Bluetooth Network-Based Misuse Detection

Bluetooth, a protocol designed to replace peripheral cables, has grown steadily over the last five years and includes a variety of applications. The Bluetooth protocol operates on a wide variety of mobile and wireless devices and is nearly ubiquitous. Several attacks exist that successfully target and exploit Bluetooth enabled devices. This paper describes the implementation of a network intrusion detection system for discovering malicious Bluetooth traffic. The work improves upon existing techniques, which only detect a limited set of attacks (based on measuring anomalies in the power levels of the Bluetooth device). The new method identifies reconnaissance, denial of service, and information theft attacks on Bluetooth enabled devices, using signatures of the attacks. Furthermore, this system includes an intrusion response component to detect attacks in progress, based on the attack classification. This paper presents the implementation of the Bluetooth intrusion detection system and demonstrates its detection, analysis, and response capabilities. The tool includes a visualization interface to facilitate the understanding of Bluetooth enabled attacks. The experimental results show that the system can significantly improve the overall security of an organization by identifying and responding to threats posed to the Bluetooth protocol.