RF Jamming Classification Using Relative Speed Estimation in Vehicular Wireless Networks

Abstract 抽象

Wireless communications are vulnerable against radio frequency (RF) interference which might be caused either intentionally or unintentionally. A particular subset of wireless networks, Vehicular Ad-hoc NETworks (VANET), which incorporate a series of safety-critical applications, may be a potential target of RF jamming with detrimental safety effects. To ensure secure communications between entities and in order to make the network robust against this type of attacks, an accurate detection scheme must be adopted. In this paper, we introduce a detection scheme that is based on supervised learning. The k-nearest neighbors (KNN) and random forest (RaFo) methods are used, including features, among which one is the metric of the variations of relative speed (VRS) between the jammer and the receiver. VRS is estimated from the combined value of the useful and the jamming signal at the receiver. The KNN-VRS and RaFo-VRS classification algorithms are able to detect various cases of denial-of-service (DoS) RF jamming attacks and differentiate those attacks from cases of interference with very high accuracy.
无线通信容易受到射频 (RF) 干扰的影响,这可能是有意或无意造成的。无线网络的一个特定子集,即车载自组网(VANET),它包含一系列安全关键型应用,可能是射频干扰的潜在目标,具有有害的安全影响。为了确保实体之间的安全通信,并使网络能够抵御此类攻击,必须采用准确的检测方案。在本文中,我们介绍了一种基于监督学习的检测方案。使用了k最近邻(KNN)和随机森林(RaFo)方法,包括特征,其中一种是干扰器和接收机之间相对速度(VRS)变化的度量。VRS是根据接收机的有用信号和干扰信号的组合值估算的。KNN-VRS 和 RaFo-VRS 分类算法能够检测各种拒绝服务 (DoS) 射频干扰攻击情况,并以非常高的精度将这些攻击与干扰情况区分开来。

1. Introduction 1. 引言

A prevalent prediction is that fully autonomous vehicles, capable of self-navigating in unpredictable real-world environments with little human feedback, will flood the global market by 2025 [1]. Autonomous vehicle control imposes very strict security requirements for the wireless communication channels [2] which are used by a fleet of vehicles [3]. Specifically, the connected vehicles use the connected adapted cruise control (CACC) technology, in which the following vehicles learn the lead vehicle’s dynamics via intervehicle communication and through them they determine their movement. However, an RF jamming attack can overload the wireless medium leading to large packet losses. So, the platoons of vehicles can become unsafe and collisions are possible. Moreover, with the intelligent vehicle grid technology, each vehicle becomes a sensor platform absorbing information from the environment or from other vehicles (also called Internet of Vehicles (IoV)). Vehicles also feed each other or infrastructure for assisting in safe navigation and traffic management.

Wireless communications, however, are vulnerable against a wide range of attacks. An attack that is particularly hard to detect in every wireless network is the RF jamming attack [4]. An RF jamming attack reduces the availability of the wireless medium making the successful detection of a jamming attack may be obstructed by several conditions that might occur in an urban environment, such as unintentional interference caused by other wireless nodes, poor link conditions, etc. In a VANET, RF jamming attack detection is even more challenging due to the constant and rapid changes in topology and the high mobility of the vehicles. Detection becomes even harder with the presence of a variety of jammers and unintentional interference sources in the same area. Jamming may affect the communication between vehicles (V2V communication) or the communication between vehicles and roadside units, namely, RSUs (V2R communication).

Over the last few years, there have been several experimental approaches for jamming detection [47], some of which suggest the use of machine learning techniques [68]. However, only Puñal et al. [6] examine closely the adoption of machine learning techniques for jamming detection. None of the related works that focused on machine learning-based schemes has investigated the use of the speed of the involved vehicles as an extrafeature for classifying jamming attacks in VANETS. In this work, we show that this is a critical feature and, more specifically, the variations of relative speed (VRS) metric. VRS is used as a new feature for jamming classification in realistic scenarios with a minimum number of assumptions leading to increases in classification accuracy.
在过去的几年里,已经有几种干扰检测的实验方法[4\u20127],其中一些建议使用机器学习技术[6,8]。然而,只有Puñal等[6]仔细研究了机器学习技术在干扰检测中的应用。专注于基于机器学习的方案的相关工作都没有研究过使用相关车辆的速度作为VANETS中干扰攻击分类的额外特征。在这项工作中,我们展示了这是一个关键特征,更具体地说,是相对速度 (VRS) 指标的变化。VRS 被用作在真实场景中干扰分类的新功能,具有最少数量的假设,从而提高了分类精度。

The proposed VRS metric, extracted at the application layer [910], is combined with classic physical layer metrics leading to a cross-layer classification scheme. The intuition behind the use of the VRS is the following. In the general case, jamming reduces the receiver signal-to-interference-and-noise ratio (SINR), a problem that can be addressed with classic communication algorithms. However, SINR can be reduced due to unintentional interference, a problem very prevalent in dense populated areas where vehicles operate. Hence, for jamming detection, the actual reason behind the reduction in the SINR and the packet-delivery-ratio (PDR) has to be determined. The proposed VRS metric reveals the behavior of the jammer in relation to the receiver, specifically, the variations of its relative speed. An unintentional source of interference does not exhibit a specific pattern in its relative speed, allowing us thus to effectively differentiate the cases where a malicious intentional source of interference, namely, jammer, moves in ways that intend to disrupt communication. Our extensive results indicate that the proposed scheme can effectively differentiate the case of jamming attack from that of an interfering wireless source.
所提出的VRS指标在应用层[9,10]提取,与经典的物理层指标相结合,形成跨层分类方案。使用 VRS 背后的直觉如下。在一般情况下,干扰会降低接收机信干噪比(SINR),这个问题可以通过经典通信算法来解决。然而,由于无意干扰,SINR可能会降低,这个问题在车辆运行的人口稠密地区非常普遍。因此,对于干扰检测,必须确定SINR和数据包传输比(PDR)降低背后的实际原因。所提出的VRS指标揭示了干扰机相对于接收器的行为,特别是其相对速度的变化。无意干扰源的相对速度不会表现出特定的模式,因此我们可以有效地区分恶意故意干扰源(即干扰器)以意图破坏通信的方式移动的情况。实验结果表明,所提方案能够有效区分干扰攻击和干扰无线源的干扰攻击。

Accurate detection is also important because these two problems could be addressed differently; that is, in the case of interference, an interference cancellation (IC) scheme [11] is needed, while techniques such as spectral evasion (channel surfing and spatial retreats) scheme can be used for jamming attacks. With the use of more sophisticated techniques for alleviating the problem, the proposed scheme can be used as a first step of a process that aims at keeping alive the wireless communication between a transmitter and receiver, by detecting the exact cause of the wireless interference followed by appropriate actions related to the physical location of the nodes. Such actions could be the de-routing of the malicious vehicle from a specific area or the rerouting of legitimate vehicles towards different areas, free of any RF jamming or interference. Lack of such smart detection mechanisms could lead to incorrect de-routing decisions that may compromise the different objectives of applications that use intervehicle communications (IVC). For this reason, we tested both, a typical form of RF jamming, which is the continuous jamming, and a more smart reactive jamming.
准确的检测也很重要,因为这两个问题可以以不同的方式解决;也就是说,在干扰的情况下,需要干扰消除(IC)方案[11],而频谱规避(信道冲浪和空间撤退)方案等技术可用于干扰攻击。通过使用更复杂的技术来缓解该问题,所提出的方案可以用作旨在保持发射器和接收器之间无线通信的过程的第一步,方法是检测无线干扰的确切原因,然后采取与节点物理位置相关的适当行动。此类操作可能是将恶意车辆从特定区域移除路线,或将合法车辆重新路由到不同区域,不受任何射频干扰或干扰。缺乏这种智能检测机制可能会导致错误的去路由决策,从而可能损害使用车辆间通信 (IVC) 的应用的不同目标。出于这个原因,我们测试了两种形式,一种是射频干扰的典型形式,即连续干扰,另一种是更智能的反应性干扰。

The main contribution of this paper is the introduction of a proactive detection method against potential RF jamming attacks with fairly good detection results. This detection system is also able to differentiate interference from malicious RF jamming. Additionally, it is able to distinguish the unique characteristics of each attack especially when the proposed VRS metric is utilized among the other cross-layer features. The accuracy of the proposed detection method is about or over  under different supervised learning testing cases and under realistic values of the relative speed between the jammer and the receiver. This result is significantly improved as compared to other corresponding methods in the literature.
本文的主要贡献是介绍了一种针对潜在射频干扰攻击的主动检测方法,并取得了较好的检测结果。该检测系统还能够区分干扰和恶意射频干扰。此外,它能够区分每个攻击的独特特征,特别是当建议的 VRS 指标与其他跨层特征一起使用时。在不同的监督学习测试用例下,在干扰机和接收机之间的相对速度的实际值下,所提出的检测方法的精度大致或超过。与文献中的其他相应方法相比,该结果得到了显着改善。

One key application area for our scheme is vehicle platoons in which an exterior or an interior attacker can cause significant instability in the CACC of the vehicle stream [12]. Our classifier could be used as a trustworthy indicator of a jamming attack; thus, the control model of the platoon could change from CACC to noncooperative adaptive cruise control (ACC), relying solely on radar techniques. This control mode switch can be considered as a mitigation technique to the impact of the attack [12]. For the evaluation of our approach, one interference-only scenario and two jamming attack scenarios have been designed and tested.

The rest of this paper is structured as follows. Section 2 provides an overview of related work in the domain of attack detection. Section 3 describes the topology and the channel model of our scenarios. Section 4.1 describes the methodology used for the estimation of the relative speed. Section 4.2 presents the proposed machine learning-based jamming detection system. Section 5 describes the simulation setup. Section 6 presents the experimental results and comparisons. Finally, Section 7 summarizes our findings and concludes our work.
本文的其余部分结构如下。第 2 节概述了攻击检测领域的相关工作。第 3 部分介绍了我们方案的拓扑和通道模型。第 4.1 节描述了用于估计相对速度的方法。第4.2节介绍了所提出的基于机器学习的干扰检测系统。第 5 节介绍了仿真设置。第6节介绍了实验结果和比较。最后,第7节总结了我们的发现并总结了我们的工作。

Several recent works have proposed machine learning-based techniques for attack detection in vehicular ad-hoc networks. Puñal et al. [6] used metrics that include the noise and channel busy ratio (CBR), packet delivery ratio (PDR), maximum inactive time (Max IT), and received signal strength (RSS), to detect attacks with machine learning techniques, and examined the cases of reactive and constant jammers.
最近的几项工作提出了基于机器学习的车载自组织网络攻击检测技术。Puñal等[6]使用包括噪声和信道繁忙比(CBR)、数据包传输比(PDR)、最大非活动时间(Max IT)和接收信号强度(RSS)在内的指标,通过机器学习技术检测攻击,并检查了反应性和恒定干扰器的情况。

Azogu et al. [5] proposed a new mechanism, called the hideaway strategy, according to which all nodes should remain silent while the network is under a jamming attack. Bißmeyer et al. [13] proposed a detection scheme that is based on the verification of vehicle movement data and on the assumption that a certain space will be occupied by only one vehicle at a certain time.

