---
title: Lab Meeting Minutes 2023/07/07
tags: lab_meeting
---
> Outline
> [TOC]
---
# PERAL Lab Meeting
- 時間:112 年 07 月 07 日 9:00
- 地點:線上
- 線上會議連結 : [Online](https://meet.google.com/zfi-zmnc-qfw)
- 出席者:吳坤熹老師、謝萬霖、劉怡君、田蕙瑜、紀見如、劉冠伶、林大智、繆亭霄、蘇翊荃、陳嘉璐、陳品妤、陳姿澖
- 會議主題:[Modeling of the Channel-Hopping Anti-Jamming Defense in Multi-Radio Wireless Networks](https://docs.google.com/presentation/d/1x8SaMB701jW59-57FK1z5ncp_ASpklam/edit?usp=sharing&ouid=112691943115536385725&rtpof=true&sd=true)
- 主講者: 蘇翊荃
- 主記: 陳嘉璐
## 會議內容
### Background
- Radio Jamming
- Radio jamming is a DoS (Denial of Service) attack targeting physical and link layers of wireless networks.
- ![](https://hackmd.io/_uploads/HJLNQyBKn.png)
- Single/Multi-radio Networks
- Single-radio Networks:
- Only one radio to send/receive data
- If the channel is jammed, the only way is to change the channel to another not being jammed
- Multi-radio Networks:
- There are multi radio that can increase overall network capacity
- Channel Hopping
- 透過 Channel Hopping 反干擾
- Channel hopping, whereby channel switching is controlled at the software-level. It utilizes the fact that there is several orthogonal radio channels in many of today’s wireless standards, and has been proposed to mitigate jamming in wireless networks.
- Error-correcting Code (ECC)
- With ECC, data with redundancy will divide into n pieces, which then get transmitted over the unreliable communication channel.
- The original piece of data can be recovered from any combination of m out of the n pieces.
- ![](https://hackmd.io/_uploads/HyXe4JrKh.png)
### Attack and Defense in Multi-Radio Networks
- System Model
- Sender(defense) Node:
- ![](https://hackmd.io/_uploads/B1dHVySFh.png)
- Base-station Node:
- ![](https://hackmd.io/_uploads/ryoG2gSK2.png)
- ![](https://hackmd.io/_uploads/B1Km2eBK2.png)
- Attack Model
- ![](https://hackmd.io/_uploads/Hk78hlSt3.png)
- Scanning Attack:
- Scanning attackers hop between channels so that the set of jammed channels change over time.
- Scanning attackers will sense channel activity to determine if the channel is being used and keep hopping until it finds a channel that has activity. It takes a certain delay call channel-sensing-time.
- Two variations of the scanning attack:
- **Exploratory(探索性) Scanning Attack**:Jammers at unused channels select the next target channels randomly from the set of unjammed channels.
- **Conservative(保守性) Scanning Attack**:Jammers at unused channels select their next targets randomly from a set containing all channels (including currently jammed channels) in anticipation of the deceptive defense.
- Defense Model:
- **Proactive(主動式) hopping defense**:Radios periodically switch channels regardless of jamming detection.
- **Reactive(被動式) hopping defense**:Each radio stays at its current channel as long as no jamming is detected.When radio detects jamming, it switches to a different channel.
- Jamming detection algorithm:If the waiting time for a free channel or the number of consecutive, unsuccessful transmission attempts exceeds a threshold (臨界值), jamming is assumed and the radio hops to a different channel.
- **Two variations of the reactive defense**:
- **Straightforward(直接) Reactive Defense**:Jammed radios select the next target channels randomly from the set of unused channels.
- **Deceptive(欺騙性) Reactive Defense**:Jammed radios select their next channels randomly from a set containing all channels (including currently used channels).
### Maximizing Goodput Problem
- ![](https://hackmd.io/_uploads/rkAjTgBFh.png)
- **Relation Between Goodput**
- ![](https://hackmd.io/_uploads/HJBATeHKh.png)
```
Solomoe : 傳統的吞吐量稱作 throughput,但ECC加入了redundant data,所以這裡把真正有用的資料量稱為 goodput
```
### Markovian Models
- Motivation:
- Since goodput depends on the attack strategy, which may not be always known beforehand. To maximize the goodput, authors build a model which drive an adaptive mechanism that infers the unknown attack strategy and adjusts the defense strategy to maximize goodput.
- What is Markov Chain?
