Detection of MAC spoofing attacks in IEEE 802.11 networks using signal strength from attackers’ devices

Abstract

The main goal of this project is to improve intrusion detection process in IEEE 802.11 based networks in order to provide conditions for further interaction between attackers and honeypot. In order to gather metadata from clients’ devices, part of Wi-Fi Honeypot as a Service model was applied in the experiment, and for the first time ever. MAC addresses of access points and clients’ devices, probe requests, beacons and power of signal were used as basic data for further processing. Gathered metadata was used to detect malicious activities against network which is under defense and its clients. Several modifications of MAC spoofing attack were provided by authors in order to find attacks’ fingerprints in Wi-Fi ether. Besides base MAC spoofing attack authors suggested a method which allows to identify modification of MAC spoofing where attacker uses power antenna. Also, the new synchronization method for external elements of honeypot was proposed. It is based on centralized random message generation and allows to avoid detection from attackers’ side.