A Performance Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network

Wireless Intrusion Detection System (IDS) performance metrics are used to measure the ability of a wireless IDS to perform a particular task and to fit within the performance constraints. These metrics measure and evaluate the parameters that impact the performance of a wireless IDS. Wireless IDS analyze wireless specific traffic including scanning for external users trying to connect to the network through access points and play important role in security to the wireless network. Design of wireless IDS is a difficult task as wireless technology is advancing every day, performance metrics can play an important role in the design of efficient wireless IDS by measuring the factors concern with the performance of a wireless IDS. In this paper we provide a performance metrics scorecard based approach to evaluate intrusion detection systems that are currently popular for wireless networks in the commercial sector. We provide a set of performance metrics that are relevant to wireless IDS and use a 201C;scorecard201D; containing the set of values as the centerpiece of testing and evaluating a wireless IDS. Evaluation of a wireless IDS is done by assigning score to various performance metrics concern with wireless IDS. We apply our performance metrics scorecard evaluation based approach to three popular wireless IDS Snort-wireless, AirDefense Guard, and Kismet. Finally we discuss the results and the opportunities for further work in this area

DNA-based client puzzle for WLAN association protocol against connection request flooding

In recent past, Wireless Local Area Network (WLAN) has become more popular because of its flexibility. However, WLANs are subjected to different types of vulnerabilities. To strengthen WLAN security, many high security protocols have been developed. But those solutions are found to be ineffective in preventing Denial of Service (DoS) attacks. A ‘Connection Request Flooding’ DoS (CRF-DoS) attack is launched when an access point (AP) encounters a sudden explosion of connection requests. Among other existing anti CRF-DoS methods, a client puzzle protocol has been noted as a promising and secure potential solution. Nonetheless, so far none of the proposed puzzles satisfy the security requirement of resource-limited and highly heterogeneous WLANs. The CPU disparity, imposing unbearable loads on legitimate users, inefficient puzzle generation and verification algorithms; the susceptibility of puzzle to secondary attacks on legitimate users by embedding fake puzzle parameters; and a notable delay in modifying the puzzle difficulty – these are some drawbacks of currently existing puzzles. To deal with such problems, a secure model of puzzle based on DNA and queuing theory is proposed, which eliminates the above defects while satisfying the Chen puzzle security model. The proposed puzzle (OROD puzzle) is a multifaceted technology that incorporates five main components include DoS detector, queue manager, puzzle generation, puzzle verification, and puzzle solver. To test and evaluate the security and performance, OROD puzzle is developed and implemented in real-world environment. The experimental results showed that the solution verification time of OROD puzzle is up to 289, 160, 9, 3.2, and 2.3 times faster than the Karame-Capkun puzzle, the Rivest time-lock puzzle, the Rangasamy puzzle, the Kuppusamy DLPuz puzzle, and Chen's efficient hash-based puzzle respectively. The results also showed a substantial reduction in puzzle generation time, making the OROD puzzle from 3.7 to 24 times faster than the above puzzles. Moreover, by asking to solve an easy and cost-effective puzzle in OROD puzzle, legitimate users do not suffer from resource exhaustion during puzzle solving, even when under severe DoS attack (high puzzle difficulty)