Wireless security situation awareness with attack identification decision support

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) Pub Date : 2011-04-11 DOI:10.1109/CICYBS.2011.5949399

Paul K. Harmer, Ryan W. Thomas, B. Christel, Richard K. Martin, Clifton Watson

{"title":"Wireless security situation awareness with attack identification decision support","authors":"Paul K. Harmer, Ryan W. Thomas, B. Christel, Richard K. Martin, Clifton Watson","doi":"10.1109/CICYBS.2011.5949399","DOIUrl":null,"url":null,"abstract":"Wireless networks are a common point of entry for computer network attacks. Due to high traffic volumes, network mission assurance requires tools that can usefully display network traffic data, automatically detect, and identify attacks to provide increased situational awareness to a network administrator. Many metrics used to analyze wireless network traffic and security depend on full access to all nodes. This is impractical in fielded networks. To address these issues, we propose a new set of metrics based on wireless network packet interarrival times. These metrics are displayed in a novel way to provide administrators with a mechanism for identifying possible attacks and their impact on the network. The performance of this visualizer is validated by the use of a linear classifier system, which shows that the chosen metrics can be used to accurately identify attacks. We further argue that the classifier could be used in conjunction with the visualizer as an effective decision support system to aid in maintaining mission assurance.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICYBS.2011.5949399","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

Wireless networks are a common point of entry for computer network attacks. Due to high traffic volumes, network mission assurance requires tools that can usefully display network traffic data, automatically detect, and identify attacks to provide increased situational awareness to a network administrator. Many metrics used to analyze wireless network traffic and security depend on full access to all nodes. This is impractical in fielded networks. To address these issues, we propose a new set of metrics based on wireless network packet interarrival times. These metrics are displayed in a novel way to provide administrators with a mechanism for identifying possible attacks and their impact on the network. The performance of this visualizer is validated by the use of a linear classifier system, which shows that the chosen metrics can be used to accurately identify attacks. We further argue that the classifier could be used in conjunction with the visualizer as an effective decision support system to aid in maintaining mission assurance.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

具有攻击识别决策支持的无线安全态势感知

无线网络是计算机网络攻击的常见切入点。由于通信量大，网络任务保证需要能够有效显示网络通信量数据、自动检测和识别攻击的工具，以便为网络管理员提供更多的态势感知。用于分析无线网络流量和安全性的许多指标依赖于对所有节点的完全访问。这在现场网络中是不切实际的。为了解决这些问题，我们提出了一套基于无线网络数据包到达间隔时间的新指标。这些指标以一种新颖的方式显示，为管理员提供了一种识别可能的攻击及其对网络的影响的机制。通过使用线性分类器系统验证了该可视化器的性能，这表明所选择的度量可以用于准确识别攻击。我们进一步认为，分类器可以与可视化器结合使用，作为有效的决策支持系统，以帮助维护任务保证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)

自引率

0.00%

发文量