DETECT 802.11 MAC LAYER SPOOF BASED DENIAL OF SERVICE ATTACKS AT SERVICE PROVIDER USING RECEIVED SIGNAL STRENGTH

Abstract

Service Providers today are increasing their dependence on wireless networks in order to operate and maintain a cost effective and competitive advantage as well as offer mobility among corporate users to physically move about whilst maintaining a connection to the corporate wireless network. However, service providers need to control and prevent their network and systems from being exposed to wireless attacks. Service providers overlook the potential impact of a Denial of Service (DoS) attack against their wireless networks as wireless networks can be very vulnerable to DoS attacks as these attacks could be possibly launched by competitors, for political reasons, as part of a combined attack or just frustration on an attacker’s part of not being able to break into service providers’ network. However, the results can be anything from degradation of the wireless network to a complete loss of availability and the reputation of the provider. On an 802.11 wireless network, an attacker can transmit packets using a spoofed source MAC addressees as the activity does not require much expertise and expensive equipment as a result the recipient of spoofed frames has no way of finding if they are legitimate or illegitimate requests and will process and allows MAC layer DoS attacks to take place against the service provider.A solely RSSI based 802.11 MAC spoof detection and device classification approach is proposed for service providers to detect and classify legitimate or illegitimate requests in the event of MAC layer DoS attacks against their wireless networks. When the attacker is fixed at a location and either surrounded by some stationary devices or none and executes the MAC layer DoS attacks using randomly generated MAC addresses, this approach will guide the examiner to follow the Sampling, Quantization, Pattern Recognition and clustering phases to inspect the location, classify devices and identify such misbehaviors .This approach was evaluated using real experiments under different criteria and given a confident that the proposed approach can be used to distinguish devices between different model devices, same model devices, different models of devices from one vendor and applicable on any indoor environments.