802.11 Fingerprinting to Detect Wireless Stealth Attacks
نویسندگان
چکیده
We propose a simple, passive and deployable approach for fingerprinting traffic on the wired side as a solution for three critical stealth attacks in wireless networks. We focus on extracting traces of the 802.11 medium access control (MAC) protocol from the temporal arrival patterns of incoming traffic streams as seen on the wired side, to identify attacker behavior. Attacks addressed include unauthorized access points, selfish behavior at the MAC layer and MAC layer covert timing channels. We employ the Bayesian binning technique as a means of classifying between delay distributions. The scheme requires no change to the 802.11 nodes or protocol, exhibits minimal computational overhead and offers a single point of discovery. We evaluate our model using experiments and simulations. INDEX WORDS: 802.11 MAC protocol, Distributed coordination function, Rogue access points, MAC misbehavior, Covert channel. 802.11 FINGERPRINTING TO DETECT WIRELESS STEALTH ATTACKS
منابع مشابه
A new SDN-based framework for wireless local area networks
Nowadays wireless networks are becoming important in personal and public communication andgrowing very rapidly. Similarly, Software Dened Network (SDN) is an emerging approach to over-come challenges of traditional networks. In this paper, a new SDN-based framework is proposedto ne-grained control of 802.11 Wireless LANs. This work describes the benets of programmableAcc...
متن کاملPassive Data Link Layer 802.11 Wireless Device Driver Fingerprinting
Motivated by the proliferation of wireless-enabled devices and the suspect nature of device driver code, we develop a passive fingerprinting technique that identifies the wireless device driver running on an IEEE 802.11 compliant device. This technique is valuable to an attacker wishing to conduct reconnaissance against a potential target so that he may launch a driver-specific exploit. In part...
متن کاملImprovement of 802.11 fingerprint diversity
802.11 networks are largely adopted, thus the identification of wireless devices becomes a major issue in network security. This study takes place in the scope of a defensive scenario, and can be used to detect Medium Access Control (MAC) address spoofing. We develop an approach to improve the identification of unique devices while keeping existing 802.11 fingerprinting methods. We evaluate our...
متن کاملRogue Access Point Detection Using Innate Characteristics of the 802.11 MAC
Attacks on wireless networks can be classified into two categories: external wireless and internal wired. In external wireless attacks, an attacker uses a wireless device to target the access point (AP), other wireless nodes or the communications on the network. In internal wired attacks, an attacker or authorized insider inserts an unauthorized (or rogue) AP into the wired backbone for malicio...
متن کامل802.11 De-authentication Attack Detection Using Genetic Programming
This paper presents a genetic programming approach to detect deauthentication attacks on wireless networks based on the 802.11 protocol. To do so we focus on developing an appropriate fitness function and feature set. Results show that the intrusion system developed not only performs incredibly well 100 percent detection rate and 0.5 percent false positive rate but also developed a solution tha...
متن کامل