Abstract
In this paper, we present a statistical pattern mining approach to model the usage patterns of authenticated users to identify wireless network intruders. Considering users activities in terms of ICMP packets sent, DNS query requests and ARP requests, in this paper a statistical approach is presented to consolidate authenticated users activities over a period of time and to derive a separate feature vector for each activity. The proposed approach also derives a local threshold for each category of network data analyzed. The learned features and local threshold for each category of data is used during detection phase of the system to identify intruders in the network. The novelty of the proposed method lies in the elimination of redundant and irrelevant features using PCA that often reduce detection performance both in terms of efficiency and accuracy. This also leads our proposed system to be light-weight and deployable in real-time environment.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
- Intrusion Detection
- Intrusion Detection System
- Domain Name System
- Network Intrusion Detection
- Address Resolution Protocol
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proc. of the ACM SIGCOMM 2004, NY, USA, pp. 219–230 (2004)
Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Zhou, S.: Specification based anomaly detection: a new approach for detecting network intrusions. In: Proc. of the 9th ACM CCS, NY, USA, pp. 265–274 (2004)
Hu, Y.C., Perrig, A., Johnson, D.B.: Wormhole attacks in wireless networks. Journal on Selected Areas in Communications 24(2), 370–380 (2006)
Caberera, J.D., Ravichandran, B., Mehra, R.K.: Statistical traffic modeling for network intrusion detection. In: Proc. of the 8th Int’l Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, pp. 466–473 (2000)
Dickinson, P., Bunke, H., Dadej, A., Kraetzl, M.: Median graphs and anomalous change detection in communication networks. In: Proc. of the Information, Decision and Control, Australia, pp. 59–64 (2002)
Feather, F., Siewiorek, D., Maxion, R.: Fault detection in an ethernet network using anomaly signature matching. In: Proc. of the ACM SIGCOMM 1993, NY, USA, pp. 279–288 (1993)
Wang, X., Lin, T.L., Wong, J.: Feature Selection in intrusion detection system over mobile ad-hoc network. Technical Report. Iowa State University, USA (2005)
Mishra, A., Nadkarni, K., Patcha, A.: Intrusion detection in wireless ad-hoc networks. IEEE Wireless Communications 11(1), 48–60 (2004)
Smith, L.I.: A tutorial on Principal Components Analysis (2002)
Wang, H.J., Guo, C., Simon, D., Zugenmaier, A.: Shield: vulnerability-driven network filters for preventing known vulnerability exploits. SIGCOMM Comput. Commun. Rev. (2004)
Garcia-Teodoro, P., Diaz-Verdejo, J., Macia-Femandez, G., Vezquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Computers and Security, 18–28 (2009)
Portnoy, L., Eskin, E., Stolfo, S.: Intrusion detection with unlabeled data using clustering. In: Proc. of ACM CSS Workshop on Data Mining Applied to Security, pp. 5–8 (2001)
Mukkamala, S., Janoski, G., Sung, A.: Intrusion detection using neural networks and support vector machines. In: Proc. of the Int’l. Joint Conf. on Neural Networks, pp. 1702–1707 (2002)
Haldar, N. Al-H., Abulaish, M., Pasha, S.A.: An activity pattern based wireless intrusion detection system. In: Proc. of the 9th Int’l. Conf. on Information Technology–New Generations, Las Vegas, USA (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haldar, N.A.H., Abulaish, M., Pasha, S.A. (2012). A Statistical Pattern Mining Approach for Identifying Wireless Network Intruders. In: Meghanathan, N., Nagamalai, D., Chaki, N. (eds) Advances in Computing and Information Technology. Advances in Intelligent Systems and Computing, vol 176. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31513-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-31513-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31512-1
Online ISBN: 978-3-642-31513-8
eBook Packages: EngineeringEngineering (R0)