Detecting forged management frames with spoofed addresses in IEEE 802.11 networks using received signal strength indicator

Abstract

IEEE 802.11 Wireless LAN networks are vulnerable to MAC address spoofing attacks and to sending forged management frames to disconnect or disturb existing connections. The main reason behind this vulnerability is that the management frames are sent as a plain text with no built-in authentication or encryption mechanism. In this paper, intention is to address problem of detecting forged management frames with spoofed source addresses. Using a distributed architecture and Received Signal Strength Indicator (RSSI), the paper proposes a signature-based detection scheme. Employing a set of monitoring points, RSSI is used as a non-counterfeiting feature to extract a signature for each node. The proposed approach uses majority voting as an ensemble method to aggregate the local judgments of the monitoring points. The simulation results show that when the attacker is far enough from the victim, this approach can detect spoofing attacks with a high detection rate.