Malebary et al. [14] presented a two-phase jamming detection method that utilized metrics such as the RSS, the packet delivery/send ratio (PDSR), and the packet loss ratio (PLR), as well consistency, checks to distinguish a jamming from a no-jamming situation. In the first phase, which is the initialization phase, the values of the RSS, the packet delivery/send ratio (PDSR), and packet loss ratio (PLR) are calculated by the RSUs in a jammer-free network. Furthermore, a max value for the RSS is obtained for every PDSR value as well as two threshold values, equal to the maximum PDSR and to the minimum PLR, respectively. In the second phase, when a PDSR value is lower than the defined threshold and a PLR value is higher than the respective threshold, a consistency check is conducted to determine whether the low PDSR value is consistent with the RSS value assigned in phase one, thus determining a jamming or no-jamming situation.
Malebary等[14]提出了一种两阶段干扰检测方法,该方法利用RSS、数据包发送/发送比(PDSR)和丢包率(PLR)等指标以及一致性检查来区分干扰和无干扰情况。在第一阶段,即初始化阶段,RSS、数据包发送率 (PDSR) 和数据包丢失率 (PLR) 的值由无干扰网络中的 RSU 计算。此外,每个PDSR值的RSS最大值以及两个阈值分别等于最大PDSR和最小PLR。在第二阶段,当PDSR值低于定义的阈值而PLR值高于相应的阈值时,进行一致性检查,以确定低PDSR值是否与第一阶段分配的RSS值一致,从而确定干扰或无干扰情况。

The authors in [15] proposed a data mining-based method for real-time detection of radio jamming DoS attacks in IEEE 802.11p V2V communications for platoon of vehicles. The state-of-the-art methods are compared with the proposed method which allows operating under the realistic assumption of random jitter accompanying every cooperative awareness message (CAM) transmission. However, only features from the network layer are utilized. Mokdad et al. [1617] proposed a scheme for detecting a jamming attack in vehicular ad-hoc networks that depends on the variations of the PDR. The approach is based on the premise in which only packets that originate from the sender are allowed through the cyclic redundancy check (CRC) and the PDR is equal to the ratio of these packets and the total number of packets received. Puñal et al., in [18], generated a set of jammers and implemented a variety of jamming scenarios, both indoor and outdoor, under different jamming behaviors (constant, reactive, and pilot jamming) in order to address the impact of an RF jammer in VANET communications.
作者在[15]中提出了一种基于数据挖掘的方法,用于实时检测IEEE 802.11p V2V通信中车辆排的无线电干扰DoS攻击。将最先进的方法与所提出的方法进行了比较,该方法允许在每次协同感知消息(CAM)传输附带随机抖动的现实假设下运行。但是,仅使用网络层中的要素。Mokdad等[16,17]提出了一种检测车辆自组织网络干扰攻击的方案,该方案取决于PDR的变化。该方法基于这样一个前提,即只允许来自发送方的数据包通过循环冗余校验 (CRC),并且 PDR 等于这些数据包与接收的数据包总数的比率。Puñal等人在[18]中生成了一组干扰器,并在不同的干扰行为(恒定、无功和导频干扰)下实现了室内和室外的各种干扰场景,以解决射频干扰器在VANET通信中的影响。

Quyoom et al. [19] presented an RF jamming attack that consists of radio signals maliciously emitted to disrupt legitimate communications. This type of jamming is already known to be a big threat for any type of wireless network. With the rise in safety-critical vehicular wireless applications, this is likely to become a constraining issue for their deployment in the future.

RoselinMary et al. [20] proposed an approach that is based on the detection of malicious and irrelevant packets using the number of broadcast packets per second (frequency) and the velocity of the vehicle that the packets are sent from. This method calculates the frequency, e.g., the number of broadcast packets per second, and the velocity and then starts the detection algorithm. If the frequency and the velocity are both high and above a threshold, then the packets are malicious, whereas if they are between a low and a high threshold value, the packet is real.

A subcategory of related papers dealt with real-time medium access control- (MAC-) based jamming detection method to meet the requirements of safety applications in vehicular networks. These methods operate either under realistic assumption of random jitter accompanying every CAM transmission [21] or the decision of the detector (monitor) depends on the number of nearby vehicles and the number of successful transmissions and failed transmissions [22]. These detection methods can more accurately distinguish the causes of failed transmissions such as contention collisions, interference, and jamming attacks. In [23], the authors proposed a method for DoS attack detection in wireless sensor networks (WSNs). This method is based on the grouping of sensor nodes and the timestamp and the PDR calculated from one node to another one. However, all the above papers focused on simplistic jamming attacks such as “random jamming” or “ON-OFF jamming” without taking into account smarter jammers such as reactive jammer. Lastly, Mowla et al. [24] proposed a federated learning-based on-device jamming attack detection security architecture for flying ad-hoc network (FANET) using the RSSI and PDR features with a fairly good accuracy results in detecting the RF jamming attack. All the aforementioned jamming detection approaches used parameters only from the MAC or the physical layer for training and testing without exploiting upper layer features. Feng and Hua [25] proposed jamming detection schemes based on a variety of machine learning algorithms. They incorporate the information from the physical layer, the MAC layer, and the network layer (such as RSS, carrier sense time, noise, and PDR) for training and testing. Lastly, there are recent works in the literature that use either machine learning [26] or deep learning for a multistage jamming detection scheme in 5G networks: the cloud radio access network (C-RAN) [27]. However, these methods have not been tested on vehicular networks that have special features such as high-speed moving nodes. Only the authors, in [28], adopt a cross-layer approach incorporating also an application layer features for detecting and classifying different types of RF jamming attacks in VANETs. Specifically, the IDS that was proposed in [28] is able to differentiate a RF jamming attack from spoofing attacks in connected autonomous vehicles (CAVs).
相关论文的一个子类别涉及基于实时介质访问控制(MAC)的干扰检测方法,以满足车载网络安全应用的要求。这些方法要么在每次CAM传输都伴随着随机抖动的现实假设下运行[21],要么检测器(监视器)的决定取决于附近车辆的数量以及成功传输和失败传输的数量[22]。这些检测方法可以更准确地区分传输失败的原因,例如争用冲突、干扰和干扰攻击。在文献[23]中,作者提出了一种在无线传感器网络(WSN)中检测DoS攻击的方法。此方法基于传感器节点的分组以及从一个节点到另一个节点计算的时间戳和 PDR。然而,上述所有论文都集中在简单的干扰攻击上,如“随机干扰”或“ON-OFF干扰”,而没有考虑更智能的干扰器,如反应干扰器。最后,Mowla等[24]提出了一种基于联邦学习的基于设备端干扰攻击检测安全架构,该架构利用RSSI和PDR特征进行飞行自组网(FANET),在检测射频干扰攻击方面具有较好的准确率。上述所有干扰检测方法仅使用来自MAC或物理层的参数进行训练和测试,而不利用上层特征。Feng和Hua[25]提出了基于多种机器学习算法的干扰检测方案。它们结合了来自物理层、MAC 层和网络层的信息(如 RSS、载波检测时间、噪声和 PDR)进行训练和测试。 最后,文献中最近有一些工作使用机器学习[26]或深度学习在5G网络中进行多级干扰检测方案:云无线接入网络(C-RAN)[27]。然而,这些方法尚未在具有特殊功能(例如高速移动节点)的车辆网络上进行测试。在文献[28]中,只有作者采用了一种跨层方法,结合了应用层特征来检测和分类VANET中不同类型的射频干扰攻击。具体来说,[28]中提出的IDS能够区分联网自动驾驶汽车(CAV)中的射频干扰攻击和欺骗攻击。

Sharanya and Karthikeyan [29] proposed a support vector machine (SVM) algorithm with modified fading memory (MFM) for classifying legitimate and malicious nodes. The proposed classification scheme considers the following critical parameters to classify a node as malicious node, namely, power ratio, signal strength, packet delivery ratio, speed of node, number of packets generated, and transmission power. Their proposed system has two specific phases.
Sharanya和Karthikeyan [29]提出了一种支持向量机(SVM)算法,该算法具有改进的衰落记忆(MFM),用于对合法节点和恶意节点进行分类。该分类方案考虑了以下关键参数将节点归类为恶意节点,即功率比、信号强度、数据包传递率、节点速度、生成数据包数和传输功率。他们提出的系统有两个特定的阶段。

Lastly, Karagiannis and Argyriou [10] proposed an RF jamming attack detection scheme using unsupervised learning with clustering. The novelty of the above paper is that the relative speed metric is utilized between the jammer and the receiver, along with other parameters, in order to differentiate intentional from unintentional jamming as well as identify the unique characteristics of each jamming attack. However, this relative speed metric is assumed to be available without any form of estimation.

In all the previous works that were proposed, machine-learning based schemes, the estimated variations of the relative speed have not been considered as a classification feature. Our proposed system is the first one in the literature that uses the point-to-point RF communication in order to estimate the relative speed metric.

