An Anomaly Behavior Analysis Intrusion Detection System for Wireless Networks

Persistent Link:
http://hdl.handle.net/10150/595654
Title:
An Anomaly Behavior Analysis Intrusion Detection System for Wireless Networks
Author:
Satam, Pratik
Issue Date:
2015
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
Wireless networks have become ubiquitous, where a wide range of mobile devices are connected to a larger network like the Internet via wireless communications. One widely used wireless communication standard is the IEEE 802.11 protocol, popularly called Wi-Fi. Over the years, the 802.11 has been upgraded to different versions. But most of these upgrades have been focused on the improvement of the throughput of the protocol and not enhancing the security of the protocol, thus leaving the protocol vulnerable to attacks. The goal of this research is to develop and implement an intrusion detection system based on anomaly behavior analysis that can detect accurately attacks on the Wi-Fi networks and track the location of the attacker. As a part of this thesis we present two architectures to develop an anomaly based intrusion detection system for single access point and distributed Wi-Fi networks. These architectures can detect attacks on Wi-Fi networks, classify the attacks and track the location of the attacker once the attack has been detected. The system uses statistical and probability techniques associated with temporal wireless protocol transitions, that we refer to as Wireless Flows (Wflows). The Wflows are modeled and stored as a sequence of n-grams within a given period of analysis. We studied two approaches to track the location of the attacker. In the first approach, we use a clustering approach to generate power maps that can be used to track the location of the user accessing the Wi-Fi network. In the second approach, we use classification algorithms to track the location of the user from a Central Controller Unit. Experimental results show that the attack detection and classification algorithms generate no false positives and no false negatives even when the Wi-Fi network has high frame drop rates. The Clustering approach for location tracking was found to perform highly accurate in static environments (81% accuracy) but the performance rapidly deteriorates with the changes in the environment. While the classification algorithm to track the location of the user at the Central Controller/RADIUS server was seen to perform with lesser accuracy then the clustering approach (76% accuracy) but the system's ability to track the location of the user deteriorated less rapidly with changes in the operating environment.
Type:
text; Electronic Thesis
Keywords:
Intrusion Detection; Machine Learning; Network Security; Wi-Fi; Electrical & Computer Engineering; Anomaly Behavior Analysis
Degree Name:
M.S.
Degree Level:
masters
Degree Program:
Graduate College; Electrical & Computer Engineering
Degree Grantor:
University of Arizona
Advisor:
Hariri, Salim

Full metadata record

DC FieldValue Language
dc.language.isoen_USen
dc.titleAn Anomaly Behavior Analysis Intrusion Detection System for Wireless Networksen_US
dc.creatorSatam, Pratiken
dc.contributor.authorSatam, Pratiken
dc.date.issued2015en
dc.publisherThe University of Arizona.en
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en
dc.description.abstractWireless networks have become ubiquitous, where a wide range of mobile devices are connected to a larger network like the Internet via wireless communications. One widely used wireless communication standard is the IEEE 802.11 protocol, popularly called Wi-Fi. Over the years, the 802.11 has been upgraded to different versions. But most of these upgrades have been focused on the improvement of the throughput of the protocol and not enhancing the security of the protocol, thus leaving the protocol vulnerable to attacks. The goal of this research is to develop and implement an intrusion detection system based on anomaly behavior analysis that can detect accurately attacks on the Wi-Fi networks and track the location of the attacker. As a part of this thesis we present two architectures to develop an anomaly based intrusion detection system for single access point and distributed Wi-Fi networks. These architectures can detect attacks on Wi-Fi networks, classify the attacks and track the location of the attacker once the attack has been detected. The system uses statistical and probability techniques associated with temporal wireless protocol transitions, that we refer to as Wireless Flows (Wflows). The Wflows are modeled and stored as a sequence of n-grams within a given period of analysis. We studied two approaches to track the location of the attacker. In the first approach, we use a clustering approach to generate power maps that can be used to track the location of the user accessing the Wi-Fi network. In the second approach, we use classification algorithms to track the location of the user from a Central Controller Unit. Experimental results show that the attack detection and classification algorithms generate no false positives and no false negatives even when the Wi-Fi network has high frame drop rates. The Clustering approach for location tracking was found to perform highly accurate in static environments (81% accuracy) but the performance rapidly deteriorates with the changes in the environment. While the classification algorithm to track the location of the user at the Central Controller/RADIUS server was seen to perform with lesser accuracy then the clustering approach (76% accuracy) but the system's ability to track the location of the user deteriorated less rapidly with changes in the operating environment.en
dc.typetexten
dc.typeElectronic Thesisen
dc.subjectIntrusion Detectionen
dc.subjectMachine Learningen
dc.subjectNetwork Securityen
dc.subjectWi-Fien
dc.subjectElectrical & Computer Engineeringen
dc.subjectAnomaly Behavior Analysisen
thesis.degree.nameM.S.en
thesis.degree.levelmastersen
thesis.degree.disciplineGraduate Collegeen
thesis.degree.disciplineElectrical & Computer Engineeringen
thesis.degree.grantorUniversity of Arizonaen
dc.contributor.advisorHariri, Salimen
dc.contributor.committeememberHariri, Salimen
dc.contributor.committeememberAkoglu, Alien
dc.contributor.committeememberValerdi, Ricardoen
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.