Intrusion and Anomaly Detection in Wireless Networks

The broadcast nature of wireless networks and the mobility features created new kinds of intrusions and anomalies taking profit of wireless vulnerabilities. Because of the radio links and the mobile equipment features of wireless networks, wireless intrusions are more complex because they add to the intrusions developed for wired networks, a large spectrum of complex attacks targeting wireless environment. These intrusions include rogue or unauthorized access point (AP), AP MAC spoofing, and wireless denial of service and require adding new techniques and mechanisms to those approaches detecting intrusions targeting wired networks. To face this challenge, some researchers focused on extending the deployed approaches for wired networks while others worked to develop techniques suitable for detecting wireless intrusions. The efforts have mainly addressed: (1) the development of theories to allow reasoning about detection, wireless cooperation, and response to incidents; and (2) the development of wireless intrusion and anomaly detection systems that incorporate wireless detection, preventive mechanisms and tolerance functions. This chapter aims at discussing the major theories, models, and mechanisms developed for the protection of wireless networks/systems against threats, intrusions, and anomalous behaviors. The objectives of this chapter are to: (1) discuss security problems in a wireless environment; (2) present the current research activities; (3) study the important results already developed by researchers; and (4) discuss the validation methods proposed for the protection of wireless networks against attacks.