3. System Model 3. 系统型号

3.1. Topology 3.1. 拓扑

Our system topology is represented in Figure 1. In the left part (a), an interference scenario is presented, in which we assume that no jammer is present in the network. This scenario is important in order to be able to evaluate the efficiency of our method in differentiating jamming from interference. The vehicle travels, when, at some point, it passes through an area with significant RF interference that is caused by a RSU. In the right part of this figure (b), a jamming situation is presented. The topology we adopt for this case involves a moving vehicle , which serves as the target of the jammer, another vehicle  that is the transmitter of the useful signal, and the jamming vehicle  that tries to intervene in the communication between  and . The travelling speed of , namely, , is equal to the travelling speed of , namely, . Moreover, we assume the presence of a static object in the area that causes multipath fading from reflections, as it is usually in urban environments. Upon spotting its target, the jammer begins following it and starts jamming either continuously or periodically (in order to stay undetected for as long as possible).
我们的系统拓扑如图 1 所示。在左部分(a)中,提出了一个干扰场景,我们假设网络中不存在干扰器。这种情况对于能够评估我们的方法在区分干扰和干扰方面的效率非常重要。当车辆在某个时候经过由 RSU 引起的具有显着射频干扰的区域时,车辆就会行驶。在图(b)的右侧,显示了干扰情况。我们在这种情况下采用的拓扑结构涉及一个移动的车辆,它作为干扰器的目标,另一个车辆是有用信号的发射器,以及试图干预 和 之间的通信的干扰车辆。的行进速度,即 ,等于 的行进速度,即 。此外,我们假设该区域存在一个静态物体,该物体会导致反射产生多径衰落,就像在城市环境中一样。一旦发现目标,干扰器就会开始跟踪它并开始连续或周期性地干扰(以便尽可能长时间地保持不被发现)。

3.2. Rician Fading Model 3.2. Rician Fading模型

In our work, we adopt the Rician fading model that is a channel model which includes path loss and also Rayleigh fading [30]. When a signal is transmitted, whether it is a useful signal or a jamming one, this model adds multipath fading in addition to thermal noise. It is assumed that a line-of-sight (LOS) ray and  nonline-of-sight (NLOS) ray exist in the area. The combined baseband signal that the receiver receives from the jammer and the transmitter is
在我们的工作中,我们采用了Rician衰落模型,这是一个包括路径损耗和瑞利衰落的信道模型[30]。当信号被传输时,无论是有用信号还是干扰信号,该模型除了热噪声外,还增加了多径衰落。假设该区域存在视距 (LOS) 射线和非视距 (NLOS) 射线。接收机从干扰机和发射机接收的组合基带信号为
where 哪里where  are the Rician fading channel models between transmitter-receiver and jammer-receiver, respectively. This type of channel model includes path loss and also Rayleigh fading.  and  are complex Gaussian variables capturing the Rayleigh fading between transmitter-receiver and jammer-receiver, and  are the symbols that are transmitted from the transmitter and the jammer, respectively, for which the BPSK modulation is used. This modulation scheme is preferred because it achieves lower bit error rate providing a reliable communication between  and . Moreover, this modulation scheme is the most robust in a high interference environment. In (2) and (3),  is the carrier frequency,  is the maximum Doppler shift,  and  are the transmission power per symbol of the useful and of the jamming signal, respectively, and  is the channel noise at time instant . The terms  correspond to the distance between the transmitter and the reflected object and between the jammer and the reflected object, respectively.
分别是发射机-接收机和干扰机-接收机之间的 Rician 衰落信道模型。这种类型的信道模型包括路径损耗和瑞利衰落。并且是捕获发射机-接收机和干扰机-接收机之间瑞利衰落的复高斯变量,分别是从发射机和干扰机发射的符号,用于使用BPSK调制。这种调制方案是首选,因为它实现了较低的误码率,从而在 和 之间提供了可靠的通信。此外,这种调制方案在高干扰环境中是最鲁棒的。在(2)和(3)中,是载波频率,是最大多普勒频移,分别是有用信号和干扰信号的每个符号的发射功率,是瞬间的信道噪声。这些项分别对应于发射机与反射物体之间以及干扰器与反射物体之间的距离。

The terms  correspond to the distance between the transmitter and the receiver and between the jammer and the receiver. In (2) and (3), the travel distance of the LOS rays is equal to . On the contrary, the travel distance of the NLOS rays is , respectively. Moreover,  is the incidence angle of departure (AOD) between the vector of speed  and the signal vector of the transmitter,  is the incidence AOD between the vector of speed  and the signal vector of the jammer,  is the excess delay time for the transmitter and jammer signal ray (that may be caused due to ground reflection), and  is the current time instant. For the remainder of this paper, we will use the parameter   as the transmitter-receiver complex amplitude associated with the LOS path and the parameter   as the jammer-receiver complex amplitude. The above complex amplitude values are known at the receiver.
这些术语对应于发射器和接收器之间以及干扰器和接收器之间的距离。在(2)和(3)中,LOS射线的传播距离等于。相反,NLOS射线的传播距离分别为。此外,是速度矢量和发射机信号矢量之间的入射离去角(AOD),是速度矢量和干扰机信号矢量之间的入射AOD,是发射机和干扰机信号射线的超额延迟时间(可能是由于地面反射引起的), 并且是当前时间时刻。在本文的其余部分,我们将使用该参数作为与LOS路径相关的发射机-接收机复数幅度,并将该参数用作干扰机-接收机复数幅度。上述复振幅值在接收器处是已知的。

3.3. System Overview

In our system model, a fixed number of known pilot symbols are sent using the wireless IEEE 802.11p standard [14] over consecutive time instants from the transmitter to the receiver. At the same time, the jammer simultaneously transmits over consecutive time instants’ random jamming symbols to the receiver. Using these pilots, the LOS channel and the  NLOS channels between the jammer and the receiver are estimated by the receiver.

The basic idea is to first estimate the relative speed between the jammer and the receiver, exploiting the RF Doppler shift. We use the variations of the estimated relative speed as a new feature in a supervised machine learning algorithm for RF jamming attack detection. Along with the relative speed from the application layer, we use cross-layer data that we obtain from the physical layer, such as the received signal strength indicator (RSSI), the SINR, and the PDR. Two classification algorithms are investigated, namely, the k-nearest neighbors (KNN) and the random forest (RaFo) algorithm, respectively.

3.4. Jamming Scenarios

We assume that the jammer continuously transmits so as to overload the wireless medium conducting a DoS attack [31]. We investigate three different attack scenarios, namely, interference scenario, smart attack scenario, and constant attack scenario, each representing a jamming attack case that could affect a VANET in real life.

In the interference scenario, we assume that no jammer is present in the network. This scenario is useful for evaluating the efficiency of our method in differentiating jamming from interference. The vehicle travels, when, at some point, it passes through an area with significant RF interference that affects the communication with other vehicles or the RSU. The smart attack scenario models an intelligent jammer behavior [32]. This smart jammer is designed to start transmitting in a reactive way upon sensing energy above a certain threshold. We set the latter to  as it is empirically determined to be an average threshold between jammer sensitivity and false transmission detection rate [1833]. Using this minimum threshold, each ongoing transmission can be detected by the reactive jammer. The standard protocol wireless access in vehicular environment (WAVE) IEEE 802.11p orthogonal frequency-division multiplexing (OFDM) frame format consists of the OFDM PHY layer convergence protocol (PLCP) preamble, PLCP header, MAC header, wave short message protocol (WSMP) header, PLCP service data unit (PSDU), tail bits, and pad bits. In the PLCP preamble field, the preamble consists of ten identical short training symbols and two identical long training symbols. The smart jammer is designed to affect the header of the 802.11p frame sent from  to . When the next OFDM signal can be transmitted, there is an idle time of  required to set up the next transmission. If the detected energy exceeds the threshold during a certain time span , an ongoing 802.11p transmission is assumed by the jammer. The time interval of the detection is the sum between the idle time  and a small value as the detection time  to avoid reacting to sporadic noise power peaks. In the case where the detected energy exceeds the threshold during a certain time span, the jammer starts its transmission for a duration of  in order to jam a substantial part of the packet header to prevent being decoded by the receiver, as illustrated in Figure 2.
在干扰场景中,我们假设网络中不存在干扰器。该方案有助于评估我们的方法在区分干扰和干扰方面的效率。当车辆在某个时候经过具有明显射频干扰的区域时,车辆就会行驶,该区域会影响与其他车辆或 RSU 的通信。智能攻击场景模拟智能干扰器行为[32]。这种智能干扰器设计为在感应到能量超过特定阈值时以反应性方式开始传输。我们将后者设置为,因为根据经验,它被确定为干扰器灵敏度和错误传输检测率之间的平均阈值[18,33]。使用这个最小阈值,反应性干扰器可以检测到每个正在进行的传输。车载环境无线接入标准协议 (WAVE) IEEE 802.11p 正交频分复用 (OFDM) 帧格式由 OFDM PHY 层收敛协议 (PLCP) 前导码、PLCP 报头、MAC 报头、波形短报文协议 (WSMP) 报头、PLCP 服务数据单元 (PSDU)、尾位和焊盘位组成。在 PLCP 前导码字段中,前导码由 10 个相同的短训练符号和 2 个相同的长训练符号组成。智能干扰器旨在影响从 发送到 的 802.11p 帧的标头。当可以传输下一个OFDM信号时,需要一个空闲时间来设置下一个传输。如果检测到的能量在一定时间跨度内超过阈值,则干扰器假定正在进行的802.11p传输。检测的时间间隔是空闲时间与检测时间的小值之间的总和,以避免对零星噪声功率峰值做出反应。 如果检测到的能量在一定时间跨度内超过阈值,干扰器将开始传输一段时间,以干扰数据包报头的很大一部分,以防止被接收器解码,如图 2 所示。

Specifically, a smart jammer starts following the victim vehicle, while transmitting a jamming signal. When the jammer reaches its target at a distance of about , it retreats to a different position in order to stay undetected and transmits in a reactive way as described above. The most common approach in [33] is when the jammer keeps changing its transmission power, thus achieving the same disrupt or thwart in the communication (DoS attack) without the need of changing its distance from the target. With our smart attack, we aim at affecting the communication of the  pair, with the jammer detection being more difficult, pointing out the importance of the proposed VRS metric for the detection accuracy results. For that reason, the smart jammer alters also its position with the aim of staying undetected.

In the constant attack scenario, we study the case of a jammer that follows the receiver while transmitting constantly at a minimum power. When the jammer reaches its target, it begins transmitting constantly with its full power without any intention to stay undetected as in the smart attack scenario.

4. Proposed Detection System Based on Supervised Learning
4. 基于监督学习的检测系统

4.1. Relative Speed Estimation
4.1. 相对速度估计

In this section, we present the basic idea regarding the estimation of the relative speed  between the jammer and the victim vehicle. Based on the obtained values, the VRS metric is generated and then used for classification. The relative speed metric as defined in [10] is
在本节中,我们介绍了有关估计干扰器与受害车辆之间相对速度的基本思想。根据获取的值生成VRS指标,然后用于分类。[10] 中定义的相对速度指标为
where  and  are the speed of the jammer and the speed of the receiver, respectively.
其中 和 分别是干扰器的速度和接收器的速度。

From (3), the  multipath combined channels  are estimated, using a minimum mean square error (MMSE) estimator [9]. By exploiting the Doppler phenomenon for modeling the LOS  channel between the jammer and the receiver, we estimate the above-defined relative speed metric, as described in [9]. Note that the jammer estimation method is based on the passive communication between .

