Malware in IEEE 802.11 Wireless Networks

Stone-Gross, Brett; Wilson, Christo; Almeroth, Kevin C.; Belding, Elizabeth; Zheng, Heather; Papagiannaki, Konstantina

doi:10.1007/978-3-540-79232-1_23

Cited by 7 publications

(7 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In spite of this, the wireless medium is still a relatively limited resource, especially when under attack, for example, during a wireless jamming attack where adaptive rate control techniques react to poor channel quality and can significantly reduce transmission rates [11]. Stone-Gross et al [26] conducted an analysis of wireless network performance in the presence of an ICMP ping sweep (Worm propagation behaviour) and a TCP SYN attack. They found that in the presence of this malicious behaviour, utilisation of the network was close to 100%, at peak times of viral activity 50% of the traffic sent were retransmissions, and the average TCP RTT climbed by over 50%.…”

Section: Diverse Resource Availabilitymentioning

confidence: 99%

“…These alerts may be from multiple sources, enabling a network-wide perspective. Heuristics have been used extensively to identify malware, based on anomalies in traffic patterns [10,26]. By just examining data from packet headers, the overhead of such procedures can be kept low.…”

Section: Attack Characterisation Componentsmentioning

confidence: 99%

“…Some of the analysis could be done offline, such as is currently done in the UCSB Meshnet Project [26]. For our system to be effective, the work done at the mesh devices must be done in real-time.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Intrusion detection systems for community wireless mesh networks

Makaroff

Smith

Race

et al. 2008

2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems

View full text Add to dashboard Cite

Wireless mesh networks are being increasingly used to provide affordable network connectivity to communities where wired deployment strategies are either not possible or are prohibitively expensive. Unfortunately, computer networks (including mesh networks) are frequently being exploited by increasingly profit-driven and insidious attackers, which can affect their utility for legitimate use. In response to this, a number of countermeasures have been developed, including intrusion detection systems that aim to detect anomalous behaviour caused by attacks. We present a set of socio-technical challenges associated with developing an intrusion detection system for a community wireless mesh network. The attack space on a mesh network is particularly large; we motivate the need for and describe the challenges of adopting an asset-driven approach to managing this space. Finally, we present an initial design of a modular architecture for intrusion detection, highlighting how it addresses the identified challenges.

show abstract

Section: Diverse Resource Availabilitymentioning

confidence: 99%

Section: Attack Characterisation Componentsmentioning

confidence: 99%

See 1 more Smart Citation

Intrusion detection systems for community wireless mesh networks

Makaroff

Smith

Race

et al. 2008

2008 5th IEEE International Conference on Mobile Ad Hoc and Sensor Systems

View full text Add to dashboard Cite

show abstract

“…For instance, NATs and firewalls may be consuming a third more resources than necessary for keeping track of flows. And in wireless environments, which are gradually becoming ubiquitous both inside the enterprise and as a means of connecting to the enterprise from outside, failed flows may be causing unnecessary channel contention [16] leading to poor application layer performance, and increased costs under metered pricing (e.g. on cellular networks).…”

Section: Introductionmentioning

confidence: 99%

How healthy are today's enterprise networks?

Guha

Chandrashekar

Taft

et al. 2008

Proceedings of the 8th ACM SIGCOMM Conference on Internet Measurement

Self Cite

View full text Add to dashboard Cite

In this paper we take a look at the health of a typical enterprise network via a new metric based on the fraction of useful flows generated by endhosts. Flows considered non-useful are those that explicitly fail or else do not elicit a response from the intended destination. Examining traces collected from a large number of mobile hosts in an enterprise network, we find that about 34% of the flows are not useful. Through our study that combines data analysis and ongoing interactions with our IT department, we learn that these non-useful flows arise from several causes. Our mobile hosts frequently change environments, by either moving in and out of the corporate environment, or by switching the point and means of attachment to the corporate network. We find that many of the failures occur due to the hosts' lack of environment awareness, which results in attempts to discover services that are not present in all environments. Other causes include misconfiguration, unnecessary broadcast traffic, and excessive connection retries. Understanding this ever present noise in endhost communication is important for a variety of reasons including the fact that it complicates anomaly detection design and wastes resources, the latter of which is particularly crucial for wireless and mobile environments. Finally, we discuss possible means to design applications and services that can significantly improve the health of the network.

show abstract

“…For instance, as the media in wireless networks is common, bandwidth is severely limited. The increased rate of attempts to access the media by infected nodes can jam the media and thereby disrupt network functionalities [7]. The dimensions of the threat become more alarming when we consider the huge investments that have been directed towards wireless communication infrastructure and the economic liability that is built upon it.…”

Section: Introductionmentioning

confidence: 99%

Optimal Quarantining of Wireless Malware Through Reception Gain Control

Khouzani

Altman

Sarkar

2012

IEEE Trans. Automat. Contr.

View full text Add to dashboard Cite

Abstract-Containment of worms constitutes an important challenge in mobile wireless networks as recent outbreaks have revealed actual vulnerabilities. We introduce a defense strategy that quarantines the malware by reducing the communication range. This counter-measure confronts us with a trade-off: reducing the communication range suppresses the spread of the malware, however, it also deteriorates the network performance. We model the propagation of the malware as a deterministic epidemic. Using an optimal control framework, we select the optimal communication range that captures the above tradeoff by minimizing a global cost function. Using Pontryagin's Maximum Principle, we derive structural characteristics of the optimal communication range as a function of time for general cost functions. Our numerical computations reveal that the dynamic optimal control of the communication range significantly outperforms static choices and is also robust to errors in estimation of the network and attack parameters.

show abstract

Malware in IEEE 802.11 Wireless Networks

Cited by 7 publications

References 10 publications

Intrusion detection systems for community wireless mesh networks

Intrusion detection systems for community wireless mesh networks

How healthy are today's enterprise networks?

Optimal Quarantining of Wireless Malware Through Reception Gain Control

Contact Info

Product

Resources

About