Development and Evaluation of a Wireless Intrusion Detection System
Examensarbete för masterexamen
Computer systems and networks (MPCSN), MSc
Wireless networks offer a variety of advantages over wired networks. They bring a new set of opportunities for schools, businesses and homes to utilize. The technology is evolving rapidly (from 802.11a to 802.11ac) and deployment is increasing day by day. With all the new functionality and convenience that wireless brings, concerns over its security are growing. Wireless networks have become an attractive target for many potential attackers. Moreover, the open-air nature of these wireless networks makes them vulnerable to more attacks than the traditional wired networks. As a result, in addition to being a victim of wired network attacks, wireless networks also face attacks exploiting the open and unprotected medium. Furthermore, the range of wireless networks often reaches outside the required physical boundaries meaning that it is impossible to control access to the network. Yet, standards followed to implement wireless networks (usually IEEE 802.11) have vulnerabilities in their design [1,2,3] which further allows attackers to succeed in carrying out attacks. The conclusion is that wireless networks face attacks not only at OSI Layer 3 but also at Layer 2. Nowadays many small embedded systems are used to implement wireless functionality. These devices have limited processing and power consumption resources and are designed to have a long life time. This implies that security mechanisms used in such devices need to be light-weight to not affect the performance adversely but might become outdated during the lifetime of the system. This thesis focuses on different vulnerabilities of the wireless standards, more specifically of the IEEE 802.11 and the resulting attacks from a practical point of view. Attacks are implemented on test beds with the intention of learning attack behavior. The knowledge from the implementation is used to achieve the ultimate goal of attack detection. The attack signatures of different common attacks are formulated and implemented in a proof of concept Wireless Intrusion Detection Systems (WIDS). The proposed WIDS uses criteria consisting of multiple variables to detect attacks. The evaluation results shows that the detection is as expected. The proposed WIDS is designed to use minimum system resources but further research on finding the optimal balance between performance and the security is required. The prototype WIDS should also be improved with further attack signatures in future work.
Data- och informationsvetenskap , Computer and Information Science