Intrusion Detection System: Technology and Development
AINA '03 Proceedings of the 17th International Conference on Advanced Information Networking and Applications
Intrusion Detection based on Clustering a Data Stream
SERA '05 Proceedings of the Third ACIS Int'l Conference on Software Engineering Research, Management and Applications
NeuDetect: a neural network data mining wireless network intrusion detection system
Proceedings of the Fourteenth International Database Engineering & Applications Symposium
Hi-index | 0.00 |
This paper proposes WIDS, a wireless intrusion detection system, which applies data mining clustering technique to wireless network data captured through hardware sensors for purposes of real time detection of anomalous behavior in wireless packets. Using hardware sensors to capture network packets enables detection of attacks before they reach access points and ensures all packets transmitted in the networks are analyzed for a more complete attack detection. The proposed mining based technique for wireless network intrusion detection contributes by reducing the need for training data, reducing false positives and increasing the effectiveness of attack detection on networks with few (one to twenty) connections. The proposed WIDS design approach involves real time pre-processing of sensor data using a density-based, Local Sparsity Coefficient (LSC) outlier detection algorithm to assign anomaly scores to the connection records. Connection records with low anomaly scores are used as initial starting cluster centre positions for building clusters. The algorithm continuously derives minimum deviation as the maximum of distances between all pairs of cluster centre positions. New records which have their distances from the closest cluster more than the minimum deviation, are tagged as anomaly and moved to alert cluster. One major result of this paper is detection of MAC spoofing attacks by tracking sequence numbers, which ensures duplicate or spoofed (stolen) MAC addresses are not used in the network.