{"title":"Wireless intrusion prevention system using dynamic random forest against wireless MAC spoofing attack","authors":"Seok-Hwan Choi, Doo-Hee Hwang, Yoon-Ho Choi","doi":"10.1109/DESEC.2017.8073804","DOIUrl":null,"url":null,"abstract":"With the emergency of Bring Your Own Device (BOYD) and Internet of Things (IoT) in enterprises, there has been an increase in the use of wireless networks through mobile devices and tablet computers. However, as a negative effect, such increase has also led to increased security threat in wireless networks and thus, the importance of wireless network security has increased. As a way to cope with such threat, many enterprises have introduced wireless intrusion prevention system (WIPS) solution, which consists of WIPS sensors and a centralized WIPS server. By monitoring the radio signal in wireless local area networks (LAN), WIPS solution shuts off access by an unauthorized wireless device and prevents an rogue Access Point (AP). In this paper, we propose an implementation framework for WIPS solution that ananlzes the received signal strength (RSS) values collected from multiple WIPS sensors. By overcoming the performance (including accuracy and F-measure) decrease in the wireless environment with much noise, the proposed WIPS solution shows the high performance even under the wireless environment with low signal-to-noise ratio (SNR). For this purpose, the proposed WIPS solution analyzes the RSS values collected from multiple WIPS sensors by using a dynamic random forest (DRF) algorithm. By adding trees that are the most suitable to forest, the DRF algorithm can improve the performance of the WIPS solution. From the experimental results, it is observed that the proposed WIPS solution combined with the DRF algorithm shows the good-enough performance under various SNR and attack distance.","PeriodicalId":92346,"journal":{"name":"DASC-PICom-DataCom-CyberSciTech 2017 : 2017 IEEE 15th International Conference on Dependable, Autonomic and Secure Computing ; 2017 IEEE 15th International Conference on Pervasive Intelligence and Computing ; 2017 IEEE 3rd International...","volume":"10 1","pages":"131-137"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"DASC-PICom-DataCom-CyberSciTech 2017 : 2017 IEEE 15th International Conference on Dependable, Autonomic and Secure Computing ; 2017 IEEE 15th International Conference on Pervasive Intelligence and Computing ; 2017 IEEE 3rd International...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DESEC.2017.8073804","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
With the emergency of Bring Your Own Device (BOYD) and Internet of Things (IoT) in enterprises, there has been an increase in the use of wireless networks through mobile devices and tablet computers. However, as a negative effect, such increase has also led to increased security threat in wireless networks and thus, the importance of wireless network security has increased. As a way to cope with such threat, many enterprises have introduced wireless intrusion prevention system (WIPS) solution, which consists of WIPS sensors and a centralized WIPS server. By monitoring the radio signal in wireless local area networks (LAN), WIPS solution shuts off access by an unauthorized wireless device and prevents an rogue Access Point (AP). In this paper, we propose an implementation framework for WIPS solution that ananlzes the received signal strength (RSS) values collected from multiple WIPS sensors. By overcoming the performance (including accuracy and F-measure) decrease in the wireless environment with much noise, the proposed WIPS solution shows the high performance even under the wireless environment with low signal-to-noise ratio (SNR). For this purpose, the proposed WIPS solution analyzes the RSS values collected from multiple WIPS sensors by using a dynamic random forest (DRF) algorithm. By adding trees that are the most suitable to forest, the DRF algorithm can improve the performance of the WIPS solution. From the experimental results, it is observed that the proposed WIPS solution combined with the DRF algorithm shows the good-enough performance under various SNR and attack distance.
随着企业“自带设备”(Bring Your Own Device, BOYD)和物联网(Internet of Things, IoT)的兴起,通过移动设备和平板电脑使用无线网络的情况有所增加。然而,这种增加的负面影响也导致无线网络的安全威胁增加,因此,无线网络安全的重要性增加。为了应对这种威胁,许多企业引入了无线入侵防御系统(WIPS)解决方案,该解决方案由WIPS传感器和集中式WIPS服务器组成。WIPS解决方案通过监控无线局域网(LAN)中的无线电信号,切断未经授权的无线设备的接入,防止非法接入点(AP)的出现。在本文中,我们提出了一个WIPS解决方案的实现框架,分析从多个WIPS传感器收集的接收信号强度(RSS)值。该方案克服了在高噪声无线环境下性能(包括精度和F-measure)下降的问题,即使在低信噪比的无线环境下也能保持较高的性能。为此,提出的WIPS解决方案使用动态随机森林(DRF)算法分析从多个WIPS传感器收集的RSS值。通过添加最适合森林的树,DRF算法可以提高WIPS方案的性能。实验结果表明,本文提出的WIPS方案与DRF算法相结合,在不同信噪比和攻击距离下均具有良好的性能。