Rogue access point attack is one of the most important security threats for wireless local networks and has attracted great attention from both academia and industry. Utilizing received signal strength information is an effective solution to detect rogue access points. However, the received signal strength information is formed by multi-dimensional received signal strength vectors that are collected by multiple sniffers, and these received signal strength vectors are inevitably lacking in some dimensions due to the limited wireless transmission range and link instability. This will result in high false alarm rate for rogue access point detection. To solve this issue, we propose a received signal strength-based practical rogue access point detection approach, considering missing received signal strength values in received signal strength vectors collected in practical environment. First, we present a preprocessing scheme for received signal strength vectors, eliminating missing values by means of data filling, filtering, and averaging. Then, we perform clustering analysis on the received signal strength vectors, where we design a distance measurement method that dynamically uses partial components in received signal strength vectors to minimize the distance deviation due to missing values. Finally, we conduct the experiments to evaluate the performance of the practical rogue access point detection. The results demonstrate that the practical rogue access point detection can significantly reduce the false alarm rate while ensuring a high detection rate.
Wi-Fi network has an open nature so that it needs to face greater security risks compared to wired network. The MAC address represents the unique identifier of the device, and is easily obtained by an attacker. Therefore MAC address randomization is proposed to protect the privacy of devices in a Wi-Fi network. However, implicit identifiers are used by attackers to identify user’s device, which can cause the leakage of user’s privacy. We propose device identification based on 802.11ac probe request frames. Here, a detailed analysis on the effectiveness of 802.11ac fields is given and a novel device identification method based on deep learning whose average f1-score exceeds 99% is presented. With a purpose of preventing attackers from obtaining relevant information by the device identification method above, we design a novel defense mechanism based on stream cipher. In that case, the original content of probe request frame is hidden by encrypting probe request frames and construction of probe request is reserved to avoid the finding of attackers. This defense mechanism can effectively reduce the performance of the proposed device identification method whose average f1-score is below 30%. In general, our research on attack and defense mechanism can preserve device privacy better.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.