Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization

International Journal of Machine Learning and Cybernetics - Tập 7 - Trang 1035-1051 - 2014
Mayank Agarwal1, Dileep Pasumarthi1, Santosh Biswas1, Sukumar Nandi1
1Department of Computer Science and Engineering, Indian Institute of Technology Guwahati, India

Tóm tắt

IEEE 802.11 Wi-Fi networks are prone to a large number of Denial of Service (DoS) attacks due to vulnerabilities at the media access control (MAC) layer of 802.11 protocol. In this work, we focus on the flooding DoS attacks in Wi-Fi networks. In flooding DoS attacks, a large number of legitimate looking spoofed requests are transmitted to a victim access point (AP). The processing of large number of spoofed frames results in a huge load at the AP, resulting in a flooding DoS attack. Current methods to detect the flooding DoS use encryption, signal characteristics, protocol modification, upgradation to newer standards etc. which are often expensive to operate and maintain. In this paper, we propose a novel Machine Learning (ML) based intrusion detection system along with intrusion prevention system (IPS) that not only detects the flooding DoS attacks in Wi-Fi networks, but also helps the victim station (STA) in recovering swiftly from the attack. To the best of our knowledge, the usage of ML based techniques for detection of flooding DoS attacks in 802.11 networks has largely been unexplored. The ML based IDS detects the flooding DoS attacks with a high accuracy (precision) and detection rate (recall). After the attack is detected, the location of the attacker is ascertained using Angle of Arrival based localization algorithm and traffic coming from the attacker region is blocked which helps in mitigating the effect of flooding DoS attack.

