Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis

Hamid Alipour, Youssif B. Al-Nashif, Pratik Satam, Salim A Hariri

Research output: Contribution to journalArticle

24 Citations (Scopus)

Abstract

Wireless communication networks are pervading every aspect of our lives due to their fast, easy, and inexpensive deployment. They are becoming ubiquitous and have been widely used to transfer critical information, such as banking accounts, credit cards, e-mails, and social network credentials. The more pervasive the wireless technology is going to be, the more important its security issue will be. Whereas the current security protocols for wireless networks have addressed the privacy and confidentiality issues, there are unaddressed vulnerabilities threatening their availability and integrity (e.g., denial of service, session hijacking, and MAC address spoofing attacks). In this paper, we describe an anomaly based intrusion detection system for the IEEE 802.11 wireless networks based on behavioral analysis to detect deviations from normal behaviors that are triggered by wireless network attacks. Our anomaly behavior analysis of the 802.11 protocols is based on monitoring the n-consecutive transitions of the protocol state machine. We apply sequential machine learning techniques to model the n-transition patterns in the protocol and characterize the probabilities of these transitions being normal. We have implemented several experiments to evaluate our system performance. By cross validating the system over two different wireless channels, we have achieved a low false alarm rate (<0.1%). We have also evaluated our approach against an attack library of known wireless attacks and has achieved more than 99% detection rate.

Original languageEnglish (US)
Article number7109166
Pages (from-to)2158-2170
Number of pages13
JournalIEEE Transactions on Information Forensics and Security
Volume10
Issue number10
DOIs
StatePublished - Oct 1 2015

Fingerprint

Network protocols
Wireless networks
Sequential machines
Intrusion detection
Telecommunication networks
Learning systems
Availability
Monitoring
Experiments

Keywords

  • Anomaly detection
  • IEEE 802.11 security
  • Intrusion detection
  • Protocol analysis
  • Wireless Network security
  • Wireless networks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Cite this

Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis. / Alipour, Hamid; Al-Nashif, Youssif B.; Satam, Pratik; Hariri, Salim A.

In: IEEE Transactions on Information Forensics and Security, Vol. 10, No. 10, 7109166, 01.10.2015, p. 2158-2170.

Research output: Contribution to journalArticle

Alipour, Hamid ; Al-Nashif, Youssif B. ; Satam, Pratik ; Hariri, Salim A. / Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis. In: IEEE Transactions on Information Forensics and Security. 2015 ; Vol. 10, No. 10. pp. 2158-2170.
@article{81daeaf1826043009483ae80b596208f,
title = "Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis",
abstract = "Wireless communication networks are pervading every aspect of our lives due to their fast, easy, and inexpensive deployment. They are becoming ubiquitous and have been widely used to transfer critical information, such as banking accounts, credit cards, e-mails, and social network credentials. The more pervasive the wireless technology is going to be, the more important its security issue will be. Whereas the current security protocols for wireless networks have addressed the privacy and confidentiality issues, there are unaddressed vulnerabilities threatening their availability and integrity (e.g., denial of service, session hijacking, and MAC address spoofing attacks). In this paper, we describe an anomaly based intrusion detection system for the IEEE 802.11 wireless networks based on behavioral analysis to detect deviations from normal behaviors that are triggered by wireless network attacks. Our anomaly behavior analysis of the 802.11 protocols is based on monitoring the n-consecutive transitions of the protocol state machine. We apply sequential machine learning techniques to model the n-transition patterns in the protocol and characterize the probabilities of these transitions being normal. We have implemented several experiments to evaluate our system performance. By cross validating the system over two different wireless channels, we have achieved a low false alarm rate (<0.1{\%}). We have also evaluated our approach against an attack library of known wireless attacks and has achieved more than 99{\%} detection rate.",
keywords = "Anomaly detection, IEEE 802.11 security, Intrusion detection, Protocol analysis, Wireless Network security, Wireless networks",
author = "Hamid Alipour and Al-Nashif, {Youssif B.} and Pratik Satam and Hariri, {Salim A}",
year = "2015",
month = "10",
day = "1",
doi = "10.1109/TIFS.2015.2433898",
language = "English (US)",
volume = "10",
pages = "2158--2170",
journal = "IEEE Transactions on Information Forensics and Security",
issn = "1556-6013",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "10",

}

TY - JOUR

T1 - Wireless Anomaly Detection Based on IEEE 802.11 Behavior Analysis

AU - Alipour, Hamid

AU - Al-Nashif, Youssif B.

AU - Satam, Pratik

AU - Hariri, Salim A

PY - 2015/10/1

Y1 - 2015/10/1

N2 - Wireless communication networks are pervading every aspect of our lives due to their fast, easy, and inexpensive deployment. They are becoming ubiquitous and have been widely used to transfer critical information, such as banking accounts, credit cards, e-mails, and social network credentials. The more pervasive the wireless technology is going to be, the more important its security issue will be. Whereas the current security protocols for wireless networks have addressed the privacy and confidentiality issues, there are unaddressed vulnerabilities threatening their availability and integrity (e.g., denial of service, session hijacking, and MAC address spoofing attacks). In this paper, we describe an anomaly based intrusion detection system for the IEEE 802.11 wireless networks based on behavioral analysis to detect deviations from normal behaviors that are triggered by wireless network attacks. Our anomaly behavior analysis of the 802.11 protocols is based on monitoring the n-consecutive transitions of the protocol state machine. We apply sequential machine learning techniques to model the n-transition patterns in the protocol and characterize the probabilities of these transitions being normal. We have implemented several experiments to evaluate our system performance. By cross validating the system over two different wireless channels, we have achieved a low false alarm rate (<0.1%). We have also evaluated our approach against an attack library of known wireless attacks and has achieved more than 99% detection rate.

AB - Wireless communication networks are pervading every aspect of our lives due to their fast, easy, and inexpensive deployment. They are becoming ubiquitous and have been widely used to transfer critical information, such as banking accounts, credit cards, e-mails, and social network credentials. The more pervasive the wireless technology is going to be, the more important its security issue will be. Whereas the current security protocols for wireless networks have addressed the privacy and confidentiality issues, there are unaddressed vulnerabilities threatening their availability and integrity (e.g., denial of service, session hijacking, and MAC address spoofing attacks). In this paper, we describe an anomaly based intrusion detection system for the IEEE 802.11 wireless networks based on behavioral analysis to detect deviations from normal behaviors that are triggered by wireless network attacks. Our anomaly behavior analysis of the 802.11 protocols is based on monitoring the n-consecutive transitions of the protocol state machine. We apply sequential machine learning techniques to model the n-transition patterns in the protocol and characterize the probabilities of these transitions being normal. We have implemented several experiments to evaluate our system performance. By cross validating the system over two different wireless channels, we have achieved a low false alarm rate (<0.1%). We have also evaluated our approach against an attack library of known wireless attacks and has achieved more than 99% detection rate.

KW - Anomaly detection

KW - IEEE 802.11 security

KW - Intrusion detection

KW - Protocol analysis

KW - Wireless Network security

KW - Wireless networks

UR - http://www.scopus.com/inward/record.url?scp=84940487872&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84940487872&partnerID=8YFLogxK

U2 - 10.1109/TIFS.2015.2433898

DO - 10.1109/TIFS.2015.2433898

M3 - Article

AN - SCOPUS:84940487872

VL - 10

SP - 2158

EP - 2170

JO - IEEE Transactions on Information Forensics and Security

JF - IEEE Transactions on Information Forensics and Security

SN - 1556-6013

IS - 10

M1 - 7109166

ER -