Preemptive Self-healing System (PSS) Against Rogue AP

Abstract

Rogue Access Points (APs) are critical threats in the information infrastructure. Once victim’s devices connect to Rogue APs, adversary can launch multiple stage attacks (e.g. Memory-Scraping). Traditional defense methods such as signature- and statistics-based Intrusion Detection and Prevention Systems (IDPS) are inadequate in defending against Rogue APs. This thesis presents a comprehensive solution: the Preemptive Self-healing System (PSS), which can defeat multiple stage attacks launched by Rogue APs. The PSS contains three mutually supported modules. First, Data Structure & Key Mutation (DSKM) module provides the space-time data mutation and session states for other modules. Second, Deep Protocol and Stateful Inspection and Prevention (DPSI) module inspects the payload of packets deeply based on the Session Access Control List (SACL) and the mutating session states as well as generate the relational database with hierarchical indexes for current traffic states and logs. The Real-time Forensics and Self-Healing (RFS) module correlates the events based on the relational database in order to tracks and traces the source of the attacks in real-time with great time complexity reduction and provides recovery information to DSKM. To exemplify the proposal, we provide mathematical analysis for security and complexity to reveal that successfully attack through some multistage methods is less than 2-128 which is infeasible. We also implemented a prototype that shows the detailed procedure of PSS defense against, Man-in-the-Middle (MitM) attack and Cross-site Scripting (XSS)/Cross-Site Request Forgery (CSRF) attack launched by Rogue APs to demonstrate the feasibility of PSS.