Adaptabilty of a GP Based IDS on Wireless Networks

Security and Intrusion detection in WiFi networks is currently an active area of research where WiFi specific Data Link layer attacks are an area of focus; particularly recent work has focused on producing machine learning based IDSs for these WiFi specific attacks. These proposed machine learning based IDSs come in addition to the already deployed signatures which are already in use in conventional intrusion detection systems like Snort-Wireless and Kismet. In this paper, we compare the detection capability of Snort-Wireless and a Genetic Programming (GP) based intrusion detector, based on the ability to adapt to modified attacks, ability to adapt to similar unknown attacks and infrastructure independent detection. Our results show that the GP based detection system is much more robust against modified attacks compared to Snort-Wireless. Moreover, by focusing on the method(s) used in feature preprocessing for presentation to learning algorithms, GP based IDSs can achieve infrastructure independent detection and can adapt to similar unknown attacks too. On the other hand, even though Snort-Wireless is an infrastructure independent detector, it cannot adapt to unknown attacks even if they are similar to others for which it has signatures on.