Potential analysis for the detection of attacks on wireless networks using the Wireless Intrusion Detection System Nzyme
dc.contributor.author | Eisenhut,Maximilian | |
dc.contributor.author | Honekamp,Wilfried | |
dc.contributor.editor | Demmler, Daniel | |
dc.contributor.editor | Krupka, Daniel | |
dc.contributor.editor | Federrath, Hannes | |
dc.date.accessioned | 2022-09-28T17:10:23Z | |
dc.date.available | 2022-09-28T17:10:23Z | |
dc.date.issued | 2022 | |
dc.description.abstract | Due to the flexibility and low cost of acquisition compared to wired network connections, wireless networks continue to proliferate. Due to this increasing number and the characteristics of a shared medium, it offers potential attackers a suitable platform to easily gain access to diverse network types. To this end, the range of specialised hardware and software for attacking wireless networks is constantly evolving. Information on the location and other parameters of wireless networks is also documented and updated online in a largely automated manner. Particularly in the economic as well as in the public environment, a special need can thus arise to detect attacks, identify attackers and initiate countermeasures on the basis of this information. This paper describes the evaluation of the possibilities offered by the open-source Wireless Intrusion Detection System (WIDS) Nzyme. For this purpose, the messages that occur during different attacks were examined. Furthermore, real data was recorded and evaluated based on the parameters from the test attacks to draw conclusions about the type and frequency of attacks. The ratio between legitimate reports and false alarms was also determined. Test attacks were successfully detected and could be assigned to possible attacks. Real data was recorded at three locations and compared with the patterns from the test attacks. The evaluation shows that the rate of false alarms in real operations is unacceptable, at over 27%. The causes for this are mostly misconfigurations and atmospheric disturbances. The study further shows, that combined alarm messages allow conclusions to be drawn about the type of attack carried out and thus the number of false alarms can be reduced. The effort and benefit of a WIDS are currently not yet in a meaningful relationship. Nevertheless, use and further development are recommended, taking these circumstances into account. | en |
dc.identifier.doi | 10.18420/inf2022_03 | |
dc.identifier.isbn | 978-3-88579-720-3 | |
dc.identifier.pissn | 1617-5468 | |
dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/39528 | |
dc.language.iso | en | |
dc.publisher | Gesellschaft für Informatik, Bonn | |
dc.relation.ispartof | INFORMATIK 2022 | |
dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-326 | |
dc.subject | Anomaly detection | |
dc.subject | intrusion detection system | |
dc.subject | Nzyme | |
dc.subject | WLAN | |
dc.title | Potential analysis for the detection of attacks on wireless networks using the Wireless Intrusion Detection System Nzyme | en |
gi.citation.endPage | 58 | |
gi.citation.startPage | 49 | |
gi.conference.date | 26.-30. September 2022 | |
gi.conference.location | Hamburg | |
gi.conference.sessiontitle | International Workshop On Digital Forensics (IWDF) |
Dateien
Originalbündel
1 - 1 von 1