Performance analysis of wireless intrusion detection systems

Wireless intrusion detection system (WIDS) has become a matter of increasing concern in recent years as a crucial element in wireless network security. WIDS monitors 802.11 traffic to identify the intrusive activities, and then alerts the complementary prevention part to combat the attacks. Selecting a reliable WIDS system necessitates inevitably taking into account a credible evaluation of WIDSs performance. WIDS effectiveness is considered the basic factor in evaluating the WIDS performance, thus it receives great attention in this thesis. Most previous experimental evaluations of intrusion detection systems (IDSs) were concerned with the wired IDSs, with an apparent lack of evaluating the wireless IDSs (WIDSs). In this thesis, we try to manipulate three main critiques of most pervious evaluations; lack of comprehensive evaluation methodology, holistic attack classification, and expressive evaluation metrics. In this thesis, we introduce a comprehensive evaluation methodology that covers all the essential dimensions for a credible evaluation of WIDSs performance. The main pivotal dimensions in our methodology are characterizing and generating the evaluation dataset, defining reliable and expressive evaluation metrics, and overcoming the evaluation limitations. Basically, evaluation dataset consists of two main parts; normal traffic (as a background) and malicious traffic. The background traffic, which comprises normal and benign activities in the absence of attacks, was generated in our experimental evaluation tests as real controlled traffic. The second and important part of the dataset is the malicious traffic which is composed of intrusive activities. Comprehensive and credible evaluation of WIDSs necessitates taking into account all possible attacks. While this is operationally impossible, it is necessary to select representative attack test cases that are extracted mainly from a comprehensive classification of wireless attacks. Dealing with this challenge, we have developed a holistic taxonomy of wireless security attacks from the perspective of the WIDS evaluator. The second pivotal dimension in our methodology is defining reliable evaluation metrics. We introduce a new evaluation metric EID (intrusion detection effectiveness) that manipulates the drawbacks of the previously proposed metrics, especially the common drawback of their main notion that leads to measuring a relative effectiveness. The notion of our developed metric EID helps in measuring the actual effectiveness. We also introduce another metric RR (attack recognition rate) to evaluate the ability of WIDS to recognize the attack type. The third important dimension in our methodology is overcoming the evaluation limitations. The great challenge that we have faced in the experimental evaluation of WIDSs is the uncontrolled traffic over the open wireless medium. This uncontrolled traffic affects the accuracy of the measurements. We overcame this problem by constructing an RF shielded testbed to take all the measurements under our control without any interfering from any adjacent stations. Finally, we followed our methodology and conducted experimental evaluation tests of two popular WIDSs (Kismet and AirSnare), and demonstrated the utility of our proposed solutions

A Prototype for Intrusion Detection in Wireless Sensor Networks Using Data Mining Methods

The Wireless Sensor Networks (WSNs) are highly distributed networks of tiny, light-weight wireless nodes, placed in large numbers to monitor the environment or system. Monitoring the system includes the measurement of physical parameters such as pressure, temperature, relative humidity and passing their data to the main node (sink). WSN faces various security attacks which can affect the overall performance and security of the system. So, it is necessary to detect and prevent the attacks on WSN. Intrusion Detection is one of the major and efficient method against attacks. Intrusion Detection Systems can act as a second line of defence and it provides security primitives to prevent attacks against computer networks. This paper focuses on a hybrid approach for intrusion detection system (IDS) based on data mining techniques. The approach is clustering analysis with the aim to improve the detection rate and decrease the false alarm rate

Deep Predictive Coding Neural Network for RF Anomaly Detection in Wireless Networks

Intrusion detection has become one of the most critical tasks in a wireless network to prevent service outages that can take long to fix. The sheer variety of anomalous events necessitates adopting cognitive anomaly detection methods instead of the traditional signature-based detection techniques. This paper proposes an anomaly detection methodology for wireless systems that is based on monitoring and analyzing radio frequency (RF) spectrum activities. Our detection technique leverages an existing solution for the video prediction problem, and uses it on image sequences generated from monitoring the wireless spectrum. The deep predictive coding network is trained with images corresponding to the normal behavior of the system, and whenever there is an anomaly, its detection is triggered by the deviation between the actual and predicted behavior. For our analysis, we use the images generated from the time-frequency spectrograms and spectral correlation functions of the received RF signal. We test our technique on a dataset which contains anomalies such as jamming, chirping of transmitters, spectrum hijacking, and node failure, and evaluate its performance using standard classifier metrics: detection ratio, and false alarm rate. Simulation results demonstrate that the proposed methodology effectively detects many unforeseen anomalous events in real time. We discuss the applications, which encompass industrial IoT, autonomous vehicle control and mission-critical communications services.Comment: 7 pages, 7 figures, Communications Workshop ICC'1

Secured node detection technique based on artificial neural network for wireless sensor network

The wireless sensor network is becoming the most popular network in the last recent years as it can measure the environmental conditions and send them to process purposes. Many vital challenges face the deployment of WSNs such as energy consumption and security issues. Various attacks could be subjects against WSNs and cause damage either in the stability of communication or in the destruction of the sensitive data. Thus, the demands of intrusion detection-based energy-efficient techniques rise dramatically as the network deployment becomes vast and complicated. Qualnet simulation is used to measure the performance of the networks. This paper aims to optimize the energy-based intrusion detection technique using the artificial neural network by using MATLAB Simulink. The results show how the optimized method based on the biological nervous systems improves intrusion detection in WSN. In addition to that, the unsecured nodes are affected the network performance negatively and trouble its behavior. The regress analysis for both methods detects the variations when all nodes are secured and when some are unsecured. Thus, Node detection based on packet delivery ratio and energy consumption could efficiently be implemented in an artificial neural network

Security Overview of Wireless Sensor Network

[EN] There are several types of security threats that can give rise to vulnerability issues and performance degradation for the Wireless Sensor Network (WSN). The existing protocols that incorporate security features for authentication, key management, and secure routing, have not able to protect the WSN, effectively but a new Intrusion Detection System (IDS) can overcome these problems. The IDS collects data for analysis in order to identify any abnormal behaviour at the sensor nodes, which if present, could indicate an attack on the network. Many different intrusion detection systems for wireless sensor networks have been proposed in the past years. This paper focuses on the security requirements, layering-based attacks, and intrusion detection in WSN.This work was supported in part by the University of Malaya, Kuala Lumpur Malaysia under UMRG Grant (RG080/11ICT).Modares, H.; Moravejosharieh, A.; Salleh, R.; Lloret, J. (2013). Security Overview of Wireless Sensor Network. Life Science Journal. 10(2):1627-1632. http://hdl.handle.net/10251/46745S1627163210