Wi-Fi Frame Classification and Feature Selection Analysis in Detecting Evil Twin Attack

2020 IEEE Region 10 Symposium (TENSYMP) Pub Date : 2020-06-05 DOI:10.1109/TENSYMP50017.2020.9231042

M. Asaduzzaman, Mohammad Shahjahan Majib, M. Rahman

{"title":"Wi-Fi Frame Classification and Feature Selection Analysis in Detecting Evil Twin Attack","authors":"M. Asaduzzaman, Mohammad Shahjahan Majib, M. Rahman","doi":"10.1109/TENSYMP50017.2020.9231042","DOIUrl":null,"url":null,"abstract":"Wi-Fi are mostly used components for connecting to the internet today. Nowadays Wi-Fi can be found in work, home or even in bus and train. While using internet with these access points, the connection between user and server is barely secure. Attackers can harvest data, as well as modify or drop data by impersonating himself as a legitimate access point. Also attacker can acquire the credentials of a legitimate access point from the users by impersonating himself as the legitimate access point and forcing the legitimate access point to be stopped for time being. This attack is known as Evil Twin attack. In this paper the traffics of both legitimate access point and rogue access point are analyzed. The detection is concluded with 91.2367% accuracy. Wi-fi frames of both APs are captured and features are extracted. Best 10 features are selected to increase the accuracy using chi-square test, information gain, gain ratio and tree based random forest. Several algorithms are used to classify the frames; among those J48 decision tree algorithm gives the highest accuracy.","PeriodicalId":6721,"journal":{"name":"2020 IEEE Region 10 Symposium (TENSYMP)","volume":"18 1","pages":"1704-1707"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Region 10 Symposium (TENSYMP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TENSYMP50017.2020.9231042","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

Abstract

Wi-Fi are mostly used components for connecting to the internet today. Nowadays Wi-Fi can be found in work, home or even in bus and train. While using internet with these access points, the connection between user and server is barely secure. Attackers can harvest data, as well as modify or drop data by impersonating himself as a legitimate access point. Also attacker can acquire the credentials of a legitimate access point from the users by impersonating himself as the legitimate access point and forcing the legitimate access point to be stopped for time being. This attack is known as Evil Twin attack. In this paper the traffics of both legitimate access point and rogue access point are analyzed. The detection is concluded with 91.2367% accuracy. Wi-fi frames of both APs are captured and features are extracted. Best 10 features are selected to increase the accuracy using chi-square test, information gain, gain ratio and tree based random forest. Several algorithms are used to classify the frames; among those J48 decision tree algorithm gives the highest accuracy.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Wi-Fi帧分类与特征选择在恶意孪生攻击检测中的分析

如今，Wi-Fi主要用于连接互联网。如今，Wi-Fi可以在工作场所、家里，甚至在公共汽车和火车上找到。当通过这些接入点使用互联网时，用户和服务器之间的连接几乎不安全。攻击者可以通过将自己冒充为合法的访问点来获取数据，以及修改或删除数据。攻击者还可以通过将自己冒充为合法访问点并强制暂时停止合法访问点的方式，从用户那里获取合法访问点的凭据。这种攻击被称为邪恶双胞胎攻击。本文对合法接入点和非法接入点的流量进行了分析。检测准确率为91.2367%。捕获两个ap的Wi-fi帧并提取特征。利用卡方检验、信息增益、增益比和基于树的随机森林等方法，选择最佳的10个特征来提高准确率。使用了几种算法对帧进行分类;其中J48决策树算法的准确率最高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2020 IEEE Region 10 Symposium (TENSYMP)

自引率

0.00%

发文量