IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Regular Section
Client-Side Evil Twin Attacks Detection Using Statistical Characteristics of 802.11 Data Frames
Qian LUHaipeng QUYuan ZHUANGXi-Jun LINYuzhan OUYANG
Author information

2018 Volume E101.D Issue 10 Pages 2465-2473


With the development of wireless network technology and popularization of mobile devices, the Wireless Local Area Network (WLAN) has become an indispensable part of our daily life. Although the 802.11-based WLAN provides enormous convenience for users to access the Internet, it also gives rise to a number of security issues. One of the most severe threat encountered by Wi-Fi users is the evil twin attacks. The evil twin, a kind of rogue access points (RAPs), masquerades as a legitimate access point (AP) to lure users to connect it. Due to the characteristics of strong concealment, high confusion, great harmfulness and easy implementation, the evil twin has led to significant loss of sensitive information and become one of the most prominent security threats in recent years. In this paper, we propose a passive client-based detection solution that enables users to independently identify and locate evil twins without any assistance from a wireless network administrator. Because of the forwarding behavior of evil twins, proposed method compares 802.11 data frames sent by target APs to users to determine evil twin attacks. We implemented our detection technique in a Python tool named ET-spotter. Through implementation and evaluation in our study, our algorithm achieves 96% accuracy in distinguishing evil twins from legitimate APs.

Information related to the author
© 2018 The Institute of Electronics, Information and Communication Engineers
Previous article Next article