A framework for signal strength based intrusion detection system for link layer attacks in wireless network

Posted on:2009-08-21

Degree:M.Sc

Type:Thesis

University:Carleton University (Canada)

Candidate:Li, Chen Guang

Full Text:PDF

GTID:2448390002995666

Subject:Computer Science

Abstract/Summary:

Although a wireless local area network is claimed to be as secure as a wired network after the deployment of the WiFi protected access (WPA) protocol, because of unprotected medium access control (MAC) management messages, a WiFi network is vulnerable to low-layer attacks, such as MAC address spoofing, session hijacking, rogue access point (AP) and various lower-layer denial-of-service (DoS) attacks. Since it is proved that the received signal strength (RSS) value of a received packet is strongly related to the physical location of a sender, we designed a RSS-based network intrusion detection system (NIDS) framework for MAC layer attack detection. The fact is that most attacks that exploit MAC layer vulnerabilities can be detected by comparing the location of an attacker with the location of victim nodes. The core of the NIDS framework is a RSS-based localization model. The model is based on the quadratic discriminant analysis (QDA) data mining algorithm. The choice of the QDA algorithm is based on the analysis of a simulation of three data mining algorithms, which are linear discriminant analysis (LDA), QDA, and classification tree.; To solve the relative high error of the RSS-based localization model, which is also the problem of RSS-based localization methods in other researches, we designed an enhancement method based on signalprints. For a network where the separation distance of any neighboring node is larger than 2.4 meters, the enhanced localization model can distinguish each node with nearly zero error.; Our RSS-based NIDS focuses on MAC address spoofing attacks. The detection of MAC spoofing attacks is very important since it protects the network from the further identity-based attacks and MAC layer DoS attacks. The localization capability also can be utilized to take effective action after attacks. For the detection of MAC address spoofing, our simulation shows that the NIDS achieves 99.2 percent true positive rate (TPR), and 0.4 percent false positive rate (FPR) when the separation distance of any neighboring node is larger than 2.4 meters.

Keywords/Search Tags:

Network, Attacks, MAC address spoofing, Detection, Framework, NIDS

Related items

1	A novel intrusion detection system for detection of MAC address spoofing in wireless networks
2	The Research Of Defensive Mechanisms Based On ARP Spoofing Attacks
3	Research On Face Anti-spoofing Detection For Photo And Video Playback Attacks
4	Research And Implementation Of State Machine Based Inter-AS Anti-spoofing
5	Using Deep Learning Networks For Face Spoofing Detection Against Two Types Of Attacks
6	The Implementation And Research Of Internet Spoofing Attacks And Prevention
7	The Design Of Security Architecture Of Campus Network To Insure The Real Address In IPv6 Environment
8	Research And Implementation On NIDS Improvement
9	Research Of Defending ARP Spoofing Attacks Based On Winpcap
10	Research On Security-enhanced Techniques For6to4and ISATAP Tunnel In IPv6