Manual and Automatic assigned thresholds in multi-layer data fusion intrusion detection system for 802.11 attacks

Abuse attacks on wireless networks are becoming increasingly sophisticated. Most of the recent research on intrusion detection systems for wireless attacks either focuses on just one layer of observation or uses a limited number of metrics without proper data fusion techniques. However, the true status of a network is rarely accurately detectable by examining only one network layer. The goal of this study is to detect injection types of attacks in wireless networks by fusing multi-metrics using the Dempster-Shafer (D-S) belief theory. When combining beliefs, an important step to consider is the automatic and self-adaptive process of basic probability assignment (BPA). This study presents a comparison between manual and automatic BPA methods using the D-S technique. Custom tailoring BPAs in an optimum manner under specific network conditions could be extremely time consuming and difficult. In contrast, automatic methods have the advantage of not requiring any prior training or calibration from an administrator. The results show that multi-layer techniques perform more efficiently when compared with conventional methods. In addition, the automatic assignment of beliefs makes the use of such a system easier to deploy while providing a similar performance to that of a manual system.