A Sliding Window Based Management Traffic Clustering Algorithm for 802.11 WLAN Intrusion Detection

This paper introduces a novel Management Traffic Clustering Algorithm (MTCA) based on a sliding window methodology for intrusion detection in 802.11 networks Active attacks and other network events such as scanning, joining and leaving in 802.11 WLANs can be observed by clustering the management frames in the MAC Layer. The new algorithm is based on a sliding window and measures the similarity of management frames within a certain period by calculating their variance. Through filtering out certain management frames, clusters are recognized from the discrete distribution of the variance of the management traffic load. Two parameters determine the accuracy and robustness of the algorithm; the Sample Interval and the Window Size of the sliding window. Extensive tests and comparisons between different sets of Sample Intervals and Window Sizes have been carried out. From analysis of the results, recommendations on what are the most appropriate values for these two parameters in various scenarios are presented.