An on-line wireless attack detection system using multi-layer data fusion

Computer networks and more specifically wireless communication networks are increasingly becoming susceptible to more sophisticated and untraceable attacks. Most of the current Intrusion Detection Systems either focus on just one layer of observation or use a limited number of metrics without proper data fusion techniques. However, the true status of a network is rarely accurately detectable by examining only one network layer. This paper describes a synergistic approach of fusing decisions of whether an attack takes place by using multiple measurements from different layers of wireless communication networks. The described method is implemented on a live system that monitors a wireless network in real time and gives an indication of whether a malicious frame exists or not. This is achieved by analysing specific metrics and comparing them against historical data. The proposed system assigns for each metric a belief of whether an attack takes place or not. The beliefs from different metrics are fused with the Dempster-Shafer technique with the ultimate goal of limiting false alarms by combining beliefs from various network layers. The on-line experimental results show that cross-layer techniques and data fusion perform more efficiently compared to conventional methods.