Anomaly Based Wi-Fi Intrusion Detection System

摘要

The omnipresence of mobile devices and the great need to remain connected has brought to the forefront, the ever-growing need for wireless networks. This unprecedented growth of wireless networks and their use has resulted in an era where, the security of wireless networks has become a necessity. Currently the security methods to protect the Wi-Fi are based on the use of cryptography techniques to protect the data. But these methods fail to address the issue of availability of the service (against DOS), or Integrity (against Mac address spoofing). As a part of this Ph.D research, I present two architectures to develop an anomaly based intrusion detection system for single access point and distributed Wi-Fi networks. These architectures can detect attacks on Wi-Fi networks, classify the attacks and track the location of the attacker once the attack has been detected. The system uses statistical and probability techniques associated with temporal wireless protocol transitions, that we refer to as Wireless Flows (Wflows). The Wflows are modeled and stored as a sequence of n-grams within a given period of time. We studied two approaches to track the location of the attacker. In the first approach, we use a clustering approach to generate power maps that can be used to track the location of the user accessing the Wi-Fi network. In the second approach, we use classification algorithms to track the location of the user from a Central Controller Unit. Experimental results show that the attack detection and classification algorithms generate no false positives and no false negatives even when the Wi-Fi network has high frame drop rates. The Clustering approach for location tracking was found to perform highly accurate in static environments (81% accuracy) but the performance rapidly deteriorates with the changes in the environment. While the classification algorithm to track the location of the user at the Central Controller/RADIUS server was seen to perform with lesser accu