Intelligent detection of MAC spoofing attack in 802.11 network

In 802.11, all devices are uniquely identified by a Media Access Control (MAC) address. However, legitimate MAC addresses can be easily spoofed to launch various forms of attacks, such as Denial of Service attacks. Impersonating the MAC address of a legitimate user poses a big challenge for cyber crime investigators. Indeed, MAC spoofing makes the task of identifying the source of the attack very difficult. Sequence number analysis is a common technique used to detect MAC spoofing attack. Existing solutions relying on sequence number analysis, adopt a threshold-based approach where the gap between consecutive sequence numbers is compared to a threshold to decide the presence of a MAC spoofing attack. Nevertheless, threshold-based approach may lead to a high rate of false alerts due to lost or duplicated frames. To overcome the limitations of threshold-based approach, this paper proposes a detection method that relies on a machine learning approach, namely Artificial Neural Network (ANN). ANNs provide the potential to identify and classify network behavior from limited, noisy, incomplete and non-linear data sources. The experimentation results showed the effectiveness of the proposed detection technique. Moreover, we proposed a user-friendly graphical representation of information to support the interpretation of quantitative results.