Specification-Based Intrusion Detection in WLANs

Rupinder Gill
Queensland University of Technology
Australia

Jason Smith
Queensland University of Technology
Australia

Andrew Clark
Queensland University of Technology
Australia

Wireless networking technologies based on the IEEE 802.11 series of
standards fail to authenticate management frames and network card
addresses and suffer from serious vulnerabilities that may lead to denial of service, session hijacking, and address masquerading attacks. In this paper, we describe and implement a specification based intrusion detection system for IEEE 802.11 wireless
infrastructure networks, which not only provides attack detection but also implements policy compliance monitoring.
The specification used by our intrusion detection system is derived
from network protocol state transition models and site security policy constraints. We also perform an experimental and comparative analysis of the technique to assess its effectiveness. The results indicate that the approach is superior at successfully detecting a greater variety of attacks than other existing approaches.

Keywords: wireless intrusion detection, specification based intrusion detection, state transition modelling, policy compliance monitoring, wireless attacks

Read Paper Read Paper (in PDF)