Abstract [eng] |
Insufficient IEEE 802.11 standard security mechanisms against denial of service (DoS) attacks has caused a lot of field research on wireless networks vulnerabilities, attacks and security methods. Our work follow this trend with the main object to propose a frame sequence number analysis based security algorithm against DoS attacks in 802.11 standard networks. In the analytical part of this work we have described most common DoS mechanisms and countermeasures in 802.11 wireless networks and detailed on present security solutions based on frame sequence number analysis. We concluded that physical layer attacks based on wlan signal manipulations are most severe, but link layer attacks are also popular due less power consumption and simpler link layer frame forgery based attack mechanisms, such as fake deauthentication or massive probe request flood. Majority link layer DoS attacks methods could potentially be blocked by analysing frames sequence number and actively destroying frames with anomaliuos sequence characteristics. In the research part of this work we have proposed a frame sequence number analysis based security algorithm against link layer DoS attacks and developed a model for simulating and evaluating DoS attacks and security algorithms. We have compared our proposed algorithm with present solutions by simulating model in terms of blocking ratio dependency on quantity of attack frames, number of network adapters, length of frame window and frame drop ratio. Results show that our proposed algorithm generates up to 56 percent lower false blocks and 63 percent higher true blocks than present similar solutions, but due possibility driven anomaly identification, both ratios is highly dependent on traffic characteristics. |