In this paper, we describe an extension to the Orchids intrusion detection tool, aimed at detecting intrusions in wireless networks. First, an event analysis module specialized for 802.1 wireless network events has been developed and integrated into Orchids. Next, a number of known attacks (e.g., deauthentication flooding, rogue access points and ChopChop) were modelized and described using declarative signatures. Then, within a simplified but realistic environment, the attacks were reenacted and successfully detected. To our knowledge, our team is the first to detect the ChopChop attack.
© ACM, (2008). This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in the Proceedings of the 8th international conference on New technologies in distributed systems, 2008, http://doi.acm.org/10.1145/1416729.1416740