TY - GEN
T1 - Rogue twin attack detection
T2 - 2019 IEEE International Conference on Systems, Man and Cybernetics, SMC 2019
AU - Agarwal, Mayank
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/10/1
Y1 - 2019/10/1
N2 - Rogue Twin Access Point (AP) is a rogue Wi-Fi hotspot/AP setup by an adversary solely with the purpose of luring Wi-Fi stations (STAs) into connecting to them. An adversary clones the Service Set IDentifier (SSID) [Hotspot Name] as well as the MAC address of the legitimate AP while setting up the rogue twin. When a STA checks for the list of available APs (under presence of rogue twin), it sees only one AP (despite there being two APs with the identical SSID and MAC address). In case the signal strength of the rogue twin is more than the legitimate AP, the STA connects to the rogue twin.In the present study, a Discrete Event System (DES) paradigm based Intrusion Detection System (IDS) for detecting rogue twin which is proposed. It overcomes many drawbacks of existing approaches in tackling rogue twin. A normal DES model corresponding to a frame exchange under normal network conditions along with a failure (attacker) DES model corresponding to a frame exchange under rogue twin network conditions is constructed. Using the knowledge of the normal and attacker DES models, a DES diagnoser is constructed to ascertain whether the frame exchange corresponds to a normal or attack condition. Even if an attacker uses multiple techniques to launch the rogue twin the proposed DES based IDS is capable of identifying all such possible instances. We validate the scheme on a real test bed.
AB - Rogue Twin Access Point (AP) is a rogue Wi-Fi hotspot/AP setup by an adversary solely with the purpose of luring Wi-Fi stations (STAs) into connecting to them. An adversary clones the Service Set IDentifier (SSID) [Hotspot Name] as well as the MAC address of the legitimate AP while setting up the rogue twin. When a STA checks for the list of available APs (under presence of rogue twin), it sees only one AP (despite there being two APs with the identical SSID and MAC address). In case the signal strength of the rogue twin is more than the legitimate AP, the STA connects to the rogue twin.In the present study, a Discrete Event System (DES) paradigm based Intrusion Detection System (IDS) for detecting rogue twin which is proposed. It overcomes many drawbacks of existing approaches in tackling rogue twin. A normal DES model corresponding to a frame exchange under normal network conditions along with a failure (attacker) DES model corresponding to a frame exchange under rogue twin network conditions is constructed. Using the knowledge of the normal and attacker DES models, a DES diagnoser is constructed to ascertain whether the frame exchange corresponds to a normal or attack condition. Even if an attacker uses multiple techniques to launch the rogue twin the proposed DES based IDS is capable of identifying all such possible instances. We validate the scheme on a real test bed.
UR - http://www.scopus.com/inward/record.url?scp=85076722008&partnerID=8YFLogxK
U2 - 10.1109/SMC.2019.8914062
DO - 10.1109/SMC.2019.8914062
M3 - Conference contribution
AN - SCOPUS:85076722008
T3 - Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
SP - 1813
EP - 1818
BT - 2019 IEEE International Conference on Systems, Man and Cybernetics, SMC 2019
PB - Institute of Electrical and Electronics Engineers
Y2 - 6 October 2019 through 9 October 2019
ER -