Anomaly-based behavior analysis of wireless network security

Samer Fayssal, Salim A Hariri, Youssif Al-Nashif

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Citations (Scopus)

Abstract

The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.

Original languageEnglish (US)
Title of host publicationProceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007
DOIs
StatePublished - 2007
Event4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007 - Philadelphia, PA, United States
Duration: Aug 6 2007Aug 10 2007

Other

Other4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007
CountryUnited States
CityPhiladelphia, PA
Period8/6/078/10/07

Fingerprint

Network security
Wireless networks
Intrusion detection
Wireless local area networks (WLAN)
Learning systems
Monitoring

ASJC Scopus subject areas

  • Computer Science Applications
  • Electrical and Electronic Engineering

Cite this

Fayssal, S., Hariri, S. A., & Al-Nashif, Y. (2007). Anomaly-based behavior analysis of wireless network security. In Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007 [4451054] https://doi.org/10.1109/MOBIQ.2007.4451054

Anomaly-based behavior analysis of wireless network security. / Fayssal, Samer; Hariri, Salim A; Al-Nashif, Youssif.

Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007. 2007. 4451054.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Fayssal, S, Hariri, SA & Al-Nashif, Y 2007, Anomaly-based behavior analysis of wireless network security. in Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007., 4451054, 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007, Philadelphia, PA, United States, 8/6/07. https://doi.org/10.1109/MOBIQ.2007.4451054
Fayssal S, Hariri SA, Al-Nashif Y. Anomaly-based behavior analysis of wireless network security. In Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007. 2007. 4451054 https://doi.org/10.1109/MOBIQ.2007.4451054
Fayssal, Samer ; Hariri, Salim A ; Al-Nashif, Youssif. / Anomaly-based behavior analysis of wireless network security. Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007. 2007.
@inproceedings{e73eeddac6a8476c80838e8abc3e2a6b,
title = "Anomaly-based behavior analysis of wireless network security",
abstract = "The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209{\%} and more than 99{\%} detection rate.",
author = "Samer Fayssal and Hariri, {Salim A} and Youssif Al-Nashif",
year = "2007",
doi = "10.1109/MOBIQ.2007.4451054",
language = "English (US)",
isbn = "1424410258",
booktitle = "Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007",

}

TY - GEN

T1 - Anomaly-based behavior analysis of wireless network security

AU - Fayssal, Samer

AU - Hariri, Salim A

AU - Al-Nashif, Youssif

PY - 2007

Y1 - 2007

N2 - The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.

AB - The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.

UR - http://www.scopus.com/inward/record.url?scp=50249104494&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50249104494&partnerID=8YFLogxK

U2 - 10.1109/MOBIQ.2007.4451054

DO - 10.1109/MOBIQ.2007.4451054

M3 - Conference contribution

AN - SCOPUS:50249104494

SN - 1424410258

SN - 9781424410255

BT - Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007

ER -