Skip to main content
Log in

Identification of probe request attacks in WLANs using neural networks

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Any sniffer can see the information sent through unprotected ‘probe request messages’ and ‘probe response messages’ in wireless local area networks (WLAN). A station (STA) can send probe requests to trigger probe responses by simply spoofing a genuine media access control (MAC) address to deceive access point (AP) controlled access list. Adversaries exploit these weaknesses to flood APs with probe requests, which can generate a denial of service (DoS) to genuine STAs. The research examines traffic of a WLAN using supervised feed-forward neural network classifier to identify genuine frames from rogue frames. The novel feature of this approach is to capture the genuine user and attacker training data separately and label them prior to training without network administrator’s intervention. The model’s performance is validated using self-consistency and fivefold cross-validation tests. The simulation is comprehensive and takes into account the real-world environment. The results show that this approach detects probe request attacks extremely well. This solution also detects an attack during an early stage of the communication, so that it can prevent any other attacks when an adversary contemplates to start breaking into the network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. IEEE (2012) IEEE standard for information technology–telecommunications and information exchange between systems local and metropolitan area networks–specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (Revision of IEEE Std 802.11-2007). doi:10.1109/ieeestd.2012.6178212

  2. Bernaschi M, Ferreri F, Valcamonici L (2008) Access points vulnerabilities to DoS attacks in 802.11 networks. Wireless Netw. doi:10.1007/s11276-006-8870-6

    Google Scholar 

  3. Me G, Ferreri F (2009) New vulnerabilities to DoS attacks in 802.11 networks. http://www.wi-fitechnology.com/Papers+req-showcontent-id-5.html. Accessed 28 July 2009

  4. Bicakci K, Tavli B (2009) Denial-of-service attacks and countermeasures in IEEE 802.11 wireless networks. Comput Stand Interfaces. doi:10.1016/j.csi.2008.09.038

    Google Scholar 

  5. Ahmad I, Abdullah AB, Alghamdi AS (2009) Application of artificial neural network in detection of probing attacks. IEEE. doi:10.1109/ISIEA.2009.5356382

    Google Scholar 

  6. Ataide RLR, Abdelouahab Z (2010) An architecture for wireless intrusion detection systems using artificial neural networks. Novel Algorithms Techn Telecommun Netw. doi:10.1007/978-90-481-3662-9_61

    Google Scholar 

  7. He C, Mitchell JC (2005) Security analysis and improvements for IEEE 802.11i. In: Proceedings of 12th annual network and distributed system security symposium, San Diego, CA, pp 90–110

  8. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory, TISSEC. doi:10.1145/382912.382923

  9. Lazarevic A, Ertoz L, Kumar V, Ozgur A, Srivastava J (2003) A comparative study of anomaly detection schemes in network intrusion detection. Society for Industrial & Applied, pp 25–36

  10. Lippmann RP, Fried DJ, Graf I, Haines JW, Kendall KR, McClung D, Weber D, Webster SE, Wyschogrod D, Cunningham RK (2000) Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. doi:10.1109/DISCEX.2000.821506

  11. Guy CG (2006) VoIP over WLAN 802.11b simulations for infrastructure and ad-hoc networks. In: Proceedings of London communications symposium (LCS 06), pp 61–64, London, UK

  12. Ratnayake D, Kazemian H, Yusuf S, Abdullah A (2011) An intelligent approach to detect probe request attacks in IEEE 802.11 networks. Eng Appl Neural Netw. doi:10.1007/978-3-642-23957-1_42

    Google Scholar 

  13. Karygiannis T, Owens L (2002) Wireless network security. NIST Spec Publ 800:48

    Google Scholar 

  14. Bansal R, Tiwari S, Bansal D (2008) Non-cryptographic methods of MAC spoof detection in wireless LAN. ICON. doi:10.1109/ICON.2008.4772621

    Google Scholar 

  15. Malekzadeh M, Azim A, Zulkarniam Z, Muda Z (2007) Security improvement for management frames in IEEE 802.11 wireless networks, International Journal of Computer Science and. Netw Secur 7(6):276–284

    Google Scholar 

  16. Madory D (2006) New methods of spoof detection in 802.11 b wireless networking, Thayer School of Engineering, Dartmouth College, Hanover, New Hampshire

  17. Qing L, Trappe W (2007) Detecting spoofing and anomalous traffic in wireless networks via forge-resistant relationships. IEEE Trans Forensics Secur. doi:10.1109/TIFS.2007.910236

    Google Scholar 

  18. Goel S, Kumar S (2009) An improved method of detecting spoofed attack in wireless LAN. Netw Commun. doi:10.1109/NetCoM.2009.75

    Google Scholar 

  19. Lim YX, Schmoyer T, Levine J, Owen HL (2004) Wireless intrusion detection and response: a classic study using main-in-the-middle attack. Wireless Commun. doi:10.1109/WCNC.2004.1311303

    Google Scholar 

  20. Guo FL, Chiueh TC (2006) Sequence number-based MAC address spoof detection. Recent Adv Intrus Detect. doi:10.1007/11663812_16

