ADVANCED DoS DETECTION IN WiFi

PRESENTED BY

MANUEL J PETERICGHPC’16

DoS & its exsistence in WiFi

▷ DoS is intentionally or unintentionally denying accessiblity to intentional users

Vulnerablities in WiFi

Exploited Portion

▷Media Access Layer

Management and control frames are send in unencrypted clear text fashion

Three types of DoS

▷ Spoofed client to AP De-authentication frame

▷Spoofed AP to client De-authentication frame

▷ Broadcasting Spoofed De-authentication frame

DoS Attack Scenario

State 0

State 1

State 2

Not Authenticated

Nor Associated

Authenticated

Not Associated

Authenticated

Associated

Existing Methods

▷ Encryption based methods▷Modified protocols▷ Setting threshold to number De-auth Frames▷ Incrementing frames

Drawbacks of existing methods

▷ Changes in Protocol stack▷ Flashing AP and Clients▷ Up gradation to newer standards required ▷ Cost of Modification high ▷ No support for legacy systems▷ Processing requirement high

Machine learning IDS

Proposed System

Frame SnifferFilters traffic based on mac address of monitored AP and forwards packets to deauth detector.

Components of proposed system

Deauth DetectorDetects DoS based on training data and determines whether attack has taken place or not. Sets alarm off if attack is detected

Testing &Training

▷ Two Wi-Fi nodes ( Laptop, Smartphone)▷ A Laptop with kali Linux & aircrack-ng as attacker▷ TP-LINK AP WR740N▷ A dedicated machine running Wireshark▷ Data collected over one hour▷ 60% for training 40% for testing

Feature Selection Based on Significance

▷ Connection duration▷ Number of de-authentication frame▷ Frame exchange ▷ Number of authentication frames▷ TCP frames▷ Number of association frames▷ UDP frames

Classifier Design & Selection

▷C4.5 / J48 classifier

Performance of system

▷ Measured based on accuracy & detection rates

▷ Accuracy =

▷ Detection Rate =

True Positive

False Positive + True positive

True Positive

True Positive + False Negative Positive

Conclusion

▷ Proposed detection system has high detection rate & low false detection ▷ Doesn't require protocol Modification▷ Use of encryption & firmware upgrades not Required

RESULT

▷C4.5/J48 could obtain an accuracy of 0.96 Accuracy and 0.96 detection rate

References

Detection of De-authentication DoS attacks in Wi-Fi networksMayank Agarwal, Santosh Biswas, Department of Computer Science &EngineeringIndian Institute of Technology, Guwahati - 781039, India2015 IEEE International Conference on Systems, Man, and Cybernetics

Network Traffic Classification using Support Vector Machine and Artificial Neural Network Ashis PradhanDepartment of Computer Science and Engineering, Sikkim Manipal Institute of Technology,Majitar, SikkimInternational Symposium on Devices MEMS, Intelligent Systems & Communication (ISDMISC) 2011

802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical SolutionsJohn Bellardo and Stefan Savage Department of Computer Science and EngineeringUniversity of California at San Diego

Aircrack-ng Suite.” . AT: http://www.aircrack-ng.org

Thanks!Any questions?

You can find me at:manueljpeter@gmail.commanueljpeter@protonmail.ch