Automated Wi-Fi intrusion detection tool on 802.11 networks

Abstract

Wi-Fi networks enable user-friendly network connectivity in various environments, ranging from home to enterprise networks. However, vulnerabilities in Wi-Fi implementations may allow nearby adversaries to gain an initial foothold into a network, e.g., in order to attempt further network penetration. In this paper we propose a methodology for the detection of attacks originating from Wi-Fi networks, along with a Wi-Fi Network Intrusion Detection (Wi-Fi-NID) tool, developed to automate the detection of such attacks at 802.11 networks. In particular, Wi-Fi-NID has the ability to detect and trace possible illegal network scanning attacks, which originate from attacks at the Wi-Fi access layer. We extend our initial implementation to increase the efficiency of detection, based on mathematical and statistical function techniques. A penetration testing methodology is defined, in order to discover the environmental security characteristics, related with the current configuration of the devices connected to the 802.11 network. The methodology covers known Wi-Fi attacks such as de-authentication attacks, capturing and cracking WPA-WPA/2 handshake, captive portal and WPA attacks, mostly based on various open source software tools, custom tools, as well as on specialized hardware.