A FUZZY BASED DETECTION TECHNIQUE FOR JAMMING ATTACKS

IN IEEE 802.15.4 LOW RATE WIRELESS PERSONAL AREA NETWORK

C Balarengadurai1 ,Dr S Saraswathi2 and J srikanth3
1
Research Scholar, Department of Computer Science and Engineering, ManonmaniamSundarnar University,
Tirunelveli, India, cbalarengadurai@yahoo.com
2
Associate Professor, Department of Information Technology, Pondicherry Engineering College, Puducherry, India,
swathi@pec.edu
3Associate Professor, Department of Computer Science and Engineering, Auroras Engineering College, Hyderabad,
India, jsrikanth@aurora.ac.in

communication, respectively [2][3]. Nowadays,

Abstract : Detection mechanism against distributed
however, with the help of a wireless sniffer, jammers
denial of service (DDoS) attacks is a critical component
can easily obtain transmitting packets in the open
of any security system as these attacks can affect the
wireless communication environment that will allow
availability of a node or an entire network. In this work,
them to analyze changes in critical parameters and jam
we focus the jamming attacks at the PHY and MAC
the channel smarter. These parameter scan reveal some
layers in IEEE 802.5.4 low rate wireless personal area
configuration information (e.g. transmission and
network (LR-WPAN). This type of attack not only
countermeasure) the network is using. Therefore,
blocks the ongoing communication in the network, but
jammers can dynamically adjust their strategy of attack
also causes the wireless nodes to exhaust their energy
after detecting the kind of environment that will make it
much earlier than expected. Collisions in wireless
possible for them to maximize their damage to the
networks occur due to varying factors such as jamming
network, e.g. by the reduction of network throughput.
attacks, hidden terminal interferences and network
Similarly, in order to fully utilize the channel
congestion. To increase the reliability of attack
bandwidth, legitimate users can dynamically change
detection, it is necessary to provide enhanced detection
their defense strategies in response to the detection. In
mechanisms that can determine the actual cause of
this paper, we propose a fuzzy logic system for
channel collisions. To address this, we designed a fuzzy
detecting the jamming attacks in low rate wireless
logic system to detect the jamming attacks in IEEE
personal area networks which uses an anomaly based
802.1.5.4.It is an attack detection mechanism which
approach and operates in a distributed manner and we
uses an anomaly based approach and operates in a
can distinguish attack scenarios from the impact of
distributed manner and we can distinguish attack
traffic load on network behavior. The rest of the paper is
scenarios from the impact of traffic load on network
organized as follows; Section 2 describes the related
behavior. By stimulation results, the system with high
workof jamming attacks in wireless networks.
robustness ability and the effectiveness of our scheme in
Then,section 3 deals with objective and metrics for
detection of jamming attacks with the improved
jamming attack detection. Next, proposed method of
precision.
jamming attack detection using fuzzy systems in section
4. In section 5 deals with the performance analysis and
Keywords: DDoS, Detection, FLS, IEEE 802.15.4,
evaluation parameter and finally, we conclude in section
Jamming, Security.
6.

INTRODUCTION
RELATED WORK
DDoS is one such security threat that prevents
Jamming is a typical attack in wireless networks, which
authorized users from gaining access to the wireless
can disrupt wireless communication by emitting
channel by disrupting network operations, impacting
interference signals. IEEE 802.15.4-compliant wireless
network connectivity and availability in IEEE 802.15.4.
networks are susceptible to jamming attacks since such
One of the simplest DDoS attacks is jamming the
networks are composed of small energy-constrained
wireless communication medium. The jamming attack
devices to execute some tasks without a central
is one of the security threats that can lead to great
powerful monitoring node. DEEJAM [4] protocol is an
damage in the real world. Jamming is a special category
amalgamation of frame masking, channel hopping,
of DoS attacks which is used in wireless networks,
packet fragmentation and redundant encoding in order
where an attacker is respects the medium access control
to detect the four defensive mechanisms for hiding
(MAC) protocol [1] and transmits on the shared channel
communication from jammer, evading its search and
either continuously or periodically to target all or some
reducing its impact. But the technique is complex

253
involving complicated calculation and results in more
overhead. Various jamming attacks and defending
strategies [5], [6], [7], [8] are proposed. Attackers
launch jamming attacks at the access layer by either
corrupting control packets or occupying the channel for
the maximum allowable time, so that the network
throughput will decrease [5]. By observing the channel
and learning protocols semantics, various jamming
attacks aimed at different MACprotocols in sensor
networks are proposed in [6] to attack the network
effectively. However, they are either static or not
energy-efficient. Some efficient strategies are proposed
in [9], [10]. The work in [9] discusses a low-energy
attack that destroys a packet by jamming only a few
bits, such that the code error correction functionality
will take on an excessive load. To save energy, a
jammer controls the probability of jamming and the
transmission range to cause maximal damage to the
network in terms of corrupted communication links
[10]. However, the access probability is difficult to get
hold of and the transmission range is greatly affected by
the surroundings. A DOMINO system [11] which
conducts tests on the access point to detect MAC layer
misbehaviors such as backoff manipulation. Such
infrastructure based monitoring schemes are however
difficult to implement in ad hoc networks with no fixed
infrastructure. This presents the need for a decentralized
monitoring mechanism to detect jamming attacks in ad
hoc networks. A cross layer monitoring mechanism to
evaluate node cooperation and lower false positives rate
using information from physical, MAC and routing
layers [12].Even with a monitor deployed in the
network, jamming attacks are difficult to detect as they
are often indistinguishable from other network
abnormalities. For instance, collisions in wireless
channel can occur as a result of jamming attack or due
to interference from hidden terminal transmissions. The
empirical measurements based on signal strength and
packet delivery ratio are combined to diagnose the
presence of a jammer [13].The authors here made an
important observation that no single measurement is
sufficient to reliably classify jamming attack. We build
our work on the basis of this observation and develop a
detection mechanism that removes the ambiguity in
detecting jamming from congested scenarios. In this
work, we focus on detecting jamming attacks that occur
at both physical and MAC layers of an IEEE 802.15.4
LRWPAN.
JAMMING ATTACKS MODEL
The objective of the adversary causing a jamming attack
is to prevent a legitimate sender or receiver from
transmitting or receiving packets. Adversaries can
launch jamming attacks at multiple layers of the
protocol suite. In this work, we elaborate the attack
models in PHY and MAC layer , which are in fact, the
derivatives of the model proposed by [4][13], redefined
254
to suite for fuzzy system to detect the attacks models in
the following sections.
Constant Jamming: It continuously emits a signal on
the medium meaning that there are no silent time
intervals in its transmission. Hence, forcing legitimate
nodes in the range to always back-off, i.e. starve.
Random Jamming: In contrast to the constant
jamming, a random jamming suspends its transmission
during a specified time in regular intervals. A modified
version is the random jamming, which uses a random
duration, a random interval or both.
Reactive Jamming: Reactive jamming requires the
sensing of the channel. As the transmission is detected,
jammer starts its intrusion. A more advanced form of
reactive jamming includes the analysis of the detected
regular data stream. The jamming is then applied
systematically to frames from or to specific nodes or to
frames of a certain type.
Deceptive Jamming: Deceptive jamming denotes
attacks where false messages are sent to the channel
with the objective of disturbing the organization of the
network. In case of Wireless networks, this could be
spoofed management or control frames. This way, also
higher layer vulnerabilities may be easily exploited in
order to launch denial of service attack.
