Anomaly-based behavior analysis of wireless network security

Samer Fayssal, Salim Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

24 Scopus citations

Abstract

The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.

Original languageEnglish (US)
Title of host publicationProceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems
Subtitle of host publicationComputing, Networking and Services, MobiQuitous 2007
DOIs
StatePublished - Dec 1 2007
Event4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007 - Philadelphia, PA, United States
Duration: Aug 6 2007Aug 10 2007

Publication series

NameProceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007

Other

Other4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007
CountryUnited States
CityPhiladelphia, PA
Period8/6/078/10/07

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Fingerprint Dive into the research topics of 'Anomaly-based behavior analysis of wireless network security'. Together they form a unique fingerprint.

Cite this