A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks

Abstract

A Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack, characterized by its ability to manipulate encrypted wireless communications between the Access Point (AP) and clients within a WiFi network. MC-MitM attacks can target any Wi-Fi client, regardless of the authentication method used with the AP. Notable examples of such attacks include Key Reinstallation Attacks and FragAttacks, which have impacted millions of WiFi systems worldwide, especially those involving Internet of Things devices. Current defense mechanisms are inadequate against these attacks due to interoperability challenges and the need for modifications to devices or protocols within the targeted Wi-Fi networks. This paper introduces a distributed and cooperative signature-based wireless intrusion detection mechanism designed for online passive monitoring to detect malicious traffic patterns during MC-MitM attacks in any environment, from apartments and houses to large areas like hotels, offices or industrial sites. We implemented the proposed framework on Raspberry Pis and evaluated it in real-world settings. Our evaluation demonstrates that this framework can effectively identify MC-MitM attacks with an average accuracy of 98% when deployed across different locations within our experimental testbed.