10 likes | 167 Views
Intrusion Detection and Forensics for Self-defending Wireless Networks Yan Chen, Northwestern University Tel. (847) 491-4946, E-Mail: ychen@northwestern.edu. Objectives:
E N D
Intrusion Detection and Forensics for Self-defending Wireless Networks Yan Chen, Northwestern University Tel. (847) 491-4946, E-Mail: ychen@northwestern.edu • Objectives: • Proactively secure wireless networks via searching unknown protocol vulnerabilities, especially for security protocols such as Extensible Authentication Protocols (EAP). • Design defense schemes for the vulnerabilities discovered. • Forensics and situational-aware analysis for botnets, in particular for the large-scale ``botnet probes‘’ in which a collection of remote hosts together probes the address space monitored by a sensor in some sort of coordinated fashion. asdf Objective Challenge/Response TLS EAP-SIM EAP-AKA EAP-TTLS PEAP EAP-FAST EAP-TLS Vulnerability analysis of various wireless network protocols. Extensible Authentication Protocol (EAP) • Scientific/Technical Approach: • Reveal a serious vulnerability of exception handling in most wireless security and communication protocols by showing an exception triggered attack. • Design countermeasures for detection of such attacks and improvements of protocols for prevention. • Draw upon extensive honeynet data to explore the properties of different types of scanning, such as trend, uniformity, coordination, and darknet avoidance. • Design schemes to extrapolate the global properties of the scanning events (e.g., total population and target scope) as inferred from the limited local view of a honeynet. • Accomplishments: • Find exception triggered denial of service (DoS) attacks in various wireless network security protocols, including variants of EAP and mobile IPv6. • Conduct real world experiments to evaluate the efficiency and effectiveness of attacks and defense. • Design schemes to infer the properties (including extrapolated global ones) for botnet probing events. • Challenges: • Network protocols are too numerous and often ambiguous for vulnerability analysis. • Infer botnet global properties from limited local view. EAP Over LAN (EAPOL) 802.11 WLAN GSM UMTS/ CDMA2000