lou, H., Zhang, W., Sang, G., 2020. An intelligent anti-jamming scheme for
cognitive radio based on deep reinforcement learning. IEEE Access 8, 202563–
Data will be made available on request.
202572. doi:10.1109/ACCESS.2020.3036027.
11
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169
Yu-Rim Lee received her B.S. Degree in convergence Il-Gu Lee received his B.S. Degree in electrical engineer-
security engineering from Sungshin Women’s Univer- ing from Sogang University, Seoul, Korea, in 2003, and
sity, Seoul, Korea, in 2021. She is currently pursuing an his M.S. degree in the Department of Information and
M.S. degree in future convergence technology engineering Communications Engineering from Korea Advanced Insti-
from Sungshin Women’s University, Seoul, Korea. Her cur- tute of Science and Technology (KAIST), Daejeon, Korea, in
rent research interests are in the area of artificial intelli- 2005. He received his PhD degree in the Graduate School
gence, threat defense, malware detection, and Internet of of Information Security in Computer Science & Engineer-
Things. ing Department from KAIST in 2016. He is a professor
at the Department of Convergence Security Engineering,
Sungshin Women’s University (SWU), Seoul, Korea. Before
joining SWU in March 2017, he was with the Electron-
ics and Telecommunications Research Institute (ETRI) as
a senior researcher from 2005 to 2017 and served as a
principal architect and project leader for Newratek (KR) and Newracom (US) from
So-Eun Jeon received her B.S. Degree in convergence
2014 to 2017. His current research interests are in the area of wireless/mobile net-
security engineering from Sungshin Women’s Univer-
works with an emphasis on information security, networks, wireless circuits, and
sity, Seoul, Korea, in 2021. She is currently pursuing an
systems. He has authored/coauthored more than 100 technical papers in the areas
M.S. degree in future convergence technology engineer-
of information security, wireless networks, and communications, and holds about
ing from Sungshin Women’s University, Seoul, Korea. Her
160 patents. He is also an active participant in and contributor to the IEEE 802.11
current research interests are in the areas of conver-
WLAN standardization committee.
gence security, endpoint security, wireless networks, and
AI convergence technologies, with an emphasis on secure
IoT/wireless network and anomaly detection.
12