APARICIO-NAVARRO, F. ... et al., 2011. An on-line wireless attack detection system using multi-layer data fusion. IEEE International Workshop on Measurements & Networking (M&N 2011) Proceedings.
Computer networks and more specifically wireless
communication networks are increasingly becoming susceptible
to more sophisticated and untraceable attacks. Most of the current
Intrusion Detection Systems either focus on just one layer of
observation or use a limited number of metrics without proper
data fusion techniques. However, the true status of a network is
rarely accurately detectable by examining only one network
layer. This paper describes a synergistic approach of fusing decisions
of whether an attack takes place by using multiple measurements
from different layers of wireless communication networks.
The described method is implemented on a live system
that monitors a wireless network in real time and gives an indication
of whether a malicious frame exists or not. This is achieved
by analysing specific metrics and comparing them
against historical data. The proposed system assigns for each
metric a belief of whether an attack takes place or not. The beliefs
from different metrics are fused with the Dempster-Shafer
technique with the ultimate goal of limiting false alarms by combining
beliefs from various network layers. The on-line experimental
results show that cross-layer techniques and data fusion
perform more efficiently compared to conventional methods.