Research and development of a reference model for intrusion handling systems in wireless LANs

• Main Author: Zamankhani, Shahram Salek
• Published: London Metropolitan University 2011
• Subjects: 621.382
• Online Access: http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.542798

Wireless Local Area Networks (WLANs) are different from the traditional wired LANs in terms of their easy exposure to potential threats and vulnerability to exploitation. Hence, there is an urgent need for effective Intrusion Handling Systems (IHSs) and the methods for their evaluation. Analyses of the IHSs (Snort Wireless, Bro and Kismet) for WLANs performed in this work have shown that they are all built as proprietary systems. These IHSs do not consider the existence of other IHSs nor do they try to determine ways to establish inter-IHS collaboration in order to achieve a better security for WLANs. Based on these analyses the unified presentation of the features and architectures of these IHSs have been developed. In this thesis, it has been identified a distinct absence of a standardised reference model for IHSs. Hence, a novel reference model is proposed for a scalable distributed IHS that defines system architecture, specifying the need for identification and response systems with associated sets of methods and inter-IHS communications protocol. A model of IHS description for ad hoc networks with a present intruder has been developed and a need for Unified Intrusion Handling Report Format, Inter IHS Message and Inter IHS Communication Subsystem for inter IHS communications has been identified. Ontologybased approach for modelling of IHS has been suggested and formally adopted throughout. IHS Modeling Ontology (IHSMO) has been developed based on the previous analyses of IHSs. This IHSMO is unique because it has components specifically addressing WLANs. The IHSMO is built using the Hozo ontology editor that allows both specification and verification of the model's integrity, which established a common framework for comparison and benchmarking. For evaluation purposes the ontologybased models of the same IHSs (Snort Wireless, Bro and Kismet) have been built using Hozo ontology editor. Comparison of their ontologies was undertaken in a unified way using IHSMO as a reference. This enabled the functionality gap analysis to be performed using IHSMO concepts and slots in order to demonstrate lack of essential functionalities in some systems. This further informed in the evaluation of the proposed model. The approach allows adopting and extending the IHSMO if knowledge changes in future.