In principle, computers networks were conceived to share resources and certain computing devices among a select group of people working in academic institutions. In this context, the security did not have high importance. Today, through the network circulates a lot of valuable data (budgets, credit card numbers, marketing data, etc.), much of which can be considered confidential. Here is where security takes great importance?so that these data cannot be read or modified by any third party, and the services offered are always available and only to authorized people (confidentiality, integrity, and readiness). When we refer to security, there are some terms of great importance. Risk is defined as any accidental or not prospective exhibition of information as consequence of the bad operation of hardware or the incorrect design of software. Vulnerabilities indicate when a failure in the operation of software and/or hardware elements exposes the system to penetrations. Starting from here we can define attack as an event against the good operation of a system, and it can be successful or not. If the attack is successful and access is obtained to the files and programs or control is obtained to the computers without being detected, then we are dealing with a penetration. This leads to an intrusion, which is a group of actions compromising the integrity, confidentiality, and readiness of computer resources (Sobh, 2006). The main objective of this article is to explain to the reader the main concepts regarding intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), and the particular issues that should be additionally considered when protecting wireless communication scenarios (in comparison with IDSs/IPSs in traditional wired networks). It also includes an extended view of the current state of the art of IDSs and IPSs in wireless networks, covering both research works done so far in this area, as well as an analysis of current open source IDSs and IPSs, and how they are dealing with the specific requirements of wireless communication networks. This article is organized as follows: First, we start with a summary of the main related works in the background section; then we give a description of the important concepts of security, a classification of intrusion detection systems, and a brief comparative of the operation of IDSs in wired and wireless networks. Next, we highlight certain research works exemplifying efforts done so far in wireless scenarios. We present the main ideas behind our current research work to model intrusions in wireless scenarios, before offering future directions of work and a summary of the main ideas expressed in the article.
Many have been the efforts carried out to counteract the main weaknesses of IDSs and IPSs in wireless networks. In this sense, we can speak of different investigations directed to specific attacks in wireless scenarios by means of detection mechanisms based on artificial intelligence, design of monitoring IDSs, proactive IDSs, modeling of IDSs, and approaches based on system requirements and political issues.
Aime, Calandriello, and Lioy (2006) propose a mechanism of attack detection based on the shared monitoring of the networks by all the nodes, where one will be able to determine if the event is a bad behavior or an attack. The key idea is to install a monitor (ethereal) in each node of the network, and to produce evidence (information about the state of the network) and to share that among all the nodes. For each captured package, the system spreads a complete view of the packet headers, some general statistics are added such as timestamp, frame number, and longitude in bytes. The focus is 802.11 frames, although they are also considering source, destination, and BSSID addresses, sequence number, frame type, subtype, and retry flag. With this data, a list of events is built in each node.
Key Terms in this Chapter
Intrusion Detection System (IDS): Hardware and/or software with certain intelligence monitoring able to analyze automatic events that happen in a computing system or network. The system’s main objective is to identify possible threats and to carry out response actions.
Network-based Intrusion Detection System (NIDS): Uses traffic networks and TCP/IP packages as sources of information. These systems revise the packages that circulate through the network searching for elements that denote an attack against some of the systems located in it. Of these packages they verify the validity of some parameters and the behavior of the protocols.
Intrusion Prevention System (IPS): The set of mechanisms trying to provide an automatic, efficient, quick, and exact answer to intrusion intent or attack that can cause damages in a host or network. The objective of the IPS is mainly to prevent attacks against the entity (or entities) being protected.
Policy Rules: Set of management rules independent of a specific device and implementation, and defining in abstract terms a desired behavior. These are stored and interpreted by the policy framework, which provide a heterogeneous set of components and mechanisms that are able to represent, distribute, and manage policies in an unambiguous, interoperable manner, thus providing a consistent behavior in all affected policy enforcement points
Network Security: Those activities, techniques, or rules dedicated to prevent, protect, and preserve information and resources.
Wireless Attack: Malicious activities putting at risk the security of the information and of the computing resources in wireless scenarios.
Host-based Intrusion Detection System (HIDS): Protects the machine in which it is installed. The data generated are used as a source of information, especially by the computer that operates at the operating system level: audit files of the system, files logs, or any file that the user wants to protect.