kTRACKER: Passively Tracking KRACK using ML Model

Agrawal, Anand; Chatterjee, Urbi; Maiti, Rajib Ranjan

doi:10.1145/3508398.3519360

Cited by 6 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, their focus was solely on detecting KRACK attacks. Similar works include [44]- [46]. It is important to note that these machines learning based defense mechanisms have not been evaluated in real networks but rather assessed using the publicly available AWID3 dataset [26].…”

Section: ) Stage 2 Defense Mechanismsmentioning

confidence: 99%

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

Thankappan,

Rifà-Pous,

Garrigues

2024

IEEE Access

View full text Add to dashboard Cite

One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable to every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible for two reasons: they either require severe firmware modifications on all the devices in a system, or they require the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. This paper presents the first plug-and-play system to detect MC-MitM attacks. Our solution is a lightweight, signaturebased, and centralized online passive intrusion detection system that can be easily integrated into Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum detection time of 60 seconds and a minimum TPR (true positive rate) of 90% by short-distance detectors and 85% by long-distance detectors in real Wi-Fi or IoT environments.

show abstract

Section: ) Stage 2 Defense Mechanismsmentioning

confidence: 99%

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

Thankappan,

Rifà-Pous,

Garrigues

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Publicly available information on the Krack attack includes information about the attack itself. There is no guarantee that every device will have a patch and be protected from these attacks coming from any networked point [38,39]. The four-way handshake procedure, which is a crucial part of the IEEE 802.11 protocol has a serious weakness that allows any attacker to decode a user's communication without eavesdropping on the handshake or knowing the encryption key, according to [40].…”

Section: Krack Attackmentioning

confidence: 99%

“…The authors in [38] used a state-machine architecture to find Krack attacks by monitoring numerous wireless channels. To specifically identify the Krack symptoms at various points of a handshake session, they undertook deep packet inspection and created a grouping method to group Wi-Fi handshake packets.…”

Section: Comparing Our Findings With Previous Studiesmentioning

confidence: 99%

Enhancing Network Security: A Machine Learning-Based Approach for Detecting and Mitigating Krack and Kr00k Attacks in IEEE 802.11

Salah

Elsoud

2023

Future Internet

View full text Add to dashboard Cite

The rise in internet users has brought with it the impending threat of cybercrime as the Internet of Things (IoT) increases and the introduction of 5G technologies continues to transform our digital world. It is now essential to protect communication networks from illegal intrusions to guarantee data integrity and user privacy. In this situation, machine learning techniques used in data mining have proven to be effective tools for constructing intrusion detection systems (IDS) and improving their precision. We use the well-known AWID3 dataset, a comprehensive collection of wireless network traffic, to investigate the effectiveness of machine learning in enhancing network security. Our work primarily concentrates on Krack and Kr00k attacks, which target the most recent and dangerous flaws in IEEE 802.11 protocols. Through diligent implementation, we were able to successfully identify these threats using an IDS model that is based on machine learning. Notably, the resilience of our method was demonstrated by our ensemble classifier’s astounding 99% success rate in detecting the Krack attack. The effectiveness of our suggested remedy was further demonstrated by the high accuracy rate of 96.7% displayed by our neural network-based model in recognizing instances of the Kr00k attack. Our research shows the potential for considerably boosting network security in the face of new threats by leveraging the capabilities of machine learning and a diversified dataset. Our findings open the door for stronger, more proactive security measures to protect IEEE. 802.11 networks’ integrity, resulting in a safer online environment for all users.

show abstract

A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks

Thankappan,

Rifà-Pous,

Garrigues

2024

Int. J. Inf. Secur.

View full text Add to dashboard Cite

A Multi-Channel Man-in-the-Middle (MC-MitM) attack is an advanced form of MitM attack, characterized by its ability to manipulate encrypted wireless communications between the Access Point (AP) and clients within a WiFi network. MC-MitM attacks can target any Wi-Fi client, regardless of the authentication method used with the AP. Notable examples of such attacks include Key Reinstallation Attacks and FragAttacks, which have impacted millions of WiFi systems worldwide, especially those involving Internet of Things devices. Current defense mechanisms are inadequate against these attacks due to interoperability challenges and the need for modifications to devices or protocols within the targeted Wi-Fi networks. This paper introduces a distributed and cooperative signature-based wireless intrusion detection mechanism designed for online passive monitoring to detect malicious traffic patterns during MC-MitM attacks in any environment, from apartments and houses to large areas like hotels, offices or industrial sites. We implemented the proposed framework on Raspberry Pis and evaluated it in real-world settings. Our evaluation demonstrates that this framework can effectively identify MC-MitM attacks with an average accuracy of 98% when deployed across different locations within our experimental testbed.

show abstract

kTRACKER: Passively Tracking KRACK using ML Model

Cited by 6 publications

References 3 publications

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

A Signature-Based Wireless Intrusion Detection System Framework for Multi-Channel Man-in-the-Middle Attacks Against Protected Wi-Fi Networks

Enhancing Network Security: A Machine Learning-Based Approach for Detecting and Mitigating Krack and Kr00k Attacks in IEEE 802.11

A distributed and cooperative signature-based intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks

Contact Info

Product

Resources

About