Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization | International Journal of Machine Learning and Cybernetics Skip to main content
Springer Nature Link
Log in

Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization

  • Original Article
  • Published:
International Journal of Machine Learning and Cybernetics Aims and scope Submit manuscript

Abstract

IEEE 802.11 Wi-Fi networks are prone to a large number of Denial of Service (DoS) attacks due to vulnerabilities at the media access control (MAC) layer of 802.11 protocol. In this work, we focus on the flooding DoS attacks in Wi-Fi networks. In flooding DoS attacks, a large number of legitimate looking spoofed requests are transmitted to a victim access point (AP). The processing of large number of spoofed frames results in a huge load at the AP, resulting in a flooding DoS attack. Current methods to detect the flooding DoS use encryption, signal characteristics, protocol modification, upgradation to newer standards etc. which are often expensive to operate and maintain. In this paper, we propose a novel Machine Learning (ML) based intrusion detection system along with intrusion prevention system (IPS) that not only detects the flooding DoS attacks in Wi-Fi networks, but also helps the victim station (STA) in recovering swiftly from the attack. To the best of our knowledge, the usage of ML based techniques for detection of flooding DoS attacks in 802.11 networks has largely been unexplored. The ML based IDS detects the flooding DoS attacks with a high accuracy (precision) and detection rate (recall). After the attack is detected, the location of the attacker is ascertained using Angle of Arrival based localization algorithm and traffic coming from the attacker region is blocked which helps in mitigating the effect of flooding DoS attack.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Notes

  1. In this paper the terms STA, Client, Host have been used interchangeably.

  2. # is used as a shorthand for number of. #TCP frames implies number of TCP frames.

References

  1. Grimwepa—WEP and WPA Password Cracker. http://code.google.com/p/grimwepa/

  2. Aircrack-ng Suite. http://www.aircrack-ng.org/

  3. BackTrack. http://www.backtrack-linux.org/

  4. Detecting Wireless LAN MAC Address Spoofing Joshua Wright. http://www.willhackforsushi.com/papers/wlan-mac-spoof.pdf

  5. File2air. http://www.willhackforsushi.com/File2air.html

  6. Scapy. http://www.secdev.org/projects/scapy/

  7. WEPCrack—An 802.11 key breaker. http://wepcrack.sourceforge.net/

  8. Wireshark. http://www.wireshark.org

  9. IEEE Standard for information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999) pp C1–1184 (2007)

  10. IEEE Standard for information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. Amendment 4: Protected Management Frames. IEEE Std. 802.11w-2009, (Amendment 4: Protected Management Frames) pp 1–111 (2009)

  11. Anjum F, Das S, Gopalakrishnan P, Kant L, Kim B (2005) Security in an insecure WLAN network. In: 2005 International Conference on Wireless Networks, Communications and Mobile Computing, pp 292–297

  12. Bellardo J, Savage S (2003) Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions. In: Proceedings of the 12th Conference on USENIX Security Symposium—vol 12, SSYM’03, 802.11, pp 2–2

  13. Bernaschi M, Ferreri F, Valcamonici L (2008) Access points vulnerabilities to DoS attacks in 802.11 networks. Wirel Netw 14(2):159–169

    Article  Google Scholar 

  14. Bittau A, Handley M, Lackey J (2006) The Final Nail in WEP’s Coffin. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy., SP ’06IEEE Computer Society, Washington, DC, USA, pp 386–400

  15. Chen HC, Lin TH, Kung H, Lin CK, Gwon Y (2012) Determining RF Angle of Arrival using COTS antenna arrays: a field evaluation. In: Military Communications Conference, 2012—MILCOM 2012, pp 1–6

  16. Cheng CT, Lin JY, Sun YG, Chau K (2005) Long-term prediction of discharges in manwan hydropower using adaptive-network-based fuzzy inference systems models. Adv Nat Comput Lect Notes Comput Sci 3612:1152–1161

    Article  Google Scholar 

  17. Cleophas T, Zwinderman A (2013) Bayesian Networks. In: Machine Learning in Medicine. Springer, Netherlands, pp 163–170

  18. Doukas C, Maglogiannis I, Tragas P, Liapis D, Yovanof G (2007) Patient Fall Detection using Support Vector Machines. In: Boukis C, Pnevmatikakis A, Polymenakos L (eds) Artificial Intelligence and Innovations 2007: from theory to applications, IFIP The International Federation for Information Processing, vol 247. Springer, US, pp 147–156

    Google Scholar 

  19. Faria DB, Cheriton DR (2006) Detection of identity-based attacks in wireless sensor networks using signalprints. In: Proceedings of the 5th ACM workshop on Wireless security, WiSe ’06, pp 43–52

  20. Freund Y, Mason L (1999) The alternating decision tree learning algorithm. In: Proceedings of the Sixteenth International Conference on Machine Learning, ICML ’99, pp 124–133

  21. Freund Y, Schapire RE (1996) Experiments with a new boosting algorithm. In: International Conference on Machine Learning, pp 148–156

  22. Gavish M, Weiss A (1992) Performance analysis of bearing-only target location algorithms. IEEE Trans Aerosp Electron Syst 28(3):817–828

