An Evil Twin Attack Detection System Using Unsupervised Machine Learning
Abstract
This paper proposes a User-based Evil Twin Attacks Detection System that employs One Class Supporting Vector Machine for anomaly detection in IEEE 802.11 wireless networks. The proposed system is user-centric and uses user device interactions with access points to detect the attack. Evil Twin attacks are replicated experimentally to create two datasets that are used to train and refine the proposed system: one with data from legitimate access points only and the other also with data from malicious access points. The results show the high effectiveness of the proposed system, with an accuracy rate of 98.72% while maintaining sensitivity around 90%, thus demonstrating the proposed system’s ability to detect Evil Twin attacks.References
Aircrack-ng (2021). Deauthentication. Disponível em [link]. Acessado em agosto de 2023.
Anyanwu, G. O., Nwakanma, C. I., Lee, J.-M. e Kim, D.-S. (2022). Optimization of RBF-SVM kernel using grid search algorithm for DDoS attack detection in SDN-based VANET. IEEE Internet of Things Journal, 10(10):8477–8490.
Apple Inc. Sobre roaming sem fio para empresas. Disponível em [link]. Acessado em agosto de 2023.
Budiman, F. (2019). SVM-RBF parameters testing optimization using cross validation and grid search to improve multiclass classification. Scientific Visualization, 11(1):80–90.
Cerqueira Júnior, R. L. (2023). Evil twin IDS with One-Class SVM. Disponível em [link]. Acessado em setembro de 2023.
Faria, V. S., Gonçalves, J. A., Silva, C. A. M. d., Vieira, G. B. e Mascarenhas, D. M. (2020). SDToW: A slowloris detecting tool for WMNs. Information, 11(12):544.
Floeter, R. (2004). Hostapd. Disponível em [link]. Acessado em agosto de 2023.
Hsu, F.-H., Wu, M.-H., Hwang, Y.-L., Lee, C.-H., Wang, C.-S. e Chang, T.-C. (2022). WPFD: Active user-side detection of evil twins. Applied Sciences, 12(16):8088.
Kelley, S. (2022). DNSMasq. Disponível em [link]. Acessado em agosto 2023.
Kitisriworapan, S., Jansang, A. e Phonphoem, A. (2020). Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis. EURASIP Journal on Wireless Communications and Networking, 2020(1):1–24.
Li, W. e Liu, Z. (2011). A method of SVM with normalization in intrusion detection. Procedia Environmental Sciences, 11:256–262.
Mahfouz, A. M., Abuhussein, A., Venugopal, D. e Shiva, S. G. (2021). Network intrusion detection model using one-class support vector machine. Em Advances in Machine Learning and Computational Intelligence: Proceedings of ICMLCI 2019, p. 79–86.
Muthalagu, R. e Sanjay, S. (2021). Evil twin attack mitigation techniques in 802.11 networks. International Journal of Advanced Computer Science and Applications, 12(6):38–41.
Nakhila, O., Dondyk, E., Amjad, M. F. e Zou, C. (2015). User-side Wi-Fi evil twin attack detection using SSL/TCP protocols. Em IEEE Consumer Communications and Networking Conference (CCNC), p. 239–244.
Swetha, A. e Shailaja, K. (2020). An effective approach for security attacks based on machine learning algorithms. Em Advances in Computational Intelligence and Informatics: Proceedings of ICACII 2019, p. 293–299.
Tian, Y., Wang, S. e Zhang, L. (2021). Convolutional neural network based evil twin attack detection in WiFi networks. Em MATEC Web of Conferences, volume 336, p. 08006.
Wang, C., Sun, Y., Lv, S., Wang, C., Liu, H. e Wang, B. (2023). Intrusion detection system based on one-class support vector machine and gaussian mixture model. Electronics, 12(4):930.
Wi-Fi Alliance (2020). Wi-Fi optimized connectivity specification v2.0. Relatório técnico, Wi-Fi Alliance.
