Download - Advanced Dos Detection (Icghc2016)
DoS & its exsistence in WiFi
▷ DoS is intentionally or unintentionally denying accessiblity to intentional users
Vulnerablities in WiFi
Exploited Portion
▷Media Access Layer
Management and control frames are send in unencrypted clear text fashion
Three types of DoS
▷ Spoofed client to AP De-authentication frame
▷Spoofed AP to client De-authentication frame
▷ Broadcasting Spoofed De-authentication frame
DoS Attack Scenario
State 0
State 1
State 2
Not Authenticated
Nor Associated
Authenticated
Not Associated
Authenticated
Associated
Existing Methods
▷ Encryption based methods▷Modified protocols▷ Setting threshold to number De-auth Frames▷ Incrementing frames
Drawbacks of existing methods
▷ Changes in Protocol stack▷ Flashing AP and Clients▷ Up gradation to newer standards required ▷ Cost of Modification high ▷ No support for legacy systems▷ Processing requirement high
Frame SnifferFilters traffic based on mac address of monitored AP and forwards packets to deauth detector.
Components of proposed system
Deauth DetectorDetects DoS based on training data and determines whether attack has taken place or not. Sets alarm off if attack is detected
Testing &Training
▷ Two Wi-Fi nodes ( Laptop, Smartphone)▷ A Laptop with kali Linux & aircrack-ng as attacker▷ TP-LINK AP WR740N▷ A dedicated machine running Wireshark▷ Data collected over one hour▷ 60% for training 40% for testing
Feature Selection Based on Significance
▷ Connection duration▷ Number of de-authentication frame▷ Frame exchange ▷ Number of authentication frames▷ TCP frames▷ Number of association frames▷ UDP frames
Performance of system
▷ Measured based on accuracy & detection rates
▷ Accuracy =
▷ Detection Rate =
True Positive
False Positive + True positive
True Positive
True Positive + False Negative Positive
Conclusion
▷ Proposed detection system has high detection rate & low false detection ▷ Doesn't require protocol Modification▷ Use of encryption & firmware upgrades not Required
References
Detection of De-authentication DoS attacks in Wi-Fi networksMayank Agarwal, Santosh Biswas, Department of Computer Science &EngineeringIndian Institute of Technology, Guwahati - 781039, India2015 IEEE International Conference on Systems, Man, and Cybernetics
Network Traffic Classification using Support Vector Machine and Artificial Neural Network Ashis PradhanDepartment of Computer Science and Engineering, Sikkim Manipal Institute of Technology,Majitar, SikkimInternational Symposium on Devices MEMS, Intelligent Systems & Communication (ISDMISC) 2011
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical SolutionsJohn Bellardo and Stefan Savage Department of Computer Science and EngineeringUniversity of California at San Diego
Aircrack-ng Suite.” . AT: http://www.aircrack-ng.org