An Integrated Scheme for Intrusion Detection in WLAN

  • Dong Phil Kim
  • Seok Joo Koh
  • Sang Wook Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3961)


Wireless Local Area Network (WLAN) is susceptible to security provisioning in spite of the solutions such as the Wired Equivalent Protocol (WEP) or IEEE 802.1x. This paper proposes an integrated scheme for intrusion detection in WLAN systems. The proposed scheme operates with one or more Gathering Agents (GAs) and a Master Server (MS). Each GA is used to get security information by collecting the frame packets in WLAN, whereas the MS is purposed to detect and prevent the various attacks by analyzing the packets in the WLAN systems. A detection engine contained in the MS employs OUI list matching for detection of MAC spoofing attacks, sequence number analysis for man-in-the-middle attacks, and Finite State Machine (FSM) analysis for Denial-of-Service (DoS) attacks. By experiments, it is shown that the proposed scheme could effectively detect and prevent the various attacks that could possibly be done in the WLAN systems.


Medium Access Control Intrusion Detection Wireless Local Area Network Finite State Machine Medium Access Control Address 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    IEEE 802.11 Standard, Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specification (1997)Google Scholar
  2. 2.
    Fluhrer, S., Mantin, I., Shamir, A.: Weakness in the Key scheduling Algorithm of RC4. In: Proceedings of the 8th Annual Workshop on Selected Areas in Cryptography (August 2001)Google Scholar
  3. 3.
    Lim, Y., Schmoyer, T., Levine, J., Henry, L.: Wireless Intrusion Detection an Response. In: Proceedings of the IEEE Workshop on Information Assurance (2003)Google Scholar
  4. 4.
    IEEE Draft P802.1X/D11. Standards for Local and Metropolitan Area Networks: Standard for Port based Network Access Control (March 2001)Google Scholar
  5. 5.
    Arbaugh, W., Shankar, N., Wan, Y.: An initial Security Analysis of the IEEE 802.1X Standard. Technical Report, Department of Computer Science, University of Maryland (2002)Google Scholar
  6. 6.
    Wright, J.: Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection. Available from,
  7. 7.
    IEEE OUI and Company_ID Assignments, Available from
  8. 8.
    Wright, J.: Detecting Wireless LAN MAC Address Spoofing. Available from
  9. 9.
    Hennie, H.: Finite-State Models for Logical Machines. John Wiley & Son, ChichesterGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dong Phil Kim
    • 1
  • Seok Joo Koh
    • 1
  • Sang Wook Kim
    • 1
  1. 1.Department of Computer ScienceKyungpook National UniversityDaeguKorea

Personalised recommendations