Metrics for Jamming Attack Detection
According to[13] define a jammer to be an entity who
is purposefully trying to interfere with the physical
transmission and reception of wireless
communications. This can be achieved by the jammer
by attacking at the PHY layer or at MAC layer. At the
PHY layer, the jammer can only jam the receiver by
transmitting at high power at the network frequency and
lowering the signal-to noise ratio below the receivers
threshold; however, it cannot prevent the transmitter
from transmitting, and hence it cannot jam the
transmitter. At the MAC layer, it can jam the receiver
by corrupting legitimate packets through protocol
violations, and can also jam the transmitter by
preventing it to transmit by capturing the carrier through
continuous transmission. With this modus operandi of
the jammer at the background, we examine the
suitability of variousmetrics, as suggested by different
scholars, for detecting jamming attack on a wireless
networks [2] [7]. We select SNR and BPR as the
jamming attack metrics for our system. However, we
prefer to call the BPR as Packets Dropped per Terminal
(PDPT) because our PDPT is the average BPR of a node
during a simulation cycle
Bad Packet Ratio (BPR):BPR is same as that PDR[14]
which is to be measured at the receiver-
end.However[15] call it BPR and define BPR as the
ratio of the number of bad packets received by a node
to the total number of packets received by the node over
a given period of time. We find BPR to be a very
effective metric which can indicate all types of
jamming, is easily quantifiable, and is fit for IEEE
802.15.4 where the system of acknowledgements is not
required. The CRC is a normal procedure which nodes
have to do under most of the existing protocols to check
whether a received packet is correct or erroneous. If the
packet is correct (good packet), it is received or queued
for further transmission, and if the packet is erroneous
(bad packet), it is dropped and their count is maintained.
Therefore, both values, the number of bad packets and
the number of total received packets, are readily
available for computing the BPR without imposing any
significant burden on the system. Also, there is no
sampling or fixing of thresholds involved here. We find
this metric suitable for our system.
Signal-to-Noise Ratio (SNR) or Signal-to Jammer
Power Ratio (SJR): Although there is a subtle
difference between SNR and SJR, we have considered
these to be the same because, in our model jammer is
the predominant noise source, and have used these
terms interchangeably. SNR is calculated as the ratio of
the received signal power at a node to the received noise
power (or jammer power) at the node. It is almost an
effective metric to identify a jamming attack at the
physical layer as there can be no jamming at the
physical layer without the SNR dropping low. However,
some other metrics like PDR, BPR, or BER which can
identify a MAC layer attack should be used with SNR
for making it almost full- proof to detect jamming.
The reasons for this choice have been discussed
above, and the same are summarized as follows:
The received radio power at a node is easily
measurable as nodes are/can be provided with RF
power meter.
In our system, the node simply keeps the base
station informed about the received radio power, at a
time interval as decided by the base station. The
base station calculates the jammer (noise) power by
subtracting the average legitimate signal power of
the node from the current power. The ratio of the
two powers is then calculated by the base to get the
SNR. Thus there are no overheads involved at the
node level.
The node keeps the base station informed about the
number of good packets and total packets received
by it during a time interval, as decided by the base
station, in a normal routine way. The base station
calculates the BPR (or, PDPT) for each node. Thus,
the nodes are not burdened additionally.
The combination of SNR and BPR (PDPT) is
capable of detecting any form of jamming attacks.
PROPOSED METHOD
Description
We now propose a fuzzy logic system-based jamming
detection method which follows a centralized approach,
wherein the jamming detection is done by the base
255
station based on the input values of the jamming
detection metrics received by it from the respective
nodes. This is done in our method through an algorithm
called Fuzzy K-Means Clustering. The sophistication
of the method lies in doing away with the requirement
of communicating with the neighbor nodes for
neighborhood check. This enhances the survivality of
the system during jamming. There are three inputs
required to be sent by the nodes to the base station.
First, the number of total packets received by it during a
specified time period. Second, the number of packets
dropped by it during the period and Third, the received
signal strength (RSS). The former two metrics are
normally sent to the base as part of the network health
monitoring traffic at a pre-decided frequency, as part of
most of the existing network management protocols.
The third metric, RSS has to be additionally sent to the
base station in our scheme. This can be preferably sent
packaged with the former two parameters, or else, sent
independently. The base station computes the power
received by the node from the jammer, if any, by
finding the differential between the current RSS and
normal RSS values. Thereafter, the base station
computes the PDPT and SNR from these values, as
discussed in the previous section. Then the base station
uses the values of PDPT and SNR as inputs to a fuzzy
inference system to get Jamming Index (JI) as output
of the system. The JI value varies from 0 to 100,
signifying No Jamming to Absolute Jamming
respectively. In this way, the base station is able to
grade the intensity of jamming being experienced by
each node through the JI parameter. It can decide the
lower cut-off value of JI to conclude that all nodes
whose JIs are greater than the lower cut-off value are
Jammed while the others are Not Jammed. The
further details are going to discuss and described in the
following sub-sections.
