Proactive Attacker Localization in Wireless LAN

Chuan Han, Siyu Zhan, and Yaling Yang
Appears in: 
CCR April 2009

This paper addresses the open problem of locating an attacker that intentionally hides or falsifies its position using advanced radio technologies. A novel attacker localization mechanism, called Access Point Coordinated Localization (APCL), is proposed for IEEE 802.11 networks. APCL actively forces the attacker to reveal its position information by combining access point (AP) coordination with the traditional range-free localization. The optimal AP coordination process is calculated by modeling it as a finite horizon discrete Markov decision process, which is efficiently solved by an approximation algorithm. The performance advantages are verified through extensive simulations.

Public Review By: 
Suman Banerjee

The paper presents a technique to localize WLAN intruders. Traditionally, this problem has been solved by assuming that multiple observers (usually Access Points) can simultaneously observe the intruder’s transmissions, and use time delays, angle of arrival, or signal strength information to localize the intruder. The authors of this work consider a more capable intruder, who can, for example, beamform its transmissions to be heard by one or few Access Points. The fewer the number of such observers, the less accurate can be the localization process. The novelty of this work is a proactive technique that forces that intruder to expose its transmissions to more Access Point observers. Essentially, the authors propose a coordinated system in which the current Access Point serving an intruder observes the latter’s transmission characteristics for a short while and then dissociates it. At that time, a different Access Point, located elsewhere but part of the same WLAN system, accepts this intruder, provides access to its traffic for a little while, and then dissociates it again. As the process repeats, the intruder transmission characteristics get exposed to many observers allowing localization. A core part of the paper is focused on determining the sequence of Access Points that should serve the intruder for faster and more accurate localization.
The core idea is quite interesting and was appreciated by all reviewers. Clearly there are many interesting next questions that need careful exploration. The system works on a somewhat long timescale over which the intruder is assumed to be fairly stationary. So can this be adapted to mobile intruders? What happens when the intruder is aware of the WLAN’s strategy of localization and tries to throw off the localization process in some way? The work is simulation-based, and clearly an implementation of the system will throw up some new challenges such a system will have to address. The localization system depends on a somewhat high density of observers in the environment. What is the trade-off between observers and accuracy of localization in this manner?
Overall, a fairly interesting piece of work, that clearly warrants further exploration.