5 research outputs found
Fusing multi-layer metrics for detecting security attacks in 802.11 networks
Computer networks and more specifically wireless
communication networks are increasingly becoming susceptible
to more sophisticated and untraceable attacks. Most of the
current Intrusion Detection Systems either focus on just one layer
of observation or use a limited number of metrics without proper
data fusion techniques. However, the true status of a network,
is rarely accurately detectable by examining only one network
layer or metric. Ideally, a synergistic approach would require
knowledge from various layers to be fused and, collectively, an
ultimate decision to be taken. To this aim, the Dempster-Shafer
(D-S) approach is examined as a data fusion algorithm that
combines beliefs of multiple metrics across multiple layers.
This paper describes the methodology of using metrics from
multiple layers of wireless communication networks for detecting
wireless security breaches. The metrics are analysed and compared
to historical data and each gives a belief of whether an
attack takes place or not. The beliefs from different metrics are
fused with the D-S technique with the ultimate goal of limiting
false alarms by combining beliefs from various network layers.
The results show that cross-layer techniques and data fusion
perform more efficiently in a variety of situations compared to
conventional methods
Detecting misbehaviour in WiFi using multi-layer metric data fusion
One of the main problems in open wireless networks is the inability of authenticating the identity of a wireless client or Access Point (AP). This issue is a concern because, a malicious entity could masquerade as the legal AP and entice a wireless client to establish a connection with a Rogue AP. Previous work by the authors has developed the algorithms used in this work but, in contrast to prior work, there was no analysis or experimentation with Rogue AP attacks. Our purpose in this work is to detect injection type of Rogue AP activity by identifying whether a frame is genuinely transmitted by the legal AP or not. To this end, an identity profile for the legal AP is built by fusing multi-layer metrics, using the Dempster-Shafer algorithm. The results show high detection results with low false alarms for detecting Rogue AP attacks without requiring configuration from an administrator. © 2013 IEEE
Fusing multi-layer metrics for detecting security attacks in 802.11 networks
Computer networks and more specifically wireless
communication networks are increasingly becoming susceptible
to more sophisticated and untraceable attacks. Most of the
current Intrusion Detection Systems either focus on just one layer
of observation or use a limited number of metrics without proper
data fusion techniques. However, the true status of a network,
is rarely accurately detectable by examining only one network
layer or metric. Ideally, a synergistic approach would require
knowledge from various layers to be fused and, collectively, an
ultimate decision to be taken. To this aim, the Dempster-Shafer
(D-S) approach is examined as a data fusion algorithm that
combines beliefs of multiple metrics across multiple layers.
This paper describes the methodology of using metrics from
multiple layers of wireless communication networks for detecting
wireless security breaches. The metrics are analysed and compared
to historical data and each gives a belief of whether an
attack takes place or not. The beliefs from different metrics are
fused with the D-S technique with the ultimate goal of limiting
false alarms by combining beliefs from various network layers.
The results show that cross-layer techniques and data fusion
perform more efficiently in a variety of situations compared to
conventional methods
Using metrics from multiple layers to detect attacks in wireless networks
The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place.
The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack