TY - GEN
T1 - Anomaly-based behavior analysis of wireless network security
AU - Fayssal, Samer
AU - Hariri, Salim
AU - Al-Nashif, Youssif
PY - 2007
Y1 - 2007
N2 - The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.
AB - The exponential growth in wireless network faults, vulnerabilities, and attacks make the Wireless Local Area Network (WLAN) security management a challenging research area. Newer network cards implemented more security measures according to the IEEE recommendations [14]; but the wireless network is still vulnerable to Denial of Service attacks or to other traditional attacks due to existing wide deployment of network cards with well-known security vulnerabilities. The effectiveness of a Wireless Intrusion Detection System (WIDS) relies on updating its security rules; many current WIDSs use static security rule settings based on expert knowledge. However, updating those security rules can be time-consuming and expensive. In this paper, we present a novel approach based on multi-channel monitoring and anomaly analysis of station localization, packet analysis, and state tracking to detect wireless attacks; we use adaptive machine learning and genetic search to dynamically set optimal anomaly thresholds and select the proper set of features necessary to efficiently detect network attacks. We present a self-protection system that has the following salient features: monitor the wireless network, generate network features, track wireless network state machine violations, generate wireless flow keys (WFK), and use the dynamically updated anomaly and misuse rules to detect complex known and unknown wireless attacks. To quantify the attack impact, we use the abnormality distance from the trained norm and multivariate analysis to correlate multiple selected features contributing to the final decision. We validate our Wireless Self Protection System (WSPS) approach by experimenting with more than 20 different types of wireless attacks. Our experimental results show that the WSPS approach can protect from wireless network attacks with a false positive rate of 0.1209% and more than 99% detection rate.
UR - http://www.scopus.com/inward/record.url?scp=50249104494&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=50249104494&partnerID=8YFLogxK
U2 - 10.1109/MOBIQ.2007.4451054
DO - 10.1109/MOBIQ.2007.4451054
M3 - Conference contribution
AN - SCOPUS:50249104494
SN - 1424410258
SN - 9781424410255
T3 - Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007
BT - Proceedings of the 4th Annual International Conference on Mobile and Ubiquitous Systems
T2 - 4th Annual International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services, MobiQuitous 2007
Y2 - 6 August 2007 through 10 August 2007
ER -