Multilayer Statistical Intrusion Detection in Wireless Networks

The rapid proliferation of mobile applications and services has introduced new vulnerabilities that do not exist in fixed wired networks. Traditional security mechanisms, such as access control and encryption, turn out to be inefficient in modern wireless networks. Given the shortcomings of the protection mechanisms, an important research focuses in intrusion detection systems (IDSs). This paper proposes a multilayer statistical intrusion detection framework for wireless networks. The architecture is adequate to wireless networks because the underlying detection models rely on radio parameters and traffic models. Accurate correlation between radio and traffic anomalies allows enhancing the efficiency of the IDS. A radio signal fingerprinting technique based on the maximal overlap discrete wavelet transform (MODWT) is developed. Moreover, a geometric clustering algorithm is presented. Depending on the characteristics of the fingerprinting technique, the clustering algorithm permits to control the false positive and false negative rates. Finally, simulation experiments have been carried out to validate the proposed IDS.

[1]  David J. Hand,et al.  A Simple Generalisation of the Area Under the ROC Curve for Multiple Class Classification Problems , 2001, Machine Learning.

[2]  Walter Willinger,et al.  Self-Similar Network Traffic and Performance Evaluation , 2000 .

[3]  Zygmunt J. Haas,et al.  Congestion control by adaptive admission , 1991, IEEE INFCOM '91. The conference on Computer Communications. Tenth Annual Joint Comference of the IEEE Computer and Communications Societies Proceedings.

[4]  Jan Beran,et al.  Statistics for long-memory processes , 1994 .

[5]  Hans-Peter Kriegel,et al.  OPTICS: ordering points to identify the clustering structure , 1999, SIGMOD '99.

[6]  Michel Barbeau,et al.  DETECTION OF TRANSIENT IN RADIO FREQUENCY FINGERPRINTING USING SIGNAL PHASE , 2003 .

[7]  Larry L. Peterson,et al.  TCP Vegas: End to End Congestion Avoidance on a Global Internet , 1995, IEEE J. Sel. Areas Commun..

[8]  Günter Schäfer,et al.  Security in fixed and wireless networks - an introduction to securing data communications , 2004 .

[9]  Giac Security Essentials Wireless Intrusion Detection Systems , 2005 .

[10]  G. C. Tiao,et al.  Use of Cumulative Sums of Squares for Retrospective Detection of Changes of Variance , 1994 .

[11]  Kihong Park,et al.  Multiple Time Scale Congestion Control for Self-Similar Network Traffic , 1999, Perform. Evaluation.

[12]  Magdy S. El-Soudani,et al.  A SURVEY ON ANOMALY DETECTION METHODS FOR AD HOC NETWORKS , 2011 .

[13]  Belur V. Dasarathy,et al.  Nearest neighbor (NN) norms: NN pattern classification techniques , 1991 .

[14]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[15]  M. Taqqu,et al.  Using Renewal Processes to Generate Long-Range Dependence and High Variability , 1986 .

[16]  Srinivasan Keshav,et al.  A control-theoretic approach to flow control , 1991, SIGCOMM '91.

[17]  Noureddine Boudriga,et al.  Intrusion and Anomaly Detection in Wireless Networks , 2008 .

[18]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[19]  A. Udaya Shankar,et al.  Analysis of a fluid approximation to flow control dynamics , 1992, [Proceedings] IEEE INFOCOM '92: The Conference on Computer Communications.

[20]  Peter Guttorp,et al.  Multiscale detection and location of multiple variance changes in the presence of long memory , 2000 .

[21]  Rajesh Krishnan,et al.  Using signal processing to analyze wireless data traffic , 2002, WiSE '02.

[22]  Kihong Park,et al.  Congestion Control for Self‐Similar Network Traffic , 2002 .

[23]  P. Mahalanobis On the generalized distance in statistics , 1936 .

[24]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[25]  Michel Barbeau,et al.  Using Mobility Profiles for Anomaly-based Intrusion Detection in Mobile Networks , 2005 .

[26]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[27]  Walter Willinger,et al.  Self-similarity through high-variability: statistical analysis of Ethernet LAN traffic at the source level , 1997, TNET.

[28]  Mark J. Shensa,et al.  The discrete wavelet transform: wedding the a trous and Mallat algorithms , 1992, IEEE Trans. Signal Process..

[29]  Mario Gerla,et al.  Flow Control: A Comparative Survey , 1980, IEEE Trans. Commun..