4.2. Proposed Algorithm

To make our detection method robust, apart from using physical and network metrics that were already used in related works, we use the VRS metric that is derived from the application layer and can be efficiently estimated from the RF signals (see Section 4.1). Our method uses this new metric, as an extrafeature in a cross-layer approach, along with other metrics from the physical layer for the classification process. All these metrics are presented in Table 1.

To generate the VRS metric for classification, we make three fundamental assumptions [34]:(1)When the relative speed is equal to zero and remains unchanged, it indicates the existence of a constant jammer that follows the victim vehicle(2)When the relative speed is not equal to zero and remains unchanged, it indicates the absence of a moving jammer as the relative speed is equal to the speed of the receiver and the speed of the jammer is equal to zero(3)When the relative speed is not equal to zero for a period of time and then becomes zero while remaining unchanged, it indicates the existence of a jammer that begins following the target after reaching it

The common characteristic of these assumptions is that the speed of the participating nonmalicious vehicles remains unchanged and is always greater than zero.

However, in a real-life scenario, such as the one that we study, the speed—and as a consequence the relative speed—may not remain constant during the observation period. In other words, if we want to accurately model an urban environment, we have to consider the fact that the vehicles can alter their travelling speed. To handle these real-life situations, while still using the previously presented assumptions, we introduce the Variations of Relative Speed (Algorithm 1) (VRS algorithm).

(1)  number of observations
(3)  array of estimated relative speed values
(4) array of real travelling speed values
(6) if[k] =  [k + 1] then
(9) else if [k] [k + 1] then
(12) end if
(14) while do
(15)  if[k]  0 then
(16)   if [k] [k − 1] then
(17)    if [k] =  [k] then
(20)    else if[k] [k] then
(23)    end if
(24)   else if [k] = [k − 1] then
(25)    if [k] [k] then
(28)  else if [k] =  [k] then
(29)   if ([k − 1] = [k − 1] &&
(30)   [k + 1] = [k + 1]) then
(33)   else
(35)     end
(36)   end if
(37)  end if
(38)  else if
(39)   [k] = 0 then
(40)    if [k]  0 then
(43)    else if [k] = 0 then
(44)     if [k − 1] =  [k − 1] then
(45)     if trigger = 0 then
(48)     else
(51)     end if
(52)     else if [k − 1] [k − 1] then
(55)     end if
(56)    end if
(57)   end if
(58)  end while
(60) return vrs

The VRS algorithm detects changes in the relative speed of the training sample. To ensure that the relative speed in the current time instance along with the speed from previous as well as subsequent observations are used along with a series of control flow statements, the algorithm is divided into two main parts; the first considers the case in which the relative speed value is not equal to zero and the second the opposite case, each one with its own logical checks to determine the existence of a threat.

Apart from the estimated relative speed, in order to handle cases of speed alterations, the speed of the receiver has to be examined as well. If  is not equal to zero, then either there is no jammer present (and only interference may potentially affect the wireless communication) or there is a jammer that has not yet reached the receiver. To identify in which case we are, we have to examine whether or not there has been a variation in the relative speed compared to a previous time instance.

Observing a variation in the relative speed, however, it is not, by itself, a clear indicator of the presence or absence of a jammer. For that reason, the speed of the receiver  is, also, used. The equality between the relative speed () and the speed , while  changes, indicates the absence of a jammer, since the speed of the jammer  is equal to zero and the speed of the receiver  is in fact the relative speed. On the contrary, a difference between  and  indicates the presence of a jammer that follows the receiver.

On the contrary, if no alteration of the relative speed is observed while the relative speed value is not equal to the speed value, a possible presence of a jammer is registered. This could occur in a situation where the target vehicle would reduce its speed due to an obstacle. Following our assumption, the jammer would, also, decrease its travelling speed, thus keeping the relative speed unchanged but also different from the travelling speed of the receiver. Contrary to the previous, if no alteration in the relative speed value is observed (for the previous and the next measurement), while having , we conclude that a jammer is not following the receiver.

Having examined the case where the observed relative speed value is not equal to zero, we proceed to the opposite case. With , a simplistic form of the proposed algorithm (VRS algorithm) is presented, indicating the existence of a jammer that has reached its target and follows it closely with the same speed. A real-life environment, however, is more complicated. If the travelling speed  of the receiver is not equal to zero, while , a jammer has reached the receiver and follows it while disrupting the communications. On the contrary, if the travelling speed is zero (while ), there might be a jammer present that has stopped moving (following the behavior of the target). In that case, we have to examine the previous observation for equality between relative speed and travelling speed as well as the trigger value to determine the situation.

The variables  and  represent an array of estimated relative speed values and real travelling speed values of the receiver, respectively, M is the number of the available observations upon which the algorithm operates, vrs is an array used to store the classification result (A for attack or NA for not attack) of the current observation, and trigger is a binary variable which indicates the presence of a jammer (value is equal to 1) or its absence (value is equal to 0). The NA and A values are two extreme and distinct values able to differentiate the attack from the no attack cases and guide the classification process.

4.3. Supervised Learning Algorithms

The supervised learning methods that are used in this work are KNN [35] and random forests [36]. Their choice does not affect the efficiency of our algorithm as our proposed feature is not constrained by the type of the supervised learning algorithm that is used. The VRS (Algorithm 1) generates the new metric which is used as an extrafeature for classification.

Both supervised learning techniques are very popular, with the KNN being robust against noisy training data like the ones obtained from a real-life urban environment and random forests being one of the most accurate algorithms, due to the fact that it reduces the chance of overfitting (by averaging several trees, there is a significantly lower chance of overfitting). As it is previously stated, our detection scheme is currently based on offline training that leverages the use of a dataset of collected measurements in order to train the classifier.

5. Simulation Setup

Figures 3(a)3(c) illustrate the behavior of the jammer by plotting how SINR varies in time for each of the three scenarios, namely, interference scenario, smart attack scenario, and constant attack scenario.

5.1. Supervised-Learning Testing Cases

Apart from the scenarios that we use to evaluate the performance of the overall system, we also created a series of test cases that are presented in Table 2. They allow for a deeper exploration of the proposed method depending on the set of observations that are utilized for both training and testing.

These cases only affect how the training and testing is performed, without any further implications in the scenarios. They are created in such a way so as to provide insight about the importance of using the VRS metric for classification under different circumstances [37]. Specifically, it is evaluated for the cases that use or omit the VRS metric as an extrametric for the classification process. For the sake of completeness, the trained prediction model is also tested using data that were collected under a receiver speed of 25 m/s, that is, under a speed different from the 15 m/s that we trained the prediction model. We also conducted additional experiments using data measurements from the 25 m/s receiver speed range used for training. Finally, the data are normalized prior to their use for training and testing. By normalization, we refer to the process of changing the data so as to belong in the 0-1 range. It should be noted that, in all the other cases than those declared, the data are not normalized prior to their use for training and testing.

5.2. VANET Simulation Assumptions

Regarding the details of our simulation setup, the speed of the vehicles involved in the legitimate communication , the initial distance between the jammer and the pair of , the distance that separates the receiver from the transmitter throughout the course of the simulation  as well as the power of all the transmitted signals , and the reference distance , with which the path loss component is estimated, are presented in Table 3.

The power of all transmitted signals is measured in milliwatts (mW) and is converted in the dBm scale prior to using them in the algorithm. Each signal that is transmitted from both the jammer and the transmitter consists of streams that are 500 bits long. In all scenarios, 1000 packets are transmitted from the transmitter to the receiver. Using a time sample of 0.1 sec, we simulate the system for 100 seconds and obtain 1000 measurements.

We used Veins that combines the Simulation of Urban Mobility (SUMO) and the OMNET++/VEINS [38]. SUMO is adopted as our traffic simulator and OMNET++ is used to simulate the wireless communication. Furthermore, the GEMV (a geometry-based efficient propagation model for V2V) [39] tool was integrated into the VEINS network simulator for a more realistic simulation of the PHY layer [32]. For describing the modeled area, GEMV takes the map of a real area as an input and uses the outlines of vehicles, buildings, and foliage. Based on the outlines of the objects, it forms R-trees. R-tree is a tree data structure in which objects in the field are bound by rectangles and are hierarchically structured based on their location in space. Hence, GEMV employs a simple geometry-based small-scale signal variation model and calculates the additional stochastic signal variation and the number of diffracted and reflected rays based on the information about the surrounding objects. Last, to set up and test our classification algorithms for the RF jamming attacks detection on the previously obtained data, we chose to use the programming language R [40]. Part of the Erlangen city (see the evaluation setup in [41]) is used for conducting the simulations.

6. Evaluation

6.1. Detection System Evaluation Setup

To underline the significance of our proposed system, we implement and analyze the performance of our model under the different cases presented previously. In particular, for each supervised learning testing case presented in Table 2, we execute a simulation which lasts for 300 seconds and is equally split in the three jamming scenarios discussed in Section 3.4 so that the first 100 sec represent the smart attack scenario, the next 100 sec represent the interference scenario, and the last 100 sec represent the constant attack scenario. All the above scenarios are independent from each other and are run at consecutive time instants.

To avoid testing with “previously seen data,” thus leading to biased classification results, we have to ensure that the training and testing sets are completely separated. So, prior to presenting the classification results, we have to define the size of the training and testing sets as well as the total number of observations used, so as to make them more interpretable. The overall simulation utilizes a set of 3000 observations equally split into the three attack scenarios examined. To avoid overfitting (overfitting occurs when the classifier tends to memorize the training set and thus generalize poorly when facing previously unseen data), only 30% of the total number of the observations are used for training, while the remaining 70% are used for testing.

