Rogue Access Point Detection by Using ARP Failure under the MAC Address Duplication

Kosuke Igarashi, Hiroya Kato, Iwao Sasase

研究成果: Conference contribution

抄録

Detecting a Rogue Access Point (RAP) in Wi-Fi network is imperative. The previous scheme is user side detection focusing on two channels used by a RAP. That scheme can detect a RAP in stable traffic environment by revealing the channel used with a Legitimate Access Point (LAP) with intentional interference. However, the detection performance is degraded in the real environment where traffic is more unstable because it affects the traffic on the channel. Thus, it is necessary to design the scheme which is independent of such factors. In this paper, we propose RAP detection by using Address Resolution Protocol (ARP) failure under the Media Access Control (MAC) address duplication. Our main idea is that the traffic is relayed via a RAP and a LAP on the LAN path between a client and a gateway under the attack. This is because the RAP must be established between a client and a LAP to provide Internet connection. On the basis of this idea, the proposed scheme reveals that the Access Point (AP) with which a client connects is a RAP by discovering the MAC address of a LAP on the path. In order to find the MAC address, we leverage the phenomenon that a client cannot receive ARP reply packets in the situation where its MAC address and that of a AP are duplicated on the path. By doing this, the presence of a LAP is revealed, which can judge that the connected AP is a RAP. In our evaluation, the proposed scheme achieves accuracy of 96.5% even in unstable traffic environment. True positive rate and false positive rate are 31.0% higher and 9.0% lower than the previous scheme. Furthermore, the proposed scheme can detect RAPs accurately in real environment where the previous scheme cannot.

本文言語English
ホスト出版物のタイトル2021 IEEE 32nd Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021
出版社Institute of Electrical and Electronics Engineers Inc.
ページ1469-1474
ページ数6
ISBN(電子版)9781728175867
DOI
出版ステータスPublished - 2021 9月 13
イベント32nd IEEE Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021 - Virtual, Helsinki, Finland
継続期間: 2021 9月 132021 9月 16

出版物シリーズ

名前IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC
2021-September

Conference

Conference32nd IEEE Annual International Symposium on Personal, Indoor and Mobile Radio Communications, PIMRC 2021
国/地域Finland
CityVirtual, Helsinki
Period21/9/1321/9/16

ASJC Scopus subject areas

  • 電子工学および電気工学

フィンガープリント

「Rogue Access Point Detection by Using ARP Failure under the MAC Address Duplication」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル