Preventing Attacks on Wireless Networks Using SDN Controlled OODA Loops and Cyber Kill Chains

Abstract

Impersonation-based attacks on wireless networks are easy to perform and can significantly impact network security. Their detection is problematic due to the attacks utilizing legitimate functions. This paper proposes a novel algorithm based on Observe-Orientate-Decide-Act (OODA) loop and Cyber Kill Chain (CKC) strategies to detect and neutralize these attacks. To evaluate this approach, we conducted experiments using four attack methods on a wireless router equivalent device, five wireless client devices, and two attack devices. The system employs a Radio Frequency (RF) device identification system and attack state machine implemented using a Software Defined Networking (SDN) architecture and the P4 programming language. The technique remains compliant with the IEEE 802.11 standard and requires no client-side modifications. The results show that the RF section detected 97.5% (average) of impersonated frames, and the overall method neutralized all attacks in the four attack scenarios. This outcome demonstrates that this technique, built on the OODA loops and CKC methodology, using SDN architecture and P4, is suitable for real-time detection and prevention of wireless impersonation attacks.