Yang, K., Kpotufe, S. e Feamster, N. (2021). An efficient one-class SVM for anomaly detection in the Internet of Things. arXiv preprint arXiv:2104.11146.
Anyanwu, G. O., Nwakanma, C. I., Lee, J.-M. e Kim, D.-S. (2022). Optimization of RBF-SVM kernel using grid search algorithm for DDoS attack detection in SDN-based VANET. IEEE Internet of Things Journal, 10(10):8477–8490.
Apple Inc. Sobre roaming sem fio para empresas. Disponível em [link]. Acessado em agosto de 2023.
Budiman, F. (2019). SVM-RBF parameters testing optimization using cross validation and grid search to improve multiclass classification. Scientific Visualization, 11(1):80–90.
Cerqueira Júnior, R. L. (2023). Evil twin IDS with One-Class SVM. Disponível em [link]. Acessado em setembro de 2023.
Faria, V. S., Gonçalves, J. A., Silva, C. A. M. d., Vieira, G. B. e Mascarenhas, D. M. (2020). SDToW: A slowloris detecting tool for WMNs. Information, 11(12):544.
Floeter, R. (2004). Hostapd. Disponível em [link]. Acessado em agosto de 2023.
Hsu, F.-H., Wu, M.-H., Hwang, Y.-L., Lee, C.-H., Wang, C.-S. e Chang, T.-C. (2022). WPFD: Active user-side detection of evil twins. Applied Sciences, 12(16):8088.
Kelley, S. (2022). DNSMasq. Disponível em [link]. Acessado em agosto 2023.
Kitisriworapan, S., Jansang, A. e Phonphoem, A. (2020). Client-side rogue access-point detection using a simple walking strategy and round-trip time analysis. EURASIP Journal on Wireless Communications and Networking, 2020(1):1–24.
Li, W. e Liu, Z. (2011). A method of SVM with normalization in intrusion detection. Procedia Environmental Sciences, 11:256–262.
Mahfouz, A. M., Abuhussein, A., Venugopal, D. e Shiva, S. G. (2021). Network intrusion detection model using one-class support vector machine. Em Advances in Machine Learning and Computational Intelligence: Proceedings of ICMLCI 2019, p. 79–86.
Muthalagu, R. e Sanjay, S. (2021). Evil twin attack mitigation techniques in 802.11 networks. International Journal of Advanced Computer Science and Applications, 12(6):38–41.
Nakhila, O., Dondyk, E., Amjad, M. F. e Zou, C. (2015). User-side Wi-Fi evil twin attack detection using SSL/TCP protocols. Em IEEE Consumer Communications and Networking Conference (CCNC), p. 239–244.
Swetha, A. e Shailaja, K. (2020). An effective approach for security attacks based on machine learning algorithms. Em Advances in Computational Intelligence and Informatics: Proceedings of ICACII 2019, p. 293–299.
Tian, Y., Wang, S. e Zhang, L. (2021). Convolutional neural network based evil twin attack detection in WiFi networks. Em MATEC Web of Conferences, volume 336, p. 08006.
Wang, C., Sun, Y., Lv, S., Wang, C., Liu, H. e Wang, B. (2023). Intrusion detection system based on one-class support vector machine and gaussian mixture model. Electronics, 12(4):930.
Wi-Fi Alliance (2020). Wi-Fi optimized connectivity specification v2.0. Relatório técnico, Wi-Fi Alliance.
Yang, K., Kpotufe, S. e Feamster, N. (2021). An efficient one-class SVM for anomaly detection in the Internet of Things. arXiv preprint arXiv:2104.11146.
Published
2024-05-20
How to Cite
CERQUEIRA JÚNIOR, Ricardo L.; HENRIQUES, Felipe da R.; MORAES, Igor M.; MASCARENHAS, Dalbert M..
An Evil Twin Attack Detection System Using Unsupervised Machine Learning. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 938-951.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1511.
