Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System

Mayank Agarwal; Sanketh Purwar; Santosh Biswas; Sukumar Nandi

doi:10.1109/JAS.2016.7510178

Volume 4 Issue 4

Oct. 2017

IEEE/CAA Journal of Automatica Sinica

JCR Impact Factor: 15.3, Top 1 (SCI Q1)

CiteScore: 23.5, Top 2% (Q1)
Google Scholar h5-index: 77， TOP 5

Turn off MathJax

Article Contents

Article Navigation > IEEE/CAA Journal of Automatica Sinica > 2017 > 4(4): 792-808

Mayank Agarwal, Sanketh Purwar, Santosh Biswas and Sukumar Nandi, "Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System," IEEE/CAA J. Autom. Sinica, vol. 4, no. 4, pp. 792-808, Oct. 2017. doi: 10.1109/JAS.2016.7510178

Citation:

Mayank Agarwal, Sanketh Purwar, Santosh Biswas and Sukumar Nandi, "Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System," IEEE/CAA J. Autom. Sinica, vol. 4, no. 4, pp. 792-808, Oct. 2017. doi: 10.1109/JAS.2016.7510178

Citation:

Mayank Agarwal, Sanketh Purwar, Santosh Biswas and Sukumar Nandi, "Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System," IEEE/CAA J. Autom. Sinica, vol. 4, no. 4, pp. 792-808, Oct. 2017. doi: 10.1109/JAS.2016.7510178

PDF( 8676 KB)

Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System

doi: 10.1109/JAS.2016.7510178

1.
Department of Computer Science and Engineering, IIT Guwahati, Assam, India
2.
HP PPS R & D Lab in Bangalore, India

Funds: This work was supported by TATA Consultancy Servies (TCS) Research Fellowship Program, India

More Information

Author Bio:
Mayank Agarwal is a Ph.D candidate at the Indian Institute of Technology, Guwahati. He received his bachelors degree from Sardar Patel Institute of Technology, Mumbai in 2009. His research interests include wireless & network security, discrete event system modeling. (e-mail: mayank.agl@iitg.ernet.in)

Sanketh Purwar is a Senior R&D Engineer at HP PPS R&D laboratory in Bangalore. He received his bachelors degree from Indian Institute of Technology, Guwahati in Computer Science in 2013. His research interests include APplication of networks, embedded systems in Internet of things. (e-mail: sankethpurwar@gmail.com)

Santosh Biswas received the B.E. degree from NIT, Durgapur, India, in 2001. He has completed his M.S. and Ph.D from IIT Kharagpur, India, in 2004 and 2008, respectively. He works as an Associate Professor in the Department of Computer Science and Engineering, IIT Guwahati. His research interests include networking, VLSI testing and discrete event systems. (e-mail: santoshbiswas402@yahoo.com)

Sukumar Nandi received his B Tech (Applied Physics) in electrical engineering (Specialization in Instrumentation) from Calcutta University. He received his M Tech in computer science from Calcutta University and Ph. D. in Computer Science and Engineering from Indian Institute of Technology Kharagpur. He is a Professor in the Department of Computer Science and Engineering, IIT Guwahati. He is also involved in several international conferences as member of advisory board/Technical Programme Committee. He has published more than 150 Journals/Conferences papers. He is Senior Member of IEEE and Fellow of the Institution of Engineers (India). His research interests include computer networks, network security, and data mining. (e-mail: sukumar@iitg.ernet.in)
Corresponding author: Santosh Biswas, e-mail:santoshbiswas402@yahoo.com
Recommended by Associate Editor Yilin Mo
Received Date: 2014-09-29
Accepted Date: 2015-10-05

Abstract

Abstract

Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations (STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point (AP), if any during its sleep period. An attacker can launch a power save denial of service (PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current APproaches to prevent or detect the PS-DoS attack require encryption, change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances. So signature and anomaly based intrusion detection system (IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system (RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.
- Fault detection and diagnosis,
- intrusion detection system (IDS),
- null data frame,
- power save attack,
- PS-Poll frame,
- real time discrete event system (DES)

FullText(HTML)

Recommended by Associate Editor Yilin Mo

References(36)

