Intrusion Detection System for Platooning Connected Autonomous Vehicles

The deployment of Connected Autonomous Vehicles (CAVs) in Vehicular Ad Hoc Networks (VANETs) requires secure wireless communication in order to ensure reliable connectivity and safety. However, this wireless communication is vulnerable to a variety of cyber atacks such as spoofing or jamming attacks. In this paper, we describe an Intrusion Detection System (IDS) based on Machine Learning (ML) techniques designed to detect both spoofing and jamming attacks in a CAV environment. The IDS would reduce the risk of traffic disruption and accident caused as a result of cyber-attacks. The detection engine of the presented IDS is based on the ML algorithms Random Forest (RF), k-Nearest Neighbour (k-NN) and One-Class Support Vector Machine (OCSVM), as well as data fusion techniques in a cross-layer approach. To the best of the authors’ knowledge, the proposed IDS is the first in literature that uses a cross-layer approach to detect both spoofing and jamming attacks against the communication of connected vehicles platooning. The evaluation results of the implemented IDS present a high accuracy of over 90% using training datasets containing both known and unknown attacks

Radio Frequency Fingerprinting Techniques through Preamble Modification in IEEE 802.11b

Wireless local area networks are particularly vulnerable to cyber attacks due to their contested transmission medium. Access point spoofing, route poisoning, and cryptographic attacks are some of the many mature threats faced by wireless networks. Recent work investigates physical-layer features such as received signal strength or radio frequency fingerprinting to identify and localize malicious devices. This thesis demonstrates a novel and complementary approach to exploiting physical-layer differences among wireless devices that is more energy efficient and invariant with respect to the environment than traditional fingerprinting techniques. Specifically, this methodology exploits subtle design differences among different transceiver hardware types. A software defined radio captures packets with standard-length IEEE 802.11b preambles, manipulates the recorded preambles by shortening their length, then replays the altered packets toward the transceivers under test. Wireless transceivers vary in their ability to receive packets with preambles shorter than the standard. By analyzing differences in packet reception with respect to preamble length, this methodology distinguishes amongst eight transceiver types from three manufacturers. All tests to successfully enumerate the transceivers achieve accuracy rates greater than 99%, while transmitting less than 60 test packets. This research extends previous work illustrating RF fingerprinting techniques through IEEE 802.15.4 wireless protocols. The results demonstrate that preamble manipulation is effective for multi-factor device authentication, network intrusion detection, and remote transceiver type fingerprinting in IEEE 802.11b

New Approach in Detection MAC Spoofing in a WiFi LAN

Medium Access Control (MAC) spoofing attacks relate to an attacker altering the manufacturer assigned MAC address to any other value. MAC spoofing attacks in Wireless Fidelity (WiFi) network are simple because of the ease of access to the tools of the MAC fraud on the Internet like MAC Makeup, and in addition to that the MAC address can be changed manually without software. MAC spoofing attacks are considered one of the most intensive attacks in the WiFi network; as result for that, many MAC spoofing detection systems were built, each of which comes with its strength and weak points. This paper logically identifies and recognizes the weak points and masquerading paths that penetrate the up-to-date existing detection systems. Then the most effective features of the existing detection systems are extracted, modified and combined together to develop more powerful detection system called Sequence Number with Rate and Signal Strength detection method (SN-R-SS). SN-R-SS consists from three phases. First phase is Window Sequence Numbers; to detect suspicious spoofed frames in the network. Second phase is Transmission Rate Analysis; to reduce the amount of the suspicious spoofed frames that are generated from the first phase. Finally, the third phase is Received Signal Strength; this phase is decisive phase because it decides whether the suspicious spoofed frames are spoofed or not. Commview for WiFi network monitor and analyzer is used to capturing frames from the radio channals. Matlab software has been used to implement various computational and mathematical relations in SN-R-SS. This detection method does not work in a real time because it needs a lot of computation.

