A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks

IF 2.4 4区计算机科学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Information Security Pub Date : 2024-08-14 DOI:10.1007/s10207-024-00899-9

Manesh Thankappan, Helena Rifà-Pous, Carles Garrigues

{"title":"A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks","authors":"Manesh Thankappan, Helena Rifà-Pous, Carles Garrigues","doi":"10.1007/s10207-024-00899-9","DOIUrl":null,"url":null,"abstract":"<p>A Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack, characterized by its ability to manipulate encrypted wireless communications between the Access Point (AP) and clients within a WiFi network. MC-MitM attacks can target any Wi-Fi client, regardless of the authentication method used with the AP. Notable examples of such attacks include Key Reinstallation Attacks and FragAttacks, which have impacted millions of WiFi systems worldwide, especially those involving Internet of Things devices. Current defense mechanisms are inadequate against these attacks due to interoperability challenges and the need for modifications to devices or protocols within the targeted Wi-Fi networks. This paper introduces a distributed and cooperative signature-based wireless intrusion detection mechanism designed for online passive monitoring to detect malicious traffic patterns during MC-MitM attacks in any environment, from apartments and houses to large areas like hotels, offices or industrial sites. We implemented the proposed framework on Raspberry Pis and evaluated it in real-world settings. Our evaluation demonstrates that this framework can effectively identify MC-MitM attacks with an average accuracy of 98% when deployed across different locations within our experimental testbed.\n</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"6 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-08-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00899-9","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

A Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack, characterized by its ability to manipulate encrypted wireless communications between the Access Point (AP) and clients within a WiFi network. MC-MitM attacks can target any Wi-Fi client, regardless of the authentication method used with the AP. Notable examples of such attacks include Key Reinstallation Attacks and FragAttacks, which have impacted millions of WiFi systems worldwide, especially those involving Internet of Things devices. Current defense mechanisms are inadequate against these attacks due to interoperability challenges and the need for modifications to devices or protocols within the targeted Wi-Fi networks. This paper introduces a distributed and cooperative signature-based wireless intrusion detection mechanism designed for online passive monitoring to detect malicious traffic patterns during MC-MitM attacks in any environment, from apartments and houses to large areas like hotels, offices or industrial sites. We implemented the proposed framework on Raspberry Pis and evaluated it in real-world settings. Our evaluation demonstrates that this framework can effectively identify MC-MitM attacks with an average accuracy of 98% when deployed across different locations within our experimental testbed.

Abstract Image

查看原文本刊更多论文

针对受保护 Wi-Fi 网络的多通道中间人攻击的分布式合作签名入侵检测系统框架

多通道中间人（MC-MitM）攻击是一种高级形式的MitM攻击，其特点是能够操纵WiFi网络中接入点（AP）与客户端之间的加密无线通信。MC-MitM 攻击可针对任何 Wi-Fi 客户端，无论接入点使用的是哪种验证方法。此类攻击的著名实例包括密钥重装攻击和碎片攻击，它们已影响到全球数百万个 WiFi 系统，特别是那些涉及物联网设备的系统。由于互操作性难题以及需要修改目标 Wi-Fi 网络内的设备或协议，目前的防御机制不足以抵御这些攻击。本文介绍了一种基于签名的分布式合作无线入侵检测机制，该机制专为在线被动监测而设计，可在任何环境（从公寓和住宅到酒店、办公室或工业场所等大型区域）中检测 MC-MitM 攻击期间的恶意流量模式。我们在 Raspberry Pis 上实施了建议的框架，并在实际环境中对其进行了评估。我们的评估结果表明，在实验平台的不同地点部署该框架时，它能有效识别 MC-MitM 攻击，平均准确率高达 98%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Information Security 工程技术-计算机：理论方法

CiteScore

6.30

自引率

3.10%

发文量

审稿时长

12 months

期刊介绍： The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation. Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.