A novel classification scheme for 802.11 WLAN active attacking traffic patterns

Author

Zhou, Wenzhe ; Marshall, Alan ; Gu, Qiang

Author_Institution

Sch. of Electr. & Electron. Eng., Queen´´s Univ., Belfast

Volume

2

fYear

2006

fDate

3-6 April 2006

Firstpage

623

Lastpage

628

Abstract

In 802.11 WLANs, active intrusion attacks on the MAC layer causes changes in the management frame distributions. This paper focuses on detecting intrusions by analyzing the management traffic patterns. Experimental results are presented that describe the patterns generated by two well-known active attacks on 802.11 WLANs: deauthentication denial-of service (DoS) and man-in-the-middle (MITM). By clustering the management frame bursts over a certain period of time, we observe that the active attacking traffic patterns can be classified through calculation of a cluster content value (CCV). Our results show that when any station in a WLAN experiences clustering in its management traffic distribution, the CCV can be used to detect and classify the attacks the station is experiencing

Keywords

computer network management; telecommunication security; telecommunication traffic; wireless LAN; 802.11 WLAN; MAC layer; active attacking traffic patterns; classification scheme; cluster content value; deauthentication denial-of service; man-in-the-middle; management frame distributions; management traffic patterns; Access protocols; Computer crime; Computer hacking; Cryptography; Data security; Intrusion detection; Pattern analysis; Telecommunication traffic; Traffic control; Wireless LAN;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications and Networking Conference, 2006. WCNC 2006. IEEE

Conference_Location

Las Vegas, NV

ISSN

1525-3511

Print_ISBN

1-4244-0269-7

Electronic_ISBN

1525-3511

Type

conf

DOI

10.1109/WCNC.2006.1683541

Filename

1683541