An Architectural Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network by Rupinder Singh & Dr

An Architectural Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network by Rupinder Singh & Dr

View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Global Journal of Computer Science and Technology (GJCST) Global Journal of Computer Science and Technology Network, Web & Security Volume 12 Issue 11 Version 1.0 June 2012 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals Inc. (USA) Online ISSN: 0975-4172 & Print ISSN: 0975-4350 An Architectural Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network By Rupinder Singh & Dr. Jatinder Singh Khalsa College, Amritsar, Punjab, India Abstract - Wireless IDS architectural metrics are used to compare the intended scope, architecture of wireless IDS, and how they match the deployment architecture. These metrics can be used to evaluate the architectural efficiency of a wireless IDS and can help in designing efficient wireless IDS. Wireless IDS analyze wireless specific traffic including scanning for external users trying to connect to the network through access points and play important role in security to wireless network. Design of wireless IDS is a difficult task as wireless technology is advancing every day, Architectural metrics can play an important role in the design of wireless IDS by measuring the areas concern with the architecture of a wireless IDS. In this paper we describe a set of architectural metrics that are relevant to wireless IDS. A “scorecard” containing the set of values is used as the centerpiece of testing and evaluating a wireless IDS. Evaluation of a wireless IDS can be done by assigning score to various architectural metrics concern with wireless IDS. We apply our architectural metrics scorecard based evaluation approach to three popular wireless IDS Snort-wireless, AirDefense Guard, and Kismet. Finally we discuss the results and the opportunities for further work in this area. Keywords : Architectural Metrics, Wireless, Metrics, IDS, and Scorecard. GJCST-E Classification: C.2.0 An Architectural Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network Strictly as per the compliance and regulations of: © 2012. Rupinder Singh & Dr. Jatinder Singh. This is a research/review paper, distributed under the terms of the Creative Commons Attribution-Noncommercial 3.0 Unported License http://creativecommons.org/licenses/by-nc/3.0/), permitting all non-commercial use, distribution, and reproduction inany medium, provided the original work is properly cited. An Architectural Metrics Scorecard Based Approach to Intrusion Detection System Evaluation for Wireless Network Rupinder Singh α & Dr. Jatinder Singh σ Abstract - Wireless IDS architectural metrics are used to Lord Kelvin said “If you cannot measure it, you compare the intended scope, architecture of wireless IDS, and cannot improve it”. This fact also applies to wireless 2012 how they match the deployment architecture. These metrics network security issues. An activity cannot be managed June can be used to evaluate the architectural efficiency of a if it cannot be measured, this is a widely accepted wireless IDS and can help in designing efficient wireless IDS. management principle and security falls under this 1 Wireless IDS analyze wireless specific traffic including scanning for external users trying to connect to the network rubric. Metrics can be an effective tool for security through access points and play important role in security to providers to discern the effectiveness of various wireless network. Design of wireless IDS is a difficult task as components of their security programs. Metrics can play wireless technology is advancing every day, Architectural an important role in the designing of wireless IDS. metrics can play an important role in the design of wireless Security Metrics that are related to wireless network are IDS by measuring the areas concern with the architecture of a hard to generate because the discipline itself is still in wireless IDS. In this paper we describe a set of architectural the early stages of development. There is not yet a metrics that are relevant to wireless IDS. A “scorecard” common vocabulary and not many documented best containing the set of values is used as the centerpiece of practices to follow [1]. testing and evaluating a wireless IDS. Evaluation of a wireless IDS can be done by assigning score to various architectural This paper provides an architectural metrics metrics concern with wireless IDS. We apply our architectural scorecard based approach to evaluate Intrusion metrics scorecard based evaluation approach to three popular Detection Systems that are currently popular for wireless wireless IDS Snort-wireless, AirDefense Guard, and Kismet. in the commercial sector. We describe a testing ) DDDD E Finally we