WiFi Miner: An Online Apriori-Infrequent Based Wireless Intrusion System

  • Ahmedur Rahman
  • C. I. Ezeife
  • A. K. Aggarwal
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5840)

Abstract

Intrusion detection in wireless networks has become a vital part in wireless network security systems with wide spread use of Wireless Local Area Networks (WLAN). Currently, almost all devices are Wi-Fi (Wireless Fidelity) capable and can access WLAN. This paper proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms.

The proposed system, WiFi Miner solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm proposed by this paper. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, there by improving efficiency and run times significantly. An anomaly score is assigned to each packet (record) based on whether the record has more frequent or infrequent patterns. Connection records with positive anomaly scores have more infrequent patterns than frequent patterns and are considered anomalous packets.

Keywords

Data mining wireless intrusion network intrusion detection hardware sensors infrequent patterns training data 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Agrawal, R., Srikant, R.: Fast Algorithms for Mining Association Rules in Large Databases. In: Proceedings of the 20th International Conference on very Large Databases, Santiago, Chile, pp. 487–499 (1994)Google Scholar
  2. 2.
    Aircrack (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
  3. 3.
    Aireplay (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
  4. 4.
    Barbara, D., Couto, J., Jadodia, S., Wu, N.: ADAM: A Testbed for exploring the Use of Data Mining in Intrusion Detection. ACM Sigmod Record (4): Special Selection on Data Mining for Intrusion Detection and Threat Analysis 30(4) (2001)Google Scholar
  5. 5.
    Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining, ch. 3 (2004)Google Scholar
  6. 6.
    Engage Security (2007), Engage Security Web Page, http://www.engagesecurity.com
  7. 7.
    Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann Publishers, New York (2001)Google Scholar
  8. 8.
    Han, J., Pei, J., Yin, Y., Mao, R.: Mining Frequent Patterns without Candidate Generation: A Frequent-Pattern Tree approach. International Journal of Data Mining and Knowledge Discovery 8(1), 53–87 (2004)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Imielinski, T., Swami, A., Agarwal, R.: Mining association rules between sets of items in large databases. In: Proceeding of the ACM SIGMOD conference on management of data, Washington D.C, May 1993, pp. 207–216 (1993)Google Scholar
  10. 10.
    Lee, W., Stolfo, S., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD 1998), New York, NY, August 1998, pp. 66–72 (1998)Google Scholar
  11. 11.
    Lee, W., Stolfo Salvatore, J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transaction on Information and System Security 3(4), 227–261 (2000)CrossRefGoogle Scholar
  12. 12.
    Li, Q.-H., Xiong, J.-J., Yang, H.-B.: An Efficient Algorithm for Frequent Pattern in Intrusion Detection. In: Proceedings of the International Conference on Machine learning and cybernatics, November 2-5, vol. 1, pp. 138–142 (2003)Google Scholar
  13. 13.
    Liu, Y., Li, Y., Man, H., Jiang, W.: A hybrid data mining anomaly detection technique in ad hoc networks. International Journal of Wireless and Mobile Computing 2007 2(1), 37–46 (2007)CrossRefGoogle Scholar
  14. 14.
    Mahoney, V., Chan, P. K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proceedings of the Third IEEE International Conference on Data Mining (ICDM), pp. 601–604 (2003)Google Scholar
  15. 15.
    Mannila, H., Toivonen, H.: Levelwise search and borders of theories in knowledge discovery. International Journal of Data Mining and Knowledge Discovery 1(3), 241–258 (2004)CrossRefGoogle Scholar
  16. 16.
    Marinova-Boncheva, V.: Applying a Data Mining method for intrusion detection. In: ACM International Conference Proceeding Series (2007)Google Scholar
  17. 17.
    NetworkChemistry, Network Chemistry Wireless Security Business (2007), http://www.networkchemistry.com
  18. 18.
    Shimonski, R.J.: Wireless Attacks Primer. In: A whitepaper published on windowssecurity.com section: Articles: Wireless security (July 2004)Google Scholar
  19. 19.
    Yoshida, K.: Entropy based Intrusion Detection. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM, August 2003, vol. 2, pp. 28–30 (2003)Google Scholar
  20. 20.
    Zhengbing, H., Zhitang, L., Junqi, W.: A Novel Intrusion Detection System (NIDS) Based on Signature Search of Data Mining. In: 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop (January 2008)Google Scholar
  21. 21.
    Zhong, S., Khoshgoftaar, T., Nath, S.: A Clustering Approach to Wireless Network Intrusion Detection. In: 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI 2005), pp. 190–196 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Ahmedur Rahman
    • 1
  • C. I. Ezeife
    • 1
  • A. K. Aggarwal
    • 1
  1. 1.School of Computer ScienceUniversity of WindsorWindsorCanada

Personalised recommendations