Intelligent Detection of MAC Spoofing Attack in 802.11 Network

In 802.11, all devices are uniquely identified by a Media Access Control (MAC) address. However, legitimate MAC addresses can be easily spoofed to launch various forms of attacks, such as Denial of Service attacks. Impersonating the MAC address of a legitimate user poses a big challenge for cyber crime investigators. Indeed, MAC spoofing makes the task of identifying the source of the attack very diffi- cult. Sequence number analysis is a common technique used to detect MAC spoofing attack. Existing solutions relying on sequence number analysis, adopt a threshold-based approach where the gap between consecutive sequence numbers is compared to a threshold to decide the presence of a MAC spoofing attack. Nevertheless, threshold-based approach may lead to a high rate of false alerts due to lost or duplicated frames. To overcome the limitations of threshold-based approach, this paper proposes a detection method that relies on a machine learning approach, namely Artificial Neural Network (ANN). ANNs provide the potential to identify and classify network behavior from limited, noisy, incomplete and nonlinear data sources. The experimentation results showed the effectiveness of the proposed detection technique. Moreover, we proposed a user-friendly graphical representation of information to support the interpretation of quantitative results

Wireless local area network management frame denial- of-service attack detection and mitigation schemes

Wireless Local Area Networks (WLAN) are increasingly deployed and in widespread use worldwide due to its convenience and low cost. However, due to the broadcasting and the shared nature of the wireless medium, WLANs are vulnerable to a myriad of attacks. Although there have been concerted efforts to improve the security of wireless networks over the past years, some attacks remain inevitable. Attackers are capable of sending fake de-authentication or disassociation frames to terminate the session of active users; thereby leading to denial of service, stolen passwords, or leakage of sensitive information amongst many other cybercrimes. The detection of such attacks is crucial in today's critical applications. Many security mechanisms have been proposed to effectively detect these issues, however, they have been found to suffer limitations which have resulted in several potential areas of research. This thesis aims to address the detection of resource exhaustion and masquerading DoS attacks problems, and to construct several schemes that are capable of distinguishing between benign and fake management frames through the identification of normal behavior of the wireless stations before sending any authentication and de-authentication frames. Thus, this thesis proposed three schemes for the detection of resource exhaustion and masquerading DoS attacks. The first scheme was a resource exhaustion DoS attacks detection scheme, while the second was a de- authentication and disassociation detection scheme. The third scheme was to improve the detection rate of the de-authentication and disassociation detection scheme using feature derived from an unsupervised method for an increased detection rate. The effectiveness of the performance of the proposed schemes was measured in terms of detection accuracy under sophisticated attack scenarios. Similarly, the efficiency of the proposed schemes was measured in terms of preserving the resources of the access point such as memory consumptions and processing time. The validation and analysis were done through experimentation, and the results showed that the schemes have the ability to protect wireless infrastructure networks against denial of service attacks