| Due to the openness and distributed nature of the protocols involved in VoIP over wireless networks, such as the session initiation protocol (SIP) and the IEEE 802.11 standard, it becomes easy for malicious users in the network to achieve their own gain or disrupt the service by deviating from the normal protocol behaviors. The main objective of this research is to develop real-time intrusion detection techniques that can quickly track down the malicious behaviors which manipulate the vulnerabilities from either VoIP or 802.11 protocols. Further, we will achieve the objective without requiring modification to the relevant standard protocols, and develop analytical tools to guide the detection system design for guaranteed performance.;Specifically, for the malicious selfish misbehavior utilizing vulnerabilities of the 802.11 protocol, we design a real-time fair share detector (FS detector) based on the non-parametric CUSUM test. While most of the existing schemes for misbehavior detection depend on heuristic parameter configuration and experimental performance evaluation, we develop a Markov chain based analytical model to systematically study the FS detector and quantitatively compute the system parameters for guaranteed performance. Further, to achieve better detection performance, we enhance the FS detector to develop an adaptive detector with the Markov decision process. Then based on a reward function defined by us, we are able to determine an optimal decision policy to maximize the overall system benefit and get better performance in both false positive rate and detection delay.;For attacks on the SIP layer, we first focus on the flooding attack detection by integrating a novel three dimensional sketch design with the Hellinger distance detection technique. Also, we propose a detection scheme to address the stealthy attack based on the signal processing technique wavelet. Moreover, we identify a new type of resource-drained malformed message attack and develop a detection scheme based on the Anderson-Darling test to deal with such attacks. The effectiveness of the corresponding detection schemes are demonstrated through simulation results. |
