Probe request attack detection in wireless LANs using intelligent techniques

Ratnayake, Deepthi N. (2012) Probe request attack detection in wireless LANs using intelligent techniques. Doctoral thesis, London Metropolitan University.

Abstract

This work demonstrates a new intelligent approach to recognise probe request attacks in Wireless Local Area Networks (WLAN). In WLANs, management frames facilitate wireless stations (STA) to establish and maintain communications. In infrastructure WLANs, any mobile STA can send a probe request management frame when it needs information from an Access Point (AP). AP replies to any probe request from a STA with a known Medium Access Control (MAC) address, with a probe response management frame with capability information, and supported data rates. The next step is to establish its identity with the AP through authentication messages. Once authentication is completed, STAs can associate (register) with the AP to gain full access to the network. Probe request and response management frames are unprotected, so the information is visible to sniffers. MAC addresses can be easily spoofed to bypass AP access lists. Probe requests can be sent by anyone with a legitimate MAC address, as association to the network is not required at this stage. Attackers take advantage of these vulnerabilities and send a flood of probe request frames that can lead to a Denial-of-Service (DoS) to legitimate STAs. The research investigates and analyses delta-time, sequence number, Signal Strength Indicator (SSI), and frame sub-type of traffic captured on a home WLAN, and uses a feed forward supervised Neural Network (NN) sensor/classifier, with four input neurons, a single hidden layer, and an output neuron, to determine the results. The research also utilises self-consistency test to measure the fitness of the data in the sensor/classifier, and 5-fold cross-validation method to evaluate the sensor/classifier with unseen data. Five Genetic Algorithms (GA) are utilised to optimise the NN using training, validation, and testing sample percentages and number of neurons of the hidden layer. The most optimised NN classifier, with training, validation and test, and sample sizes 40%, 59%, 1 %, and hidden neurons 29, produced 100% accuracy on a test sample.

Documents
7459:38569
[thumbnail of 590106.pdf]
Preview
590106.pdf - Published Version

Download (28MB) | Preview
Details
Record
View Item View Item