Título: Beacon frame spoofing attack detection in IEEE 802.11 networks

Autores: Asier Martínez, Urko Zurutuza , Roberto Uribeetxeberria , Miguel Fernández , Jesús Lizarraga , Ainhoa Serna and Iñaki Velez de Mendizabal

Fecha: March 2008

Area: Seguridad

Tema: Sistemas de Detección de Intrusiones (IDS)

Abstract:
A great variety of well-known attacks exist for the IEEE 802.11 protocol. The lack of mechanisms for management frame authentication and the complexity of the protocol itself have derived into a considerable number of denial of service and identity spoofing attacks. As most denial of service attacks are based on spoofing of MAC addresses, spoofed frame detection schemes have gained attentions. Currently the most efficient techniques to detect this kind of attacks are based on the creation of profiles for the wireless nodes and behavior based protocol anomaly detection. However, these techniques tend to generate too many of false positives. This is caused by the unstable nature of the wireless medium and also because of the difficulty to model the behaviour of the diverse implementations from different manufacturers. One way to reduce false positives is to combine different techniques to carry out the analysis. We propose a novel method that identifies the impersonation of certain management frames, which helps to reduce the number of false positives within other existing MAC spoofing detection techniques.

[pdf]

[ppt]

Referencia:

bibtex:

@INPROCEEDINGS{mar08,
  author = {Asier Mart\'inez and Urko Zurutuza and Roberto Uribeetxeberria and
    Miguel Fern\'andez and Jes\'us Lizarraga and Ainhoa Serna.},
  title = {Beacon frame spoofing attack detection in IEEE 802.11 networks},
  booktitle = {Proceedings of the Third International Conference on Availability,
    Reliability and Security (ARES 2008)},
  year = {2008},
  address = {Barcelona, Spain},
  month = {March},
  publisher = {IEEE Computer Society Press}
}