WADAC

Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks Pub Date : 2018-06-18 DOI:10.1145/3212480.3212495

Ragav Sridharan, R. Maiti, Nils Ole Tippenhauer

{"title":"WADAC","authors":"Ragav Sridharan, R. Maiti, Nils Ole Tippenhauer","doi":"10.1145/3212480.3212495","DOIUrl":null,"url":null,"abstract":"In this work, we address the problem of detecting application-layer attacks on nearby wireless devices. In particular, we assume that the detection scheme is limited to link-layer traffic (either because schemes such as WPA2 are used, and the key is unknown, or to preserve user privacy). Such a setting allows us to detect attacks in nearby third party networks that we are not associated with, unlike related work that relies on wireline taps to observe traffic. We propose and implement a framework consisting of an anomaly detection module (unsupervised), and an attack classification module that identifies a known set of attacks (supervised). We evaluate our prototype with experiments including a range of attacks. For example, we demonstrate that the anomaly detector detects Mirai C&C traffic by an IoT device (without training with Mirai). In addition, we detect that the Mirai infected device is attacking other devices with 96.1% accuracy. We show that our prototype can be applied to different wireless standards (such as 802.11 (WiFi) and 802.15 (Zigbee)) and detect attacks with an accuracy of 96%-99%.","PeriodicalId":267134,"journal":{"name":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3212480.3212495","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

In this work, we address the problem of detecting application-layer attacks on nearby wireless devices. In particular, we assume that the detection scheme is limited to link-layer traffic (either because schemes such as WPA2 are used, and the key is unknown, or to preserve user privacy). Such a setting allows us to detect attacks in nearby third party networks that we are not associated with, unlike related work that relies on wireline taps to observe traffic. We propose and implement a framework consisting of an anomaly detection module (unsupervised), and an attack classification module that identifies a known set of attacks (supervised). We evaluate our prototype with experiments including a range of attacks. For example, we demonstrate that the anomaly detector detects Mirai C&C traffic by an IoT device (without training with Mirai). In addition, we detect that the Mirai infected device is attacking other devices with 96.1% accuracy. We show that our prototype can be applied to different wireless standards (such as 802.11 (WiFi) and 802.15 (Zigbee)) and detect attacks with an accuracy of 96%-99%.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks

自引率

0.00%

发文量