The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

Evil-Twin Detection Scheme Using SVM with Multi-Factors

다중 요소를 가지는 SVM을 이용한 이블 트윈 탐지 방법

  • Kang, SungBae (Department of Computer and Information Engineering, Inha University) ;
  • Nyang, DaeHun (Department of Computer and Information Engineering, Inha University) ;
  • Lee, KyungHee (Department of Electronic Engineering, SuwonUniversity)
  • Received : 2015.01.16
  • Accepted : 2015.02.11
  • Published : 2015.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Widespread use of smart devices accompanies increase of use of access point (AP), which enables the connection to the wireless network. If the appropriate security is not served when a user tries to connect the wireless network through an AP, various security problems can arise due to the rogue APs. In this paper, we are going to examine the threat by evil-twin, which is a kind of rogue APs. Most of recent researches for detecting rogue APs utilize the measured time difference, such as round trip time (RTT), between the evil-twin and authorized APs. These methods, however, suffer from the low detection rate in the network congestion. Due to these reasons, in this paper, we suggest a new factor, packet inter-arrival time (PIAT), in order to detect evil-twins. By using both RTT and PIAT as the learning factors for the support vector machine (SVM), we determine the non-linear metric to classify evil-twins and authorized APs. As a result, we can detect evil-twins with the probability of up to 96.5% and at least 89.75% even when the network is congested.

최근 스마트기기가 널리 보급되면서 무선망이 가능한 AP(Access Point)의 사용 또한 증가하였다. AP를 사용하여 무선망에 접속할 때, 적절한 보안이 제공되지 않는다면, 로그 AP(Rogue AP)에 의해 다양한 보안 문제가 발생될 수 있다. 이 연구에서는 로그 AP의 유형 중 하나인 이블 트윈(Evil Twin)에 대한 위협에 대해서 살펴본다. 최근 대부분의 이블 트윈을 탐지하기 위한 연구에서는 RTT(Round Trip Time)와 같이 인가된 AP와 이블 트윈 사이에서 측정될 수 있는 시간 차이를 이용하는 방법이 주로 이용되고 있다. 그러나 이와 같이 이블 트윈을 탐지하는 방법은 채널이 혼잡한 상태일 때 탐지율이 떨어지는 단점이 있다. 이러한 이유에서 이 연구에서는 이블 트윈을 탐지하는 기준으로 RTT와 함께 추가로 PIAT(Packet Inter-Arrival Time)을 측정한다. 또한 측정된 값을 SVM(Support Vector Machine)의 학습 요소로 사용함으로써, 이블 트윈 분류를 위한 비선형적 기준을 정한다. 결과적으로 채널이 혼잡한 상황에서도 최대 96.5% 최소 89.75%의 높은 확률로 이블 트윈을 성공적으로 탐지하였다.

Keywords

References

  1. S. Kang, D. Nyang, J. Choi, and S. Lee, "Relaying rogue AP detection scheme using SVM," J. KIISC, vol. 23, no. 3, pp. 431-444, Jun. 2013.
  2. P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill, "Enhancing the security of corporate Wi-Fi networks using DAIR," MobiSys, pp. 1-14, Jun. 2006.
  3. D. Schweitzer, W. Brown, and J. Boleng, "Using visualization to locate rogue access points," J. Computing Sci. in Colleges, vol. 23, no. 1, pp. 134-140, Oct. 2007.
  4. S. Jana and S. K. Kasera, "On fast and accurate detection of unauthorized wireless access points using clock skews," IEEE Trans. Mob. Computing, vol. 9, no. 3, pp. 449-462, Mar. 2010. https://doi.org/10.1109/TMC.2009.145
  5. L. Watkins, R. Beyah, and C. Corbett, "A Passive approach to rogue access point detection," IEEE Global Telecommun. Conf. (GLOBECOM '07), pp. 355-360, Washington DC, USA, Nov. 2007.
  6. W. Wei, K. Suh, B. Wang, Y. Gu, J. Kurose, and D. Towsley, "Passive online rogue access point detection using sequential hypothesis testing with TCP ACK-pairs," in Proc. 7th ACM SIGCOMM Conf. Internet Measurement (IMC '07), pp. 365-378, NY, USA, Oct. 2007.
  7. I. Kim, J. Cho, T. Shon, and J. Moon, "A method for detecting unauthorized access point over 3G network," J. KIISC, vol. 22, no. 2, pp. 259-266, Apr. 2012.
  8. Y. Sheng, K. Tan, G. Chen, D. Kotz, and A. Campbell, "Detecting 802.11 MAC layer spoofing using received signal strength," The 27th Conf. Comput. Commun. IEEE, (INFOCOM 2008), Phoenix, AZ, USA, Apr. 2008.
  9. J. Park, M. Park, and S. Jung, "A whitelistbased scheme for detecting and preventing unauthorized AP access using mobile device," J. KICS, vol. 38, no. 8, pp. 632-640, Aug. 2013.
  10. J. Mun and S. Jung, "A scheme for detecting and preventing an unauthorized device using context awareness and mobile device management," J. KICS, vol. 39, no. 1, pp. 1-8, Jan. 2014.
  11. D. Shin, J. Kang, D. Nyang, S. Lee, and K. Lee, "A method of authenticating WLAN APs for smartphones," J. KICS, vol. 39, no. 1, pp. 17-28, Jan. 2014.
  12. V. Brik, S. Banerjee, M. Gruteser, and S. Oh, "Wireless device identification with radiometric signatures," 14th ACM Int. Conf. Mob. Comput. Netw. (Mobicom '08), pp. 116-127, San Francisco, CA, USA, Sept. 2008.
  13. L. Ma, A. Y. Teymorian, and X. Cheng, "A hybrid rogue access point protection framework for commodity Wi-Fi networks," The 27th Conf. Comput. Commun. IEEE, (INFOCOM 2008), Phoenix, AZ, USA, Apr. 2008.
  14. H. Yin, G. Chen, and J. Wang, "Detecting protected layer-3 rogue APs," 4th Int. Conf. Broadband Commun. Netw. Syst. (BROADNETS 2007), pp. 449-458, Raleigh, NC, USA, Sept. 2007.
  15. A. Adya, P. Bahl, R. Chandra, and L. Qiu, "Architecture and techniques for diagnosing faults in IEEE 802.11 infrastructure networks," The 10th Annu. Int. Conf. Mob. Comput. Netw. (MobiCom '04), pp. 30-44, Philadelphia, USA, Sept. 2004.
  16. H. Han, B. Sheng, C. C. Tan, Q. Li, and S. Lu, "A timing-based scheme for rogue AP detection," IEEE Trans. Parallel Distrib. Syst., vol. 22, no. 11, pp. 1912-1925, Nov. 2011. https://doi.org/10.1109/TPDS.2011.125
  17. C. Yang, Y. Song, and G. Gu, "Active user-side evil twin access point detection using statistical techniques," IEEE Trans. Inf. Forensics and Security, vol. 7, no. 5, pp. 1638- 1651, Oct. 2012. https://doi.org/10.1109/TIFS.2012.2207383

Cited by

  1. 풍향과 풍속의 특징을 이용한 SVR기반 단기풍력발전량 예측 vol.42, pp.5, 2015, https://doi.org/10.7840/kics.2017.42.5.1085
  2. Enhancing the Reliability of Wi-Fi Network Using Evil Twin AP Detection Method Based on Machine Learning vol.16, pp.3, 2020, https://doi.org/10.3745/jips.03.0137