Based on the ratio above, the number of the observations in the training set is 941 (that is, 293 observations from the interference scenario, 319 from the smart attack scenario, and 329 from the constant attack scenario), whereas the number of the observations in the testing set is 2059 (that is, 703 observations from the interference scenario, 685 from the smart attack scenario, and 671 from the constant attack scenario), randomly chosen but almost equally split among the three scenarios in both cases.
根据上述比率,训练集中的观测值数量为 941 个(即来自干扰场景的 293 个观测值、来自智能攻击场景的 319 个观测值和来自持续攻击场景的 329 个观测值),而测试集中的观测值数量为 2059 个(即来自干扰场景的 703 个观测值, 685 来自智能攻击场景,671 来自持续攻击场景),随机选择,但在两种情况下几乎平均分配在三种场景之间。

To present the classification results, the confusion matrix is used, where the rows represent classification output and the columns represent the ground truth. To evaluate the performance of our detection system in the various scenarios previously described, we use the accuracy of the prediction model. Accuracy is a measure that is obtained from the confusion matrix and is equal to the ratio of all the correctly predicted labels over all the predictions. The correctly predicted labels are the labels of the main diagonal of the confusion matrix. As an example of the above-defined confusion matrix for the accuracy calculation of our prediction model for the Same_KNN case compared to the Same_KNN-VRS case, we present the subsequent confusion matrices for the KNN algorithm (see Table 4).

6.2. Same_KNN-VRS vs. Same_KNN and Same_RaFo-VRS vs. Same_RaFo Case Classification Results
6.2. Same_KNN-VRS 与Same_KNN 和 Same_RaFo-VRS 与Same_RaFo病例分类结果

Starting from the first case, the accuracy of the prediction model achieved while using the VRS metric as an extrafeature in the classification process is 82.27% for the KNN and 80.04% for the random forest algorithm.

On the contrary, when omitting the VRS metric, we observe not only a drop in the classification accuracy but also a high confusion between interference and jamming cases. The accuracy of the prediction model is now equal to 79.16% and 76.54% for the KNN and the random forest algorithms, respectively, so the impact of the VRS metric is evident. Apart from the fact that it increases the success rate of the classification (compared to the cases where the VRS metric is omitted) it ensures, almost perfectly, the differentiation between the cases of intentional and unintentional jamming (see Table 5).
相反,当省略VRS指标时,我们不仅观察到分类精度下降,而且干扰和干扰情况之间也高度混淆。对于 KNN 和随机森林算法,预测模型的准确率现在分别等于 79.16% 和 76.54%,因此 VRS 指标的影响是显而易见的。除了它提高了分类的成功率(与省略VRS指标的情况相比)之外,它几乎完美地确保了有意和无意干扰情况的区分(见表5)。

6.3. Different_KNN-VRS vs. Different_KNN and Different_RaFo-VRS vs. Different_RaFo Case Classification Results
6.3. Different_KNN-VRS 与 Different_KNN 和 Different_RaFo-VRS 与 Different_RaFo 案例分类结果

As stated previously, these cases examine the situation in which training and testing are based on observations that were collected under different speeds. The accuracy achieved while using the VRS metric as an extrafeature in the classification process is equal to 66.97% for KNN and 69.84% for random forest, respectively.
如前所述,这些案例检查了训练和测试基于在不同速度下收集的观察结果的情况。在分类过程中使用 VRS 指标作为额外特征时,KNN 和随机森林的准确率分别为 66.97% 和 69.84%。

On the contrary, when the VRS metric is not used, the accuracy of the prediction model is reduced to 56% for the KNN and to 55.37% for the random forest algorithm. Figures 4 and 5 provide insight to the results for the random forest, respectively.
相反,当不使用 VRS 度量时,KNN 的预测模型准确率降低到 56%,随机森林算法的准确率降低到 55.37%。图 4 和图 5 分别提供了对随机森林结果的见解。

The color of the figures indicates the class in which each observation is predicted to belong to. The smart attack scenario is represented by the red and lasts for the first 100 seconds, the interference scenario is represented by the black lasts for the time interval 100–200 seconds, and the constant attack scenario is represented by the green color and lasts for the time time interval between 200 and 300 seconds(as described in Section 5.2). In Figure 4, we explain in more detail the detection process for each scenario:
图形的颜色表示每个观测值所属的类。智能攻击场景用红色表示,持续前 100 秒,干扰场景用黑色表示,持续 100-200 秒,持续攻击场景用绿色表示,持续 200 到 300 秒(如第 5.2 节所述)。在图 4 中,我们更详细地解释了每个场景的检测过程:
(1)The appearance of black or green colors in the smart attack scenario (0–100 seconds) indicates the misclassification of this scenario with the interference and the constant attack scenarios, respectively. On the contrary, the points with red color indicate a correct detection of this attack scenario.
在智能攻击场景(0-100 秒)中出现黑色或绿色表示该场景分别与干扰和持续攻击场景进行了错误分类。相反,带有红色的点表示正确检测到此攻击场景。
(2)The points with green or red colors in the interference scenario (100–200 seconds) indicate the misclassification of this scenario with the constant attack scenario and the smart attack scenario, respectively. The black color indicates a correctly detected of the interference scenario.
干扰场景(100-200 秒)中带有绿色或红色的点分别表示该场景与持续攻击场景和智能攻击场景的错误分类。黑色表示正确检测到干扰情况。
(3)Lastly, for the constant attack scenario during the time interval between (200–300 seconds), the presence of points with black or red colors indicates the misclassification with the interference and the smart attack scenarios, respectively. On the contrary, the appearance of the green color indicates a proper detection of the sonstant attack scenario.
最后,对于在200-300秒之间的时间间隔内的持续攻击场景,黑色或红色点的存在分别表示干扰和智能攻击场景的错误分类。相反,绿色的出现表明正确检测到了 sonstant 攻击场景。

Based on the classification results presented above, we can reach an important conclusion. When testing the prediction model with observations from a different speed—compared to the one used in training—we observe an overall reduction in accuracy. Nevertheless, the use of the VRS metric significantly increases prediction accuracy (in both supervised algorithms examined in this paper), while also achieving a clear separation between interference and jamming.

6.4. Norm_KNN-VRS vs. Norm_KNN and Norm_RaFo-VRS vs. Norm_RaFo Case Classification Results
6.4. Norm_KNN-VRS 与 Norm_KNN 和 Norm_RaFo-VRS 与 Norm_RaFo 案例分类结果

In these two cases, we try to determine whether normalizing the data prior to using them in training and testing affects the classification results, with and without the use of the VRS metric. The accuracy achieved while using the VRS metric is equal to 81.25% for the KNN algorithm and 80.09% for the random forest, with its omission leading to an accuracy equal to 78.1% and 76.4%, respectively. Once more, the use of the VRS metric in the classification process leads to a upturn in the accuracy of the prediction model. In addition to that, if we compare the previous classification results of the Same_KNN and Same_RaFo cases with the respective ones that derive when no normalization is applied to the data prior to their use, we observe that there is no significant increase in accuracy results. Thus, we conclude that a normalization of the measurements is not necessary. It should be noted that in all the previous and the next presented classification results, the data are not normalized prior to their use for training and testing.
在这两种情况下,我们尝试确定在训练和测试中使用数据之前对数据进行规范化是否会影响分类结果,无论是否使用 VRS 指标。使用 VRS 指标时,KNN 算法和随机森林的准确率分别为 81.25% 和 80.09%,省略 VRS 指标时,准确率分别为 78.1% 和 76.4%。再一次,在分类过程中使用 VRS 指标会导致预测模型的准确性提高。除此之外,如果我们将 Same_KNN 和 Same_RaFo 案例的先前分类结果与在使用之前未对数据应用归一化时得出的相应结果进行比较,我们观察到准确性结果没有显着提高。因此,我们得出结论,没有必要对测量进行归一化。应该注意的是,在之前和接下来呈现的所有分类结果中,数据在用于训练和测试之前不会进行归一化。

6.5. Same_KNN-VRS_25 m/s vs. Same_KNN_25 m/s and Same_RaFo-VRS_25 m/s vs. Same_RaFo_25 m/s Case Classification Results
6.5. Same_KNN-VRS_25 m/s 与 Same_KNN_25 m/s 和 Same_RaFo-VRS_25 m/s 与 Same_RaFo_25 m/s 案例分类结果

As already stated, our RF jamming attack detection system is based on offline training, using a dataset of measurements collected under a speed of 15 m/s so as to train the classifier prior to its use for testing. For the sake of completeness, we examine the Same_KNN-VRS and Same_RaFo-VRS and Same_KNN and Same_RaFo cases presented previously using the data measurements from a higher speed at about 25 m/s speed range for training.
如前所述,我们的射频干扰攻击检测系统基于离线训练,使用在 15 m/s 速度下收集的测量数据集,以便在用于测试之前训练分类器。为了完整起见,我们检查了 Same_KNN-VRS 和 Same_RaFo-VRS 以及之前介绍的Same_KNN和Same_RaFo案例,使用在大约 25 m/s 速度范围内从更高速度测量的数据进行训练。

For the Same_KNN-VRS_25 m/s and Same_RaFo-VRS_25 m/s cases, the accuracy of the prediction model achieved is equal to 94.46% for the KNN and 94.61% for the random forest algorithm. For the Same_KNN_25 m/s and Same_RaFo_25 m/s cases, on the contrary, the calculated accuracy is equal to 88.68% for the KNN and 89.22% for the random forest algorithm, respectively.
对于 Same_KNN-VRS_25 m/s 和 Same_RaFo-VRS_25 m/s 的情况,KNN 和随机森林算法的预测模型准确率分别为 94.46% 和 94.61%。相反,对于 Same_KNN_25 m/s 和 Same_RaFo_25 m/s 的情况,KNN 和随机森林算法的计算精度分别为 88.68% 和 89.22%。

From the classification results presented above, an important observation can be made. There is an increase in classification accuracy when the training is done using data from a higher speed. The higher classification accuracy comes from the fact that the increase in speed adversely influences the effects of jamming. More concretely, in the constant attack scenario, the jammer overtakes the sender-receiver pair faster, in the interference scenario, the sender-receiver pair remains in the jamming area for a shorter period of time, and in the smart attack scenario, the jammer reaches its target at a higher speed, thus the gradual effect of the jamming observed at lower speeds is greatly reduced. All the above lead to a significant increase in the quality of the measurements obtained, hence leading to higher classification accuracy as well as to better distinction between the different types of jammers affecting the communication, as seen in Figure 6, for the KNN algorithm.