    Google Scholar 

  21. Faria DB, Cheriton DR (2006) Detecting identity-based attacks in wireless networks using signalprints. In: Proceedings of 5th ACM workshop on wireless security. doi:10.1145/1161289.1161298

  22. Bellardo J, Savage S (2003) 802.11 denial-of-service attacks: Real vulnerabilities and practical solutions. In: Proceedings of 12th USENIX security symposium, Washington, DC, USA

  23. Pleskonjic D (2003) Wireless intrusion detection systems (WIDS). In: Proceedings of 19th annual computer security applications conference, Las Vegas, Nevada, USA

  24. Yang H, Xie L, Sun J (2004) Intrusion detection solution to WLANs. In: Proceedings of the IEEE 6th circuits and system symposium on emerging technologies: frontiers of mobile and wireless communication. doi:10.1109/CASSET.2004.1321948

  25. Dasgupta D, Gomez J, Gonzalez F, Kaniganti M, Yallapu, K (2003) MMDS: multilevel monitoring and detection system. In: Proceedings of 15th annual computer security incident handling conference, Ottawa, Canada

  26. Sheikhan M, Jadidi Z, Farrokhi A (2012) Intrusion detection using reduced-size RNN based on feature grouping. Neural Comput Appl. doi:10.1007/s00521-010-0487-0

    Google Scholar 

  27. Liao HJ, Tung KY, Richard Lin CH, Lin YC (2012) Intrusion detection system: a comprehensive review. J Netw Comput Appl. doi:10.1016/j.jnca.2012.09.004

    Google Scholar 

  28. Sokolova M, Lapalme G (2009) A systematic analysis of performance measures for classification tasks. Inf Process Manag. doi:10.1016/j.ipm.2009.03.002

    MATH  Google Scholar 

  29. Demšar J (2006) Statistical comparisons of classifiers over multiple data sets. J Mach Learn Res 7:1–30

    MATH  MathSciNet  Google Scholar 

  30. Statgun (2007) Logistic regression tutorial. http://www.statgun.com/tutorials/logistic-regression.html. Accessed 05 Nov 2010

  31. Ciuiu D (2008) Pattern classification using polynomial and linear. In: Proceedings of international conference trends and challenges in applied mathematics, pp 153–156

  32. Peng CYJ, Lee KL, Ingersoll GM (2002) An introduction to logistic regression analysis and reporting. J Educ Res 96(1):3–14

    Article  Google Scholar 

  33. Orebaugh A, Ramirez G, Burke J (2007) Wireshark & ethereal network protocol analyzer toolkit. Syngress, USA

    Google Scholar 

  34. Stergiou C, Siganos D (1996) Neural networks, vol 2012. Imperial College, London

  35. Coolen ACC (2010) A beginner’s guide to the mathematics of neural networks. Concept Neural Netw. doi:10.1007/978-1-4471-3427-5_2

    Google Scholar 

  36. Haykin S (1994) Neural networks: a comprehensive foundation. MacMillan College, USA

    MATH  Google Scholar 

  37. Sarle WS (2001) How many hidden units should I use? http://www.faqs.org/faqs/ai-faq/neural-nets/part3/section-10.html. Accessed 5 June 2012

  38. Hamilton HJ (2012) Computer science 831: knowledge discovery in databases. http://www2.cs.uregina.ca/~hamilton/courses/831/index.html. Accessed 9 Feb 2013

  39. Van Trees HL (2001) Detection, estimation, and modulation theory: part 1, detection, estimation, and linear modulation theory. doi:10.1002/0471221082

  40. MathWorks (2012) Plot classification confusion matrix—plotperform. http://www.mathworks.co.uk/help/toolbox/nnet/ref/plotconfusion.html. Accessed 5 Sept 2012

  41. MathWorks (2012) roc—receiver operating characteristic. http://www.mathworks.co.uk/help/toolbox/nnet/ref/roc.html. Accessed 15 May 2012

  42. Zaknich A (2003) Neural networks for intelligent signal processing. World Scientific, Singapore

    Book  MATH  Google Scholar 

  43. Kumar M, Gromiha M, Raghava G (2007) Identification of DNA-binding proteins using support vector machines and evolutionary profiles. BMC Bioinfor. doi:10.1186/1471-2105-8-463

    Google Scholar 

  44. MathWorks (2012) Neural network toolbox—crab classification demo. http://www.mathworks.co.uk/products/neural-network/examples.html?file=/products/demos/shipping/nnet/classify_crab_demo.html. Accessed 1 Sept 2012

  45. Moore AW (2012) Cross-validation for detecting and preventing overfitting. http://www.autonlab.org/tutorials/overfit10.pdf. Accessed 10 May 2012

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Deepthi N. Ratnayake.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ratnayake, D.N., Kazemian, H.B. & Yusuf, S.A. Identification of probe request attacks in WLANs using neural networks. Neural Comput & Applic 25, 1–14 (2014). https://doi.org/10.1007/s00521-013-1478-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-013-1478-8

Keywords

Navigation