4 research outputs found
Using metrics from multiple layers to detect attacks in wireless networks
The IEEE 802.11 networks are vulnerable to numerous wireless-specific attacks. Attackers can implement MAC address spoofing techniques to launch these attacks, while masquerading themselves behind a false MAC address. The implementation of Intrusion Detection Systems has become fundamental in the development of security infrastructures for wireless networks. This thesis proposes the designing a novel security system that makes use of metrics from multiple layers of observation to produce a collective decision on whether an attack is taking place.
The Dempster-Shafer Theory of Evidence is the data fusion technique used to combine the evidences from the different layers. A novel, unsupervised and self- adaptive Basic Probability Assignment (BPA) approach able to automatically adapt its beliefs assignment to the current characteristics of the wireless network is proposed. This BPA approach is composed of three different and independent statistical techniques, which are capable to identify the presence of attacks in real time. Despite the lightweight processing requirements, the proposed security system produces outstanding detection results, generating high intrusion detection accuracy and very low number of false alarms. A thorough description of the generated results, for all the considered datasets is presented in this thesis. The effectiveness of the proposed system is evaluated using different types of injection attacks. Regarding one of these attacks, to the best of the author knowledge, the security system presented in this thesis is the first one able to efficiently identify the Airpwn attack
Multi-stage attack detection using contextual information
The appearance of new forms of cyber-threats, such as Multi-Stage Attacks (MSAs), creates new challenges to which Intrusion Detection Systems (IDSs) need to adapt. An MSA is launched in multiple sequential stages, which may not be malicious when implemented individually, making the detection of MSAs extremely challenging for most current IDSs. In this paper, we present a novel IDS that exploits
contextual information in the form of Pattern-of-Life (PoL), and information related to expert judgment on the network
behaviour. This IDS focuses on detecting an MSA, in real-time, without previous training process. The main goal of the MSA
is to create a Point of Entry (PoE) to a target machine, which could be used as part of an APT like attack. Our results verify that the use of contextual information improves the efficiency of our IDS by enhancing the detection rate of MSAs
in real-time by 58%
A basic probability assignment methodology for unsupervised wireless intrusion detection
The broadcast nature of Wireless Local Area Networks (WLANs) has made them prone to several types of wireless injection attacks, such as Man-in-the-Middle (MitM) at the physical layer, deauthentication and rogue access point attacks. The implementation of novel Intrusion Detection Systems (IDSs) is fundamental to provide stronger protection against these wireless injection attacks. Because most attacks manifest themselves through different metrics, current IDSs should leverage a cross-layer approach
to help towards improving the detection accuracy. The data fusion technique based on Dempster-Shafer (D-S) theory has been proven to be an efficient data fusion technique to implement the cross-layer metric approach. However, the dynamic generation of the Basic Probability Assignment (BPA) values used by
D-S is still an open research problem. In this paper, we propose a novel unsupervised methodology to dynamically generate the BPA values, based on both the Gaussian and exponential probability density functions (pdf), the categorical probability mass function (pmf), and the local reachability density (lrd). Then, D-S is used to fuse the BPA values to classify whether the Wi-Fi frame is normal (i.e. non-malicious) or malicious. The proposed methodology provides 100% True Positive Rate (TPR) and 4.23% False Positive Rate (FPR) for the MitM attack, and 100% TPR and 2.44% FPR for the deauthentication attack, which confirm the efficiency of the dynamic BPA generation methodology
An on-line wireless attack detection system using multi-layer data fusion
Computer networks and more specifically wireless
communication networks are increasingly becoming susceptible
to more sophisticated and untraceable attacks. Most of the current
Intrusion Detection Systems either focus on just one layer of
observation or use a limited number of metrics without proper
data fusion techniques. However, the true status of a network is
rarely accurately detectable by examining only one network
layer. This paper describes a synergistic approach of fusing decisions
of whether an attack takes place by using multiple measurements
from different layers of wireless communication networks.
The described method is implemented on a live system
that monitors a wireless network in real time and gives an indication
of whether a malicious frame exists or not. This is achieved
by analysing specific metrics and comparing them
against historical data. The proposed system assigns for each
metric a belief of whether an attack takes place or not. The beliefs
from different metrics are fused with the Dempster-Shafer
technique with the ultimate goal of limiting false alarms by combining
beliefs from various network layers. The on-line experimental
results show that cross-layer techniques and data fusion
perform more efficiently compared to conventional methods