Adaptabilty of a GP Based IDS on Wireless Networks

Security and Intrusion detection in WiFi networks is currently an active area of research where WiFi specific Data Link layer attacks are an area of focus; particularly recent work has focused on producing machine learning based IDSs for these WiFi specific attacks. These proposed machine learning b...

Full description

Saved in:
Bibliographic Details
Main Authors: Makanju, A., Zincir-Heywood, A.N., Milios, E.E.
Format: Conference Proceeding
Language:English
Subjects:
Communication system security
Computer security
Data security
Denial of Service
Detectors
Floods
Genetic programming
Intrusion detection
Intrusion Detection System
Machine learning
Wireless application protocol
Wireless networks
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security and Intrusion detection in WiFi networks is currently an active area of research where WiFi specific Data Link layer attacks are an area of focus; particularly recent work has focused on producing machine learning based IDSs for these WiFi specific attacks. These proposed machine learning based IDSs come in addition to the already deployed signatures which are already in use in conventional intrusion detection systems like Snort-Wireless and Kismet. In this paper, we compare the detection capability of Snort-Wireless and a Genetic Programming (GP) based intrusion detector, based on the ability to adapt to modified attacks, ability to adapt to similar unknown attacks and infrastructure independent detection. Our results show that the GP based detection system is much more robust against modified attacks compared to Snort-Wireless. Moreover, by focusing on the method(s) used in feature preprocessing for presentation to learning algorithms, GP based IDSs can achieve infrastructure independent detection and can adapt to similar unknown attacks too. On the other hand, even though Snort-Wireless is an infrastructure independent detector, it cannot adapt to unknown attacks even if they are similar to others for which it has signatures on.
DOI:10.1109/ARES.2008.50