Detection of Jamming Attacks using Fuzzy Logic
System
Fuzzy Logic System: The block diagram of fuzzy logic
system (FLS) isin[19] [20].Fuzzy logic uses fuzzy set
theory, in which a variable is a member of one or more
sets, with a specified degree of membership. Fuzzy
logic allow us to emulate the human reasoning process
in computers, quantify imprecise information, make
decision based on vague and incomplete data, yet by
applying a defuzzification process, arrive at definite
conclusions. The FLS mainly consists of four blocks,
namelyfuzzifier, fuzzy rule, fuzzy inference and
defuzzifier. Fuzzy logic is capable of making real-time
decisions, even with incomplete information.
Conventional control systems rely on an accurate
representation of the environment, which generally does
not exist in reality. Fuzzy logic systems, which can
manipulate the linguistic rules in a natural way, are
hence suitable in this respect. In addition, it can be used
for context by blending different parameters - rules defuzzifier computes a crisp output from these rule
combined together to produce the suitable result [20]. output sets. It can be performed in different methods.
Fuzzy Sets and Membership functions: If X is a We have chosen the centroid of region gravity (COG).
collection of objects, called the universe of discourse In this method, the centroid of each membership
denoted generically by q, then a fuzzy set Ain X is function for each rule is first evaluated. The final output
defined as a set of ordered pairs: JI, which is equal to COG, is then calculated as the
A {(q, A (q)) : q Q} (1) average of the individual centroid weighted by their
membership values as follows:
Where, A (q) is called the membership function (MF) b
for the fuzzy set A. The MF maps each element of Q to ( A (q) * q)
a membership grade (or membership value) between 0 q a
and 1.We defines three fuzzy sets each over the two JI=COG= b
(3)
universes of discourse for input namely, SNR and PDPT
[16]; the values are LOW, MEDIUM, and HIGH. For
q a
A (q)
output, four fuzzy sets are defined over the universe of
discourse, JI: the values are NO (meaning normal), Where JI/COG is the output of the defuzzification,
LOW, MEDIUM, and HIGH where SNR and BPR (or, A (q) and q are the input variables of the membership
PDPT) are the crisp inputs to the system and JI is the
function A. The complete process of calculating the
crisp output obtained from the system after
crisp values of the JI from the input values SNR and
defuzzification using the centroid method.
PDPT for every node is done through NS-2 stimulation
Fuzzification: Fuzzification of the two crisp inputs
SNR and PDPT are determining the degree to which
these inputs belong to each of the appropriate fuzzy sets, Sl.No SNR PDPT JI
which are mapped into fuzzy membership functions. To 1. Low Low High
define the fuzzy membership function, trapezoid shape 2. Low Medium High
has been chosen in this detection method. We define the 3. Low High High
membership function below: 4. Medium Low Low
q a 5. Medium Medium Medium
b a , a q b 6. Medium High High
7. High Low No
1, b q c 8. High Medium Low
A (q) 9. High High Low
d q ,c q d
d c Table 1.Fuzzy Rule Base
0, otherwise
(2) Confirmation of Jamming Attack Detection thro
Fuzzy K-Means Clustering
where the different values of the variables are as given
in[17], which have been fixed through two phases: All Nodes has been assigned a crisp jamming index (JI)
firstly, as per the mean of the values obtained from the as per its SNR and PDPT values by the base station
proficient, and secondly, by the correction of these through the abovementioned method, the base station
values through a feed-back factor generated by now confirms the node can be declared jammed or not
comparing the actual result and the expected result. jammed by looking at the jamming indices of
Fuzzy Inference: Fuzzy inference is the second step in neighboring nodes. This is done by the base station as
FLS. When an input is applied to a FLS, the inference follows:
engine computes the output set corresponding to each Depending the collision, it decides the lower cut-off
rule. The behavior of the control surface which relates value of JI, LC for declaring all nodes with JI LC,
the inputs (SNR, PDPT) and output (JI) variables of the as jammed nodes, i.e., jamming detected at these
system is governed by a set of rules. A typical rule nodes.
would be if x is A then y is B, when a set of input It makes a list of all jammed nodes, i.e., of nodes
variables are read each of the rule that has any degree of having JI LC and finds the number, t of such
truth in its premise is fired and contributes to the nodes.
