You are here: Home Contents V1 N3 V1N3_Shanley.html
Personal tools

WIDS - A Wireless Intrusion Detection System for Detecting Man-in-the-middle Attacks



Full text

Journal of Information System Security
Volume 1, Number 3 (2005)
Pages 1844
ISSN 1551-0123
Robert Shanley — Iowa State University, USA
G. Premkumar — Iowa State University, USA
Information Institute Publishing, Washington DC, USA




The dramatic growth in wireless networking has resulted in many organizations and government agencies installing networks with poor security configurations seriously jeopardizing the security of their wired networks. Intrusion detection becomes more important in wireless networks due to the inherent nature of the network. Wired networks typically implement monitoring at layer 3 while assuming that physical security can prevent access to layer 2 and below. By its very nature of broadcasting its presence and sending data in the open, wireless networks create security hazards at layer 2. Man-in-the-middle attacks using MAC address spoofing is one technique to take control of an access point and monitor all traffic. In this paper we examine the technique for this attack and develop an intrusion detection system to identify and warn against such attacks. Using an experimental setup the performance of the intrusion detection system is evaluated in different environmental contexts. The results of the experiment indicated that the system performed very well in most situations, except in the context of very high traffic where the slowness in the traffic data acquisition tool resulted in some errors.




Network Security, Intrusion Detection Systems, Wireless Networking, Man-in-the Middle Attack, MAC Address Spoofing




Arbaugh, W., Shankar, N., and Wan, Y.C. (2001) “Your 802.11 Wireless Network has No Clothes,” in Proceedings of the First International Conference on Wireless LANs and Home Networks, March, 131-144.

Berghel, H. (2004), “Wireless infidelity I: war driving,” Communications of the ACM, 47(9): 21-26.

Borisov, N. I. Goldberg, and D. Wagner. (2001), “Intercepting Mobile Communications: The Insecurity of 802.11,” in Proceedings of the International Conference on Mobile Computing and Networking, July, 180- 189.

Brutch, P., and Ko, C. (2003), “Challenges in Intrusion Detection for Wireless Ad-hoc Networks,” 2003 Symposium on Applications and the Internet Workshops (SAINT’03 Workshops), p. 368.

Cam-Winget, N., Housley, R., Wagner, D., Walker, J., (2003), “Security flaws in 802.11 data link protocols,” Communications of the ACM, 46(5): 35- 39.

Chirumamilla, M., and Ramamurthy, B. (2003), “Agent Based Intrusion Detection and Response System for Wireless LANs,” in Proceedings of IEEE International Conference on Communications, vol.1, p.492 - 496.

Debar, H., Dacier, M., and Wespi, A. (1999), “A Revised Taxonomy for Intrusion-Detection Systems,” Computer Networks, 31, 805-822.

Debar H., Becker M., & Siboni D. (1992) “A Neural Network Component for an Intrusion Detection System,” Proceeding of the 1992 IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, Oakland, CA, 240-250.

Denning, D. E. (1987), “An intrusion-detection model,” IEEE Transaction on Software Engineering, 12(2): 222-232.

Durst R., Champion T., Witten B., Miller E., & Spagnuolo L. (1999), “Testing and Evaluating Computer Intrusion Detection Systems,” Communications of the ACM, 42, 7, 53-61.

Fluhrer, S., Mantin, I., and Shamir. (2001), “A. Weaknesses in the key scheduling algorithm of RC4” in Proceedings of the fourth Annual Workshop on Selected Areas in Cryptography, Lecture Notes in Computer Science, Springer verlag, Vol. 2259.

Forrest S., Jovornik B., Smith R. E., & Perelson A. S. (1993), “Using Genetic Algorithms to Explore Pattern Recognition in the Immune System,” IEEE Transactions on Evolutionary Computation, 1(3): 191-211.

Garvey, T. D. & Lunt, T. F. (1991), “Model Based Intrusion Detection,” Proceedings of the 14th National Computer Security Conference, 372-385.

Hofmeyr S. A., Forrest S., & Somayaji A. (1998), “Intrusion Detection Using Sequences of System Calls”. Journal of Computer Security, 6, 151- 180.

HotSpotzz, “WiFi market information and statistics,” February 2003, http:/ /

Housley, R. and Arbaugh, W., (2003). Security problems in 802.11-based networks. Communications of the ACM, 46(5): 31 - 34

IEEE Standard 802.11, LAN MAN Standards Committee, (1999) “LAN MAN Standards of the IEEE Computer Society. Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications.” IEEE Standard 802.11, 1999 Edition.

Karygiannis, T and Owens, L. (2002), “Wireless Network Security 802.11, Bluetooth, and Handheld Devices,” NIST, Special Publication 800-48.

Lee W. & Stolfo S. J. (2000). “Data Mining Approaches for Intrusion Detection.” Computer Science Department, Columbia University, New York, NY,

Lunt T. F. (1993), “A Survey of Intrusion Detection Techniques.” Computer & Security, 12.

Porras P. A. & Valdes A. (1998) “Live Traffic Analysis of TCP/IP Gateways.” Proceedings of the Network and Distributed System Security Symposium, Internet Society, San Diego, CA, March, 11-13, 1998, http://

Rubin, A., (2003), “Special Issue: Wireless networking security,” Communications of the ACM, 46(5): 28-30.

Walker, J. (2000), “Unsafe at any key size: an analysis of the WEP encapsulation,” IEEE 802.11 Task Force E, IEEE 802.11/00-362.

Welch, D. and Lathrop, S. (2003) “Wireless Security Threat Taxonomy,” Proceedings of the 2003 IEEE Workshop on Information Assurance, United States Military Academy, West Point, New York.

Wi-Fi Planet Staff, (2003) “The Latest WLAN Forecasts: More Growth,” Wi-Fi, August 22, 2003, article.php/3067711.

Wright, J. (2002) “Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection,”, 2002. Wright, J. (2003), “Detecting Wireless LAN MAC Address Spoofing,” http:/ /, 2003.

Wright, J. (2003), “Attacking 802.11 Networks,” Light Reading, http:// 2003.pdf.

Yen, J. (2004), “Emerging Technologies for Homeland Security,” Communications of the ACM. 47(3): 32-35.

Yu-Xi Lim, Tim Schmoyer, John Levine, and Henry L. Owens, (2003) “Wireless Intrusion Detection and Response,” Proceedings to the 2003 IEEE Workshop on Information Assurance, United States Military Academy, West Point, New York.

Zhang, Y., Lee, W., and Huang, Y. (2003), “Intrusion Detection Techniques for Mobile Wireless Networks,” ACM/Kluwer Wireless Networks Journal, 9(5): 545-556.

Zhu, D., Premkumar, G., Zhang, X., and Chu, C. (2001), “Data Mining for Network Intrusion Detection: A Comparison of Alternative Methods,” Decision Sciences, 32(4): 635-660.