Browse > Article
http://dx.doi.org/10.7840/kics.2015.40.2.334

Evil-Twin Detection Scheme Using SVM with Multi-Factors  

Kang, SungBae (Department of Computer and Information Engineering, Inha University)
Nyang, DaeHun (Department of Computer and Information Engineering, Inha University)
Lee, KyungHee (Department of Electronic Engineering, SuwonUniversity)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.40, no.2, 2015 , pp. 334-348 More about this Journal
Abstract
Widespread use of smart devices accompanies increase of use of access point (AP), which enables the connection to the wireless network. If the appropriate security is not served when a user tries to connect the wireless network through an AP, various security problems can arise due to the rogue APs. In this paper, we are going to examine the threat by evil-twin, which is a kind of rogue APs. Most of recent researches for detecting rogue APs utilize the measured time difference, such as round trip time (RTT), between the evil-twin and authorized APs. These methods, however, suffer from the low detection rate in the network congestion. Due to these reasons, in this paper, we suggest a new factor, packet inter-arrival time (PIAT), in order to detect evil-twins. By using both RTT and PIAT as the learning factors for the support vector machine (SVM), we determine the non-linear metric to classify evil-twins and authorized APs. As a result, we can detect evil-twins with the probability of up to 96.5% and at least 89.75% even when the network is congested.
Keywords
fingerprint; evil twin; rogue AP; network security; WLAN security; Wi-Fi;
Citations & Related Records
Times Cited By KSCI : 5  (Citation Analysis)
연도 인용수 순위
1 S. Kang, D. Nyang, J. Choi, and S. Lee, "Relaying rogue AP detection scheme using SVM," J. KIISC, vol. 23, no. 3, pp. 431-444, Jun. 2013.
2 P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill, "Enhancing the security of corporate Wi-Fi networks using DAIR," MobiSys, pp. 1-14, Jun. 2006.
3 D. Schweitzer, W. Brown, and J. Boleng, "Using visualization to locate rogue access points," J. Computing Sci. in Colleges, vol. 23, no. 1, pp. 134-140, Oct. 2007.
4 S. Jana and S. K. Kasera, "On fast and accurate detection of unauthorized wireless access points using clock skews," IEEE Trans. Mob. Computing, vol. 9, no. 3, pp. 449-462, Mar. 2010.   DOI   ScienceOn
5 L. Watkins, R. Beyah, and C. Corbett, "A Passive approach to rogue access point detection," IEEE Global Telecommun. Conf. (GLOBECOM '07), pp. 355-360, Washington DC, USA, Nov. 2007.
6 W. Wei, K. Suh, B. Wang, Y. Gu, J. Kurose, and D. Towsley, "Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs," in Proc. 7th ACM SIGCOMM Conf. Internet Measurement (IMC '07), pp. 365-378, NY, USA, Oct. 2007.
7 I. Kim, J. Cho, T. Shon, and J. Moon, "A method for detecting unauthorized access point over 3G network," J. KIISC, vol. 22, no. 2, pp. 259-266, Apr. 2012.
8 Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, "Detecting 802.11 MAC layer spoofing using received signal strength," The 27th Conf. Comput. Commun. IEEE, (INFOCOM 2008), Phoenix, AZ, USA, Apr. 2008.
9 J. Park, M. Park, and S. Jung, "A whitelistbased scheme for detecting and preventing unauthorized AP access using mobile device," J. KICS, vol. 38, no. 8, pp. 632-640, Aug. 2013.
10 J. Mun and S. Jung, "A scheme for detecting and preventing an unauthorized device using context awareness and mobile device management," J. KICS, vol. 39, no. 1, pp. 1-8, Jan. 2014.
11 D. Shin, J. Kang, D. Nyang, S. Lee, and K. Lee, "A method of authenticating WLAN APs for smartphones," J. KICS, vol. 39, no. 1, pp. 17-28, Jan. 2014.
12 V. Brik, S. Banerjee, M. Gruteser, and S. Oh, "Wireless device identification with radiometric signatures," 14th ACM Int. Conf. Mob. Comput. Netw. (Mobicom '08), pp. 116-127, San Francisco, CA, USA, Sept. 2008.
13 L. Ma, A. Y. Teymorian, and X. Cheng, "A hybrid rogue access point protection framework for commodity Wi-Fi networks," The 27th Conf. Comput. Commun. IEEE, (INFOCOM 2008), Phoenix, AZ, USA, Apr. 2008.
14 H. Yin, G. Chen, and J. Wang, "Detecting protected layer-3 rogue APs," 4th Int. Conf. Broadband Commun. Netw. Syst. (BROADNETS 2007), pp. 449-458, Raleigh, NC, USA, Sept. 2007.
15 A. Adya, P. Bahl, R. Chandra, and L. Qiu, "Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks," The 10th Annu. Int. Conf. Mob. Comput. Netw. (MobiCom '04), pp. 30-44, Philadelphia, USA, Sept. 2004.
16 H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, "A timing-based scheme for rogue AP detection," IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 11, pp. 1912-1925, Nov. 2011.   DOI   ScienceOn
17 C. Yang, Y. Song, and G. Gu, "Active user-side evil twin access point detection using statistical techniques," IEEE Trans. Inf. Forensics and Security, vol. 7, no. 5, pp. 1638- 1651, Oct. 2012.   DOI   ScienceOn