Study of the enhancements in intrusion detection techniques for wireless local area network (WLAN)

Abstract

Wireless local area networks (wireless LANs, or WLANs) are changing the landscape of computer networking. In recent years, the proliferation of wireless devices coupled with the demand for continual network connections without having to "plug in," are resulting in an explosive growth in enterprise WLANs. Wireless networks offer the benefits of increased productivity, easier network expansion, flexibility, and lower the cost of ownership. In addition Wireless LAN systems can be configured in a variety of topologies to meet the needs of specific applications and installations. Following the increasing demand for wireless data access, different kind of wireless communication technologies are being developed continually. On the other hand, Wireless LAN standards offer very unsatisfactory level of security and one could not truly trust them. Some commonly used attacks are more strained in wireless environment and some additional effort should be used to prevent those. The nature of the radio communication makes it practically impossible to prevent some attacks. In the literature number of techniques had been developed to address different types of attacks, but the effective detection of especially the Session hijacking, Man-in-the-middle, Denial of Services; Distributed Denial of Services and Shrew attacks are remain open challenges. The research work seeks to investigate the design of effective intrusion detection techniques in the WLAN. The research work embrace with the comprehensive review of; (i) the outstanding vulnerabilities and attacks in WLAN, (ii) the wireless intrusion detection techniques, and (iii) the intrusion detection tools to analyze their performance and enhancements for WLAN. This study provides the suggestive guidelines on the selection and design of Intrusion Detection Techniques for WLAN. In the research work, three new robust, efficient intrusion detection techniques (namely Cross Layer Based, MAC Layer Based and Distributed techniques) have been proposed that attains low misdetection ratio and false positive rate while increasing the packet delivery ratio. Further, we have developed an algorithm to automatically assign priority to the detected attack by cross layer detection technique using MAC layer based defense architecture. The performance of all these techniques has been evaluated in NS2 tool on the Fedora platform. First, A MAC Layer Based defense scheme is developed for Reduction-of-Quality (RoQ) attacks in WLAN, which not only detect, but also prevents the intruders in WLAN. The detection technique makes use of three status values that can be derived from the MAC layer: frequency of receiving RTS/CTS packets, frequency of sensing a busy channel, and the number of RTS/DATA retransmissions. When the number of RTS/CTS packets received exceeds a certain threshold RCth, it indicates that too many nodes are within the transmission range to compete for the channel. When the channel is sensed to be in a busy state, a node will persist in the backoff stage and stop the congestion window (CW) count. When stopping time is longer than a threshold SEth, it indicates that too many nodes are within the interference range.