Wireless security situation awareness with attack identification decision support

Wireless networks are a common point of entry for computer network attacks. Due to high traffic volumes, network mission assurance requires tools that can usefully display network traffic data, automatically detect, and identify attacks to provide increased situational awareness to a network administrator. Many metrics used to analyze wireless network traffic and security depend on full access to all nodes. This is impractical in fielded networks. To address these issues, we propose a new set of metrics based on wireless network packet interarrival times. These metrics are displayed in a novel way to provide administrators with a mechanism for identifying possible attacks and their impact on the network. The performance of this visualizer is validated by the use of a linear classifier system, which shows that the chosen metrics can be used to accurately identify attacks. We further argue that the classifier could be used in conjunction with the visualizer as an effective decision support system to aid in maintaining mission assurance.

[1]  Michael A. Temple,et al.  Application of wavelet-based RF fingerprinting to enhance wireless network security , 2009, Journal of Communications and Networks.

[2]  Guevara Noubir,et al.  On Connectivity in Ad Hoc Networks under Jamming Using Directional Antennas and Mobility , 2004, WWIC.

[3]  David G. Stork,et al.  Pattern Classification , 1973 .

[4]  Yee Wei Law,et al.  Energy-efficient link-layer jamming attacks against wireless sensor network MAC protocols , 2005, TOSN.

[5]  Michel Barbeau,et al.  Detecting rogue devices in bluetooth networks using radio frequency fingerprinting , 2006, Communications and Computer Networks.

[6]  Allen B. MacKenzie,et al.  The MANIAC Challenge: Educational Experiences in Ad Hoc Networking , 2009, IEEE Pervasive Computing.

[7]  A. L. Narasimha Reddy,et al.  NetViewer: A Network Traffic Visualization and Analysis Tool , 2005, LISA.

[8]  Sheldon A. Munns,et al.  RF-DNA Fingerprinting for Airport WiMax Communications Security , 2010, 2010 Fourth International Conference on Network and System Security.

[9]  Srdjan Capkun,et al.  Physical-layer identification of UHF RFID tags , 2010, MobiCom.

[10]  Muhammad Ali Akbar,et al.  Application of evolutionary algorithms in detection of SIP based flooding attacks , 2009, GECCO '09.

[11]  Wenyuan Xu,et al.  The feasibility of launching and detecting jamming attacks in wireless networks , 2005, MobiHoc '05.

[12]  Ulf Lindqvist,et al.  Detection, correlation, and visualization of attacks against critical infrastructure systems , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[13]  Pál Varga,et al.  Utilizing higher order statistics of packet interarrival times for bottleneck detection , 2005, Workshop on End-to-End Monitoring Techniques and Services, 2005..

[14]  Giacomo Verticale,et al.  Early Internet Application Identification with Machine Learning Techniques , 2009, 2009 First International Conference on Evolving Internet.

[15]  Anja Feldmann,et al.  A non-instrusive, wavelet-based approach to detecting network performance problems , 2001, IMW '01.

[16]  Yantai Shu,et al.  Statistical Analysis of Packet Interarrival Times in Wireless LAN , 2007, 2007 International Conference on Wireless Communications, Networking and Mobile Computing.

[17]  Angel R. Martinez,et al.  : Exploratory data analysis with MATLAB ® , 2007 .

[18]  William Yurcik,et al.  NVisionIP: netflow visualizations of system state for security situational awareness , 2004, VizSEC/DMSEC '04.

[19]  Witold Kinsner,et al.  A radio transmitter fingerprinting system ODO-1 , 1996, Proceedings of 1996 Canadian Conference on Electrical and Computer Engineering.