discuss the results and the opportunities for further methodology we developed to evaluate wireless IDS by ( work in this area. assigning score to various architectural metrics concern Keywords : Architectural Metrics, Wireless, Metrics, IDS, with it. The approach followed in this paper do not and Scorecard. compare wireless IDS against each other, but against a set of architectural metrics concern with wireless IDS. I. Introduction The generalized approach of this paper will new and exciting world has been opened by allow systems with any wireless requirements to tailor wireless. Its technology is advancing every day evaluation of ID technologies to their specific needs. A and its popularity is increasing. The biggest Since evaluation is against a static set of architectural concern with wireless, however, has been its security, metrics the evaluation may be extended for other for some time wireless has had very poor, if any, security metrics like logistical metrics, performance metrics, on a wide-open medium. Along with improved quality metrics etc. The standard approach of encryption schemes, a new solution to help combat this comparison used in this paper also gives us scientific problem is the Wireless Intrusion Detection System repeatability. (WIDS). An Intrusion Detection System (IDS) is a device or software application that monitors network and/or II. Snort, Airdefense Guard and Kismet system activities for malicious activities or policy Wireless Ids violations and produces reports to a Management In order to explain architectural metrics Station (Wikipedia, 2012). A wireless IDS performs this scorecard based evaluation approach to wireless IDS, exclusively for the wireless network. This system Global Journal of Computer Science and Technology Volume XII Issue XI Version I we choose three wireless IDS namely Snort-wireless, monitors traffic on network looking for threats and AirDefense Guard, and Kismet as these are one of the alerting personnel to respond. most popular and works on different technology. a) Snort Wireless IDS Author α : Assistant Prof., P.G. Deptt. of Computer Science and Snort is an open source network intrusion Applications, Khalsa College, Amritsar, Punjab, India. Author σ : Principal, Golden College of Engg. & Tech., Gurdaspur, detection and prevention system (IDS/IPS) that Punjab, India. E-mails : rupi_singh76@yaho o.com, combines the benefits of signature, protocol, and [email protected] anomaly-based inspection, and is the most widely ©2012 Global Journals Inc. (US) deployed IDS/IPS technology worldwide. With millions of Kismet identifies networks by passively collecting downloads Snort has become the de facto standard for packets and detecting standard named networks, IDS/IPS [4]. Snort-wireless allows for custom rules to be detecting hidden networks, and inferring the presence of created based on framing information from a wireless nonbeaconing networks via data traffic [8]. Kismet packet. It also contains rules to attempt to find rogue wireless IDS without sending any loggable packets is access points, war drivers, and ad hoc networks. able to detect the presence of both wireless access Snort-wireless works by implementing a points and wireless clients, and associate them with detection engine that allows registering, warning, and each other. Unlike most other wireless network responding to attacks previously defined. Snort-wireless detectors. Kismet has the ability to log all sniffed is available under GPL (General Public License) and packets and save them in a tcpdump /Wireshark or runs under Windows and GNU/Linux. It is among the Airsnortcompatible fileformat. Kismet also captures PPI most widely used, has a number of predefined headers. Kismet also has the ability to detect default or 2012 signatures and continuously updated. Snort wireless "not configured" networks, probe requests, and June can be configured in three modes namely sniffer, packet determine what levels of wireless encryptions is used on logger, and network intrusion detection. In addition to all a given access point. Kismet also supports logging of 2 of these basic Snort-wireless features, Snort-wireless the geographical coordinates of the network if the input can be set up to send real-time alerts. This provides with from a GPS receiver is additionally available [12]. the ability to receive alerts in real time, rather than having to continuously monitor Snort system. Snort is III. Architectural Metrics Scorecard like a vacuum that takes packets and allows to do Based Approach different things. a) Developing Scorecard b) AirDefense Guard Wireless IDS Centerpiece of testing and evaluating wireless AirDefense Guard is a wireless IDS that IDS will be a “scorecard” containing the set

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    7 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us