Wired LAN and wireless LAN attack detection using signature based and machine learning tools

Abstract

There are various attack which is possible in the network, it may be from externally or internally. But internal attacks are more dangerous than external. So, my mainly concern upon Wireless LAN and Wired LAN attacks which occurs internally. There are various Signature based tools, IDS/IPS (Intrusion detection or prevention system) available now-a-days for detecting these types of attacks but these are not sufficient due to high false alarm rate. So, I detect these types of attacks with three ways: through Wireshark, with signature based tools (Snort and Kismet) and with machine learning tools (WEKA). In wired LAN attack, my mainly concern on PING scan or PING flood, NMAP scan (portsweep) and ARP spoofing attacks. In wireless LAN attacks, I take care of Deauthentication attack, Disassociation attack and Access point (AP) spoofing attack. Signature based tools detect these types of the attacks based on the stored signature and timing threshold. But machine learning tools take several different feature to detect these types of attacks with more accuracy and low false positive rate.