Wireless security situation awareness with attack identification decision support

Wireless networks are a common point of entry for computer network attacks. Due to high traffic volumes, network mission assurance requires tools that can usefully display network traffic data, automatically detect, and identify attacks to provide increased situational awareness to a network administrator. Many metrics used to analyze wireless network traffic and security depend on full access to all nodes. This is impractical in fielded networks. To address these issues, we propose a new set of metrics based on wireless network packet interarrival times. These metrics are displayed in a novel way to provide administrators with a mechanism for identifying possible attacks and their impact on the network. The performance of this visualizer is validated by the use of a linear classifier system, which shows that the chosen metrics can be used to accurately identify attacks. We further argue that the classifier could be used in conjunction with the visualizer as an effective decision support system to aid in maintaining mission assurance.