Lightweight MAC-spoof detection exploiting received signal power and median filtering

Papini, Davide

doi:10.1504/ijccbs.2012.053204

Cited by 1 publication

(1 citation statement)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several works have been proposed to separate the RSS sequences in order to detect the spoofing attack. The mechanisms include median filtering [10], normalization technique [11], Pearson correlation coefficient [12], Kmeans clustering [3,4] and K-medoids clustering [5]. In this work, we propose a client-centric AP spoofing detection framework by adapting the work undertaken in [3,4,5].…”

Section: Related Workmentioning

confidence: 99%

Detecting Access Point Spoofing Attacks Using Partitioning-based Clustering

Ahmad

Amin

Kannan

et al. 2014

JNW

View full text Add to dashboard Cite

The impersonation of wireless Access Point (AP) poses an unprecedented number of threats that can compromise a wireless client's identity, personal data, and network integrity. The AP impersonation attack is conducted by establishing rogue AP with spoofed Service Set Identifier (SSID) and MAC address same as the target legitimate AP. Since these identities can be easily forged, there is no identifier can be used to identify the legitimate AP. Due to strong correlation between the AP signal strength and the distance, in this paper, we propose a clientcentric AP spoofing detection framework by exploiting the statistical relationship of signal strength from the legitimate and rogue APs. We show the relationship between the signals can be determined by using two classical partitioning-based clustering methods, K-means and Kmedoids analysis. The experimental results show that both analysis methods can achieve over 90% detection rate.

show abstract