References

[1]	Aircrack-ng Suite. [Online]. Available: http://www.aircrack-ng.org/.
[2]	Scapy-A powerful interactive packet manipulation program. [Online]. Available: http://www.secdev.org/projects/scapy/
[3]	J. Bellardo and S. Savage, "802. 11 denial-of-service attacks: Real vulnerabilities and practical solutions, " in Proc. 12th Conf. USENIX Security Symposium, Berkeley, CA, USA, 2003. http://portal.acm.org/citation.cfm?id=1251353.1251355
[4]	"Information technology-telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements-Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, " IEEE Std 802. 11-2007, pp. C1-1184, 2017.
[5]	R. Bansal, S. Tiwari, and D. Bansal, "Non-cryptographic methods of MAC spoof detection in wireless LAN, " in Proc. 16th IEEE International Conf. Networks, New Delhi, India, 2008, pp. 1-6. http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4772621
[6]	P. García-Teodoro, J. Díaz-Verdejo, G. Mácia-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges, " Comput. Secur. , vol. 28, no. 1-2, pp. 18-28, Feb. 2009. http://dl.acm.org/citation.cfm?id=2639726
[7]	S. Gayaka and B. Yao, "Fault detection, identification and accommodation for an electro-hydraulic system: An adaptive robust APproach, " IFAC Proc. Vol. , vol. 41, no. 2, pp. 13815-13820, Jul. 2008. doi: 10.3182/20080706-5-KR-1001.02339
[8]	A. Alaghi, N. Karimi, M. Sedghi, and Z. Navabi, "Online NoC switch fault detection and diagnosis using a high level fault model, " in Proc. 22nd IEEE International Symposium on Defect and Fault-Tolerance in VLSI Systems, DFT Ó7. , Rome, Italy, 2007, pp. 21-29. http://dl.acm.org/citation.cfm?id=1302720
[9]	L. F. Gonçalves, J. L. Bosa, T. R. Balen, M. S. Lubaszewski, E. L. Schneider, and R. V. Henriques, "Fault detection, diagnosis and prediction in electrical valves using self-organizing maps, " J. Electron. Test. , vol. 27, no. 4, pp. 551-564, Apr. 2011. doi: 10.1007/s10836-011-5220-0
[10]	S. Hong and S. Kim, "Lizard: Energy-efficient hard fault detection, diagnosis and isolation in the ALU, " in Proc. IEEE International Conf. Computer Design (ICCD), Amsterdam, the Netherlands, 2010, pp. 342-349.
[11]	X. Yu and J. Jiang, "Hybrid fault-tolerant flight control system design against partial actuator failures, " IEEE Trans. Control Syst. Technol. , vol. 20, no. 4, pp. 871-886, Jul. 2012. http://ieeexplore.ieee.org/document/5966371/
[12]	C. F. Chien, C. Y. Hsu, and P. N. Chen, "Semiconductor fault detection and classification for yield enhancement and manufacturing intelligence, " Flex. Serv. Manuf. J. , vol. 25, no. 3, pp. 367-388, Sep. 2013. doi: 10.1007/s10696-012-9161-4
[13]	S. J. Youk, S. S. Yoo, C. Y. Lee, J. H. Kho, and G. Lee, "Development of fault detection system in air handling unit, " in Proc. International Conf. Convergence and Hybrid Information Technology, Daejeon, Korea, 2008, pp. 287-292. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=4622840
[14]	S. Lafortune, "Diagnosis of discrete event systems, " in Encyclopedia of Systems and Control. London, UK: Springer, 2014, pp. 1-10.
[15]	J. Zaytoon and S. Lafortune, "Overview of fault diagnosis methods for discrete event systems, " Ann. Rev. Control, vol. 37, no. 2, pp. 308-320, Dec. 2013. http://www.sciencedirect.com/science/article/pii/S1367578813000552
[16]	C. Mahulea, C. Seatzu, M. P. Cabasino, and M. Silva, "Fault diagnosis of discrete-event systems using continuous petri nets, " IEEE Trans. Syst. , Man Cyber. A: Syst. Hum. , vol. 42, no. 4, pp. 970-984, Jul. 2012. http://ieeexplore.ieee.org/document/6153391/
[17]	M. P. Fanti, A. M. Mangini, and W. Ukovich, "Fault detection by labeled petri nets in centralized and distributed APproaches, " IEEE Trans. Automat. Sci. Eng. , vol. 10, no. 2, pp. 392-404, Apr. 2013. http://ieeexplore.ieee.org/document/6236236/
[18]	M. Chang, W. Dong, Y. D. Ji, and L. Tong, "On fault predictability in stochastic discrete event systems, " Asian J. Control, vol. 15, no. 5, pp. 1458-1467, Sep. 2013. doi: 10.1002/asjc.748/full
[19]	R. H. Kwong and D. L. Yonge-Mallo, "Fault diagnosis in discrete-event systems: Incomplete models and learning, " IEEE Trans. Syst. Man Cyber. B: Cyber. , vol. 41, no. 1, pp. 118-130, Feb. 2011. http://ieeexplore.ieee.org/document/5462887/
