Detecting Access Point Spoofing Attacks Using Partitioning-based Clustering

The impersonation of wireless Access Point (AP) poses an unprecedented number of threats that can compromise a wireless client’s identity, personal data, and network integrity. The AP impersonation attack is conducted by establishing rogue AP with spoofed Service Set Identifier (SSID) and MAC address same as the target legitimate AP. Since these identities can be easily forged, there is no identifier can be used to identify the legitimate AP. Due to strong correlation between the AP signal strength and the distance, in this paper, we propose a client-centric AP spoofing detection framework by exploiting the statistical relationship of signal strength from the legitimate and rogue APs. We show the relationship between the signals can be determined by using two classical partitioning-based clustering methods, K-means and K-medoids analysis. The experimental results show that both analysis methods can achieve over 90% detection rate

[1]  M. Loganathan,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2014 .

[2]  Peter J. Rousseeuw,et al.  Finding Groups in Data: An Introduction to Cluster Analysis , 1990 .

[3]  Davide Papini Lightweight MAC-spoof detection exploiting received signal power and median filtering , 2012, Int. J. Crit. Comput. Based Syst..

[4]  Daisuke Takahashi,et al.  IEEE 802.11 user fingerprinting and its applications for intrusion detection , 2010, Comput. Math. Appl..

[5]  Richard P. Martin,et al.  Detecting and Localizing Identity-Based Attacks in Wireless and Sensor Networks , 2010, IEEE Transactions on Vehicular Technology.

[6]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[7]  Chao Yang,et al.  Who is peeping at your passwords at Starbucks? — To catch an evil twin access point , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[8]  Sanghamitra Bandyopadhyay,et al.  Unsupervised Classification: Similarity Measures, Classical and Metaheuristic Approaches, and Applications , 2012 .

[9]  Richard P. Martin,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[10]  Jason Smith,et al.  Passive Techniques for Detecting Session Hijacking Attacks in IEEE 802.11 Wireless Networks , 2005 .

[11]  Heejo Lee,et al.  Online Detection of Fake Access Points Using Received Signal Strengths , 2012, 2012 IEEE 75th Vehicular Technology Conference (VTC Spring).

[12]  Jie Yang,et al.  Detecting Spoofing Attacks in Mobile Wireless Environments , 2009, 2009 6th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[13]  Xiuzhen Cheng,et al.  RAP: protecting commodity wi-fi networks from rogue access points , 2007, QSHINE.

[14]  Ainhoa Serna Nocedal,et al.  Beacon Frame Spoofing Attack Detection in IEEE 802.11 Networks , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[15]  J. Sobana,et al.  Detection and Localization of Multiple Spoofing Attackers in Wireless Networks , 2014 .

[16]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[17]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.