We also investigate more thoroughly the effect of the relative speed metric in the detection probability of a RF jamming attack in a multiclass environment with three classes (class of reactive jamming attack, class of continuous jamming attack, and class of interference). In Figure 7, we present the detection probabilities of the proposed model using the KNN algorithm for a range of relative speed  . We observe that, in the medium range of  values, we achieve a perfect RF jamming detection result. This result is attributed to the specific characteristics of each type RF jamming attack. Specifically, the continuous jammer transmits continuously deteriorating the wireless communication between the transmitter-receiver. On the contrary, the reactive jammer starts its activity only when it retreats to a safe position (close to the receiver). So, for a small range of  values, both types of RF jamming attackers (reactive and continuous) have started their attack leading to several misclassification errors between the two corresponding classes. Finally, at higher  values over , we have some misclassification errors between the classes of reactive jamming and interference because the relative speed value is approximately equal to the speed of the receiver () when there is no attacker in the area but only a static RSU that interferes the wireless communication between the transmitter-receiver.
我们还更深入地研究了相对速度指标在具有三类(反应性干扰攻击、连续干扰攻击和干扰类)的多类环境中射频干扰攻击检测概率的影响。在图 7 中,我们展示了使用 KNN 算法在相对速度范围内所提出的模型的检测概率。我们观察到,在中等值范围内,我们获得了完美的射频干扰检测结果。这一结果归因于每种类型的射频干扰攻击的特定特征。具体而言,连续干扰器发射不断恶化发射机-接收机之间的无线通信。相反,无功干扰器只有在撤退到安全位置(靠近接收器)时才开始活动。因此,对于小范围的值,两种类型的射频干扰攻击者(反应式和连续式)都开始了攻击,导致两个相应类别之间的几个错误分类错误。最后,在较高的值下,我们在无功干扰和干扰类别之间存在一些误分类错误,因为当该区域没有攻击者而只有一个静态RSU干扰发射机-接收机之间的无线通信时,相对速度值大约等于接收机的速度()。

In Table 6, we summarize the classification accuracy, exploiting the usage of the proposed VRS metric as an extra feature, achieved while training with measurements from a speed of 15 m/s and a speed of 25 m/s, respectively.
在表 6 中,我们总结了分类准确性,利用所提出的 VRS 指标作为额外特征的使用,分别在 15 m/s 和 25 m/s 的速度进行测量时实现。

6.6. Result Summary and Comparison with State of the Art
6.6. 结果总结和与现有技术的比较

Figure 8 summarizes classification accuracy percentages that are presented above. These are achieved by both the KNN and the random forest algorithms when based only on the features previously used in the literature for jamming attack detection [26], compared to the proposed approaches, KNN-VRS and RaFo-VRS, that use the VRS metric. The VRS metric increases the accuracy of the classifier and ensures almost perfect differentiation between cases of intentional and unintentional jamming. When using the VRS metric while testing with data from the same speed, there is an increase up to about  in the classification accuracy. When testing with data of a different speed, the increase in accuracy is even greater up to about .
图 8 总结了上面显示的分类准确率百分比。与使用VRS度量的KNN-VRS和RaFo-VRS相比,仅基于文献中先前用于干扰攻击检测的特征[26]时,KNN和随机森林算法都可以实现这些目标。VRS 指标提高了分类器的准确性,并确保几乎完美地区分有意和无意干扰的情况。在使用相同速度的数据进行测试时使用 VRS 指标时,分类准确性会提高至高。当使用不同速度的数据进行测试时,精度的提高甚至更大,最高可达 .

We also compare the accuracy of the proposed scheme versus recent state-of-the-art work. We compare RF jamming detection methods with the same complexity and without using extrahardware (e.g., multiple antennas at the receiver [42]). For collecting the used jamming detection metrics, we assume only a completely passive scheme that is based on RF communication between the transmitter-receiver under the presence of a jammer in the area.

As we explained earlier, the authors in [24] proposed a federated learning-based on-device jamming attack detection security architecture for FANET. In order to compare our proposed RF jamming detection method with this method (Federated-Nischat-2019), we preprocess the simulated datasets to derive two unbalanced subdatasets. The first subdataset contains a higher percentage of nonjamming instances () and a lower percentage of jamming instances (). We show in Figure 9 that the method (Federated-Nischat-2019) achieves an accuracy of  under the ns-3 simulated FANET dataset. This performance is better only for the cases where VRS metric is not used.

We also compare the KNN and the RaFo algorithm for reactive and constant jamming attack detection using the cross-layer combination of metrics proposed by Feng et al. named (feng2018-KNN) and (feng2018-RaFo). We observe in Figure 10 that when the receiver moves at low speeds of , we have the same accuracy. When the receiver increases its speed and it moves with a speed of , our proposed jamming detection scheme using the VRS metric achieves a much better accuracy (an increase of about ) than the competing methods.

Finally, we compare with the work of Lyamin et al. [21], where the authors use historical observation of events in the V2V channel for the jamming detection. The method is evaluated for two jamming models: random and ON-OFF jamming. To represent random jamming in our model, the reactive jammer transmits its jamming signal randomly and independently with a probability  when it is triggered. When comparing the jamming detection results of the method [21] with the proposed jamming detection method for a random jammer with , we have a probability of attack detection (true positive rate) at about  for the random reactive jammer, while the method in [21] achieves a probability of attack detection at about  for the same type of jamming. Additionally, a priori knowledge about a platoon is employed for this method to achieve better detection results. Only when the number of receivers increases to 20 in the form of a platoon of vehicles (also increasing the received observations for the training phase), the method in [21] manages to reach the probability of attack detection that we achieve using our proposed jamming detection method with a single receiver.
最后,我们与Lyamin等人[21]的工作进行了比较,作者使用V2V信道中事件的历史观测来进行干扰检测。该方法针对两种干扰模型进行了评估:随机干扰和ON-OFF干扰。为了在我们的模型中表示随机干扰,反应性干扰器在触发干扰信号时随机且独立地传输其干扰信号。将方法[21]的干扰检测结果与所提出的随机干扰干扰检测方法进行比较时,我们发现随机反应干扰器的攻击检测概率(真阳性率)约为随机干扰器,而[21]中的方法在相同类型的干扰中实现了攻击检测概率。此外,该方法还采用了关于排的先验知识,以获得更好的检测结果。只有当接收器的数量以一排车辆的形式增加到 20 个时(也增加了训练阶段的接收观测值),[21] 中的方法才能达到我们使用我们提出的干扰检测方法实现的攻击检测概率与单个接收器。

From this set of comparative results, the effect of the proposed VRS metric in RF jamming classification is clear. Especially, when the receiver increases its speed to a speed of , the accuracy of the proposed method increases by over . This performance is much higher than the other corresponding methods in the literature.
从这组比较结果来看,所提出的VRS指标在射频干扰分类中的作用是显而易见的。特别是,当接收机将速度提高到 时,所提方法的精度提高了一半以上。这种性能远高于文献中的其他相应方法。

7. Conclusions 7. 结论

In this paper, we presented a method for detecting a specific type of DoS attack, namely, RF jamming, based on a cross-layer set of features and supervised machine learning. We introduced a novel metric from the application layer, namely, the variations of the relative speed between the jammer and the target. The relative speed is passively estimated from the combined value of the desired and the jamming signal at the target vehicle combined with metrics from the network and physical layer. To evaluate the significance of the proposed metric and its estimation algorithm, we implemented three different scenarios: two with a jammer and one with interference only.
在本文中,我们提出了一种基于跨层特征集和监督机器学习来检测特定类型的 DoS 攻击(即射频干扰)的方法。我们从应用层引入了一个新指标,即干扰器和目标之间相对速度的变化。相对速度是根据目标车辆的所需信号和干扰信号的组合值以及来自网络和物理层的指标被动估计的。为了评估所提出的指标及其估计算法的重要性,我们实现了三种不同的场景:两种使用干扰器,一种仅使用干扰。

With our work, we introduced a proactive approach against potential RF jamming attacks which is able to differentiate interference from malicious RF jamming. Additionally, it is able to distinguish the unique characteristics of each attack, especially when the offline training is conducted with a higher speed than . Through our evaluation results, we were able to highlight the vital role of the relative speed and its variations, in addition to other metrics obtained from the physical layer and in jamming detection and unintentional jamming cases differentiation, as well as in the overall increase in the prediction accuracy.
通过我们的工作,我们引入了一种针对潜在射频干扰攻击的主动方法,该方法能够将干扰与恶意射频干扰区分开来。此外,它能够区分每次攻击的独特特征,尤其是当离线训练以高于 .通过我们的评估结果,除了从物理层获得的其他指标外,我们还能够突出相对速度及其变化在干扰检测和无意干扰情况区分中的重要作用,以及在预测准确性的整体提高中。

As part of our future work, we plan to investigate the efficiency of our idea in complex vehicular networks with a large number of communicating nodes and several attackers. The target of this classification process will be the characterization of the behavior of a node as malicious or as regular node, mainly using the proposed VRS metric. The classification results can be collected and managed from a Trusted Central Authority (TCA) in an area with V2X communication. Having this information, the TCA could reroute vehicles towards more jamming friendly areas.
作为我们未来工作的一部分,我们计划研究我们的想法在具有大量通信节点和多个攻击者的复杂车辆网络中的效率。此分类过程的目标是将节点的行为描述为恶意节点或常规节点,主要使用建议的 VRS 指标。分类结果可以从具有 V2X 通信的区域中的可信中央机构 (TCA) 收集和管理。有了这些信息,TCA可以将车辆改道到更易干扰的区域。

Data Availability 数据可用性

The data presented in this study are available from the corresponding author upon request. The data are not publicly available due to privacy reasons.

Disclosure 披露

A preliminary version of the article appears on arxiv at https://arxiv.org/abs/1812.11886.
该文章的初步版本出现在 arxiv 上,网址为 https://arxiv.org/abs/1812.11886。

Conflicts of Interest 利益冲突

All authors declare no conflicts of interest.

