wireless intrusion detection system proof of concept leon & yunhai
Post on 21-Dec-2015
221 views
TRANSCRIPT
Info Measurements Info Resources
SNMP MIB A collection of objects that can be
accessed via a network management protocol
System Log Event/Trap Captures
Wireless Capture
Info Measurements Info Collection Tools
Hardware Cisco Access Point Cisco Wireless Card
Software Visual Studio Net SNMP AiroPeek Netstumbler
Data Analysis Measurement Based Analysis Correlate Parameters w/ Events
Contention Interference RF Interference Wireless Intrusion Wireless DoS Attack
Contention Interference MIB
dot11ACKFailureCount.1 dot11FailedCount.1 dot11FCSErrorCount.1 dot11FrameDuplicateCount.1 dot11MulticastTransmittedFrameCount.1 dot11MultipleRetryCount.1 dot11RTSFailureCount.1 dot11TransmittedFrameCount.1
Contention Interference
dot11ACKFailureCount.1
0
20
40
60
80
100
1 66 131
196
261
326
391
456
521
586
651
716
781
dot11FailedCount.1
0
20
40
60
80
100
1 66 131
196
261
326
391
456
521
586
651
716
781
Contention Interference
dot11FCSErrorCount.1
050
100150200250300350400
1 66 131
196
261
326
391
456
521
586
651
716
781
Contention Interference
dot11TransmittedFrameCount.1
0
100
200
300
400
500
600
1 66 131
196
261
326
391
456
521
586
651
716
781
Contention Interference
Contention Interferencedot11FrameDuplicateCount.1
0
2
4
6
8
10
1 65 129
193
257
321
385
449
513
577
641
705
769
833
dot11MulticastTransmittedFrameCount.1
0
5
10
15
20
25
1 65 129
193
257
321
385
449
513
577
641
705
769
833
dot11MultipleRetryCount.1
0
0.2
0.4
0.6
0.8
1
1 65 129
193
257
321
385
449
513
577
641
705
769
833
dot11RTSFailureCount.1
0
2
4
6
8
10
12
14
1 65 129
193
257
321
385
449
513
577
641
705
769
833
Cordless Phone RF Inter
Running Sum
0
500
1000
1500
2000
2500
3000
3500
57850 57900 57950 58000 58050 58100
Future Works Real Time Automation Synchronize & Coordinate all info Extend to 802.16
Simulations Measurements