Forensic Analysis of Packet Losses in Wireless Networks

Due to the lossy nature of wireless links, it is difficult to determine if packet losses are due to wireless-induced effects or from malicious discarding. Many prior efforts on detecting malicious packet drops rely on evidence collected via passive monitoring by neighbor nodes. However, they do not analyze the cause of packet losses. In this paper, we ask: 1) Given certain macroscopic parameters of the network (like traffic intensity and node density) what is the likelihood that evidence exists with respect to a transmission? 2) How can these parameters be used to perform a forensic analysis of the reason for the losses? Toward answering the above questions, we first build an analytical framework that computes the likelihood that evidence (we call this transmission evidence, or TE for short) exists with respect to transmissions, in terms of a set of network parameters. We validate our analytical framework via both simulations as well as real-world experiments on two different wireless testbeds. The analytical framework is then used as a basis for a protocol within a forensic analyzer to assess the cause of packet losses and determine the likelihood of forwarding misbehaviors. Through simulations, we find that our assessments are close to the ground truth in all examined cases, with an average deviation of 2.3% from the ground truth and a worst case deviation of 15.0%.