References 引用

  1. J. Jo and M. Gerla, “Internet of vehicles and autonomous connected car-privacy and security issues,” in Proceedings of the 2017 26th IEEE International Conference on Computer Communication and Networks (ICCCN), Vancouver, BC, USA, July 2017.
    J. Jo 和 M. Gerla,“车联网和自动驾驶互联汽车隐私和安全问题”,2017 年第 26 届 IEEE 计算机通信与网络国际会议 (ICCCN) 论文集,美国不列颠哥伦比亚省温哥华,2017 年 7 月。

    View at: Google Scholar 查看: Google 学术搜索

  2. A. Herm, “Assume self-driving cars are a hacker’s dream? think again,” https://www.theguardian.com/technology/2017/aug/30/self-driving-cars-hackers-security, 2017, [Online; accessed 30-August-2017].
    A. Herm,“假设自动驾驶汽车是黑客的梦想?再想一想,“https://www.theguardian.com/technology/2017/aug/30/self-driving-cars-hackers-security,2017年,[在线;2017年8月30日访问]。

    View at: Google Scholar 查看: Google 学术搜索

  3. D. Cottingham, “What is vehicle platooning? driving tests,” 2017, https://www.drivingtests.co.nz/resources/what-is-vehicle-platooning/.
    D. Cottingham,“什么是车辆列队行驶?驾驶考试“,2017 年,https://www.drivingtests.co.nz/resources/what-is-vehicle-platooning/。

    View at: Google Scholar 查看: Google 学术搜索

  4. A. Hamieh, J. Ben-Othman, and L. Mokdad, “Detection of radio interference attacks in VANET,” in Proceedings of the Global Telecommunications Conference, pp. 1–5, GLOBECOM 2009. IEEE, Honolulu, HI, USA, December 2009.
    A. Hamieh、J. Ben-Othman 和 L. Mokdad,“VANET 中无线电干扰攻击的检测”,全球电信会议论文集,第 1-5 页,GLOBECOM 2009 年。IEEE,美国夏威夷州檀香山,2009 年 12 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  5. I. K. Azogu, M. T. Ferreira, J. A. Larcom, and H. Liu, “A new anti-jamming strategy for VANET metrics-directed security defense,” in Proceedings of the 2013 IEEE Globecom Workshops (GC Wkshps), pp. 1344–1349, Atanta, GA, USA, December 2013.
    I. K. Azogu、M. T. Ferreira、J. A. Larcom 和 H. Liu,“VANET 指标导向安全防御的新抗干扰策略”,载于 2013 年 IEEE Globecom 研讨会 (GC Wkshps) 会议记录,第 1344–1349 页,美国佐治亚州阿坦塔,2013 年 12 月。

    View at: Google Scholar 查看: Google 学术搜索

  6. O. Puñal, I. Aktaş, C. Schnelke, G. Abidin, K. Wehrle, and J. Gross, “Machine learning-based jamming detection for IEEE 802.11: design and experimental evaluation,” in Proceedings of the 2014 IEEE 15th International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), pp. 1–10, Sydney, Australia, June 2014.
    O. Puñal、I. Aktaş、C. Schnelke、G. Abidin、K. Wehrle 和 J. Gross,“IEEE 802.11 基于机器学习的干扰检测:设计和实验评估”,载于 2014 年 IEEE 第 15 届无线、移动和多媒体网络世界国际研讨会 (WoWMoM) 会议记录,第 1-10 页,澳大利亚悉尼,2014 年 6 月。

    View at: Google Scholar 查看: Google 学术搜索

  7. W. Xu, W. Trappe, Y. Zhang, and T. Wood, “The feasibility of launching and detecting jamming attacks in wireless networks,” in Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing, pp. 46–57, New York, NY, USA, May 2005.
    W. Xu、W. Trappe、Y. Zhang 和 T. Wood,“在无线网络中发起和检测干扰攻击的可行性”,载于 Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing,第 46-57 页,美国纽约州纽约市,2005 年 5 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  8. J. Grover, N. K. Prajapati, V. Laxmi, and M. S. Gaur, “Machine learning approach for multiple misbehavior detection in VANET,” in Proceedings of the International Conference on Advances in Computing and Communications, vol. 192, pp. 644–653, ACC, Kochi, India, July 2011.
    J. Grover、N. K. Prajapati、V. Laxmi 和 M. S. Gaur,“用于 VANET 中多种不当行为检测的机器学习方法”,载于 Proceedings of the International Conference on Advances in Computing and Communications,第 192 卷,第 644–653 页,ACC,印度科钦,2011 年 7 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  9. D. Kosmanos, A. Argyriou, and L. Maglaras, “Estimating the relative speed of RF jammers in VANETs,” Security and Communication Networks, vol. 2019, Article ID 2064348, 2019.
    D. Kosmanos、A. Argyriou 和 L. Maglaras,“估计 VANET 中射频干扰器的相对速度”,安全与通信网络,2019 年第 2 卷,文章 ID 2064348,2019 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  10. D. Karagiannis and A. Argyriou, “Jamming attack detection in a pair of RF communicating vehicles using unsupervised machine learning,” Vehicular Communications, vol. 13, pp. 56–63, 2018.
    D. Karagiannis 和 A. Argyriou,“使用无监督机器学习在一对射频通信车辆中检测干扰攻击”,车辆通信,第 13 卷,第 56-63 页,2018 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  11. M. Azizian, S. Cherkaoui, and A. S. Hafid, “Link activation with parallel interference cancellation in multi-hop VANET,” in Proceedings of the 2016 IEEE 84th Vehicular Technology Conference (VTC-Fall), Montreal, QC, Canada, September 2016.
    M. Azizian、S. Cherkaoui 和 A. S. Hafid,“多跳 VANET 中并行干扰消除链路激活”,2016 年 IEEE 第 84 届车辆技术会议 (VTC-Fall) 会议记录,加拿大魁北克省蒙特利尔,2016 年 9 月。

    View at: Google Scholar 查看: Google 学术搜索

  12. B. DeBruhl, S. Weerakkody, B. Sinopoli, and P. Tague, “Is your commute driving you crazy?: a study of misbehavior in vehicular platoons,” in Proceedings of the WiSec ’15 Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, vol. 22, New York, NY, USA, June 2015.
    B. DeBruhl、S. Weerakkody、B. Sinopoli 和 P. Tague,“Is your commute driving you crazy?: a study of misbehavior in vehicle platoons”,载于 WiSec ’15 会议记录,第 8 届 ACM 无线和移动网络安全和隐私会议记录,第 22 卷,美国纽约州纽约市,2015 年 6 月。

    View at: Google Scholar 查看: Google 学术搜索

  13. N. Bißmeyer, C. Stresing, and K. M. Bayarou, “Intrusion detection in vanets through verification of vehicle movement data,” in Proceedings of the Vehicular Networking Conference (VNC), pp. 166–173, IEEE, New York, NY, USA, December 2010.
    N. Bißmeyer、C. Stresing 和 K. M. Bayarou,“Intrusion detection in vanets through verification of vehicle movement data”,载于车辆网络会议 (VNC) 会议记录,第 166–173 页,IEEE,美国纽约州纽约市,2010 年 12 月。

    View at: Google Scholar 查看: Google 学术搜索

  14. S. Malebary, W. Xu, and C.-T. Huang, “Jamming mobility in 802.11 p networks: modeling, evaluation, and detection,” in Proceedings of the 2016 IEEE 35th International on Performance Computing and Communications Conference (IPCCC), pp. 1–7, Las Vegas, NV, USA, December 2016.
    S. Malebary、W. Xu 和 C.-T.Huang,“802.11 p 网络中的干扰移动性:建模、评估和检测”,2016 年 IEEE 第 35 届国际性能计算和通信会议 (IPCCC) 会议记录,第 1-7 页,美国内华达州拉斯维加斯,2016 年 12 月。

    View at: Google Scholar 查看: Google 学术搜索

  15. L. Nikita, K. Denis, D. Quentin, and V. Alexey, “Real-time jamming DoS detection in safety-critical V2V C-ITS using data mining,” IEEE Communications Letters, vol. 23, pp. 442–445, 2019.
    L. Nikita、K. Denis、D. Quentin 和 V. Alexey,“使用数据挖掘在安全关键型 V2V C-ITS 中进行实时干扰 DoS 检测”,IEEE Communications Letters,第 23 卷,第 442–445 页,2019 年。

    View at: Google Scholar 查看: Google 学术搜索

  16. L. Mokdad, J. Ben-Othman, and A. T. Nguyen, “DJAVAN: detecting jamming attacks in vehicle ad hoc networks,” Performance Evaluation, vol. 87, pp. 47–59, 2015.
    L. Mokdad、J. Ben-Othman 和 A. T. Nguyen,“DJAVAN:检测车辆自组网中的干扰攻击”,性能评估,第 87 卷,第 47-59 页,2015 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  17. A. T. Nguyen, L. Mokdad, and J. Ben Othman, “Solution of detecting jamming attacks in vehicle ad hoc networks,” in Proceedings of the 16th ACM international conference on Modeling, analysis & simulation of wireless and mobile systems, pp. 405–410, New York, NY, USA, November 2013.
    A. T. Nguyen、L. Mokdad 和 J. Ben Othman,“车辆自组网中检测干扰攻击的解决方案”,载于 Proceedings of the 16th ACM International Conference on Modeling, analysis & simulation of wireless and mobile systems,第 405–410 页,美国纽约州纽约市,2013 年 11 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  18. O. Puñal, C. Pereira, A. Aguiar, and J. Gross, “Experimental characterization and modeling of RF jamming attacks on VANETs,” IEEE Transactions On Vehicular Technology, vol. 64, no. 2, pp. 524–540, 2015.
    O. Puñal、C. Pereira、A. Aguiar 和 J. Gross,“VANET 射频干扰攻击的实验表征和建模”,IEEE Transactions On Vehicular Technology,第 64 卷,第 2 期,第 524–540 页,2015 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  19. A. Quyoom, R. Ali, D. N. Gouttam, and H. Sharma, “A novel mechanism of detection of denial of service attack (DoS) in VANET using malicious and irrelevant packet detection algorithm (MIPDA),” in Proceedings of the 2015 IEEE International Conference on Computing, Communication & Automation (ICCCA), pp. 414–419, Greater Noida, UP, May 2015.
    A. Quyoom、R. Ali、D. N. Gouttam 和 H. Sharma,“使用恶意和不相关的数据包检测算法 (MIPDA) 检测 VANET 中拒绝服务攻击 (DoS) 的新机制”,载于 2015 年 IEEE 计算、通信与自动化国际会议 (ICCCA) 论文集,第 414–419 页,大诺伊达,UP,2015 年 5 月。

    View at: Google Scholar 查看: Google 学术搜索

  20. S. RoselinMary, M. Maheshwari, and M. Thamaraiselvan, “Early detection of DoS attacks in VANET using attacked packet detection algorithm (apda),” in Proceedings of the 2013 IEEE International Conference on Information Communication and Embedded Systems (ICICES), pp. 237–240, Chennai, Tamil Nadu, India, February 2013.
    S. RoselinMary、M. Maheshwari 和 M. Thamaraiselvan,“使用攻击数据包检测算法 (apda) 对 VANET 中的 DoS 攻击进行早期检测”,载于 2013 年 IEEE 信息通信和嵌入式系统国际会议 (ICICES) 会议记录,第 237–240 页,印度泰米尔纳德邦金奈,2013 年 2 月。

