Fusing multi-layer metrics for detecting security attacks in 802.11 networks

Computer networks and more specifically wireless communication networks are increasingly becoming susceptible to more sophisticated and untraceable attacks. Most of the current Intrusion Detection Systems either focus on just one layer of observation or use a limited number of metrics without proper data fusion techniques. However, the true status of a network, is rarely accurately detectable by examining only one network layer or metric. Ideally, a synergistic approach would require knowledge from various layers to be fused and, collectively, an ultimate decision to be taken. To this aim, the Dempster-Shafer (D-S) approach is examined as a data fusion algorithm that combines beliefs of multiple metrics across multiple layers. This paper describes the methodology of using metrics from multiple layers of wireless communication networks for detecting wireless security breaches. The metrics are analysed and compared to historical data and each gives a belief of whether an attack takes place or not. The beliefs from different metrics are fused with the D-S technique with the ultimate goal of limiting false alarms by combining beliefs from various network layers. The results show that cross-layer techniques and data fusion perform more efficiently in a variety of situations compared to conventional methods

Detecting misbehaviour in WiFi using multi-layer metric data fusion

One of the main problems in open wireless networks is the inability of authenticating the identity of a wireless client or Access Point (AP). This issue is a concern because, a malicious entity could masquerade as the legal AP and entice a wireless client to establish a connection with a Rogue AP. Previous work by the authors has developed the algorithms used in this work but, in contrast to prior work, there was no analysis or experimentation with Rogue AP attacks. Our purpose in this work is to detect injection type of Rogue AP activity by identifying whether a frame is genuinely transmitted by the legal AP or not. To this end, an identity profile for the legal AP is built by fusing multi-layer metrics, using the Dempster-Shafer algorithm. The results show high detection results with low false alarms for detecting Rogue AP attacks without requiring configuration from an administrator. © 2013 IEEE

Fusing multi-layer metrics for detecting security attacks in 802.11 networks

Computer networks and more specifically wireless communication networks are increasingly becoming susceptible to more sophisticated and untraceable attacks. Most of the current Intrusion Detection Systems either focus on just one layer of observation or use a limited number of metrics without proper data fusion techniques. However, the true status of a network, is rarely accurately detectable by examining only one network layer or metric. Ideally, a synergistic approach would require knowledge from various layers to be fused and, collectively, an ultimate decision to be taken. To this aim, the Dempster-Shafer (D-S) approach is examined as a data fusion algorithm that combines beliefs of multiple metrics across multiple layers. This paper describes the methodology of using metrics from multiple layers of wireless communication networks for detecting wireless security breaches. The metrics are analysed and compared to historical data and each gives a belief of whether an attack takes place or not. The beliefs from different metrics are fused with the D-S technique with the ultimate goal of limiting false alarms by combining beliefs from various network layers. The results show that cross-layer techniques and data fusion perform more efficiently in a variety of situations compared to conventional methods

Using metrics from multiple layers to detect attacks in wireless networks

The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place. The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack