Radio Frequency Fingerprinting for Intrusion Detection in Wireless Networks

Media access control (MAC) address spoofing results in the theft of sensitive information and misuse of network resources. This paper demonstrates an anomaly-based intrusion detection approach, which incorporates radio frequency fingerprinting (RFF) and Hotelling’s T , a multivariate statistical process control technique, for detecting this attack. RFF is a technique used to uniquely identify a transceiver based on the transceiverprint (set of features) of the signal it generates. Our approach is to associate a transceiver profile of a wireless device with its corresponding MAC address. Hence, although the MAC address can still be spoofed, the transceiverprints from the illegitimate device would not match the profile of the legitimate device. Moreover, the success rate of a wireless IDS can be further improved, by analyzing multiple chronologically ordered transceiverprints, prior to rendering a decision. Our approach makes use of a decision filter for this purpose. Finally, concept drift is addressed by using dynamic profiles that are updated continuously using currently observed transceiverprints. Simulation results, with a false positive rate of (0%) and an average detection rate of (94.5%) for 95% confidence interval, support the feasibility of employing RFF and the T 2 statistical technique to successfully detect the aforementioned attack.