    View at: Google Scholar 查看: Google 学术搜索

  21. N. Lyamin, D. Kleyko, Q. Delooz, and A. Vinel, “Real-time jamming dos detection in safety-critical v2v c-its using data mining,” IEEE Communications Letters, vol. 23, no. 3, pp. 442–445, 2019.
    N. Lyamin、D. Kleyko、Q. Delooz 和 A. Vinel,“使用数据挖掘在安全关键型 v2v c-its 中进行实时干扰 dos 检测”,IEEE Communications Letters,第 23 卷,第 3 期,第 442–445 页,2019 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  22. A. Benslimane and H. Nguyen-Minh, “Jamming attack model and detection method for beacons under multichannel operation in vehicular networks,” IEEE Transactions on Vehicular Technology, vol. 66, no. 7, pp. 6475–6488, 2017.
    A. Benslimane 和 H. Nguyen-Minh,“车载网络多通道操作下信标的干扰攻击模型和检测方法”,IEEE Transactions on Vehicular Technology,第 66 卷,第 7 期,第 6475–6488 页,2017 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  23. S. Hymlin Rose and T. Jayasree, “Detection of jamming attack using timestamp for wsn,” Ad Hoc Networks, vol. 91, Article ID 101874, 2019.
    S. Hymlin Rose 和 T. Jayasree,“使用 wsn 的时间戳检测干扰攻击”,Ad Hoc Networks,第 91 卷,文章 ID 101874,2019 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  24. N. I. Mowla, N. H. Tran, I. Doh, and K. Chae, “Federated learning-based cognitive detection of jamming attack in flying ad-hoc network,” IEEE Access, vol. 8, pp. 4338–4350, 2020.
    N. I. Mowla、N. H. Tran、I. Doh 和 K. Chae,“基于联邦学习的飞行自组织网络中干扰攻击的认知检测”,IEEE Access,第 8 卷,第 4338–4350 页,2020 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  25. Z. Feng and C. Hua, “Machine learning-based rf jamming detection in wireless networks,” in Proceedings of the 2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC), pp. 1–6, Shanghai, China, October 2018.
    Z. Feng 和 C. Hua,“无线网络中基于机器学习的射频干扰检测”,载于 2018 年第三届智慧城市安全、工业控制系统和通信 (SSIC) 国际会议论文集,第 1-6 页,中国上海,2018 年 10 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  26. G. Kasturi, A. Jain, and J. Singh, “Machine learning-based rf jamming classification techniques in wireless ad hoc networks,” in Proceedings of the WIDECOM 2020:nternational Conference on Wireless, Intelligent and Distributed Environment for Communication, Toronto, Canada, May 2020.
    G. Kasturi、A. Jain 和 J. Singh,“无线自组织网络中基于机器学习的射频干扰分类技术”,载于 WIDECOM 2020 年会议记录:无线、智能和分布式通信环境国际会议,加拿大多伦多,2020 年 5 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  27. M. Hachimi, G. Kaddoum, G. Gagnon, and P. Illy, “Multi-stage jamming attacks detection using deep learning combined with kernelized support vector machine in 5g cloud radio access networks,” in Proceedings of the 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–5, Montreal, QC, USA, October 2020.
    M. Hachimi、G. Kaddoum、G. Gagnon 和 P. Illy,“在 5G 云无线接入网络中使用深度学习结合核化支持向量机进行多阶段干扰攻击检测”,载于 2020 年网络、计算机和通信国际研讨会 (ISNCC) 论文集,第 1-5 页,美国魁北克省蒙特利尔,2020 年 10 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  28. D. Kosmanos, A. Pappas, F. J. A. Navarro et al., “Intrusion detection system for platooning connected autonomous vehicles,” in Proceedings of the SEEDA-CECNSM conference, Piraeus, Greece, September 2019.
    D. Kosmanos、A. Pappas、F. J. A. Navarro 等人,“用于列队行驶联网自动驾驶汽车的入侵检测系统”,载于 SEEDA-CECNSM 会议论文集,希腊比雷埃夫斯,2019 年 9 月。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  29. S. Sharanya and S. Karthikeyan, “Classifying malicious nodes in VANETS using support vector machines with modified fading memory,” ARPN Journal of Engineering and Applied Sciences, vol. 12, no. 1, pp. 171–176, 2017.
    S. Sharanya 和 S. Karthikeyan,“使用具有改进衰落内存的支持向量机对 VANETS 中的恶意节点进行分类”,ARPN 工程与应用科学杂志,第 12 卷,第 1 期,第 171–176 页,2017 年。

    View at: Google Scholar 查看: Google 学术搜索

  30. D. Tse and P. Viswanath, in Fundamentals of Wireless Communication, Cambridge University Press, Cambridge, UK, USA, 2005.
    D. Tse 和 P. Viswanath,《无线通信基础》,剑桥大学出版社,英国剑桥,美国,2005 年。

  31. S. Munazza, K. Muazzam, K. Umair Shafiq, and S. Nazar, “Detection and prevention of distributed denial of service attacks in VANETs,” in Proceedings of the 2016 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, December 2016.
    S. Munazza、K. Muazzam、K. Umair Shafiq 和 S. Nazar,“检测和预防 VANET 中的分布式拒绝服务攻击”,2016 年计算科学和计算智能国际会议 (CSCI) 论文集,美国内华达州拉斯维加斯,2016 年 12 月。

    View at: Google Scholar 查看: Google 学术搜索

  32. D. Kosmanos, N. Prodromou, A. Argyriou, L. A. Maglaras, and H. Janicke, “MIMO techniques for jamming threat suppression in vehicular networks,” Mobile Information Systems, vol. 2016, Article ID 8141204, pp. 1–9, 2016.
    D. Kosmanos、N. Prodromou、A. Argyriou、L. A. Maglaras 和 H. Janicke,“用于车辆网络干扰威胁抑制的 MIMO 技术”,Mobile Information Systems,2016 年第 2016 卷,文章 ID 8141204,第 1-9 页,2016 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  33. M. Strasser, B. Danev, and C. Srdjan, “Detection of reactive jamming in sensor networks,” ACM Transactions On Sensor Networks, vol. 7, 2010.
    M. Strasser、B. Danev 和 C. Srdjan,“传感器网络中反应性干扰的检测”,ACM Transactions On Sensor Networks,第 7 卷,2010 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  34. D. Kosmanos, D. Karagiannis, A. Argyriou, S. Lalis, and L. Maglaras, “RF jamming classification using relative speed estimation in vehicular wireless networks,” 2018, https://arxiv.org/abs/1812.11886.
    D. Kosmanos、D. Karagiannis、A. Argyriou、S. Lalis 和 L. Maglaras,“在车载无线网络中使用相对速度估计进行射频干扰分类”,2018 年,https://arxiv.org/abs/1812.11886。

    View at: Google Scholar 查看: Google 学术搜索

  35. O. Sutton, “Introduction to k nearest neighbour classification and condensed nearest neighbour data reduction,” University lectures, University of Leicester, Leicester, England, 2012.
    O. Sutton,“k最近邻分类和浓缩最近邻数据约简简介”,莱斯特大学讲座,英国莱斯特,2012年。

    View at: Google Scholar 查看: Google 学术搜索

  36. A. Liaw and M. Wiener, “Classification and regression by random forest,” R News, vol. 2, no. 3, pp. 18–22, 2002.
    A. Liaw 和 M. Wiener,“随机森林的分类和回归”,《R News》,第 2 卷,第 3 期,第 18-22 页,2002 年。

    View at: Google Scholar 查看: Google 学术搜索

  37. D. Karagiannis, Wireless Jamming Detection in Vehicular Networks Using Machine Learning and Cross-Layer Data, University of Thessaly, Department of Electrical and Computer Engineering, Thessaly, Greece, 2018, http://hdl.handle.net/11615/48295.
    D. Karagiannis,使用机器学习和跨层数据在车辆网络中进行无线干扰检测,色萨利大学电气与计算机工程系,希腊色萨利,2018 年,http://hdl.handle.net/11615/48295。

  38. C. Sommer, R. German, and F. Dressler, “Bidirectionally coupled network and road traffic simulation for improved IVC analysis,” IEEE Transactions On Mobile Computing, vol. 10, no. 1, pp. 3–15, 2015.
    C. Sommer、R. German 和 F. Dressler,“用于改进 IVC 分析的双向耦合网络和道路交通仿真”,IEEE Transactions On Mobile Computing,第 10 卷,第 1 期,第 3–15 页,2015 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  39. M. Boban, J. Barros, and O. K. Tonguz, “Geometry-based vehicle-to-vehicle channel modeling for large-scale simulation,” IEEE Transactions on Vehicular Technology, vol. 63, p. 4146, 2016.
    M. Boban、J. Barros 和 O. K. Tonguz,“用于大规模仿真的基于几何的车对车通道建模”,IEEE Transactions on Vehicular Technology,第 63 卷,第 4146 页,2016 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  40. “What is r?” 2017, https://www.r-project.org/about.html.

    View at: Google Scholar 查看: Google 学术搜索

  41. D. Kosmanos, L. Maglaras, M. Mavrovouniotis et al., “Route optimization of electric vehicles based on dynamic wireless charging,” IEEE Access, vol. 6, pp. 42 551–42 565, 2018.
    D. Kosmanos、L. Maglaras、M. Mavrovouniotis 等人,“基于动态无线充电的电动汽车路线优化”,IEEE Access,第 6 卷,第 42 551–42 565 页,2018 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索

  42. S. Xu, W. Xu, C. Pan, and M. Elkashlan, “Detection of jamming attack in non-coherent massive simo systems,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 9, pp. 2387–2399, 2019.
    S. Xu、W. Xu、C. Pan 和 M. Elkashlan,“非相干大规模 simo 系统中干扰攻击的检测”,IEEE Transactions on Information Forensics and Security,第 14 卷,第 9 期,第 2387–2399 页,2019 年。

    View at: Publisher Site | Google Scholar
    查看: 出版商网站 |Google 学术搜索


原文始发于Dimitrios Kosmanos,1Dimitrios Karagiannis,1Antonios Argyriou,1Spyros Lalis,1and Leandros MaglarasRF Jamming Classification Using Relative Speed Estimation in Vehicular Wireless Networks

版权声明:admin 发表于 2023年11月27日 下午6:41。
转载请注明:RF Jamming Classification Using Relative Speed Estimation in Vehicular Wireless Networks | CTF导航