Intrusion detection for IEEE 802.11 based industrial automation using possibilistic anomaly detection

Industrial automation is undergoing an increased use of wireless networks due to high flexibility and ease of deployment. However, despite the benefits, wireless networks have their inherent problems and vulnerabilities. This paper investigates the feasibility of using anomaly detection using possibility theory for network traffic. This is then used as a lightweight hostbased intrusion detection system for single board computer or embedded devices of an IEEE 802.11 based wireless industrial automation network. Traffic data is collected for genuine browsing and simulated attacks. It is then subjected to cluster analysis and tested using standard classifiers. The logarithmic histogram of the interpacket delay is used as the feature for classification. Subsequently it is used for training and testing a possiblisitic anomaly detector. The performance is then compared with a statistical outlier detector.