PRAPD: A novel received signal strength–based approach for practical rogue access point detection

Rogue access point attack is one of the most important security threats for wireless local networks and has attracted great attention from both academia and industry. Utilizing received signal strength information is an effective solution to detect rogue access points. However, the received signal strength information is formed by multi-dimensional received signal strength vectors that are collected by multiple sniffers, and these received signal strength vectors are inevitably lacking in some dimensions due to the limited wireless transmission range and link instability. This will result in high false alarm rate for rogue access point detection. To solve this issue, we propose a received signal strength–based practical rogue access point detection approach, considering missing received signal strength values in received signal strength vectors collected in practical environment. First, we present a preprocessing scheme for received signal strength vectors, eliminating missing values by means of data filling, filtering, and averaging. Then, we perform clustering analysis on the received signal strength vectors, where we design a distance measurement method that dynamically uses partial components in received signal strength vectors to minimize the distance deviation due to missing values. Finally, we conduct the experiments to evaluate the performance of the practical rogue access point detection. The results demonstrate that the practical rogue access point detection can significantly reduce the false alarm rate while ensuring a high detection rate.

[1]  Raheem A. Beyah,et al.  Rogue access point detection using temporal traffic characteristics , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[2]  Boris Bellalta,et al.  Next generation IEEE 802.11 Wireless Local Area Networks: Current status, future directions and open challenges , 2016, Comput. Commun..

[3]  Ali S. Hadi,et al.  Finding Groups in Data: An Introduction to Chster Analysis , 1991 .

[4]  Yong Sheng,et al.  Detecting 802.11 MAC Layer Spoofing Using Received Signal Strength , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[5]  Ming Xu,et al.  Detecting Rogue AP with the Crowd Wisdom , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[6]  Matthew S. Gast,et al.  802.11 Wireless Networks: The Definitive Guide , 2002 .

[7]  Weiping Zhang,et al.  Rogue Access Point Detection in Vehicular Environments , 2015, WASA.

[8]  M. Loganathan,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2014 .

[9]  Khaled Elleithy,et al.  A New MAC Address Spoofing Detection Technique Based on Random Forests , 2016, Sensors.

[10]  Lajos Hanzo,et al.  A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends , 2015, Proceedings of the IEEE.

[11]  Sunghyun Choi,et al.  Wi-Fi could be much more , 2014, IEEE Communications Magazine.

[12]  Thomas Engel,et al.  Letting the puss in boots sweat: detecting fake access points using dependency of clock skews on temperature , 2014, AsiaCCS.

[13]  Walid Saad,et al.  Device Fingerprinting in Wireless Networks: Challenges and Opportunities , 2015, IEEE Communications Surveys & Tutorials.

[14]  Sneha Kumar Kasera,et al.  On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews , 2008, IEEE Transactions on Mobile Computing.

[15]  Aziz Mohaisen,et al.  Rogue Access Point Detector Using Characteristics of Channel Overlapping in 802.11n , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[16]  Dan Pei,et al.  How bad are the rogues' impact on enterprise 802.11 network performance? , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[17]  Hao Xia,et al.  Multi-Phase Fingerprint Map Based on Interpolation for Indoor Localization Using iBeacons , 2018, IEEE Sensors Journal.

[18]  Richard P. Martin,et al.  Detecting and Localizing Wireless Spoofing Attacks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[19]  Chao Yang,et al.  Active User-Side Evil Twin Access Point Detection Using Statistical Techniques , 2012, IEEE Transactions on Information Forensics and Security.

[20]  J. Sobana,et al.  Detection and Localization of Multiple Spoofing Attackers in Wireless Networks , 2014 .

[21]  Douglas C. Sicker,et al.  Practical Defenses for Evil Twin Attacks in 802.11 , 2010, 2010 IEEE Global Telecommunications Conference GLOBECOM 2010.

[22]  Cliff Changchun Zou,et al.  Gateway independent user-side wi-fi Evil Twin Attack detection using virtual wireless clients , 2017, Comput. Secur..

[23]  Xiaojiang Du,et al.  A Novel Traceroute-Based Detection Scheme for Wi-Fi Evil Twin Attacks , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[24]  Paramvir Bahl,et al.  Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks , 2004, MobiCom '04.

[25]  Raheem A. Beyah,et al.  Rogue-Access-Point Detection: Challenges, Solutions, and Future Directions , 2011, IEEE Security & Privacy.

[26]  Bo Sheng,et al.  A Timing-Based Scheme for Rogue AP Detection , 2011, IEEE Transactions on Parallel and Distributed Systems.

[27]  Donald F. Towsley,et al.  Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs , 2007, IMC '07.

[28]  Tzi-cker Chiueh,et al.  Sequence Number-Based MAC Address Spoof Detection , 2005, RAID.