- ![](https://hackmd.io/_uploads/B1jzRgSFh.png)
- Markovian Models:
- ![](https://hackmd.io/_uploads/HJI4ClBYn.png)
- Drawing Without Replacement Formula:
- ![](https://hackmd.io/_uploads/B1QIAeBY2.png)
- Straightforward Defense vs. Conservative Attack
- ![](https://hackmd.io/_uploads/r1kuCxrt2.png)
- Deceptive Defense vs. Conservative Attack
- ![](https://hackmd.io/_uploads/S1ZtRxSY2.png)
- Straightforward Defense vs. Exploratory Attack
- ![](https://hackmd.io/_uploads/rJfcClBt2.png)
- Deceptive Defense vs. Exploratory Attack
- ![](https://hackmd.io/_uploads/r17iCerF3.png)
### Simulation Analysis and Model Validation
- Defense and attack parameter
- ![](https://hackmd.io/_uploads/SJZTRlrF3.png)
- Effect of number of communication and attack radios
- ![](https://hackmd.io/_uploads/BySCAgHK2.png)
- \* \# of channels is set to 12
- Difference Between Model and Simulation
- This difference may occur when channel hopping occurs more frequently (many radios with less room to escape) and the effect of the non-zero hopping delay (compared to 0 delay in the model) becomes more pronounced.
- ![](https://hackmd.io/_uploads/HJ1UkbSY2.png)
- Difference Between Model and Simulation
1. This bump occurs at number of radios exactly half of the number of channels.
2. The reason is that the system alternates between all radios being jammed followed by all radios free in the next and so on.
3. This bump did not occur in the simulations because the non-zero hopping delay breaks this synchronized alternation.
- ![](https://hackmd.io/_uploads/B1eKkZrY3.png)
- Effect of number of channels
- ![](https://hackmd.io/_uploads/S1PqkbBKh.png)
- Effect of number of attack radios
- ![](https://hackmd.io/_uploads/HkUoJWrt2.png)
- Summary of Experiment Result
- Exploratory attacks are more effective in all cases.
- Straightforward defense is more effective except when the number of radios is half that of the channels.
- Effect of ECC code and number of attackers
- ![](https://hackmd.io/_uploads/HJIA1bBYn.png)
- Usage of the model
- Since the number of attack radios cannot be known beforehand. This model can discover the number of attack radios and adjust the ECC parameters accordingly to achieve the best goodput.
- Periodically, the goodput is measured and fed into the models to predict the number of attack radios.
- ![](https://hackmd.io/_uploads/rJblg-rY2.png)
### Summary
1. Introduce jamming attack/defense in multi-radio networks
2. Define the problem of maximizing network goodput
3. Develop a models for reactive defense strategies against scanning attack strategies
---
### 建議&問題
1. [name=Louise] What is an "orthogonal channel"?
Ans: 代表頻道和頻道之間不會有所干擾的頻道,像是 1、6、11
![](https://hackmd.io/_uploads/BJlxWWrY3.png)
所以傳送資料的時候就不會相互的去打架
2. [name=Louise] For those defensive strategies, will they be statically adopted, or dynamically selected?
Ans: 作者設計的模型可以讓我們知道目前採取哪一種防禦機制最好。通常在這個實驗有得出一個結論,我們直接 straightforward reactive defense 是較好的結果,如圖。
![](https://hackmd.io/_uploads/r17cMWSth.png)
3. [name=Edgar] `p.12` Reactive hopping defense 的作法,發生 jamming 時,隨機選擇 channel 跳過去,這時候接收方要如何得知發送方頻道跳到哪裡?不像 Proactive hopping defense 會有一個表。
Ans: Base Station 可收全部 channel, 故無須通知它要換去哪裡。
4. [name=Edgar] `p.28` 橫軸意思,你說 channel 的數量被定在12,這邊是代表有多少個訊號在上面傳嗎?
Ans: channel 的數量是指目前通訊提供多少channel 在上面跑。Number of radios 發送方以及攻擊,他們在這12 channels中會針對多少個channel 進行攻擊以及傳送資料。
5. [name=Edgar] `p.29` Model 和 Simulation 不同的原因能不能再解釋一次?
Ans: block 成功的計算是指在這個模型中以有 hopping 才是有block到,而不是算在有 jamming 才被算做一次。
6. [name=Edgar] `p.30` 機率 0.5 的原因也是一樣嗎?
Ans: 原因不太一樣。如果 jamming channel 是一半,成功率在 0 和 1 之間切換,所以平均是 0.5。
7. [name=Edgar] `p.35` 如果傳輸的過程中發生了臨界值的變化,而 ECC 有不同參數的變化,decoder or receiever 要怎麼做調整?
Ans: paper 沒有詳細介紹到。
8. [name=大智] `p.30` 模擬是對稱,但Simulation卻是下降 的,會不會是 model 用錯?
