This paper proposes WIDS, a wireless intrusion detection system, which applies data mining clustering technique to wireless network data captured through hardware sensors for purposes of real time detection of anomalous behavior in wireless packets. Using hardware sensors to capture network packets enables detection of attacks before they reach access points and ensures all packets transmitted in the networks are analyzed for a more complete attack detection. The proposed mining based technique for wireless network intrusion detection contributes by reducing the need for training data, reducing false positives and increasing the effectiveness of attack detection on networks with few (one to twenty) connections.

The proposed WIDS design approach involves real time pre-processing of sensor data using a density-based, Local Sparsity Coefficient (LSC) outlier detection algorithm to assign anomaly scores to the connection records. Connection records with low anomaly scores are used as initial starting cluster centre positions for building clusters. The algorithm continuously derives minimum deviation as the maximum of distances between all pairs of cluster centre positions. New records which have their distances from the closest cluster more than the minimum deviation, are tagged as anomaly and moved to alert cluster. One major result of this paper is detection of MAC spoofing attacks by tracking sequence numbers, which ensures duplicate or spoofed (stolen) MAC addresses are not used in the network.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	M. Agyemang and C. I. Ezeife. Lsc-mine: Algorithm for mining local outliers. In Proceedings o f the 15th Information Resource Management Association (IRMA) International Conference, New Orleans, pages 5--8, May 2004.
	2	Yuebin Bai , Hidetsune Kobayashi, Intrusion Detection System: Technology and Development, Proceedings of the 17th International Conference on Advanced Information Networking and Applications, p.710, March 27-29, 2003
	3	Daniel Barbará , Julia Couto , Sushil Jajodia , Ningning Wu, ADAM: a testbed for exploring the use of data mining in intrusion detection, ACM SIGMOD Record, v.30 n.4, December 2001  [doi>10.1145/604264.604268]
	4	G. Deckerd. ireless attacks from an intrusion detection perspective. http://static.scribd.com/docs/fxfmwewfrgwtb.pdf, 2006.
	5	L. Ertoz, E. Eilertson, A. Lazarevic, P. Tan, J. Srivastava, V. Kumar, and P. Dokas. The MINDS - Minnesota Intrusion Detection System in Next Generation Data Mining, chapter 3. MINDs, 2004.
	6	A. Lazarevic, L. Ertoz, A. Ozgur, J. Srivastava, and V. Kumar. A comparative study of anomaly detection schemes in network intrusion detection. In Proceedings of the Third SIAM Conference on Data Mining, San Francisco, pages 5--8, May 2004.
	7	Wenke Lee , Rahul A. Nimbalkar , Kam K. Yee , Sunil B. Patil , Pragneshkumar H. Desai , Thuan T. Tran , Salvatore J. Stolfo, A Data Mining and CIDF Based Approach for Detecting Novel and Distributed Intrusions, Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection, p.49-65, October 02-04, 2000
	8	NetworkChemistry. Network chemistry wireless security business. http://www.networkchemistry.com, 2007.
	9	Sang-Hyun Oh , Jin-Suk Kang , Yung-Cheol Byun , Gyung-Leen Park , Sang-Yong Byun, Intrusion Detection based on Clustering a Data Stream, Proceedings of the Third ACIS Int'l Conference on Software Engineering Research, Management and Applications, p.220-227, August 11-13, 2005
	10	Tamosoft. Commview -for wifi. http://www.tamos.com/products/commwifi/, 2005.
	11	C. Waters. Wireless attacks: Damage and costs. networkworld.com. http://www.networkworld.com/columnists/2006/061206-wireless-security.html, 2006.
	12	S. Zhong, T. Khoshgoftaar, and S. Naeem. Clustering-based network intrusion detection. International Journal of reliability, Quality and safety Engineering, 2(5--6):571--603, 1999.