Wlan Intrusion Detection And Prevention System Design And Implementation

Wireless LAN(WLAN) using the IEEE 802.11 protocols is gaining popularity in the home and small office market. Howerver, the security of WLAN is always a serious concern. At the very beginning, WLAN security is threatened just by some basic attacks, including network misconfigurations, unauthorized access to network resources and illegal sniffing or eavesdropping via promiscuous mode. As WLAN evolves, more advanced and complicated attacks, such as Man in the Middle attacks, Denial of Service (DoS) attacks or MAC spoofing are emerging. Security becomes the biggest obstacle to prevent WLAN from entering enterprise as well as carrier markets.In this dissertation, IEEE802.11 physical protocols, format of IEEE802.11 frames and typical WLAN topologys are first reviewed, followed by the detail illustration of some widely used security policies such as access control. The two most widely used security methods in WLAN, WEP and 802.1X, are analyzed. The common WLAN intrusion detection methods are summarized. Finally, a WLAN intrusion detection and protection system is proposed. The system that consists of a single control center and several wireless routers is designed to be an embedded artecture. The function of intrusion detection and protection is inherent inside wireless routers. The control center is responsible for providing a centralized platform for controlling wireless routers, configurating intrusion detection parameters, and monitoring the WLAN security in real time through collecting and handling intrusion and misbehavior reported by wireless routers. The wireless router is responsible for capturing and analyzing the IEEE802.11 frame in the air, sending alarms to the control center immediately after detecting unwanted access attempts or abnormal behaviors. Furthermore, the wireless router is responsible for protecting the WLAN from endangering under intrusion or attacks. The proposed system can handle rogue AP, MAC spoofing, Denial of Service(DoS) attacks, wireless interference, misconfigured authorized AP, misbehaved legal station and Ad hoc network.At last, test data is provided to proof the system's efficiency and correctness.