    Article  Google Scholar 

  23. Guo F, Chiueh TC (2006) Sequence number-based MAC address spoof detection. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, RAID’05, pp 309–329

  24. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA Data Mining Software: an update. SIGKDD Explor 11(1):10–18

    Article  Google Scholar 

  25. LaRoche P, Zincir-Heywood A (2006) De-authentication attack detection using genetic programming. In: Genetic Programming, vol 3905, 802.11, pp 1–12

  26. LaRoche P, Zincir-Heywood AN (2006) Genetic programming based WiFi data link layer attack detection. In: Proceedings of the 4th Annual Communication Networks and Services Research Conference, CNSR ’06, pp 285–292

  27. Liu D, Ning P, Du W (2005) Attack-resistant location estimation in sensor networks. In: Fourth International Symposium on Information Processing in Sensor Networks, 2005. IPSN 2005, pp 99–106

  28. Liu Y, Tian D, Li B (2006) A wireless intrusion detection method based on dynamic growing neural network. In: Proceedings of the First International Multi-Symposiums on Computer and Computational Sciences—vol 2 (IMSCCS’06), IMSCCS ’06, pp 611–615

  29. Liu YH, Tian DX, Wei D (2006) A wireless intrusion detection method based on neural network. In: Proceedings of the 2Nd IASTED International Conference on Advances in Computer Science and Technology, ACST’06, pp 207–211

  30. Mao G, Barış F, Brian A (2007) Wireless sensor network localization techniques. Comput Netw 51(10):2529–2553

    Article  MATH  Google Scholar 

  31. Mar J, Yeh YC, Hsiao IF (2010) An ANFIS-IDS against deauthentication DOS attacks for a WLAN. In: International Symposium on Information Theory and its Applications (ISITA), pp 548–553

  32. Martinovic I, Zdarsky FA, Schmitt JB (2007) Regional-based authentication against DoS attacks in Wireless networks. In: Proceedings of the 3rd ACM workshop on QoS and security for Wireless and mobile networks, ACM, pp 176–179

  33. Ming Z, Wang H, Xu M, Pan D (2014) Efficient handover in railway networking via named data. Int J Mach Learn Cybern 5:1–7. doi:10.1007/s13042-014-0282-9

  34. Ming Z, Wang H, Xu M, Pan D (2014) Evaluation of path stretch in scalable routing system. Int J Mach Learn Cybern 5:1–7

  35. Puketza NJ, Zhang K, Chung M, Mukherjee B, Olsson RA (1996) A methodology for testing intrusion detection systems. IEEE Trans Softw Eng 22(10):719–729

    Article  Google Scholar 

  36. Stubblefield A, Ioannidis J, Rubin AD (2004) A key recovery attack on the 802.11b Wired Equivalent Privacy Protocol (WEP). ACM Trans Inf Syst Secur 7(2):319–332

    Article  Google Scholar 

  37. Tews E, Beck M (2009) Practical attacks against WEP and WPA. In: Proceedings of the Second ACM Conference on Wireless Network Security, WiSec ’09, pp 79–86

  38. Tews E, Weinmann RP, Pyshkin A (2007) Breaking 104 Bit WEP in less than 60 seconds. Inf Secur Appl Lect Notes Comput Sci 4867:188–202

    Article  Google Scholar 

  39. Wang WC, Cheng CT, Chau KW, Xu DM (2012) Calibration of Xinanjiang model parameters using hybrid genetic algorithm based fuzzy optimal model. J Hydroinform 14:784–799

    Article  Google Scholar 

  40. Wu CL, Chau KW, Li YS (2009) Predicting monthly streamflow using data-driven models coupled with data-preprocessing techniques. Water Resour Res 45(8):1–23

  41. Xia H, Brustoloni J (2004) Detecting and Blocking Unauthorized Access in Wi-Fi Networks. In: Networking Technologies, Services, and Protocols; Performance of Computer and Communication Networks; Mobile and Wireless Communications, vol 3042, pp 795–806

  42. Zhang J, Chau KW (2009) Multilayer ensemble pruning via novel multi-sub-swarm particle swarm optimization. J Univers Comput Sci 15(4):840–858

Download references

Acknowledgments

The first author of this paper is supported by TATA Consultancy Services (TCS), India, through TCS Research Fellowship Program. We also acknowledge Dr. Vijaya Saradhi and Dr. Sanasam Ranbir Singh, Assistant Professor, Department of Computer Science and Engineering, IIT Guwahati, for their constructive suggestions and helpful insights in dealing with problems relating to Machine Learning algorithms. We would like to also acknowledge Sandip Chakraborty, Research Scholar, IIT Guwahati, for helping us with the queries related to localization module.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology, Guwahati, 781039, India

    Mayank Agarwal, Dileep Pasumarthi, Santosh Biswas & Sukumar Nandi

Authors
  1. Mayank Agarwal
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dileep Pasumarthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Santosh Biswas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sukumar Nandi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santosh Biswas.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Agarwal, M., Pasumarthi, D., Biswas, S. et al. Machine learning approach for detection of flooding DoS attacks in 802.11 networks and attacker localization. Int. J. Mach. Learn. & Cyber. 7, 1035–1051 (2016). https://doi.org/10.1007/s13042-014-0309-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13042-014-0309-2

Keywords

Search

Navigation