Wireless%20Intrusion%20Detection%20System%20Proof%20of%20Concept

1
Wireless Intrusion Detection SystemProof of
Concept

• Leon Yunhai

2
Agenda

• Project Review
• Info Measurements
• Data Analysis
• Sample Experiments
• Future Works

3
Project Review
4
Project Review
Internet
IDS
5
Project Review
Internet
Client1
Attacker
MIB, SysLog
AiroPeek
IDS
6
Info Measurements

• Info Resources
• SNMP MIB
• A collection of objects that can be accessed via
  a network management protocol
• System Log
• Event/Trap Captures
• Wireless Capture

7
Info Measurements

• Info Collection Tools
• Hardware
• Cisco Access Point
• Cisco Wireless Card
• Software
• Visual Studio
• Net SNMP
• AiroPeek
• Netstumbler

8
MIB Collection Storage
9
SysLog
10
Data Analysis

• Measurement Based Analysis
• Correlate Parameters w/ Events
• Contention Interference
• RF Interference
• Wireless Intrusion
• Wireless DoS Attack

11
Sample Experiments

• Contention Interference

Chl 9
Chl 9
Client1
Client2
MIB
12
Contention Interference

• MIB
• dot11ACKFailureCount.1
• dot11FailedCount.1
• dot11FCSErrorCount.1
• dot11FrameDuplicateCount.1
• dot11MulticastTransmittedFrameCount.1
• dot11MultipleRetryCount.1
• dot11RTSFailureCount.1
• dot11TransmittedFrameCount.1

13
Contention Interference
14
Contention Interference
15
Contention Interference
16
Contention Interference
17
Contention Interference
18
Sample Experiments

• Cordless Phone RF Interference

Chl 1
AiroPeek
Client1
19
Cordless Phone RF Inter
20
Cordless Phone RF Inter
21
Sample Experiments

• Intrusion Attack
• AirJack
• DoS Attack
• Void11

22
Future Works

• Real Time Automation
• Synchronize Coordinate all info
• Extend to 802.16
• Simulations
• Measurements

23
802.16 Protocol Layering
24
802.16 MIB Structure
25
802.16 MIB Structure
26
802.16 MIB Structure
27
802.16 MIB Structure
28
(No Transcript)