For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Client-Side Evil Twin Attacks Detection Using Statistical Characteristics of 802.11 Data Frames
Qian LU Haipeng QU Yuan ZHUANG Xi-Jun LIN Yuzhan OUYANG
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2018/10/01
Online ISSN: 1745-1361
Type of Manuscript: PAPER
Category: Information Network
evil twins detection, rogue access point, man-in-the-middle attack, WLAN security,
Full Text: PDF(4.2MB)
>>Buy this Article
With the development of wireless network technology and popularization of mobile devices, the Wireless Local Area Network (WLAN) has become an indispensable part of our daily life. Although the 802.11-based WLAN provides enormous convenience for users to access the Internet, it also gives rise to a number of security issues. One of the most severe threat encountered by Wi-Fi users is the evil twin attacks. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Due to the characteristics of strong concealment, high confusion, great harmfulness and easy implementation, the evil twin has led to significant loss of sensitive information and become one of the most prominent security threats in recent years. In this paper, we propose a passive client-based detection solution that enables users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96% accuracy in distinguishing evil twins from legitimate APs.