A Method for Detecting 802.11 Wireless Malicious Phishing Stations through Fingerprinting

Malicious phishing stations, which disguise as legitimate devices through MAC address forgery, constitute a lot of Wireless Local Area Network (WLAN) security threats, such as secret information theft, implantation of Trojans and backdoors, etc. In this paper, a passive method based on wireless fingerprinting for detecting malicious phishing stations is proposed. We design 11 dimensions of features of station's fingerprinting, which can be extracted from frames and packets on MAC layer and application layer of open system interconnection (OSI) protocol stack. We have monitored wireless traffic above 60 hours and collected more than 10GB data in a real scenario to fingerprint all stations for recognizing phishing stations. We also evaluate the performance of proposed method by considering precision, recall, false positives and false negatives. The results show that our method has good performance that can detect phishing stations effectively and our method is also scalable.

[1]  Damon McCoy,et al.  Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting , 2006, USENIX Security Symposium.

[2]  G. Manjunath,et al.  A Unique Wireless Device Fingerprinting Technique for Secured Data Communication in Wireless Network , 2012 .

[3]  Sanjay Kumar Jena,et al.  An ANN based approach for wireless device fingerprinting , 2017, 2017 2nd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT).

[4]  Chao Shen,et al.  Passive fingerprinting for wireless devices: A multi-level decision approach , 2017, 2017 IEEE International Conference on Identity, Security and Behavior Analysis (ISBA).

[5]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2008, IEEE Transactions on Mobile Computing.

[6]  Raheem A. Beyah,et al.  A passive technique for fingerprinting wireless devices with Wired-side Observations , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).