2 research outputs found
Intelligent Detection of MAC Spoofing Attack in 802.11 Network
In 802.11, all devices are uniquely identified by a Media
Access Control (MAC) address. However, legitimate MAC
addresses can be easily spoofed to launch various forms of
attacks, such as Denial of Service attacks. Impersonating
the MAC address of a legitimate user poses a big challenge
for cyber crime investigators. Indeed, MAC spoofing makes
the task of identifying the source of the attack very diffi-
cult. Sequence number analysis is a common technique used
to detect MAC spoofing attack. Existing solutions relying
on sequence number analysis, adopt a threshold-based approach
where the gap between consecutive sequence numbers
is compared to a threshold to decide the presence of
a MAC spoofing attack. Nevertheless, threshold-based approach
may lead to a high rate of false alerts due to lost or
duplicated frames.
To overcome the limitations of threshold-based approach,
this paper proposes a detection method that relies on a machine
learning approach, namely Artificial Neural Network
(ANN). ANNs provide the potential to identify and classify
network behavior from limited, noisy, incomplete and nonlinear
data sources. The experimentation results showed
the effectiveness of the proposed detection technique. Moreover,
we proposed a user-friendly graphical representation
of information to support the interpretation of quantitative
results
Wireless local area network management frame denial- of-service attack detection and mitigation schemes
Wireless Local Area Networks (WLAN) are increasingly deployed and in widespread use worldwide due to its convenience and low cost. However, due to the broadcasting and the shared nature of the wireless medium, WLANs are vulnerable to a myriad of attacks. Although there have been concerted efforts to improve the security of wireless networks over the past years, some attacks remain inevitable. Attackers are capable of sending fake de-authentication or disassociation frames to terminate the session of active users; thereby leading to denial of service, stolen passwords, or leakage of sensitive information amongst many other cybercrimes. The detection of such attacks is crucial in today's critical applications. Many security mechanisms have been proposed to effectively detect these issues, however, they have been found to suffer limitations which have resulted in several potential areas of research. This thesis aims to address the detection of resource exhaustion and masquerading DoS attacks problems, and to construct several schemes that are capable of distinguishing between benign and fake management frames through the identification of normal behavior of the wireless stations before sending any authentication and de-authentication frames. Thus, this thesis proposed three schemes for the detection of resource exhaustion and masquerading DoS attacks. The first scheme was a resource exhaustion DoS attacks detection scheme, while the second was a de- authentication and disassociation detection scheme. The third scheme was to improve the detection rate of the de-authentication and disassociation detection scheme using feature derived from an unsupervised method for an increased detection rate. The effectiveness of the performance of the proposed schemes was measured in terms of detection accuracy under sophisticated attack scenarios. Similarly, the efficiency of the proposed schemes was measured in terms of preserving the resources of the access point such as memory consumptions and processing time. The validation and analysis were done through experimentation, and the results showed that the schemes have the ability to protect wireless infrastructure networks against denial of service attacks