{"title":"CheckShake:使用基于集成学习的梯度增强被动检测Wi-Fi安全握手中的异常","authors":"Anand Agrawal, Urbi Chatterjee, R. Maiti","doi":"10.1109/tdsc.2023.3236355","DOIUrl":null,"url":null,"abstract":"Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN, for which a patching is often challenging. In this article, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an AP using COTS radios. Our proposed system works without decrypting any traffic and sniffing on multiple channels in parallel. It uses a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the AP or the COTS devices, it only requires to be physically placed within the range of the AP and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning (ML) models, we show that an accuracy around 98.50% with no false positive can be achieved using CheckShake in open sourced data that has non-zero probability of missing packets per group of packets.","PeriodicalId":13158,"journal":{"name":"IACR Cryptol. ePrint Arch.","volume":"65-66 1","pages":"4868-4880"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning\",\"authors\":\"Anand Agrawal, Urbi Chatterjee, R. Maiti\",\"doi\":\"10.1109/tdsc.2023.3236355\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN, for which a patching is often challenging. In this article, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an AP using COTS radios. Our proposed system works without decrypting any traffic and sniffing on multiple channels in parallel. It uses a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the AP or the COTS devices, it only requires to be physically placed within the range of the AP and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning (ML) models, we show that an accuracy around 98.50% with no false positive can be achieved using CheckShake in open sourced data that has non-zero probability of missing packets per group of packets.\",\"PeriodicalId\":13158,\"journal\":{\"name\":\"IACR Cryptol. ePrint Arch.\",\"volume\":\"65-66 1\",\"pages\":\"4868-4880\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IACR Cryptol. ePrint Arch.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/tdsc.2023.3236355\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IACR Cryptol. ePrint Arch.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/tdsc.2023.3236355","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
CheckShake: Passively Detecting Anomaly in Wi-Fi Security Handshake using Gradient Boosting based Ensemble Learning
Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN, for which a patching is often challenging. In this article, we design and implement a system, called CheckShake, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an AP using COTS radios. Our proposed system works without decrypting any traffic and sniffing on multiple channels in parallel. It uses a state machine model for grouping Wi-Fi handshake packets and then perform deep packet inspection to identify the symptoms of the anomaly in specific stages of a handshake session. Our implementation of CheckShake does not require any modification to the firmware of the client or the AP or the COTS devices, it only requires to be physically placed within the range of the AP and its clients. We use both the publicly available dataset and our own data set for performance analysis of CheckShake. Using gradient boosting-based supervised machine learning (ML) models, we show that an accuracy around 98.50% with no false positive can be achieved using CheckShake in open sourced data that has non-zero probability of missing packets per group of packets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
