Intrusion detection system for PS-Poll DoS attack in 802.11 networks using real time discrete event system

Abstract

Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations U+0028 STAs U+0029 to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame U+0028 s U+0029 buffered by the access point U+0028 AP U+0029, if any during its sleep period. An attacker can launch a power save denial of service U+0028 PS-DoS U+0029 attack on the sleeping STA U+0028 s U+0029 by transmitting a spoofed null data or PS-Poll frame U+0028 s U+0029 to retrieve the buffered frame U+0028 s U+0029 of the sleeping STA U+0028 s U+0029 from the AP causing frame losses for the targeted STA U+0028 s U+0029. Current approaches to prevent or detect the PS-DoS attack require encryption, change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances. So signature and anomaly based intrusion detection system U+0028 IDS U+0029 are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system U+0028 RTDES U+0029 for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.