A New MAC Address Spoofing Detection Technique Based on Random Forests

Media access control (MAC) addresses in wireless networks can be trivially spoofed using off-the-shelf devices. The aim of this research is to detect MAC address spoofing in wireless networks using a hard-to-spoof measurement that is correlated to the location of the wireless device, namely the received signal strength (RSS). We developed a passive solution that does not require modification for standards or protocols. The solution was tested in a live test-bed (i.e., a wireless local area network with the aid of two air monitors acting as sensors) and achieved 99.77%, 93.16% and 88.38% accuracy when the attacker is 8–13 m, 4–8 m and less than 4 m away from the victim device, respectively. We implemented three previous methods on the same test-bed and found that our solution outperforms existing solutions. Our solution is based on an ensemble method known as random forests.https://doi.org/10.3390/s1603028

IEEE 802.11 i Security and Vulnerabilities

Despite using a variety of comprehensive preventive security measures, the Robust Secure Networks (RSNs) remain vulnerable to a number of attacks. Failure of preventive measures to address all RSN vulnerabilities dictates the need for enhancing the performance of Wireless Intrusion Detection Systems (WIDSs) to detect all attacks on RSNs with less false positive and false negative rates

A Novel Approach for Survivability of IEEE 802.11 WLAN Against Access Point Failure

In the last decade, wireless networks have become increasingly popular as powerful and cost-effective platforms for mobile communications. Unfortunately, current wireless networks are notoriously prone to a number of problems, such as the loss of link-level connectivity due to user mobility and/or infrastructural failures, which makes it difficult to guarantee their reliability. Today’s users are mostly satisfied with the ability to access wired networks/resources conveniently from mobile stations, even if the access is unreliable. However, as wireless networks become more ubiquitous and start to support more critical applications, users will expect wireless networks to provide the same guarantees of reliability as their wired counterpart are often able to ensure. Research is ongoing to extend the scope of services made available to mobile users to achieve the “anytime, anyplace, any form” communications vision. This vision is to provide voice, data, and multimedia services to users regardless of location, mobility pattern, or type of terminal used for access. In IEEE 802.11 Wireless LAN, if an access-point fails, then, all the mobile stations connected to a wired network via the access-point may lose connectivity. In this thesis work, the problem of enhancing the survivability of IEEE 802.11 WLAN focusing on tolerating Access Point (AP) failures is addressed. In particular, focus on the problem of overcoming these APs failures working with reconfiguration of the remaining APs by changing parameters like the neighboring AP’s MAC address is done. This approach consists of two main phases: Design and Fault Response. In Design phase, we deal with quantifying, placement and setting up of APs according to both area coverage and performance criteria. In Fault Response phase we consider the reconfiguration of the active APs in order to deal with AP fault in the service area

Rogue access point detection framework on a multivendor access point WLAN

Thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology (MSIT) at Strathmore UniversityWireless internet access has become common throughout the world. IEEE 802.11 Wireless fidelity (Wi-Fi) is now a common internet access standard almost becoming a requirement in homes, offices, universities and public places due to developments in Bring-Your-Own-Device (BYOD), mobile telephony and telecommuting. With the proliferation of Wi-Fi comes a number of information security challenges that have to be addressed. One of the major security threats that comes with Wi-Fi is the presence of rogue access points (APs) on the network. Unsuspecting employees in a company or attackers can introduce rogue APs to a secure wired network. The problem is amplified if the wireless local area network (WLAN) consist of multivendor APs. Malicious people can leverage on rogue APs to perform passive or active attacks on a computer network. Therefore, there is need for network administrators to accurately, with less effort, detect and control presence of rogue APs on multivendor WLANs. In this thesis, a solution that can accurately support detection of rogues APs on a multi-vendor AP WLAN without extra hardware or modification of AP firmware is presented. In the solution, information from beacon frames is compared to a set of approved parameters. Intervention of a network administrator is included to prevent MAC address spoofing. A structured methodology was adopted in developing the model on a Windows operating system. Python programming language was used in coding the system with Scapy and Tkinter as the main modules. SQLite database was used to store required data. The system was tested on a setup WLAN that composed of three different access points in a University lab. It was able to capture beacon frames sent by the access points and extracted MAC address, SSID and capability information as the key parameters used in identifying and classifying the access points. The system uses the captured information to automatically compare it against an existing database of authorized parameters. It is then able to classify an access point as either rogue or authorized. The system issued alerts that described the detected APs to a network administrator. The rest of this document gives details of scholarly works that are pertinent to the study, the research methodology used, implementation and testing of the model followed by discussions of findings and the conclusions and recommendations made by the researcher

Robust Wireless Communication for Multi-Antenna, Multi-Rate, Multi-Carrier Systems