428
forming of the control surface by approximately For each of the t jammed nodes, it recognize and
modifying it. When all the rules are fired, the resulting counts the number of one-hop neighbors, n and
control surface is expressed as a fuzzy set to represent absent of the n neighbors, it recognize those
the constraints output. The fuzzy rule base is given in neighbors who are in the list of jammed nodes and
table 1. counts their number, njand names the group of these
Defuzzification: Defuzzification is the process of nodes as jammed cluster and it recognize those
conversion of fuzzy quantity into crisp quantity. The neighbors who are not in the list of jammed nodes

256
 and counts their number, (n-nj) and names the group
of these nodes as non-jammed cluster .A total of n
nodes divided into 2 clusters in neighborhood of a
node under consideration. Therefore, the deciding
number is n/2. If the number of nodes (nj) in the
jammed neighbors clusteris more than n/2 then
majority of the neighbors are jammed and hence it is
confirmed that the node under consideration is also
jammed. If njis less than or equal to n/2, further
inspection is required for taking any decision. The
following steps of the algorithm continue so on.
If nj> n/2, then it confirms that the node is jammed.
If nj n/2, then it does the following:
(a) Find the mean jamming index of jammed neighbors
cluster, jiusing the formula:
nj
ji k
ji k 1
(4)
nj
(b) Find the centroid X and Y coordinates of jammed
neighbors, using the formula:
nj nj
jik .xk ji . y k k
xj k 1
nj
, yj k 1
nj
(5)
jik
k 1
k 1
jik
(c) Finds the square of the distance, djof the node under
consideration from the centroid of the jammed
neighbors clusterusing the formula:
dj=(x-xj)2+(y-yj)2 (6)
The above stated equations are declares that the node is
jammed; otherwise, it declares that the node is not
jammed and then deletes its name from the list of
jammed nodes.
PERFORMANCE ANALYSIS AND EVALUATION
The performance analysis of our proposed model has
been implemented in network stimulation environment
by using 2 criteria. They are true detection rate (TDR)
and false positive rate (FPR). TDR indicate the
proportion of how often the system successfully detects
the attacks from the starting to the ending and the ratio
of the number of nodes are correctly identified by the
system to be falling under a jamming class (normal,
low, medium, or high) to the number of nodes as
identified, taken out of one hundred. The FPR indicates
the proportion of events in which an attack is detected
when no real attack exists and the ratio of the number of
nodes are incorrectly identified by the system to be
falling under a jamming class (normal, low, medium, or
257
high) to the number of nodes as identified, taken out of
one hundred. The TDR and FPR can be calculated by
using jammed node ratio (JNR).JNR is mathematically
defined as: JNR= (S/C)*100, where S is the number
of nodes successfully jammed by the jammer which
have been jammed on the basis of their jamming
indices, the lower cut-off value of the jamming index as
decided by the base station and other aforementioned
simulation parameters, where C is the number of
nodes covered by the jammer within the communication
range of the jammer. The JNR is defined as the
percentage of the jammed nodes to total nodes in the
network. The JNR parameter can be configured as 50%
and 100%, and to maintain these ratios, varied numbers
of jammers were located in the network. Our
implementation setting is listed in below table 2.