[20]	P. Bhowal, D. Sarkar, S. Mukhopadhyay, and A. Basu, "Fault diagnosis in discrete time hybrid systems-a case study, " Inf. Sci. , vol. 177, no. 5, pp. 1290-1308, Mar. 2007. http://www.sciencedirect.com/science/article/pii/S0020025506002386
[21]	N. Hubballi, S. Biswas, S. Roopa, R. Ratti, and S. Nandi, "LAN attack detection using discrete event systems, " ISA Trans. , vol. 50, no. 1, pp. 119-130, Jan. 2011. http://www.ncbi.nlm.nih.gov/pubmed/20804980
[22]	C. G. Cassandras and S. Lafortune, Introduction to Discrete Event Systems. Secaucus, NJ, USA:Springer-Verlag New York, Inc., 2006.
[23]	R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni, "A fast automatonbased method for detecting anomalous program behaviors, " in Proc. 2001 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2001, pp. 144-155. http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=924295
[24]	S. Whittaker, M. Zulkernine, and K. Rudie, "Towards incorporating discrete-event systems in secure software development, " in Proc. Third International Conf. Availability, Reliability and Security, 2008. ARES 08. , Barcelona, Spain, 2008, pp. 1188-1195. http://ieeexplore.ieee.org/document/4529478/
[25]	Z. I. Qureshi, B. Aslam, A. Mohsin, and Y. Javed, "A solution to spoofed PS-poll based denial of service attacks in IEEE 802. 11 WLANs, " in Proc. 11th Conf. 11th WSEAS International Conf. Communications, vol. 11, pp. 7-11, Jul. 2007. http://dl.acm.org/citation.cfm?id=1348103
[26]	L. F. Meiners, "But. . . my station is awake! (Power Save Denial of Service in 802. 11 Networks), "[Online]. Available: http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=publication&name=WiFiPowerSaveDoS.
[27]	W. J. Gu, Z. M. Yang, D. Xuan, W. J. Jia, and C. Que, "Null data frame: A double-edged sword in IEEE 802. 11 WLANs, " IEEE Trans. Parallel Distrib. Syst. , vol. 21, no. 7, pp. 897-910, Jul. 2010. http://dl.acm.org/citation.cfm?id=1830083
[28]	D. B. Faria and D. R. Cheriton, "Detecting identity-based attacks in wireless networks using signalprints, " in Proc. 5th ACM Workshop on Wireless Security, New York, NY, USA, 2006, pp. 43-52. http://dl.acm.org/citation.cfm?id=1161298
[29]	B. Azimi-Sadjadi, A. Kiayias, A. Mercado, and B. Yener, "Robust key generation from signal envelopes in wireless networks, " in Proc. 14th ACM Conf. Computer and Communications Security, Alexandria, Virginia, USA, 2007, pp. 401-410. http://dl.acm.org/citation.cfm?id=1315295
[30]	Y. Y. Chen, W. Trappe, and R. P. Martin, "Detecting and localizing wireless spoofing attacks, " in Proc. 4th Annual IEEE Communications Society Conf. Sensor, Mesh and Ad Hoc Communications and Networks, 2007. SECONÓ7. , San Diego, CA, USA, 2007, pp. 193-202.
[31]	J. Wright, "How 802. 11w will improve wireless security, "[Online]. Available: http://www.networkworld.com/article/2312251/networksecurity/how-802-11w-will-improve-wireless-security.html. Accessed on: May 2006.
[32]	CWNP, "Wireless LAN security and IEEE 802. 11w. "[Online]. Available: http://www.cwnp.com/cwnpwifiblog/wireless-lan-securityand-ieee-802-11w/.
[33]	S. Biswas, D. Sarkar, and S. Mukhopadhyay, "Diagnosability of delaydeadline failures in fair real time discrete event models, " Int. J. Syst. Sci. , vol. 41, no. 7, pp. 763-782, Jul. 2010. http://dl.acm.org/citation.cfm?id=1832904.1832908
[34]	M. Sampath, R. Sengupta, S. Lafortune, K. Sinnamohideen, and D. Teneketzis, "Diagnosability of discrete-event systems, " IEEE Trans. Automat. Control, vol. 40, no. 9, pp. 1555-1575, Sep. 1995.
[35]	"BackTrack. "[Online]. Available: http://www.backtrack-linux.org/.
[36]	N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson, "A methodology for testing intrusion detection systems, " IEEE Trans. Softw. Eng. , vol. 22, no. 10, pp. 719-729, Oct. 1996. http://www.emeraldinsight.com/servlet/linkout?suffix=B11&dbid=16&doi=10.1108%2FEUM0000000005807&key=10.1109%2F32.544350

Supplements(0)

Cited By

Proportional views

Proportional views

通讯作者: 陈斌, bchen63@163.com

1.
沈阳化工大学材料科学与工程学院沈阳 110142

Figures(9) / Tables(3)

Get Citation

PDF

XML

Article Metrics

Article views (1637) PDF downloads(156)

Intrusion Detection System for PS-Poll DoS Attack in 802.11 Networks Using Real Time Discrete Event System

doi: 10.1109/JAS.2016.7510178

Abstract

References

Proportional views

Catalog

通讯作者: 陈斌, bchen63@163.com

Article Metrics

Export File

Citation

Format

Content