asdf

1
Intrusion Detection and Forensics for
Self-defending Wireless Networks Yan Chen,
Northwestern University Tel. (847) 491-4946,
E-Mail ychen_at_northwestern.edu
asdf

• Objectives
• Proactively secure wireless networks via
  searching unknown protocol vulnerabilities,
  especially for security protocols such as
  Extensible Authentication Protocols (EAP).
• Design defense schemes for the vulnerabilities
  discovered.
• Forensics and situational-aware analysis for
  botnets, in particular for the large-scale
  botnet probes in which a collection of remote
  hosts together probes the address space
  monitored by a sensor in some sort of coordinated
  fashion.

Objective
Vulnerability analysis of various wireless
network protocols.

• Scientific/Technical Approach
• Reveal a serious vulnerability of exception
  handling in most wireless security and
  communication protocols by showing an exception
  triggered attack.
• Design countermeasures for detection of such
  attacks and improvements of protocols for
  prevention.
• Draw upon extensive honeynet data to explore the
  properties of different types of scanning, such
  as trend, uniformity, coordination, and darknet
  avoidance.
• Design schemes to extrapolate the global
  properties of the scanning events (e.g., total
  population and target scope) as inferred from the
  limited local view of a honeynet.

• Accomplishments
• Find exception triggered denial of service (DoS)
  attacks in various wireless network security
  protocols, including variants of EAP and mobile
  IPv6.
• Conduct real world experiments to evaluate the
  efficiency and effectiveness of attacks and
  defense.
• Design schemes to infer the properties
  (including extrapolated global ones) for botnet
  probing events.
• Challenges
• Network protocols are too numerous and often
  ambiguous for vulnerability analysis.
• Infer botnet global properties from limited
  local view.