Please use this identifier to cite or link to this item:
http://hdl.handle.net/10609/150411
Title: | A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks |
Author: | Thankappan, Manesh Rifà-Pous, Helena Garrigues, Carles |
Citation: | Thankappan, M. [Manesh], Rifà-Pous, H. [Helena], & Garrigues, C. [Carles]. (2024). A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks. IEEE Access, 12, 23096-121. doi: 10.1109/ACCESS.2024.3362803 |
Abstract: | One of the advanced Man-in-the-Middle (MitM) attacks is the Multi-Channel MitM (MC-MitM) attack, which is capable of manipulating encrypted wireless frames between clients and the Access Point (AP) in a Wireless LAN (WLAN). MC-MitM attacks are possible on any client no matter how the client authenticates with the AP. Key reinstallation attacks (KRACK) in 2017-18, and the latest FragAttacks in 2021 are frontline MC-MitM attacks that widely impacted millions of Wi-Fi systems, especially those with Internet of Things (IoT) devices. Although there are security patches against some attacks, they are not applicable to every Wi-Fi or IoT device. In addition, existing defense mechanisms to combat MC-MitM attacks are not feasible for two reasons: they either require severe firmware modifications on all the devices in a system, or they require the use of several advanced hardware and software for deployment. On top of that, high technical overhead is imposed on users in terms of network setup and maintenance. This paper presents the first plug-and-play system to detect MC-MitM attacks. Our solution is a lightweight, signature-based, and centralized online passive intrusion detection system that can be easily integrated into Wi-Fi-based IoT environments without modifying any network settings or existing devices. The evaluation results show that our proposed framework can detect MC-MitM attacks with a maximum detection time of 60 seconds and a minimum TPR (true positive rate) of 90% by short-distance detectors and 84% by long-distance detectors in real Wi-Fi or IoT environments. |
Keywords: | attack signature fragattack intrusion detectio internet of things (IoT KRACK multi-channel MitM (MC-MitM) Wi-Fi WPA wireless WLAN wireless fidelity jamming cryptography security switches standards intrusion detection |
DOI: | https://doi.org/10.1109/ACCESS.2024.3362803 |
Document type: | info:eu-repo/semantics/article |
Version: | info:eu-repo/semantics/publishedVersion |
Issue Date: | 6-Feb-2024 |
Publication license: | http://creativecommons.org/licenses/by-nc-nd/3.0/es/ |
Linked data: | https://ieeexplore.ieee.org/document/10423016/metrics#metrics |
Appears in Collections: | Articles cientÍfics Articles |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Thankappan_ieeea_Signature.pdf | 3,32 MB | Adobe PDF | View/Open |
Share:
This item is licensed under aCreative Commons License