Title

WIDS: A Sensor-based Online Mining Wireless Intrusion Detection System

Document Type

Conference Paper

Publication Date

2008

Publication Title

Proceedings of the 2008 International Symposium on Database Engineering & Applications

First Page

255

Last Page

261

DOI

10.1145/1451940.1451976

Abstract

This paper proposes WIDS, a wireless intrusion detection system, which applies data mining clustering technique to wireless network data captured through hardware sensors for purposes of real time detection of anomalous behavior in wireless packets. Using hardware sensors to capture network packets enables detection of attacks before they reach access points and ensures all packets transmitted in the networks are analyzed for a more complete attack detection. The proposed mining based technique for wireless network intrusion detection contributes by reducing the need for training data, reducing false positives and increasing the effectiveness of attack detection on networks with few (one to twenty) connections. The proposed WIDS design approach involves real time pre-processing of sensor data using a density-based, Local Sparsity Coefficient (LSC) outlier detection algorithm to assign anomaly scores to the connection records. Connection records with low anomaly scores are used as initial starting cluster centre positions for building clusters. The algorithm continuously derives minimum deviation as the maximum of distances between all pairs of cluster centre positions. New records which have their distances from the closest cluster more than the minimum deviation, are tagged as anomaly and moved to alert cluster. One major result of this paper is detection of MAC spoofing attacks by tracking sequence numbers, which ensures duplicate or spoofed (stolen) MAC addresses are not used in the network.