Abstract
Intrusion detection in wireless networks has become a vital part in wireless network security systems with wide spread use of Wireless Local Area Networks (WLAN). Currently, almost all devices are Wi-Fi (Wireless Fidelity) capable and can access WLAN. This paper proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms.
The proposed system, WiFi Miner solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm proposed by this paper. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, there by improving efficiency and run times significantly. An anomaly score is assigned to each packet (record) based on whether the record has more frequent or infrequent patterns. Connection records with positive anomaly scores have more infrequent patterns than frequent patterns and are considered anomalous packets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Srikant, R.: Fast Algorithms for Mining Association Rules in Large Databases. In: Proceedings of the 20th International Conference on very Large Databases, Santiago, Chile, pp. 487–499 (1994)
Aircrack (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
Aireplay (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
Barbara, D., Couto, J., Jadodia, S., Wu, N.: ADAM: A Testbed for exploring the Use of Data Mining in Intrusion Detection. ACM Sigmod Record (4): Special Selection on Data Mining for Intrusion Detection and Threat Analysis 30(4) (2001)
Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining, ch. 3 (2004)
Engage Security (2007), Engage Security Web Page, http://www.engagesecurity.com
Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann Publishers, New York (2001)
Han, J., Pei, J., Yin, Y., Mao, R.: Mining Frequent Patterns without Candidate Generation: A Frequent-Pattern Tree approach. International Journal of Data Mining and Knowledge Discovery 8(1), 53–87 (2004)
Imielinski, T., Swami, A., Agarwal, R.: Mining association rules between sets of items in large databases. In: Proceeding of the ACM SIGMOD conference on management of data, Washington D.C, May 1993, pp. 207–216 (1993)
Lee, W., Stolfo, S., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD 1998), New York, NY, August 1998, pp. 66–72 (1998)
Lee, W., Stolfo Salvatore, J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transaction on Information and System Security 3(4), 227–261 (2000)
Li, Q.-H., Xiong, J.-J., Yang, H.-B.: An Efficient Algorithm for Frequent Pattern in Intrusion Detection. In: Proceedings of the International Conference on Machine learning and cybernatics, November 2-5, vol. 1, pp. 138–142 (2003)
Liu, Y., Li, Y., Man, H., Jiang, W.: A hybrid data mining anomaly detection technique in ad hoc networks. International Journal of Wireless and Mobile Computing 2007 2(1), 37–46 (2007)
Mahoney, V., Chan, P. K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proceedings of the Third IEEE International Conference on Data Mining (ICDM), pp. 601–604 (2003)
Mannila, H., Toivonen, H.: Levelwise search and borders of theories in knowledge discovery. International Journal of Data Mining and Knowledge Discovery 1(3), 241–258 (2004)
Marinova-Boncheva, V.: Applying a Data Mining method for intrusion detection. In: ACM International Conference Proceeding Series (2007)
NetworkChemistry, Network Chemistry Wireless Security Business (2007), http://www.networkchemistry.com
Shimonski, R.J.: Wireless Attacks Primer. In: A whitepaper published on windowssecurity.com section: Articles: Wireless security (July 2004)
Yoshida, K.: Entropy based Intrusion Detection. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM, August 2003, vol. 2, pp. 28–30 (2003)
Zhengbing, H., Zhitang, L., Junqi, W.: A Novel Intrusion Detection System (NIDS) Based on Signature Search of Data Mining. In: 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop (January 2008)
Zhong, S., Khoshgoftaar, T., Nath, S.: A Clustering Approach to Wireless Network Intrusion Detection. In: 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI 2005), pp. 190–196 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rahman, A., Ezeife, C.I., Aggarwal, A.K. (2010). WiFi Miner: An Online Apriori-Infrequent Based Wireless Intrusion System. In: Gaber, M.M., Vatsavai, R.R., Omitaomu, O.A., Gama, J., Chawla, N.V., Ganguly, A.R. (eds) Knowledge Discovery from Sensor Data. Sensor-KDD 2008. Lecture Notes in Computer Science, vol 5840. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12519-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-12519-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12518-8
Online ISBN: 978-3-642-12519-5
eBook Packages: Computer ScienceComputer Science (R0)