A Policy-Based Architecture for Protecting 802.11 WLANS Against DDOS Attacks
نویسندگان
چکیده
The security mechanisms available in 802.11WLANs are considered to be extremely vulnerable to malicious attacks. This paper proposes a policy-based architecture to protect 802.11 WLANs against Distributed Denial of Service (DDoS) attacks. The architecture proposed is based on the 802.1X standard, which forms the basis of the Robust Security Network (RSN) framework. The main focus of our work is to develop a policy-based server that can control certain actions taken by WLAN access points so that proper countermeasures will be taken whenever a DDoS attack occurs. The policies are both rule and case based and are contained in a Policy Based Security Server (PBSS). The approach taken is to simulate the behaviour of this architecture when faced with a range of DDoS attack strategies, and to use this to characterise the type of security policies required by the PBSS.
منابع مشابه
Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks
Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...
متن کاملSecure Framework for DDoS Attack Detection and Defense in IEEE 802.11 WLAN
Security is one of the most important problems to be considered in the Wireless Local Area Networks (WLANs). Several security techniques were initiated to solve the available security bugs. In this study, we propose to design a detection and defense mechanism against DDoS attacks. Initially GIDA module is deployed, so that DDoS attack is detected using the game theory decision model in the Acce...
متن کاملEvolution of Enterprise Security Federation
In this chapter, we discuss the evolution of the enterprise security federation, including why the framework should be evolved and how it has been developed and applied to real systems. Furthermore, we analyze the remaining vulnerabilities and weaknesses in current approaches and propose new approaches to resolve those problems. Then, to overcome those weaknesses and vulnerabilities, we propose...
متن کاملIntegrated Notification Architecture Based on Overlay Against DDoS Attacks on Convergence Network
The distributed denial of service (DDoS) attack that is one of the most threatening attacks in the wired network has been already extended in the wireless mobile network, owing to the appearance of DDoS attack tool against mobile phone. In the future, the latent threats for the converged form of DDoS attack should be resolved for the induction of successful convergence network. However, because...
متن کاملTeamwork Approach for Modeling and Simulation of Ddos Attacks in Internet
The paper considers an approach to modeling and simulation of Distributed Denial of Service (DDoS) attacks fulfilled by a group of malefactors. The approach is based on combination of “joint intentions” and “common plans” theories as well as state machines. The formal framework for modeling and simulation of DDoS) attacks is presented. The architecture and user interfaces of the Attack Simulato...
متن کامل