Anomaly-based intrusion detection of protocol-aware jamming

In this paper, we apply the existing framework of anomaly-based intrusion detection (ABID) to the problem of detecting protocol-aware jammers. These types of jammers target MAC or NET layer control messages in an attempt to increase jamming effectiveness and remain harder to detect. ABID systems detect activities that deviate significantly from the normal profile. Signature recognition is based on storing signatures of known intrusion scenarios, and detecting the presence of these signatures in real-time. By choosing a suitable set of features, a high probability of correct detection can be achieved. Our proposed detection strategy involves tracking the statistics of signal-to-noise ratio (SNR) and packet type (critical or non-critical). An alternative strategy that only requires information about packet loss is also provided. Through simulation, we show that these types of jammers can be detected in a large portion of scenarios.