The Research Of Wireless Network Intrusion Detection Technology Based On Hidden Markov Protocol Analysis

The exponential growth in the deployment of IEEE802.11-based wireless LAN(WLAN) in enterprises and homes makes WLAN an attractive target for attackers.Attacks that exploit vulnerabilities at the IP layer or above can be readily addressed byintrusion detection systems designed for wired networks. However, attacks exploitinglink-layer protocol vulnerabilities require a different set of intrusion detectionmechanism. Most link-layer attacks in WLANs are denial of service attacks and workby spoofing either access points (APs) or wireless stations. Spoofing is possible becausethe IEEE802.11standard does not provide per-frame source authentication, but can beeffectively prevented if a proper authentication is added into the standard. Unfortunately,it is unlikely that commercial WLANs will support link-layer source authentication thatcovers both management and control frames in the near future. Even if it is available innext-generation WLANs equipments, it cannot protect the large installed base of legacyWLAN devices.This paper proposes an algorithm using Hidden Markov to detect attack byleveraging the specific field in the link-layer header of IEEE802.11frames, anddemonstrates how it can detect various attack without modifying the Aps or wirelessstations. This paper firstly analyses the wireless network security vulnerabilities andthreats, The corresponding intrusion detection model is then established according tothe analyses of MAC layer protocol in the wireless network, The performance of theintrusion detection model is tested by the actual intrusion data afterward. Aiming atpractical problems that exist in the process of model establishing, training and detection,a reasonable solution is given. At last we have built the distributed intrusion detectionsystem for wireless network environment.and realized the intrusion detection functionbased on hidden markov model on the ARM embedded platform.The main work andcontributions of this paper is as follows:(1)The observation value is very difficult to determine during the establishment ofthe intrusion detection model, in order to solve this problem, this paper use wirelessnetwork packet of MAC layer as the observation objects, according to different security vulnerabilities in the MAC layer header, different handling models are built in thispaper. Including the FRC-HMM model, DUI-HMM model and the SEC-HMM model.(2) The wireless network intrusion detection model of anomaly detection usinghidden markov is set up, this is composed of packets capturing, protocol analysis,pre-processing and training process using hidden markov.(3) According to distributed characteristics of wireless network, In this article wedesign the Measure, Analyze and Protect (MAP) system for monitoring and analyzingwireless traffic and solve the problem of incomplete data capture and the redundancy ofnetwork data.(4) The wireless network intrusion detection experimental platform is then built tosimulate the actual wireless network attacks and the detection performance of thismodel is then tested, the results is presented and analyzed.