A wireless multi-step attack pattern recognition method for WLAN

•We propose a novel wireless multi-step attack pattern recognition method.•Hyper alerts are defined to improve the recognition of wireless multi-step attacks.•The correlation between two alerts is uncovered by wireless alert correlativity.•The method can effectively identify typical wireless multi-s...

Full description

Saved in:
Bibliographic Details
Published inExpert systems with applications Vol. 41; no. 16; pp. 7068 - 7076
Main Authors Chen, Guanlin, Zhang, Yujia, Wang, Can
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 15.11.2014
Elsevier
Subjects
Access methods and protocols, osi model
Applied sciences
Computer science; control theory; systems
Computer systems and distributed systems. User interface
Construction
Correlation analysis
Cracks
Exact sciences and technology
Intrusion
Local area networks
Memory and file management (including protection and security)
Memory organisation. Data processing
Multi-stage attack
Network security
Networks
Pattern recognition
Radiocommunications
Security
Software
Telecommunications
Telecommunications and information theory
Teleprocessing networks. Isdn
Wireless networks
WLAN
Network security
WLAN
Pattern recognition
Correlation analysis
Multi-stage attack
Wireless LAN
Correlation
Intruder detector
Correlation method
Flood
Classification
Database
Wired network
Computer security
Script
Filtering
Meshed network
Aggression
Transmission protocol
Step method
Cluster
Experimental result
Filter
Authentication
Wireless network
Crack
Intrusion detection systems
Online AccessGet full text

Cover

More Information
Summary:•We propose a novel wireless multi-step attack pattern recognition method.•Hyper alerts are defined to improve the recognition of wireless multi-step attacks.•The correlation between two alerts is uncovered by wireless alert correlativity.•The method can effectively identify typical wireless multi-step attack patterns. Intrusion detection and prevention technology has been broadly applied to wired networks as an important means to protect network security. However, few work in this area has been extended to the WLAN. In this paper, we propose a wireless multi-step attack pattern recognition method (WMAPRM) based on correlation analysis with the main attributes of the IEEE 802.11 frame. The method consists of six steps: clustering wireless intrusion alerts, constructing a global attack database, building candidate attack chains, filtering candidate attack chains, correlating multi-step attack behaviors and recognizing multi-step attack patterns. Experimental results in real world environment show that WMAPRM is capable of identifying highly correlated multi-step attack patterns such as WEP crack with ARP+Deauthentication Flood, WEP crack with wesside-ng, config file stealing attack and authentication session hijack attack etc. The method is expected to improve both wireless intrusion detection and prevention performance in practical WLAN security scenarios.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:0957-4174
1873-6793
DOI:10.1016/j.eswa.2014.05.029