Improved detection of Probe Request Attacks : Using Neural Networks and Genetic Algorithm

The Media Access Control (MAC) layer of the wireless protocol, Institute of Electrical and Electronics Engineers (IEEE) 802.11, is based on the exchange of request and response messages. Probe Request Flooding Attacks (PRFA) are devised based on this design flaw to reduce network performance or prevent legitimate users from accessing network resources. The vulnerability is amplified due to clear beacon, probe request and probe response frames. The research is to detect PRFA of Wireless Local Area Networks (WLAN) using a Supervised Feedforward Neural Network (NN). The NN converged outstandingly with train, valid, test sample percentages 70, 15, 15 and hidden neurons 20. The effectiveness of an Intruder Detection System depends on its prediction accuracy. This paper presents optimisation of the NN using Genetic Algorithms (GA). GAs sought to maximise the performance of the model based on Linear Regression (R) and generated R > 0.95. Novelty of this research lies in the fact that the NN accepts user and attacker training data captured separately. Hence, security administrators do not have to perform the painstaking task of manually identifying individual frames for labelling prior training. The GA provides a reliable NN model and recognises the behaviour of the NN for diverse configurations

A Survey of Different Dos Attacks on Wireless Network

Wireless technologies like Wireless LAN (WLAN) 802.11 picking up ubiquity in all associations, undertakings and colleges because of its profitability, cost sparing when contrasted with wired system and usability by enabling the system clients to move physically while keeping up an association with the wireless system. Wireless systems are main stream among the Laptop client group today in light of the portability and usability. Individuals working through remote association must know about the surroundings because of the different sorts of assaults made by the interlopers. Remote systems are extremely defenseless against (Denial of Service) DoS attacks. DoS attacks are an endeavor to make a machine or system asset inaccessible to its clients. It can happen in numerous layers of OSI demonstrate and can happen in different frame Network clients can ensure their frameworks with Wi-Fi Protected Access (WPA) security conventions and Wired Equivalent Privacy (WEP), however DoS attack still can't be averted utilizing these conventions. These attacks bring about debasement of the system quality or finish loss of accessibility of the system inside the association. This survey paper makes a review on various kinds of DoS attacks and their countermeasures on the framework systems which depend on the Access Points (AP). The fundamental assaults called Deauthentication and Disassociation Flooding. DoS assaults are considered there avoidance/discovery arrangements. Keywords- Access Points, DoS, Wireless Security, 802.11, Disassociation, Deauthentication, Flooding attack

Detection of selfish manipulation of carrier sensing in 802.11 networks

Recently, tuning the clear channel assessment (CCA) threshold in conjunction with power control has been considered for improving the performance of WLANs. However, we show that, CCA tuning can be exploited by selfish nodes to obtain an unfair share of the available bandwidth. Specifically, a selfish entity can manipulate the CCA threshold to ignore ongoing transmissions; this increases the probability of accessing the medium and provides the entity a higher, unfair share of the bandwidth. We experiment on our 802.11 testbed to characterize the effects of CCA tuning on both isolated links and in 802.11 WLAN configurations. We focus on AP-client(s) configurations, proposing a novel approach to detect this misbehavior. A misbehaving client is unlikely to recognize low power receptions as legitimate packets; by intelligently sending low power probe messages, an AP can efficiently detect a misbehaving node. Our key contributions are: 1) We are the first to quantify the impact of selfish CCA tuning via extensive experimentation on various 802.11 configurations. 2) We propose a lightweight scheme for detecting selfish nodes that inappropriately increase their CCAs. 3) We extensively evaluate our system on our testbed; its accuracy is 95 percent while the false positive rate is less than 5 percent. © 2012 IEEE

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Applying Machine Learning to Advance Cyber Security: Network Based Intrusion Detection Systems

Many new devices, such as phones and tablets as well as traditional computer systems, rely on wireless connections to the Internet and are susceptible to attacks. Two important types of attacks are the use of malware and exploiting Internet protocol vulnerabilities in devices and network systems. These attacks form a threat on many levels and therefore any approach to dealing with these nefarious attacks will take several methods to counter. In this research, we utilize machine learning to detect and classify malware, visualize, detect and classify worms, as well as detect deauthentication attacks, a form of Denial of Service (DoS). This work also includes two prevention mechanisms for DoS attacks, namely a one- time password (OTP) and through the use of machine learning. Furthermore, we focus on an exploit of the widely used IEEE 802.11 protocol for wireless local area networks (WLANs). The work proposed here presents a threefold approach for intrusion detection to remedy the effects of malware and an Internet protocol exploit employing machine learning as a primary tool. We conclude with a comparison of dimensionality reduction methods to a deep learning classifier to demonstrate the effectiveness of these methods without compromising the accuracy of classification

