A sensor-based online clustering approach for wireless intrusion detection.

摘要

This thesis proposes an intrusion detection system (IDS), which applies data mining clustering technique to wireless network data captured through hardware sensors for purposes of real time detection of anomalous behavior in wireless packets.;The proposed wireless IDS system design approach involves real time pre-processing of sensor data using Local Sparsity Coefficient (LSC) outlier detection algorithm to assign anomaly scores to the connection records. Connection records with low anomaly scores are used as the initial starting points (centre positions) for building clusters. The algorithm continuously derives minimum deviation from the maximum distance of individual centre positions. New objects whose distances from the closest cluster are more than the minimum deviation are tagged as anomaly and moved to alert cluster. One major contribution of thesis is detection of MAC spoofing attacks by tracking sequence numbers, which ensures duplicate or spoofed (stolen) MAC addresses are not used in the network.;Keywords: hardware sensor, wireless intrusion detection, data mining, clustering, wireless attacks, CommView for WIFI, wireless packets, wireless network