Parameter Quantity
Number of Nodes (N) 100
Node Density (D) 10, 15, 20, 25
Jammed Node Ratios 50%, 100%
Transmission Range (r) 100 m
MAC Protocol S-MAC
LRWPAN type Proactive
Sensor Node Type MICA2
Traffics 1 packet/5 s and 2 packets/1 s
Simulation Length
Sampling Interval
36,000 s
30s
Area size 750 meters
Table2. Stimulation Environment Settings
In the stimulation, 100 nodes move in a 750 meters
region for 30s of sampling interval. All the nodes have
the same transmission range of 100m. The power rate,
capacity, and radio communication distance of normal
and jammer nodes were arranged in compliance with
MICA2 devices. The S-MAC protocol [18] was selected
as the MAC standard, and listen and sleep periods were
determined as 100 ms and 900 ms (10% duty cycle),
respectively. In all simulation runs, LRWPAN were
assumed in a proactive configuration and the packet
generation was arranged as 1 packet/5 s for light traffic
and 2 packets/1 s for heavy traffic. The stimulation has
been repeated with varied topologies and the average
values obtained from the results were recorded. The
value of TDR and FPR for 100 nodes configuration for
different types of jamming for different jamming
indices are given in table 3 .The value of TDR for 100
nodes configuration for different types of jamming
indices of 50% and 100% in figure 1a.We now compare
our results TDR and FPR with [15] in the table 4 , On
the other hand , the comparison is to be studied with
concern as the model have preferred to use the Gilbert-
Elliot for simulation losses based on two event discreet
Markov chain, as they consider that the radio unit
provides either good or bad transmission service. In the
table 4 shows that our performance parameters indicates
good results and are either better or matching with the
existing method of jamming detection. In figure 1b
Proposed
shows the graphical representation of our results TDR 100
99.8 Existing
% compared with existing model. 99.6
99.4
99.2
99
TDR % for 100 FPR % for 100 nodes 98.8
nodes configuration configuration 98.6
Types of
JNR JNR 25 50 75 100
Jamming JNR 50% JNR100%
50% 100%
(JI<=50) (JI<=100) No. of Nodes
(JI<=50) (JI<=100)
Constant
99.55 99.80 0.02 0.01
Jamming
Fig.1b. Graphical representation of our results TDR %
Deceptive
99.40 99.60 0.01 0 compared with Existing model
Jamming
Random
99.15 99.55 0.01 0 CONCLUSION
Jamming
Reactive
99.50 99.30 0.02 0
jamming In this paper, we studied and analyzed the various types
of jamming attacks in IEEE 802.15.4 PHY and MAC
Table 3. TDR and FPR for 100 nodes configuration for layers, the determinant metrics of jamming detection
different types of jamming, JI and JNR and the existing methods of jamming detection as
applied to the wireless networks. We have proposed the
TDR % for 100 FPR % for 100 fuzzy logic system to detect the various jamming attacks
nodes nodes and then we select the PDPT and SNR as inputs to our
Types of configuration configuration fuzzy interference system which gave the jamming
Jamming (JI<=100) (JI<=100) index (JI) as output. The output has been evaluated
propose Propose [15] based on the neighbor nodes. By stimulation, we then
[15] evaluated the different jamming attacks detection
d d
Constant performance (JNR) having average of 99.75% of TDR
99.80 99.40 0 0 with 0.01% of FPR, compared with [15] and found that
Jamming
Deceptive our performance is better in most of the cases in the
99.60 99.20 0 0 existing models. It is concluded that the effectiveness of
Jamming
Random our scheme through stimulation and demonstrated that it
99.55 99.55 0 0.01
Jamming can be used to detect the jamming attacks with
Reactive enhanced reliability and accuracy.
99.30 99.10 0 0.01
jamming
REFERENCES
Table 4. Comparison of our results TDR % and FDR %
with existing model [1] JianliangZheng, Myung J. Lee, Michael Anshel,
Towards Secure Low Rate Wireless Personal Area
Networks IEEE Transactions on Mobile
100
Computing, Volume.20, No. 20, (2010).
99.8

99.6
[2] Salem M., Sarhan A., Abu-Bakr M., A DOS Attack
Intrusion Detection and Inhibition Technique for
99.4 JNR 50% (JI<=50)
Wireless Computer Networks, ICGST- CNIR,
99.2
JNR 100%
Volume 7, No.1, (2007).
99 (JI<=100)

[3] Bayraktaroglu E., King C., Liu X., Noubir

98.8
25 50 75 100
G.,Rajaraman R., Thapa B., On the Performance of
IEEE 802.11 under Jamming Proceedings of IEEE
No. of Nodes
27th Conference on Computer Communications
(INFOCOM08), Phoenix, Arizona, USA, pp:67-74
(2008).
Fig.1. a. Graphical representation of TDR % for 100 nodes
configuration for JI=50% and JI=100%. [4] Anthony D. Wood, John A. Stankovic, and Gang
Zhou, DEEJAM: Defeating Energy-Efficient
Jamming in IEEE 802.15.4-based Wireless
Networks, IEEE conference on SECON, USA,
Volume18, No 21, pp: 60-69, (2007).

