Improved Detection of Probe Request Attacks - Using Neural Networks and Genetic Algorithm

Deepthi N. Ratnayake, Hassan B. Kazemian, Syed A. Yusuf

Abstract

The Media Access Control (MAC) layer of the wireless protocol, Institute of Electrical and Electronics Engineers (IEEE) 802.11, is based on the exchange of request and response messages. Probe Request Flooding Attacks (PRFA) are devised based on this design flaw to reduce network performance or prevent legitimate users from accessing network resources. The vulnerability is amplified due to clear beacon, probe request and probe response frames. The research is to detect PRFA of Wireless Local Area Networks (WLAN) using a Supervised Feedforward Neural Network (NN). The NN converged outstandingly with train, valid, test sample percentages 70, 15, 15 and hidden neurons 20. The effectiveness of an Intruder Detection System depends on its prediction accuracy. This paper presents optimisation of the NN using Genetic Algorithms (GA). GAs sought to maximise the performance of the model based on Linear Regression (R) and generated R > 0.95. Novelty of this research lies in the fact that the NN accepts user and attacker training data captured separately. Hence, security administrators do not have to perform the painstaking task of manually identifying individual frames for labelling prior training. The GA provides a reliable NN model and recognises the behaviour of the NN for diverse configurations.

References

  1. Baker, J. E., (1987). Reducing bias and inefficiency in the selection algorithm. 2nd International Conference on Genetic Algorithms on Genetic algorithms and their application, MIT, Massachusetts.
  2. Bankovic, Z., Stepanovic, D., Bojanic, S., and NietoTaladriz, O., (2007). Improving network security using genetic algorithm approach. Computers and Electrical Engineering, 33(5-6), 438-451. doi: 10.1016/j.compeleceng.2007.05.010.
  3. De Jong, K. A., (1993). Genetic algorithms are NOT function optimizers. FOGA-92, 2nd workshop on Foundations of Genetic Algorithms, Vail, Colorado.
  4. Gong, R. H., Zulkernine, M., and Abolmaesumi, P. (2005). A software implementation of a genetic algorithm based approach to network intrusion detection. Sixth International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, and First ACIS International Workshop on Self-Assembling Wireless Networks., 246-253. doi: 10.1109/SNPDSAWN.2005.9.
  5. Haddadi, F., Khanchi, S., Shetabi, M., and Derhami, V., (2010). Intrusion Detection and Attack Classification Using Feed-Forward Neural Network. Second International Conference on Computer and Network Technology, Bangkok.
  6. Holland, J. H., (1975). Adaptation in natural and artificial systems : an introductory analysis with applications to biology, control, and artificial intelligence. Ann Arbor, Mich.: University of Michigan Press.
  7. Hua, J., and Xiaofeng, Z., (2008). Study on the network intrusion detection model based on genetic neural network. International Workshop on Modelling, Simulation and Optimization, Hong Kong.
  8. Karygiannis, T., and Owens, L., (2002). Wireless network security. NIST special publication, 800, 48.
  9. Landau, L. G., and Taylor, J. G., (1997). Concepts for neural networks: A survey: Springer-Verlag New York, Inc.
  10. Levine, D., (1997). Commentary-Genetic Algorithms: A Practitioner's View. INFORMS Journal on Computing, 9(3), 256-259.
  11. Li, W., (2004). Using genetic algorithm for network intrusion detection. United States Department of Energy Cyber Security Group 2004 Training Conference, Kansas City, Kansas.
  12. Lindley, D. V., (1987). Regression and correlation analysis. New Palgrave: A Dictionary of Economics, 4, 120-123. doi: 10.1057/9780230226203.3411.
  13. MathWorks, (2012). Post-Training Analysis (Network Validation): Multilayer Networks and Backpropagation Training (Neural Network Toolbox™) Retrieved 10 May, 2012, from http://www.mathworks.co.uk/help/toolbox/nnet/ug/bss 3318-1.html.
  14. Moore, A. W., (2001). Cross-validation for detecting and preventing overfitting Retrieved 10 May, 2012, from http://www.autonlab.org/tutorials/overfit10.pdf.
  15. Pillai, M. M., Eloff, J. H. P., and Venter, H. S., (2004). An approach to implement a network intrusion detection system using genetic algorithms. South African Institute for Computer Scientists and Information Technologists on IT research in developing countries, Republic of South Africa.
  16. Ratnayake, D., Kazemian, H., Yusuf, S., and Abdullah, A., (2011). An Intelligent Approach to Detect Probe Request Attacks in IEEE 802.11 Networks. Engineering Applications of Neural Networks, Corfu, Greece.
  17. Reeves, C. R., and Rowe, J. E. (2003). Genetic algorithms: principles and perspectives: a guide to GA theory (Vol. 20): Springer.
  18. Wu, S. X., and Banzhaf, W., (2010). Review: The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput., 10(1), 1-35. doi: 10.1016/j.asoc.2009.06.019.
  19. Xia, T., Qu, G., Hariri, S., and Yousif, M., (2005). An efficient network intrusion detection method based on information theory and genetic algorithm. 24th IEEE International Performance, Computing, and Communications Conference, 2005, Phoenix, Arizona.
  20. Yao, X. H., (2010). A network intrusion detection approach combined with genetic algorithm and back propagation neural network. International Conference on E-Health Networking, Digital Ecosystems and Technologies, Shenzhen.
  21. Zhang, Y., Zheng, J., and Ma, M., (2008). Handbook of research on wireless security: Information Science Reference-Imprint of: IGI Publishing.
Download


Paper Citation


in Harvard Style

N. Ratnayake D., B. Kazemian H. and A. Yusuf S. (2012). Improved Detection of Probe Request Attacks - Using Neural Networks and Genetic Algorithm . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 345-350. DOI: 10.5220/0004077703450350


in Bibtex Style

@conference{secrypt12,
author={Deepthi N. Ratnayake and Hassan B. Kazemian and Syed A. Yusuf},
title={Improved Detection of Probe Request Attacks - Using Neural Networks and Genetic Algorithm},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={345-350},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004077703450350},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Improved Detection of Probe Request Attacks - Using Neural Networks and Genetic Algorithm
SN - 978-989-8565-24-2
AU - N. Ratnayake D.
AU - B. Kazemian H.
AU - A. Yusuf S.
PY - 2012
SP - 345
EP - 350
DO - 10.5220/0004077703450350