Impact of Metric Selection on Wireless DeAuthentication DoS Attack Performance

DeAuthentication Denial of Service attacks in Public Access WiFi operate by exploiting the lack of authentication of management frames in the 802.11 protocol. Detection of these attacks rely almost exclusively on the selection of appropriate thresholds. In this work the authors demonstrate that there are additional, previously unconsidered, metrics which also influence DoS detection performance. A method of systematically tuning these metrics to optimal values is proposed which ensures that parameter choices are repeatable and verifiable.

[1]  Peyman Kabiri,et al.  Category-Based Selection of Effective Parameters for Intrusion Detection , 2009 .

[2]  Khalil El-Khatib,et al.  Impact of Feature Reduction on the Efficiency of Wireless Intrusion Detection Systems , 2010, IEEE Transactions on Parallel and Distributed Systems.

[3]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[4]  Michael Schatz,et al.  Learning Program Behavior Profiles for Intrusion Detection , 1999, Workshop on Intrusion Detection and Network Monitoring.

[5]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Using Artificial Neural Networks and Statistical Methods , 2006, The 2006 IEEE International Joint Conference on Neural Network Proceedings.

[6]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[7]  Kian Meng Yap,et al.  The effect of probe interval estimation on attack detection performance of a WLAN independent intrusion detection system , 2012, ICWCA.

[8]  Christopher Krügel,et al.  Comprehensive approach to intrusion detection alert correlation , 2004, IEEE Transactions on Dependable and Secure Computing.

[9]  Gregory B. Brewster,et al.  Empirical studies and queuing modeling of denial of service attacks against 802.11 WLANs , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[10]  Jatinder Singh,et al.  A MAC Layer Based Defense Architecture for Reduction of Quality (RoQ) Attacks in Wireless LAN , 2010, ArXiv.

[11]  Alan J. Marshall,et al.  The Threat-Victim Table: A security prioritisation framework for diverse WLAN network topographies , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).