![](https://hackmd.io/_uploads/S15xh-SK3.png)
Ans: model 設計不夠嚴謹,它的delay設成0, 導致model誤計算它的遺失率,導致它整個上升,channel hopping 應該會受影響,但作者卻選擇性把它忽略了。
Ans: [name=Solomon] 要回過頭去檢視公式是不是二項式曲線. 我贊同大智的直覺,他可能公式有錯。
9. [name=Jennifer] `p.7` 會不會原本 1 2 3 4 5 經過 Jamming 剩一個,可以透過 ECC 還原原始資料嗎?
![](https://hackmd.io/_uploads/SyIXTZHF2.png)
Ans: 根據 ECC 是沒辦法的,在這個例子中它需要只少3個資料才能還原。
10. [name=Jennifer] `P.13` 在Deceptive Reactive Defense 中可能會跳回原本受干擾的channel,這樣會不會是不好的結果?
Ans: Attacker 以為我會跳走,它就改為攻擊其他 channel。所以我留在原 channel, 反而就不會受到干擾。
11. [name=Jennifer] How long is the delay?
Ans: In the model, the delay is 0. Real value is not specified.
12. [name=August] `p.15` 不懂計算 goodput 保持在最大值會是最好的是效率?
Ans: goodput 的原始定義是「原本封包中有用的資訊/封包上所有的資訊」。假設 goodput 為 1 ,代表所有封包都是有價值的,但實際上有些封包有一些 header or payload 加在我們資料裡面,所以不太可能為 1。
Ans: [name=Solomon] 這不考慮 header overhead. (3,1)-ECC的goodput就是1/3.
13. [name=August] `p.28` 圖片解圖疑慮
![](https://hackmd.io/_uploads/r1NbxfSYn.png)
Ans: 12個channel有10個channel在傳送資料和被attack,而被擋掉的機率趨近於0。
![](https://hackmd.io/_uploads/HJfZbzBK3.png)
1 : 如果能成功接收到一個完整的封包的話,就有能力回復整個資訊
如果是 10 vs 10 ,他們的 overlapping 應該還不會讓全部被擋掉,所以趨近於0。
14. [name=Ashely] `p.22~p.25` 這些公式可以得到什麼資訊?
Ans: 可能要實際去算出數字才能知道它實際代表著什麼意思。
15. [name=Ashely] `p.19` 左下角 數值是什麼意思?
Ans: ![](https://hackmd.io/_uploads/rk65ElHt3.png)
16. [name=蕙瑜] `p.19` 矩陣內的意思( x, y 初始值所代表的意思 )
Ans: ![](https://hackmd.io/_uploads/BkoLHxBth.png)
Ans: It can be either [1,0] or [0,1]. Both will converge to the same steady state.
17. [name=Yukino] `p.9` 大圈圈是node,小圈圈是channel? node 具體來說是什麼意思? 是送不同的資料,還是同資料的不同部分?
Ans: 一份資料的不同部分。Node is a device. It has multiple antenna.
18. [name=Ellie] `p.31` 紅色部分不懂
- ![](https://hackmd.io/_uploads/HkTkveBK3.png)
Ans: radios = channel 數量的一半,會導致兩邊互相跳來跳去
,導致預測和實驗結果很奇怪。
19. [name=Ellie] `p.32` attack 11 channels (among 12 channels), 成功阻斷 80% 通訊?
Ans: 成本很高。
20. [name=Phoebe] 對 ECC 有無祥細說明,在這篇論文?
Ans: 相關資訊稍少,像是 IDA ECC 就比較少. (3,3)-ECC其實就是完全沒有ECC. (3,1)則是整份duplicate.
21. [name=Phoebe] `p.33` ECC(3,3) == use without ECC?
Ans: Yes
22. [name=Phoebe] 它已經先設定好幾種ECC(像ECC(3,1)、ECC(3,2)...)
Ans:在這實驗它是這樣設定,但你可以任意指定要用哪一種ECC。先透過 goodput以及目前所使用的ECC,推測目前已經受到多少attack,然後畫籤直線就可以得知,使用哪一種ECC可以達到最好的
goodput。
![](https://hackmd.io/_uploads/SyZASfStn.png)
23. [name=Angela] 建議
1. 在`p.35`之前的圖片,都沒有p.35這張X、Y 軸的詳細說明,建議有圖片的時候就可以標上。
2. [name=Solomon] 可以在左邊的第一張圖片標上。
## 待追蹤事項
無
## 臨時動議
1. 職務交接,目前負責人請更新SOP,時間改為7/10(一)14:00~17:00集中交接。
2. 停電公告,VM, NAS與MS15暫停服務 : 0:00(7/8)~19:00(7/9)
---
散會結束時間:10:42