A Passive Client-based Approach to Detect Evil Twin Attacks

Qian Lu, Haipeng Qu, Y. Zhuang, Xi Jun Lin, Yanyong Zhu, Yunzheng Liu
{"title":"A Passive Client-based Approach to Detect Evil Twin Attacks","authors":"Qian Lu, Haipeng Qu, Y. Zhuang, Xi Jun Lin, Yanyong Zhu, Yunzheng Liu","doi":"10.1109/Trustcom/BigDataSE/ICESS.2017.242","DOIUrl":null,"url":null,"abstract":"As the widespread deployment and usage of 802.11-based wireless local area networks (WLANs), Wi-Fi users are vulnerable to be attacked by a security threat called evil twins. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Malicious adversaries can easily configure evil twins on a laptop to induce victim wireless users. The presence of such a threat continuously leads to significant loss of information. In this paper, we propose a passive client-side detection approach that allows users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection and location technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96% accuracy in distinguishing evil twins from legitimate APs.","PeriodicalId":170253,"journal":{"name":"2017 IEEE Trustcom/BigDataSE/ICESS","volume":"150 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Trustcom/BigDataSE/ICESS","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.242","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12

Abstract

As the widespread deployment and usage of 802.11-based wireless local area networks (WLANs), Wi-Fi users are vulnerable to be attacked by a security threat called evil twins. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Malicious adversaries can easily configure evil twins on a laptop to induce victim wireless users. The presence of such a threat continuously leads to significant loss of information. In this paper, we propose a passive client-side detection approach that allows users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection and location technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96% accuracy in distinguishing evil twins from legitimate APs.
一种基于被动客户端的恶意双攻击检测方法
随着基于802.11的无线局域网(wlan)的广泛部署和使用,Wi-Fi用户很容易受到一种名为“邪恶双胞胎”的安全威胁。邪恶的孪生,一种流氓接入点(rap),伪装成合法的接入点(AP)来引诱用户连接它。恶意的攻击者可以很容易地在笔记本电脑上配置邪恶的双胞胎来诱导受害的无线用户。这种威胁的存在不断导致大量信息的丢失。在本文中,我们提出了一种被动的客户端检测方法,允许用户独立识别和定位邪恶的双胞胎,而无需无线网络管理员的任何帮助。由于恶意双胞胎的转发行为,提出的方法通过对比目标ap发送给用户的802.11数据帧来判断恶意双胞胎攻击。我们在一个名为ET-spotter的Python工具中实现了我们的检测和定位技术。通过我们研究中的实现和评估,我们的算法在区分邪恶双胞胎和合法ap方面达到了96%的准确率。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信