258
[5] R. Negi and A. Perrig, Jamming analysis of MAC
protocols, Carnegie Mellon Technical Memo,
Volume23, No 4, pp: 77-83, (2003).
[6] 6.Y. Law, L. Hoesel, J. Doumen, P. Hartel, and P.
Havinga, Energy efficient link-layer jamming
attacks against wireless sensor network MAC
protocols, ACM Workshop on Security of Ad Hoc
and Sensor Networks(SASN), pp. 7688, November
(2005).
[7] 7. B. Yu and B. Xiao, Detecting selective
forwarding attacks in wireless sensor networks, In
Proceedings of 20th International Parallel
andDistributed Processing Symposium IPDPS 2006
(SSN2006), pp. 18, (2006).
[8] 8.B. Xiao, B. Yu, and C. Gao, Chemas: Identify
suspect nodes in selective forwarding attacks,
Journal of Parallel and Distributed Computing
(JPDC - Elsevier), pp. 12181230, (2007).
[9] G. Lin and G. Noubir, On link-layer denial of
service in data LWAN, Journal on Wireless Comm.
and Mob. Computing, pp. 273284, (2004).
[10] M. Li, I. Koutsopoulos, and R. Poovendran,
Optimal jamming attacks and network defense
policies in wireless sensor networks, IEEE
INFOCOM, pp. 13071315, (2007).
[11] M. Raya, J.-P.Hubaux, and I. Aad, Domino: A
system to detect greedy behavior in IEEE 802.11
hotspots, in InProceedings of the 2004 International
Conference on MobileSystems, Applications, and
Services (MobiSys), pp. 8497, (2006).
[12] A.Rachedi and A. Benslimane, Toward a cross-
layer monitoring process for mobile ad hoc
networks, Securityand Communication Networks,
vol. 2, no. 4, pp. 351368, (2009).
[13] W. Xu, W. Trappe, Y. Zhang, and T. Wood, The
feasibility of launching and detecting jamming
attacks in wireless networks, in MobiHoc
259
05:Proceedings of the 6thACM international
symposium on Mobile ad hoc networking and
computing, pp. 4657, (2005).
[14] Zhang Z., Wu J., Deng J., Qiu M., "Jamming ACK
Attack to Wireless Networks and a Mitigation
Approach," in Proc. of IEEE Global
Telecommunications Conference - Wireless
Networking Symposium (GLOBECOM '08),
vol.ECP.950, pp. 1-5,(2008).
[15] Cakiroglu M, Ozcerit A.T. Jamming detection
mechanisms for wireless sensor networks. in
Proceedings of the 3rd International Conference on
Scalable Information Systems, VicoEquense, Italy,
04-06 (2008).
[16] Yager, R.P.; Zaden, L.A. Fuzzy Sets, Neural
Networks and Soft Computing, John Wiley
&Sons,Inc.: New York, NY, pp. 450-530(2004).
[17] Jang, J.S.R.; Sun, C.T.; "Mizutani, E. Neuro-
Fuzzy and Soft Computing: A Computational
Approach to Learning and Machine Intelligence;
Dorling Kindersley (India) Pvt. Ltd.: New Delhi,
India; pp .99-115,(2007).
[18] W. Ye, J. Heidemann, D. Estrin, An energy-
efficient MAC protocol for wireless sensor
networks, IEEE Infocom,New York, pp. 1567-
1576, (2006).
[19] Sheng Jie Tang Liangrui A Triangle module
operator and Fuzzy Logic Based Handoff Algorithm
for Heterogeneous Wireless Network12th IEEE
International Conference on Communication
Technology, ISBN: 978-1-4244-6868-3, PP 448-
451, (2011).
[20] C.Balarengadurai, S Saraswathi,A Fuzzy Logic
System for Detecting Ping Pong Effect Attack in
IEEE 802.15.4 Low Rate Wireless Personal Area
Network in proceedings of Advances in Intelligent
Systems and Computing, Volume 182, pp:405-416,
DOI: 10.1007/978-3-642-32063-7_43 (2012).