{"title":"kTRACKER: Passively Tracking KRACK using ML Model","authors":"Anand Agrawal, Urbi Chatterjee, R. Maiti","doi":"10.1145/3508398.3519360","DOIUrl":null,"url":null,"abstract":"Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. In this paper, we design and implement a system, called kTRACKER, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. A state machine model is implemented to detect KRACK attack by passively monitoring multiple wireless channels. In particular, we perform deep packet inspection and develop a grouping algorithm to group Wi-Fi handshake packets to identify the symptoms of the KRACK in specific stages of a handshake session. Our implementation of kTRACKER does not require any modification to the firmware of the supplicant i.e., client or the authenticator i.e., access point or the COTS devices, our system just needs to be in the accessible range from clients and access points. We use a publicly available dataset for performance analysis of kTRACKER. We employ gradient boosting-based supervised machine learning models, and show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using kTRACKER.","PeriodicalId":102306,"journal":{"name":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Twelfth ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3508398.3519360","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Recently, a number of attacks have been demonstrated (like key reinstallation attack, called KRACK) on WPA2 protocol suite in Wi-Fi WLAN. In this paper, we design and implement a system, called kTRACKER, to passively detect anomalies in the handshake of Wi-Fi security protocols, in particular WPA2, between a client and an access point using COTS radios. A state machine model is implemented to detect KRACK attack by passively monitoring multiple wireless channels. In particular, we perform deep packet inspection and develop a grouping algorithm to group Wi-Fi handshake packets to identify the symptoms of the KRACK in specific stages of a handshake session. Our implementation of kTRACKER does not require any modification to the firmware of the supplicant i.e., client or the authenticator i.e., access point or the COTS devices, our system just needs to be in the accessible range from clients and access points. We use a publicly available dataset for performance analysis of kTRACKER. We employ gradient boosting-based supervised machine learning models, and show that an accuracy around 93.39% and a false positive rate of 5.08% can be achieved using kTRACKER.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
