Abstract
Evil Twin Attack (ETA) refers to attackers use a device to impersonate a legitimate hotspot. To address the problem of ETAs in the WiFi network, a Convolutional Neural Network (CNN) attack detection method is proposed. The method uses the preamble of the WiFi signal as the feature and uses it to train a CNN based classification model. Next, it uses the trained model to detect the potential ETA device by the inconsistent of the identity it claims and the signal feature. Experiments based on the commercial hardware demonstrate that the proposed method can effectively detect the Evil Twin Attack.
Highlights
Due to the lack of verification mechanism for hotspots, users can only identify the hotspots by the MAC address and SSID, which are easy to be imitated
The diversity between different hardware of transmitters and the wireless channels brings subtle features to the raw signals. Those signal features are called as radio frequency fingerprints or RF fingerprints. It is independent of the bit information in the WiFi frame and provides a reliable way to recognize the identities of wireless devices
Chen et al of [8] proposed an attack detection method based on the signal strength to identify malicious devices; [9] proposed an attack detection method using the different wireless channel transmission response from the device to the receiver at different locations to detect potential identity forgery attacks
Summary
The proposed method works as an independent intrusion detection system (IDS), which only monitors the wireless passively and doesn't cost additional communication overhead of the local network. It trains the identification model with the signal features of the legitimate APs. Once the training is completed, it can recognize each of the legitimate APs by their signal features, and other devices would be recognized as “unknown”. The method can detect ETAs by comparing the identification results of the wireless APs and the MAC address it claims. The method can send out the alarm of ETA and output the potential APs list under attacks. The basic assumption of our method is both the hardware features and the channel features of a device keep stable during the process. Considering the WiFi APs are always deployed in the static positions and wouldn’t be moved during the service, our method can be applied to most scenarios
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
