Wireless Intrusion Detection Based On Association Mining

Increasing numbers of organizations are deploying wireless networks, and much attention has been focused recently on the security aspects of existing Wi-Fi (IEEE 802.11b) wireless LAN systems. With the rapid growth and deployment of these systems into a wide range of networks and for a wide variety of applications, comes the need to support security solutions that meet the needs of a wide variety of customers. Under this circumstance, people are aware of the importance of network security. As a result, many network security technologies have been invented. Intrusion detection and countermeasures response is an active area of wireless security research.802.11, the common standard used for enterprise, Wireless LANs (WLAN), leverages unlicensed (i.e. public) radio bands for communication. This makes 802.11 wireless networks particularly susceptible to unauthorized intrusion and malicious attacks. This paper first analyses vulnerabilities of wireless networks and introduces WEP protocol. The advent of WLANs, however, has opened organizations up to new IT security threats, and many traditional countermeasures are ineffective in dealing with them. Wireless access to networks, for example, cannot easily be monitored and controlled through perimeter defenses such as firewalls and proxy servers. A wireless access point may open the internal, non-protected network up to unknown and non-trusted users who are simply within communication range.It presents a model of intrusion detection system and strategies for detecting anomaly behaviors. The MAC layer for 802.11 networks is significantly more complex than previous IEEE 802 designations. We can use the frame header to build the behavior model of the wireless user and then use the model to distinguish the attacker from the user. This paper use the selected fields of the 802.11 frame header as the data source of the association mining algorithm, and detect some wireless attack successfully.Corresponding to characteristic of the audit record, this paper proposes a high efficiency incremental association mining algorithm based on information collecting matrix. The algorithm resolve the problem that how to update the association rules in a database when minimum support changed or new transactions are added to the database. The algorithm improves the efficiency of the association mining, can fulfill the request if the real time system and apply to intrusion detection system.The research in the paper has definite theoretic and practical value in the field of intrusion detection; it is a useful reference for designing the intrusion detection system.