A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks

Author

Jonathan D. Fuller

Date of Award

3-24-2016

Document Type

Thesis

Degree Name

Master of Science

Department

Department of Electrical and Computer Engineering

First Advisor

Benjamin W. Ramsey, PhD.

Abstract

Wireless Sensor Networks (WSNs) provide low-cost, low-power, and low-complexity systems tightly integrating control and communication. Protocols based on the ITU-T G.9959 recommendation specifying narrow-band sub-GHz communications have significant growth potential. The Z-Wave protocol is the most common implementation. Z-Wave developers are required to sign nondisclosure and confidentiality agreements, limiting the availability of tools to perform open source research. This work discovers vulnerabilities allowing the injection of rogue devices or hiding information in Z-Wave packets as a type of covert channel attack. Given existing vulnerabilities and exploitations, defensive countermeasures are needed. A Misuse-Based Intrusion Detection System (MBIDS) is engineered, capable of monitoring Z-Wave networks. Experiments are designed to test the detection accuracy of the system against attacks. Results from the experiments demonstrate the MBIDS accurately detects intrusions in a Z-Wave network with a mean misuse detection rate of 99%. Overall, this research contributes new Z-Wave exploitations and an MBIDS to detect rogue devices and packet injection attacks, enabling a more secure Z-Wave network.

AFIT Designator

AFIT-ENG-MS-16-M-016

DTIC Accession Number

AD1053808

Recommended Citation

Fuller, Jonathan D., "A Misuse-Based Intrusion Detection System for ITU-T G.9959 Wireless Networks" (2016). Theses and Dissertations. 299.
https://scholar.afit.edu/etd/299