Performance Analysis of Wireless Intrusion Detection Systems

Wireless network security has a considerable attention in recent years. Several security efforts have been exerted to combat the wireless attacks, but unfortunately complete attack prevention at the first line of defense such as authentication, encryption, and firewall is not realistically attainable. Thus, the emphasis on detecting wireless attacks at a second line of defense, in the form of Wireless Intrusion Detection System (WIDS), has been growing. Despite the importance of WIDSs in wireless network security, their performance is sometimes not satisfying in practice. Thus, WIDSs performance evaluation is a pressing necessity. By evaluation we mean a systematic assessment for measuring the ability of a WIDS to meet the intended operation and expected performance. In this thesis, we have developed a comprehensive evaluation methodology that covers all necessary dimensions for a credible evaluation of WIDSs performance. The main pivotal tasks in our methodology are characterizing and generating the evaluation dataset, defining expressive evaluation metrics, and circumventing the evaluation limitations. Comprehensive and credible evaluation of WIDSs necessitates taking into account all possible attacks. While this is operationally impossible, it is necessary to select representative attack test cases that can be extracted mainly from a comprehensive classification of wireless attacks. Dealing with this challenge, we have developed a holistic taxonomy of wireless security attacks from the perspective of the WIDS evaluator. The second pivotal task in our methodology is defining expressive evaluation metrics. We introduced a new evaluation metric E_ID (intrusion detection effectiveness) for manipulating the drawbacks of the previously proposed metrics for evaluating the IDSs/ WIDSs effectiveness. As well, we proposed another metric R_R (recognizing rate) for measuring the attack type recognizing attribute. As a third important task, we have circumvented the evaluation limitations, caused by the uncontrolled traffic in the wireless open medium, by constructing a RF shielded testbed to take all measurements under our control without any interfering from any outside uncontrolled traffic. Finally, we followed our methodology and conducted experimental evaluation tests of two popular WIDSs, and demonstrated the utility of our proposed taxonomy of wireless attacks and our developed evaluation metrics (E_ID and R_R), in addition to evaluating the impact of WIDSs on the supervised system resources.