DES Based IDS for detection Minimal De-authentication DoS Attack in 802.11 Wi-Fi Networks

The inherent security weaknesses of 802.11 MAC Access Layer is the primary reason for a wide variety of attacks that can be mounted on 802.11 Wi-Fi networks. In this paper we focus on Minimal De-authentication (de-auth henceforth) DoS Attack which is a low rate de-auth DoS attack in Wi-Fi networks. There exist studies which can tackle flooding based de-auth DoS, however, there has been limited work done in the case for minimal de-auth DoS attack. The network frame exchange under minimal de-auth DoS attack and normal de-auth process is the same, making the detection even more challenging. Since minimal de-auth DoS attack involves sending only a few spoofed de-auth frames into the network, no significant frame injection can be observed in the network. So the contemporary signature and anomaly based Intrusion Detection System (IDS) fail to recognize the minimal de-auth DoS attack. In this paper, we propose a Discrete Event System (DES) based IDS for detecting minimal deauth DoS attack. The proposed DES based IDS provides a novel detection method and does not require any protocol changes, or require any server/client side changes and can be proved for completeness and correctness. Experiments results show that the proposed DES based IDS detects minimal de-auth DoS attack swiftly and with high accuracy.