WiFi Miner: An Online Apriori-Infrequent Based Wireless Intrusion System
Intrusion detection in wireless networks has become a vital part in wireless network security systems with wide spread use of Wireless Local Area Networks (WLAN). Currently, almost all devices are Wi-Fi (Wireless Fidelity) capable and can access WLAN. This paper proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms.
The proposed system, WiFi Miner solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm proposed by this paper. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, there by improving efficiency and run times significantly. An anomaly score is assigned to each packet (record) based on whether the record has more frequent or infrequent patterns. Connection records with positive anomaly scores have more infrequent patterns than frequent patterns and are considered anomalous packets.
KeywordsData mining wireless intrusion network intrusion detection hardware sensors infrequent patterns training data
Unable to display preview. Download preview PDF.
- 1.Agrawal, R., Srikant, R.: Fast Algorithms for Mining Association Rules in Large Databases. In: Proceedings of the 20th International Conference on very Large Databases, Santiago, Chile, pp. 487–499 (1994)Google Scholar
- 2.Aircrack (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
- 3.Aireplay (2007), Airdump Web Page, http://airdump.net/papers/packet-injection-windows
- 4.Barbara, D., Couto, J., Jadodia, S., Wu, N.: ADAM: A Testbed for exploring the Use of Data Mining in Intrusion Detection. ACM Sigmod Record (4): Special Selection on Data Mining for Intrusion Detection and Threat Analysis 30(4) (2001)Google Scholar
- 5.Ertoz, L., Eilertson, E., Lazarevic, A., Tan, P., Srivastava, J., Kumar, V., Dokas, P.: The MINDS - Minnesota Intrusion Detection System. In: Next Generation Data Mining, ch. 3 (2004)Google Scholar
- 6.Engage Security (2007), Engage Security Web Page, http://www.engagesecurity.com
- 7.Han, J., Kamber, M.: Data Mining: Concepts and Techniques. Morgan Kaufmann Publishers, New York (2001)Google Scholar
- 9.Imielinski, T., Swami, A., Agarwal, R.: Mining association rules between sets of items in large databases. In: Proceeding of the ACM SIGMOD conference on management of data, Washington D.C, May 1993, pp. 207–216 (1993)Google Scholar
- 10.Lee, W., Stolfo, S., Mok, K.: Mining Audit Data to Build Intrusion Detection Models. In: Proceedings of the Fourth International Conference on Knowledge Discovery and Data Mining (KDD 1998), New York, NY, August 1998, pp. 66–72 (1998)Google Scholar
- 12.Li, Q.-H., Xiong, J.-J., Yang, H.-B.: An Efficient Algorithm for Frequent Pattern in Intrusion Detection. In: Proceedings of the International Conference on Machine learning and cybernatics, November 2-5, vol. 1, pp. 138–142 (2003)Google Scholar
- 14.Mahoney, V., Chan, P. K.: Learning Rules for Anomaly Detection of Hostile Network Traffic. In: Proceedings of the Third IEEE International Conference on Data Mining (ICDM), pp. 601–604 (2003)Google Scholar
- 16.Marinova-Boncheva, V.: Applying a Data Mining method for intrusion detection. In: ACM International Conference Proceeding Series (2007)Google Scholar
- 17.NetworkChemistry, Network Chemistry Wireless Security Business (2007), http://www.networkchemistry.com
- 18.Shimonski, R.J.: Wireless Attacks Primer. In: A whitepaper published on windowssecurity.com section: Articles: Wireless security (July 2004)Google Scholar
- 19.Yoshida, K.: Entropy based Intrusion Detection. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PACRIM, August 2003, vol. 2, pp. 28–30 (2003)Google Scholar
- 20.Zhengbing, H., Zhitang, L., Junqi, W.: A Novel Intrusion Detection System (NIDS) Based on Signature Search of Data Mining. In: 1st international conference on Forensic applications and techniques in telecommunications, information, and multimedia and workshop (January 2008)Google Scholar
- 21.Zhong, S., Khoshgoftaar, T., Nath, S.: A Clustering Approach to Wireless Network Intrusion Detection. In: 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI 2005), pp. 190–196 (2005)Google Scholar