Wireless Intrusion Detection System

Proof of Concept

Leon & Yunhai

Agenda Project Review Info Measurements Data Analysis Sample Experiments Future Works

Project Review

Project Review

InternetInternet

MIB

MIB

MIBMIB

MIB

IDS

MIB

Attacker

AiroPeek

CS AP

Project Review

InternetInternet

IDS

MIB,

SysLog

Client1

Attacker AP

2.4 GHz

Info Measurements Info Resources

SNMP MIB A collection of objects that can be

accessed via a network management protocol

System Log Event/Trap Captures

Wireless Capture

Info Measurements Info Collection Tools

Hardware Cisco Access Point Cisco Wireless Card

Software Visual Studio Net SNMP AiroPeek Netstumbler

MIB Collection & Storage

SysLog

Data Analysis Measurement Based Analysis Correlate Parameters w/ Events

Contention Interference RF Interference Wireless Intrusion Wireless DoS Attack

Sample Experiments Contention Interference

CS AP

Client1

Test AP

Client2

Chl 9

Chl 9

MIB

Contention Interference MIB

dot11ACKFailureCount.1 dot11FailedCount.1 dot11FCSErrorCount.1 dot11FrameDuplicateCount.1 dot11MulticastTransmittedFrameCount.1 dot11MultipleRetryCount.1 dot11RTSFailureCount.1 dot11TransmittedFrameCount.1

Contention Interference

dot11ACKFailureCount.1

0

20

40

60

80

100

1 66 131

196

261

326

391

456

521

586

651

716

781

dot11FailedCount.1

0

20

40

60

80

100

1 66 131

196

261

326

391

456

521

586

651

716

781

Contention Interference

dot11FCSErrorCount.1

050

100150200250300350400

1 66 131

196

261

326

391

456

521

586

651

716

781

Contention Interference

dot11TransmittedFrameCount.1

0

100

200

300

400

500

600

1 66 131

196

261

326

391

456

521

586

651

716

781

Contention Interference

Contention Interferencedot11FrameDuplicateCount.1

0

2

4

6

8

10

1 65 129

193

257

321

385

449

513

577

641

705

769

833

dot11MulticastTransmittedFrameCount.1

0

5

10

15

20

25

1 65 129

193

257

321

385

449

513

577

641

705

769

833

dot11MultipleRetryCount.1

0

0.2

0.4

0.6

0.8

1

1 65 129

193

257

321

385

449

513

577

641

705

769

833

dot11RTSFailureCount.1

0

2

4

6

8

10

12

14

1 65 129

193

257

321

385

449

513

577

641

705

769

833

Sample Experiments Cordless Phone RF Interference

AiroPeek

Test AP

Client1

Chl 12.4

GHz

Cordless Phone RF Inter

Running Rate

0

5

10

15

20

25

30

35

40

45

0 500 1000 1500 2000 2500 3000

Cordless Phone RF Inter

Running Sum

0

500

1000

1500

2000

2500

3000

3500

57850 57900 57950 58000 58050 58100

Sample Experiments Intrusion Attack

AirJack DoS Attack

Void11

Future Works Real Time Automation Synchronize & Coordinate all info Extend to 802.16

Simulations Measurements

802.16 Protocol Layering

802.16 MIB Structure

802.16 MIB Structure

802.16 MIB Structure

802.16 MIB Structure