Efficient Hybrid Network (Wired and Wireless) Intrusion Detection using Statistical Data Streams and Detection of Clustered Alerts

Problem statement: Wireless LAN IEEE 802.11 protocols are growing rapidly and security has always been a concern with the security of wired network. Wireless networks encountered threats from unauthorized access to network resources, installation of access points and illegal sniffing (refer as classical intrusion threats). In its current hybrid wired and wireless network attacks on the generally distinguish from normal cable intrusion attacks, selective forwarding attacks, MAC spoofing attacks. This means that the simple traditional misuse detection and anomaly detection model alone not sufficient to identify these mixed attacks on the hybrid network (wired and wireless). Approach: Our proposed work presents a hybrid cluster-based intrusion detection statistical anomaly, for detecting selective forwarding in wireless networks and intrusion into traditional wired networks. The detection was identified by changes in the statistical characteristics of data traffic on the wireless network. The clustering of data traffic based on the characteristics of alert classes and normal classes improve the performance of our hybrid intrusion detection in both wired and wireless network efficiently. The simulation was performed to evaluate the performance of wired intrusion detection systems to the proposed wireless intrusion detection on the data traffic in the area of wired and wireless hybrid network environment. Results: The proposed wireless intrusion detection system sharply detect the statistical change point detection of intrusion behavior in terms of attack rate and throughput of data traffic. The probability of intrusion attack and detection delay were measured in the simulation scenario, the result is 17% better than the current part of the exiting wired intrusion detection. Conclusion: The proposed anomaly intrusion traffic detection scheme performs better in heterogametic hybrid network (i.e., wired and wireless) compared to that of conventional homogeneous intrusion detection network models.