Tài liệu tham khảo

Grimwepa—WEP and WPA Password Cracker. http://code.google.com/p/grimwepa/ Aircrack-ng Suite. http://www.aircrack-ng.org/ BackTrack. http://www.backtrack-linux.org/ Detecting Wireless LAN MAC Address Spoofing Joshua Wright. http://www.willhackforsushi.com/papers/wlan-mac-spoof.pdf File2air. http://www.willhackforsushi.com/File2air.html Scapy. http://www.secdev.org/projects/scapy/ WEPCrack—An 802.11 key breaker. http://wepcrack.sourceforge.net/ Wireshark. http://www.wireshark.org IEEE Standard for information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999) pp C1–1184 (2007) IEEE Standard for information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 4: Protected Management Frames. IEEE Std. 802.11w-2009, (Amendment 4: Protected Management Frames) pp 1–111 (2009) Anjum F, Das S, Gopalakrishnan P, Kant L, Kim B (2005) Security in an insecure WLAN network. In: 2005 International Conference on Wireless Networks, Communications and Mobile Computing, pp 292–297 Bellardo J, Savage S (2003) Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In: Proceedings of the 12th Conference on USENIX Security Symposium—vol 12, SSYM’03, 802.11, pp 2–2 Bernaschi M, Ferreri F, Valcamonici L (2008) Access points vulnerabilities to DoS attacks in 802.11 networks. Wirel Netw 14(2):159–169 Bittau A, Handley M, Lackey J (2006) The Final Nail in WEP’s Coffin. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy., SP ’06IEEE Computer Society, Washington, DC, USA, pp 386–400 Chen HC, Lin TH, Kung H, Lin CK, Gwon Y (2012) Determining RF Angle of Arrival using COTS antenna arrays: a field evaluation. In: Military Communications Conference, 2012—MILCOM 2012, pp 1–6 Cheng CT, Lin JY, Sun YG, Chau K (2005) Long-term prediction of discharges in manwan hydropower using adaptive-network-based fuzzy inference systems models. Adv Nat Comput Lect Notes Comput Sci 3612:1152–1161 Cleophas T, Zwinderman A (2013) Bayesian Networks. In: Machine Learning in Medicine. Springer, Netherlands, pp 163–170 Doukas C, Maglogiannis I, Tragas P, Liapis D, Yovanof G (2007) Patient Fall Detection using Support Vector Machines. In: Boukis C, Pnevmatikakis A, Polymenakos L (eds) Artificial Intelligence and Innovations 2007: from theory to applications, IFIP The International Federation for Information Processing, vol 247. Springer, US, pp 147–156 Faria DB, Cheriton DR (2006) Detection of identity-based attacks in wireless sensor networks using signalprints. In: Proceedings of the 5th ACM workshop on Wireless security, WiSe ’06, pp 43–52 Freund Y, Mason L (1999) The alternating decision tree learning algorithm. In: Proceedings of the Sixteenth International Conference on Machine Learning, ICML ’99, pp 124–133 Freund Y, Schapire RE (1996) Experiments with a new boosting algorithm. In: International Conference on Machine Learning, pp 148–156 Gavish M, Weiss A (1992) Performance analysis of bearing-only target location algorithms. IEEE Trans Aerosp Electron Syst 28(3):817–828 Guo F, Chiueh TC (2006) Sequence number-based MAC address spoof detection. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, RAID’05, pp 309–329 Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA Data Mining Software: an update. SIGKDD Explor 11(1):10–18 LaRoche P, Zincir-Heywood A (2006) De-authentication attack detection using genetic programming. In: Genetic Programming, vol 3905, 802.11, pp 1–12 LaRoche P, Zincir-Heywood AN (2006) Genetic programming based WiFi data link layer attack detection. In: Proceedings of the 4th Annual Communication Networks and Services Research Conference, CNSR ’06, pp 285–292 Liu D, Ning P, Du W (2005) Attack-resistant location estimation in sensor networks. In: Fourth International Symposium on Information Processing in Sensor Networks, 2005. IPSN 2005, pp 99–106 Liu Y, Tian D, Li B (2006) A wireless intrusion detection method based on dynamic growing neural network. In: Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences—vol 2 (IMSCCS’06), IMSCCS ’06, pp 611–615 Liu YH, Tian DX, Wei D (2006) A wireless intrusion detection method based on neural network. In: Proceedings of the 2Nd IASTED International Conference on Advances in Computer Science and Technology, ACST’06, pp 207–211 Mao G, Barış F, Brian A (2007) Wireless sensor network localization techniques. Comput Netw 51(10):2529–2553 Mar J, Yeh YC, Hsiao IF (2010) An ANFIS-IDS against deauthentication DOS attacks for a WLAN. In: International Symposium on Information Theory and its Applications (ISITA), pp 548–553 Martinovic I, Zdarsky FA, Schmitt JB (2007) Regional-based authentication against DoS attacks in Wireless networks. In: Proceedings of the 3rd ACM workshop on QoS and security for Wireless and mobile networks, ACM, pp 176–179 Ming Z, Wang H, Xu M, Pan D (2014) Efficient handover in railway networking via named data. Int J Mach Learn Cybern 5:1–7. doi:10.1007/s13042-014-0282-9 Ming Z, Wang H, Xu M, Pan D (2014) Evaluation of path stretch in scalable routing system. Int J Mach Learn Cybern 5:1–7 Puketza NJ, Zhang K, Chung M, Mukherjee B, Olsson RA (1996) A methodology for testing intrusion detection systems. IEEE Trans Softw Eng 22(10):719–729 Stubblefield A, Ioannidis J, Rubin AD (2004) A key recovery attack on the 802.11b Wired Equivalent Privacy Protocol (WEP). ACM Trans Inf Syst Secur 7(2):319–332 Tews E, Beck M (2009) Practical attacks against WEP and WPA. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec ’09, pp 79–86 Tews E, Weinmann RP, Pyshkin A (2007) Breaking 104 Bit WEP in less than 60 seconds. Inf Secur Appl Lect Notes Comput Sci 4867:188–202 Wang WC, Cheng CT, Chau KW, Xu DM (2012) Calibration of Xinanjiang model parameters using hybrid genetic algorithm based fuzzy optimal model. J Hydroinform 14:784–799 Wu CL, Chau KW, Li YS (2009) Predicting monthly streamflow using data-driven models coupled with data-preprocessing techniques. Water Resour Res 45(8):1–23 Xia H, Brustoloni J (2004) Detecting and Blocking Unauthorized Access in Wi-Fi Networks. In: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications, vol 3042, pp 795–806 Zhang J, Chau KW (2009) Multilayer ensemble pruning via novel multi-sub-swarm particle swarm optimization. J Univers Comput Sci 15(4):840–858
Thông tin
Thông tin xuất bản

International Journal of Machine Learning and Cybernetics

Tập 7

1035-1051

Thông tin tác giả