Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN

Guanlin Chen; Zebing Wang; Yong Zhang

Dianxin kexue (Nov 2013)

Research on Distributed Wireless Multi-Step Attack Pattern Mining Method for WLAN

Guanlin Chen,
Zebing Wang,
Yong Zhang

Affiliations

Guanlin Chen
Zebing Wang
Yong Zhang

Journal volume & issue: Vol. 29
pp. 38 – 44

Abstract

Read online

As the important means of network security, intrusion detection and prevention technology have seen some preliminary applications in the traditional wired network environment. Due to the distinctive characteristics of wireless network, the applications of multi-stage attack plan recognition for WLAN are rarely seen in spite of the promising potential. A distributed wireless multi-step attack pattern mining（DWMAPM）method based on correlation analysis with the IEEE 802.11 protocol frame attributes was proposed. The method consists of five steps:constructing a global attack database, building candidate attack chains, filtering candidate attack chains, correlating multi-step attack behaviors and recognizing multi-step attack patterns. Experimental results show that DWMAPM is effective for recognizing a variety of typical attack patterns in real WLAN attack scenarios, and can provide a basis for forecasting the final attack plans.

multi-step attack pattern;WLAN;plan recognition;correlation analysis;network security

Published in Dianxin kexue

ISSN: 1000-0801 (Print)
Publisher: Beijing Xintong Media Co., Ltd
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/dxkx/EN/1000-0801/home.shtml

About the journal

Abstract

Keywords