The Mason Test: A Defense Against Sybil Attacks in Wireless Networks Without Trusted Authorities

Wireless networks are vulnerable to Sybil attacks, in which a malicious node poses as many identities in order to gain disproportionate influence. Many defenses based on spatial variability of wireless channels exist, but depend either on detailed, multi-tap channel estimation - something not exposed on commodity 802.11 devices - or valid RSSI observations from multiple trusted sources, e.g., corporate access points - something not directly available in ad hoc and delay-tolerant networks with potentially malicious neighbors. We extend these techniques to be practical for wireless ad hoc networks of commodity 802.11 devices. Specifically, we propose two efficient methods for separating the valid RSSI observations of behaving nodes from those falsified by malicious participants. Further, we note that prior signalprint methods are easily defeated by mobile attackers and develop an appropriate challenge-response defense. Finally, we present the Mason test, the first implementation of these techniques for ad hoc and delay-tolerant networks of commodity 802.11 devices. We illustrate its performance in several real-world scenarios

A novel cheater and jammer detection scheme for IEEE 802.11-based wireless LANs

The proliferation of IEEE 802.11 networks has made them an easy and attractive target for malicious devices/adversaries which intend to misuse the available network. In this paper, we introduce a novel malicious entity detection method for IEEE 802.11 networks. We propose a new metric, the Beacon Access Time (BAT), which is employed in the detection process and inherits its characteristics from the fact that beacon frames are always given preference in IEEE 802.11 networks. An analytical model to define the aforementioned metric is presented and evaluated with experiments and simulations. Furthermore, we evaluate the adversary detection capabilities of our scheme by means of simulations and experiments over a real testbed. The simulation and experimental results indicate consistency and both are found to follow the trends indicated in the analytical model. Measurement results indicate that our scheme is able to correctly detect a malicious entity at a distance of, at least, 120 m. Analytical, simulation and experimental results signify the validity of our scheme and highlight the fact that our scheme is both efficient and successful in detecting an adversary (either a jammer or a cheating device). As a proof of concept, we developed an application that when deployed at the IEEE 802.11 Access Point, is able to effectively detect an adversary. (C) 2015 Elsevier B.V. All rights reserved.Postprint (author's final draft

Wireless local area network management frame denial- of-service attack detection and mitigation schemes

Wireless Local Area Networks (WLAN) are increasingly deployed and in widespread use worldwide due to its convenience and low cost. However, due to the broadcasting and the shared nature of the wireless medium, WLANs are vulnerable to a myriad of attacks. Although there have been concerted efforts to improve the security of wireless networks over the past years, some attacks remain inevitable. Attackers are capable of sending fake de-authentication or disassociation frames to terminate the session of active users; thereby leading to denial of service, stolen passwords, or leakage of sensitive information amongst many other cybercrimes. The detection of such attacks is crucial in today's critical applications. Many security mechanisms have been proposed to effectively detect these issues, however, they have been found to suffer limitations which have resulted in several potential areas of research. This thesis aims to address the detection of resource exhaustion and masquerading DoS attacks problems, and to construct several schemes that are capable of distinguishing between benign and fake management frames through the identification of normal behavior of the wireless stations before sending any authentication and de-authentication frames. Thus, this thesis proposed three schemes for the detection of resource exhaustion and masquerading DoS attacks. The first scheme was a resource exhaustion DoS attacks detection scheme, while the second was a de- authentication and disassociation detection scheme. The third scheme was to improve the detection rate of the de-authentication and disassociation detection scheme using feature derived from an unsupervised method for an increased detection rate. The effectiveness of the performance of the proposed schemes was measured in terms of detection accuracy under sophisticated attack scenarios. Similarly, the efficiency of the proposed schemes was measured in terms of preserving the resources of the access point such as memory consumptions and processing time. The validation and analysis were done through experimentation, and the results showed that the schemes have the ability to protect wireless infrastructure networks against denial of service attacks

Using metrics from multiple layers to detect attacks in wireless networks

The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack