Improved detection of Probe Request Attacks : Using Neural Networks and Genetic Algorithm

The Media Access Control (MAC) layer of the wireless protocol, Institute of Electrical and Electronics Engineers (IEEE) 802.11, is based on the exchange of request and response messages. Probe Request Flooding Attacks (PRFA) are devised based on this design flaw to reduce network performance or prevent legitimate users from accessing network resources. The vulnerability is amplified due to clear beacon, probe request and probe response frames. The research is to detect PRFA of Wireless Local Area Networks (WLAN) using a Supervised Feedforward Neural Network (NN). The NN converged outstandingly with train, valid, test sample percentages 70, 15, 15 and hidden neurons 20. The effectiveness of an Intruder Detection System depends on its prediction accuracy. This paper presents optimisation of the NN using Genetic Algorithms (GA). GAs sought to maximise the performance of the model based on Linear Regression (R) and generated R > 0.95. Novelty of this research lies in the fact that the NN accepts user and attacker training data captured separately. Hence, security administrators do not have to perform the painstaking task of manually identifying individual frames for labelling prior training. The GA provides a reliable NN model and recognises the behaviour of the NN for diverse configurations

Enhancing WPA2-PSK four-way handshaking after re-authentication to deal with de-authentication followed by brute-force attack a novel re-authentication protocol

The nature of wireless network transmission and the emerging attacks are continuously creating or exploiting more vulnerabilities. Despite the fact that the security mechanisms and protocols are constantly upgraded and enhanced, the Small Office/Home Office (SOHO) environments that cannot afford a separate authentication system, and generally adopt the IEEE 802.11 Wi-Fi-Protected-Access-2/Pre-Shared-Key (WPA2-PSK) are still exposed to some attack categories such as de-authentication attacks that aim to push wireless client to re-authenticate to the Access Point (AP) and try to capture the keys exchanged during the handshake to compromise the network security. This kind of attack is impossible to detect or prevent in spite of having an Intrusion Detection and Prevention System (IDPS) installed on the client or on the AP, especially when the attack is not repetitive and is targeting only one client. This paper proposes a novel method which can mitigate and eliminate the risk of exposing the PSK to be captured during the re-authentication process by introducing a novel re-authentication protocol relying on an enhanced four-way handshake which does not require any hardware upgrade or heavy-weight cryptography affecting the network flexibility and performances

Identification of probe request attacks in WLANs using neural networks

Any sniffer can see the information sent through unprotected ‘probe request messages’ and ‘probe response messages’ in wireless local area networks (WLAN). A station (STA) can send probe requests to trigger probe responses by simply spoofing a genuine media access control (MAC) address to deceive access point (AP) controlled access list. Adversaries exploit these weaknesses to flood APs with probe requests, which can generate a denial of service (DoS) to genuine STAs. The research examines traffic of a WLAN using supervised feed-forward neural network classifier to identify genuine frames from rogue frames. The novel feature of this approach is to capture the genuine user and attacker training data separately and label them prior to training without network administrator’s intervention. The model’s performance is validated using self-consistency and fivefold cross-validation tests. The simulation is comprehensive and takes into account the real-world environment. The results show that this approach detects probe request attacks extremely well. This solution also detects an attack during an early stage of the communication, so that it can prevent any other attacks when an adversary contemplates to start breaking into the network

Probe request attack detection in wireless LANs using intelligent techniques

This work demonstrates a new intelligent approach to recognise probe request attacks in Wireless Local Area Networks (WLAN). In WLANs, management frames facilitate wireless stations (STA) to establish and maintain communications. In infrastructure WLANs, any mobile STA can send a probe request management frame when it needs information from an Access Point CAP). AP replies to any probe request from a STA with a known Medium Access Control (MAC) address, with a probe response management frame with capability information, and supported data rates. The next step is to establish its identity with the AP through authentication messages. Once authentication is completed, STAs can associate (register) with the AP to gain full access to the network. Probe request and response management frames are unprotected, so the information is visible to sniffers. MAC addresses can be easily spoofed to bypass AP access lists. Probe requests can be sent by anyone with a legitimate MAC address, as association to the network is not required at this stage. Attackers take advantage of these vulnerabilities and send a flood of probe request frames that can lead to a Denial-of-Service (DoS) to legitimate STAs. The research investigates and analyses delta-time, sequence number, Signal Strength Indicator (SSI), and frame sub-type of traffic captured on a home WLAN, and uses a feed forward supervised Neural Network (NN) sensor/classifier, with four input neurons, a single hidden layer, and an output neuron, to determine the results. The research also utilises self-consistency test to measure the fitness of the data in the sensor/classifier, and 5-fold cross-validation method to evaluate the sensor/classifier with unseen data. Five Genetic Algorithms (GA) are utilised to optimise the NN using training, validation, and testing sample percentages and number of neurons of the hidden layer. The most optimised NN classifier, with training, validation and test, and sample sizes 40%, 59%, 1 %, and hidden neurons 29, produced 100% accuracy on a test sample.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Probe request attack detection in wireless LANs using intelligent techniques

This work demonstrates a new intelligent approach to recognise probe request attacks in Wireless Local Area Networks (WLAN). In WLANs, management frames facilitate wireless stations (STA) to establish and maintain communications. In infrastructure WLANs, any mobile STA can send a probe request management frame when it needs information from an Access Point CAP). AP replies to any probe request from a STA with a known Medium Access Control (MAC) address, with a probe response management frame with capability information, and supported data rates. The next step is to establish its identity with the AP through authentication messages. Once authentication is completed, STAs can associate (register) with the AP to gain full access to the network. Probe request and response management frames are unprotected, so the information is visible to sniffers. MAC addresses can be easily spoofed to bypass AP access lists. Probe requests can be sent by anyone with a legitimate MAC address, as association to the network is not required at this stage. Attackers take advantage of these vulnerabilities and send a flood of probe request frames that can lead to a Denial-of-Service (DoS) to legitimate STAs. The research investigates and analyses delta-time, sequence number, Signal Strength Indicator (SSI), and frame sub-type of traffic captured on a home WLAN, and uses a feed forward supervised Neural Network (NN) sensor/classifier, with four input neurons, a single hidden layer, and an output neuron, to determine the results. The research also utilises self-consistency test to measure the fitness of the data in the sensor/classifier, and 5-fold cross-validation method to evaluate the sensor/classifier with unseen data. Five Genetic Algorithms (GA) are utilised to optimise the NN using training, validation, and testing sample percentages and number of neurons of the hidden layer. The most optimised NN classifier, with training, validation and test, and sample sizes 40%, 59%, 1 %, and hidden neurons 29, produced 100% accuracy on a test sample.EThOS - Electronic Theses Online ServiceGBUnited Kingdo