Substantiating Security Threats Using Different Views of Wireless Network Traces

Abstract

Huge amounts of network traces can be collected from today's busy computer networks for various analysis. These traces could be used to detect intruders and other unusual events. Real time detection of outliers from large data sets can lead to effective intrusion detection and prevention. Presently, due to lack of fast on-the-fly updating and processing capabilities intrusion detection systems (IDSs) do not detect intruders instantly. Furthermore, most IDSs cannot adapt their detection mechanism in real time to accommodate legitimate dynamic changes. Achieving dynamic adaptation in real time has been a long standing desire for effective intrusion detection and prevention. Organizations which heavily rely on network activities are in need of an ID that could detect intruders in advance and stop them before they could cause chaos. In this context we propose a novel mechanism to detect intruders in real time. Our system monitors for timing and behavioral anomalies and uses outlier based data association techniques to substantiate the anomaly. In this paper we introduce the concept of views and their use in substantiating security threats. We have tested our concept on data captured from our experimental wireless network environment and we present the results obtained from our analysis.