Abstract Today's trend of migrating radio devices from hardware to software provides potential to create flexible applications for both commercial and military use. However, this raises security concerns, as malicious attackers can also be generated easily to break legitimate communications. In this research work, our goal is to design a robust anti-jamming radio framework. We particularly investigate three different aspects of jamming threats: high-power jammers, link attacks on rate adaptation, and jamming in multicarrier systems. The threats of high-power jamming to wireless communications today are realistic due to the ease of access to powerful jamming sources such as the availability of commercial GPS/WiFi/cellular devices on the market, or RF guns built from microwave ovens' magnetron. To counter high-power jamming attacks, we develop SAIM which is a hybrid system capable of resisting jammers of up to 100,000 times higher power than legitimate communication nodes. The system robustness relies on our own antenna structure specially designed for anti-jamming purpose. We develop an efficient algorithm for auto-configuring the antenna adaptively to dynamic environments. We also devise a software-based jamming cancellation technique for appropriately extracting original signals, which is more robust than traditional MIMO approaches, as pilot signals are not required in SAIM. In spite of the robustness of SAIM, our design is more appropriate for malicious environments with powerful jammers, where mechanical steering is feasible, e.g., military applications. Residential and commercial wireless communication systems are still vulnerable to even limited-power jamming, as in today's standard wireless protocols, rate information is exposed to adversaries. Rate-based attacks have been demonstrated to severely degrade the networks at very low cost. To mitigate rate-based attacks, we develop CBM, a system capable of hiding rate and -at the same time -increasing resiliency against jammers up to seven times higher than regular systems, where rate is exposed. We achieve the resiliency boost by generalizing Trellis Coded Modulation to allow non-uniform codeword mapping. We develop an efficient algorithm for finding good non-uniform codes for all modulations in {BPSK, QPSK, 8-PSK, 16-QAM, 64-QAM}. To conceal rate information, we devise an efficient method for generating cryptographic interleaving functions. In recently deployed communication networks such as WiFi and LTE systems, MIMO and OFDM are the two main techniques for increasing bandwidth efficiency. While MIMO increases the channel capacity by spatial processing on multiple received signals, OFDM mitigates impacts of dynamic variations in wide-band channels and allows frequency reuse with overlapping carriers. Synchronization is a key for high-throughput performance in MIMO and OFDM systems. In this work, we study impacts of jamming attacks specifically targeting to control channels in WiFi and LTE networks. Our study focuses on efficient techniques for both jamming and anti-jamming in multicarrier systems

Empirical Techniques To Detect Rogue Wireless Devices

Media Access Control (MAC) addresses in wireless networks can be trivially spoofed using off-the-shelf devices. We proposed a solution to detect MAC address spoofing in wireless networks using a hard-to-spoof measurement that is correlated to the location of the wireless device, namely the Received Signal Strength (RSS). We developed a passive solution that does not require modification for standards or protocols. The solution was tested in a live test-bed (i.e., a Wireless Local Area Network with the aid of two air monitors acting as sensors) and achieved 99.77%, 93.16%, and 88.38% accuracy when the attacker is 8–13 m, 4–8 m, and less than 4 m away from the victim device, respectively. We implemented three previous methods on the same test-bed and found that our solution outperforms existing solutions. Our solution is based on an ensemble method known as Random Forests. We also proposed an anomaly detection solution to deal with situations where it is impossible to cover the whole intended area. The solution is totally passive and unsupervised (using unlabeled data points) to build the profile of the legitimate device. It only requires the training of one location which is the location of the legitimate device (unlike the misuse detection solution that train and simulate the existing of the attacker in every possible spot in the network diameter). The solution was tested in the same test-bed and yield about 79% overall accuracy. We build a misuseWireless Local Area Network Intrusion Detection System (WIDS) and discover some important fields in WLAN MAC-layer frame to differentiate the attackers from the legitimate devices. We tested several machine learning algorithms and found some promising ones to improve the accuracy and computation time on a public dataset. The best performing algorithms that we found are Extra Trees, Random Forests, and Bagging. We then used a majority voting technique to vote on these algorithms. Bagging classifier and our customized voting technique have good results (about 96.25 % and 96.32 %respectively) when tested on all the features. We also used a data mining technique based on Extra Trees ensemble method to find the most important features on AWID public dataset. After selecting the most 20 important features, Extra Trees and our voting technique are the best performing classifiers in term of accuracy (96.31 % and 96.32 % respectively)